|Keep It Simple, Stupid|
Re^3: Dangerous diamonds! (and memes)by tye (Sage)
|on May 21, 2003 at 15:43 UTC||Need Help??|
Having heard merlyn complain many times about people promoting dangerous memes, I expected to see merlyn at least mention this danger of <> that so many seem to be saying "Oh, sure, I expected that all along; after all it *is* documented" about. I couldn't find a single one. Perhaps I just missed it.
What I did find was what I described. I picked something I knew I could find with Super Search, merlyn doing local(*ARGV), setting @ARGV, then using <>. I found no use of "< filename" nor any mention of these dangers.
I had expected that merlyn would realize that posting code that does @ARGV = "filename"; would invite someone to copy and modify his code and end up with @ARGV = $filename; and so realize he was promoting a dangerous meme and address this point somewhere.
Especially in something like •Re: XML log files, which includes code meant to be copied and modified and was in reply to a node that used $logfn not some hard-coded log file name. So merlyn should have expected "mylogfile" to be replaced with $logfn and yet didn't even mention this risk.
I didn't expect him to always mention this risk, I was just looking for any indication that he had realized this risk and couldn't find any despite finding several nodes where <> is used and @ARGV is set. That certainly doesn't prove that merlyn hasn't always been keenly aware of this risk. But I think it indicates that even merlyn probably usually thought about @ARGV containing filenames and (at least until the issue was raised recently) usually didn't worry about <> sending filenames to the shell. In any case, I think most users of Perl usually think about @ARGV and <> that way and I have yet to find any evidence of many (any) other people doing otherwise until quite recently.
So I did some more searching looking for any places where someone has said "oh, and be careful because <> can pass your filenames to the shell for interpolation, of course (everyone knows that, it is spelled out explicitly in the documentation!)". I searched for nodes that contain both '"< ' and '<>' in hopes of finding nodes that use <> defensively. I looked at about half of the matches and none of them were using <> defensively.
But several of them show evidence of the opposite, of people knowing full well that open FH, $filename is a bad idea and then doing the equivalent Bad Idea™ of @ARGV = $filename; then using <>. That is, nodes that do open FH, "< $file" and yet don't follow the same precaution when using @ARGV and <>.
I found Dominus (well-respected Perl author) doing this in How do I insert a line into a file?. And Adam (very careful Perl programmer that I respect) doing it (via the command line) in Re: Populating an array. And pjf doing it in Re: Searching a whole directory of databases.
So I've got hard evidence that people have expected <> to interpret @ARGV as containing names of files to be read and not expressions to be interpretted by 2-argument open, yet still no hard evidence of anyone interpretting the vague documentation as "the above pseudo code used 2-argument open so <> will also behave like it used 2-argument open and do stupid things for files with names beginning with > or |, even though that would be dangerous and, well, stupid". q-:- tye