Beefy Boxes and Bandwidth Generously Provided by pair Networks
The stupid question is the question not asked
 
PerlMonks  

•Re: Re: feeding text to a process, and capturing its output, safely

by merlyn (Sage)
on Mar 23, 2004 at 19:52 UTC ( #339155=note: print w/ replies, xml ) Need Help??


in reply to Re: feeding text to a process, and capturing its output, safely
in thread feeding text to a process, and capturing its output, safely

Yes.

Oh, you mean will I elaborate?

OK.

No shell is involved. This makes it safer than the solutions I've seen that usually end up as something like:

my @RESULT = `echo $INPUT | Some Command`;
The problem is that $INPUT is being handed to a shell, making me have to worry and wonder about all shell-sensitive characters.

-- Randal L. Schwartz, Perl hacker
Be sure to read my standard disclaimer if this is a reply.


Comment on •Re: Re: feeding text to a process, and capturing its output, safely
Download Code
Re: •Re: Re: feeding text to a process, and capturing its output, safely
by QM (Vicar) on Mar 23, 2004 at 20:51 UTC
    Thanks, I had forgotten about that.

    I should think this method might be preferred then, unless the application is something quick-and-dirty.

    Will you please comment on the disadvantages of this method?

    -QM
    --
    Quantum Mechanics: The dreams stuff is made of

      Will you please comment on the disadvantages of this method?

      It depends on where your input is coming from and what it contains, but in the general case, wherein the input *might* contain shell metacharacters and *might* potentially even be constructed with malice, the shell *might* give complete control of your system (or, at least, as much control as is available to the user the code is running as) to whoever constructed the input. More likely, however, a shell metacharacter will get included randomly by someone who is not aware of the implications and cause apparently random breakage. For example, you'll put an ampersand in the input one time without thinking, and Weird Stuff(TM) will happen, and you'll have to track down the problem and figure out that the ampersand needs to be escaped, and so on. This is bad: your program is not robust, and input that's a little different from what was anticipated causes it to unexpectedly fail.

      It's also something of a portability nightmare, since different shells have different metacharacters that behave in different ways. This can create all kinds of zany debugging fun.


      ;$;=sub{$/};@;=map{my($a,$b)=($_,$;);$;=sub{$a.$b->()}} split//,".rekcah lreP rehtona tsuJ";$\=$;[-1]->();print

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://339155]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others musing on the Monastery: (4)
As of 2014-10-26 03:21 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    For retirement, I am banking on:










    Results (150 votes), past polls