Beefy Boxes and Bandwidth Generously Provided by pair Networks
Welcome to the Monastery

problem using File::Find and taint

by jonnyfolk (Vicar)
on Dec 31, 2007 at 04:46 UTC ( #659703=perlquestion: print w/replies, xml ) Need Help??
jonnyfolk has asked for the wisdom of the Perl Monks concerning the following question:

I've written the following script to help me find relevant scripts in my rather burgeoning cgi-bin directory. I would like to use the -T switch to run this but I'm getting a software error. How can I get round this?

#!/usr/bin/perl -wT use strict; use CGI::Carp qw(fatalsToBrowser warningsToBrowser); use CGI ':standard'; use File::Find; print "Content-type: text/html\n\n"; my $dir = '/myroot/public_html/cgi-bin'; my $word = param('word'); $word =~ /(^\w+|\s+$)/; my $valid = $1; unless ($valid) { print 'no word'; exit; } find(\&find_word, $dir); sub find_word { if (($File::Find::name =~ /\.pl/) or ($File::Find::name =~ /\.cgi/)) + { open FH, '<', $File::Find::name or die "Can't open $File::Find::na +me: $!"; while (my $line = <FH>) { chomp; if ($line =~ /$valid/) { print "$File::Find::name == $line\n\n" } } } }
Software error: Insecure dependency in chdir while running with -T switch at /usr/lib/ +perl5/5.8.8/File/ line 844, <FH> line 43175.

Replies are listed 'Best First'.
Re: problem using File::Find and taint
by chromatic (Archbishop) on Dec 31, 2007 at 04:57 UTC

    The File::Find documentation suggests that you can pass options to find() to provide an untainting pattern for directory names. You may be able to get away with:

    find({ untaint => 1, wanted => \&find_word }, $dir);
      That's done the trick, many thanks
Re: problem using File::Find and taint
by GrandFather (Sage) on Dec 31, 2007 at 04:58 UTC

    You have to set the 'untaint' option:

    find ({untaint => 1, wanted => \&find_word}, $dir);

    Perl is environmentally friendly - it saves trees
Re: problem using File::Find and taint
by Anonymous Monk on Dec 31, 2007 at 13:35 UTC

    You can also use no_chdir => 1 as an option. This makes the problem go away, though your &wanted function may need to know about this.

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://659703]
Approved by GrandFather
[marto]: a security event in the building, police dogs and and so on...
[Discipulus]: a test I hope..
[marto]: just a security event, they have people from the 'corporate' security, external security companies, the police etc
[marto]: perhaps I'll get the time to pin down some of the corporate security people, since they refuse to answer any questions
[marto]: for our system, the windows pre production domains alone require 490 accounts :/
[marto]: they don't have a password management solution, and we're not supposed to write any of this down

How do I use this? | Other CB clients
Other Users?
Others chanting in the Monastery: (8)
As of 2017-11-22 10:27 GMT
Find Nodes?
    Voting Booth?
    In order to be able to say "I know Perl", you must have:

    Results (317 votes). Check out past polls.