Beefy Boxes and Bandwidth Generously Provided by pair Networks
Problems? Is your data what you think it is?
 
PerlMonks  

Comment on

( #3333=superdoc: print w/replies, xml ) Need Help??
I stumbled upon B::Lint's magic-diamond documentation which states that <> (also known as <ARGV>) internally uses perl's two-argument open.

This means that if <> encounters a filename "rm * |  " (just has to end with pipe "|" and optional whitespace), then it executes the shell command 'rm *'. Example:
$ mkdir diamondtest $ cd diamondtest $ touch 'rm * | ' a b c d # create 5 files $ ls # now you see it $ perl -pe 1 * $ ls # now you don't -- no files

Shouldn't this be fixed with 3-argument open? I really like the magic-diamond for quick one-liners, but this just sounds all the security/robustness alarm bells.

Any recommended idioms to replace the following?

Update: An idiom would be to use ARGV::readonly

Update 2: If you're like me and like to write lots of one-line filters like:
    # strip blank lines perl -pe 's=^\s*$=='

as an idiom, add the taint switch -T:

I don't fully agree with it, but it's the least we've got to curb the <ARGV> magic, besides ARGV::readonly, and not compromise the terseness of the one-liner.

In reply to magic-diamond <> behavior -- WHAT?! by repellent

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":



  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.
  • Log In?
    Username:
    Password:

    What's my password?
    Create A New User
    Chatterbox?
    [marto]: they already have an entire BMC patrol system, which they disabled, because it was sending out spurious messages. So rather than fix the issue, or even find out what it was, they turned it off. No messages, can't be any problems, right?
    [Corion]: marto: But having open tickets / incidents increases the pressure on them ;) Of course, likely your contract / SLA specifies an upper limit for the number of incidents :-D
    [Corion]: marto: Ow ...
    [marto]: Corion They don't get into trouble for the number of tickets, or even breached tickets they have
    [marto]: which is a core issue with the client
    [Corion]: marto: Yeah, I can imagine that
    [choroba]: create a ticket if the number of tickets reaches a limit
    [choroba]: how deep meta could it go?

    How do I use this? | Other CB clients
    Other Users?
    Others about the Monastery: (8)
    As of 2017-01-24 10:18 GMT
    Sections?
    Information?
    Find Nodes?
    Leftovers?
      Voting Booth?
      Do you watch meteor showers?




      Results (203 votes). Check out past polls.