Beefy Boxes and Bandwidth Generously Provided by pair Networks
The stupid question is the question not asked

UGU file rename script (GOLF?)

by jptxs (Curate)
on Jul 20, 2001 at 00:01 UTC ( #98216=perlmeditation: print w/replies, xml ) Need Help??

here's a script that Unix Guru Universe sent out today as a "good" script to use to rename a bunch of files with a simple regex as an ARG to determine how to rename. thought it may be fun to GOLF it =)

#!/usr/bin/perl # rename: renames files according to the expr given on the command lin +e. # The expr will usually be a 's' or 'y' command, but can be any valid # perl command if it makes sense. Takes a list of files to work on or # defaults to '*' in the current directory. # e.g. # rename 's/\.flip$/.flop/' # rename *.flip to *.flop # rename s/flip/flop/ # rename *flip* to *flop* # rename 's/^s\.(.*)/$1.X/' # switch sccs filenames around # rename 's/$/.orig/' */*.[ch] # add .orig to your source fil +es in */ # rename 'y/A-Z/a-z/' # lowercase all filenames in . # rename 'y/A-Z/a-z/ if -B' # same, but just binaries! # rename chop *~ # restore all ~ backup files use Getopt::Std; my ($subst, $name); if (!&getopts("nfq") || $#ARGV == -1) { die "Usage: rename [-fnq] <perl expression> [file file...] -f : Force the new filename even if it exists already -n : Just print what would happen, but don't do the command -q : Don't print the files as they are renamed e.g. : rename 's/\.c/.c.old/' * rename -q 'y/A-Z/a-z/' *\n"; } $subst = shift; # Get perl command to work on @ARGV = <*> if $#ARGV < 0; # Default to complete directory foreach $name (@ARGV) { $_ = $name; eval "$subst;"; die $@ if $@; next if -e $_ && !$opt_f; # Skip if the file exists if asked to. mext if $_ eq $name; if ($opt_n) { print "mv $name $_\n"; next; } print "mv $name $_\n" if !$opt_q; rename($name,$_) or warn "Can't rename $name to $_, $!\n"; }

We speak the way we breathe. --Fugazi

Replies are listed 'Best First'.
Re: UGU file rename script (GOLF?)
by myocom (Deacon) on Jul 20, 2001 at 00:08 UTC

    While you're golfing, you might want to add the tiniest bit of security, for heaven's sake. String eval is a potentially very bad thing.

    rename '`rm -rf /`' foo
      `rm -rf /` in an eval would execute rm with the user's own permissions. If the user can run rename '`rm -rf /`' on the command line, they could just as easily run rm -rf / directly.

      In other words, as long as you don't do something foolish like make the rename script setuid or create a web interface to it, I would argue that this script has no inherent security issues.

        I understand that it would execute rm with the user's own permissions. And that may not be a problem for this particular application (though I would never deploy it on *my* network).

        I'm more concerned that this sort of code will get passed on to a different application (cargo-cult style), where security *does* matter. To my thinking, there should at least be a comment about security in there by the eval.

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: perlmeditation [id://98216]
Approved by root
and all is quiet...

How do I use this? | Other CB clients
Other Users?
Others browsing the Monastery: (6)
As of 2017-01-23 07:21 GMT
Find Nodes?
    Voting Booth?
    Do you watch meteor showers?

    Results (191 votes). Check out past polls.