Beefy Boxes and Bandwidth Generously Provided by pair Networks
Keep It Simple, Stupid

Re: Perl calling Linux commands

by tmharish (Friar)
on Mar 08, 2013 at 11:06 UTC ( #1022392=note: print w/ replies, xml ) Need Help??

in reply to Perl calling Linux commands

If you had printed the system command that you were running you would have figured this out.


Just to show what I meant consider what happens when your code is modified like so:

my $command = qq("svr_submit_RAST_job --user "$username" --passwd "$Pa +ssword" --fasta "$fasta" --domain "$domain" --genetic_code "$Genetic_ +code") ; print "\n\n\nGoing to run the following through system:\n $command\n";
Enter the Rast Username username Enter the Rast Password password Enter the fasta file Name filename Enter the Domain Name domainname Enter Genetic_Code geneticcode Going to run the following through system: "svr_submit_RAST_job --user "username " --passwd "password " --fasta "filename " --domain "domainname " --genetic_code "geneticcode "

And the newlines are there for you to see, as plain as daylight.

Comment on Re: Perl calling Linux commands
Select or Download Code
Replies are listed 'Best First'.
Re^2: Perl calling Linux commands
by tmharish (Friar) on Mar 08, 2013 at 13:50 UTC

    Additionally you need to look at tainted variables.

    Its a really bad idea to take user input and throw it to system ( or a database ) - What if the username input was:

    " || ls && 0 &&

    Of course you could replace ls with whatever exciting nefarious command you choose but thats the idea ...

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1022392]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others making s'mores by the fire in the courtyard of the Monastery: (9)
As of 2015-10-13 08:26 GMT
Find Nodes?
    Voting Booth?

    Does Humor Belong in Programming?

    Results (296 votes), past polls