Re: Perl calling Linux commands


Pathologically Eclectic Rubbish Lister
	PerlMonks

Re: Perl calling Linux commands

by tmharish (Friar)

on Mar 08, 2013 at 11:06 UTC ( #1022392=note: print w/ replies, xml )

Need Help??

in reply to Perl calling Linux commands

If you had printed the system command that you were running you would have figured this out.

Update

Just to show what I meant consider what happens when your code is modified like so:


my $command = qq("svr_submit_RAST_job --user "$username" --passwd "$Pa
+ssword" --fasta "$fasta" --domain "$domain" --genetic_code "$Genetic_
+code") ;

print "\n\n\nGoing to run the following through system:\n $command\n";


[download]

Output

Enter the Rast Username
username
Enter the Rast Password
password
Enter the fasta file Name
filename
Enter the Domain Name
domainname
Enter Genetic_Code
geneticcode



Going to run the following through system:
 "svr_submit_RAST_job --user "username
" --passwd "password
" --fasta "filename
" --domain "domainname
" --genetic_code "geneticcode
"
[download]

And the newlines are there for you to see, as plain as daylight.

Comment on Re: Perl calling Linux commands Select or Download Code
Re^2: Perl calling Linux commands by tmharish (Friar) on Mar 08, 2013 at 13:50 UTC
Additionally you need to look at tainted variables. Its a really bad idea to take user input and throw it to system ( or a database ) - What if the username input was: `" \|\| ls && 0 &&` [download] Of course you could replace `ls` with whatever exciting nefarious command you choose but thats the idea ...	[reply] [d/l] [select]

In Section Seekers of Perl Wisdom

Node Status^?

node history
Node Type: note [id://1022392]
help

Chatterbox^?

How do I use this? | Other CB clients

Other Users^?

Others browsing the Monastery: (13)

As of 2013-05-22 07:19 GMT

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Voting Booth^?

The best material for plates (tableware) is:

Results (454 votes), past polls