Beefy Boxes and Bandwidth Generously Provided by pair Networks
Keep It Simple, Stupid
 
PerlMonks  

Re: Perl calling Linux commands

by tmharish (Friar)
on Mar 08, 2013 at 11:06 UTC ( #1022392=note: print w/ replies, xml ) Need Help??


in reply to Perl calling Linux commands

If you had printed the system command that you were running you would have figured this out.

Update

Just to show what I meant consider what happens when your code is modified like so:

my $command = qq("svr_submit_RAST_job --user "$username" --passwd "$Pa +ssword" --fasta "$fasta" --domain "$domain" --genetic_code "$Genetic_ +code") ; print "\n\n\nGoing to run the following through system:\n $command\n";
Output
Enter the Rast Username username Enter the Rast Password password Enter the fasta file Name filename Enter the Domain Name domainname Enter Genetic_Code geneticcode Going to run the following through system: "svr_submit_RAST_job --user "username " --passwd "password " --fasta "filename " --domain "domainname " --genetic_code "geneticcode "

And the newlines are there for you to see, as plain as daylight.


Comment on Re: Perl calling Linux commands
Select or Download Code
Re^2: Perl calling Linux commands
by tmharish (Friar) on Mar 08, 2013 at 13:50 UTC

    Additionally you need to look at tainted variables.

    Its a really bad idea to take user input and throw it to system ( or a database ) - What if the username input was:

    " || ls && 0 &&

    Of course you could replace ls with whatever exciting nefarious command you choose but thats the idea ...

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1022392]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others musing on the Monastery: (6)
As of 2014-12-28 08:16 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    Is guessing a good strategy for surviving in the IT business?





    Results (179 votes), past polls