Beefy Boxes and Bandwidth Generously Provided by pair Networks
Don't ask to ask, just ask

Re: Perl calling Linux commands

by tmharish (Friar)
on Mar 08, 2013 at 11:06 UTC ( #1022392=note: print w/replies, xml ) Need Help??

in reply to Perl calling Linux commands

If you had printed the system command that you were running you would have figured this out.


Just to show what I meant consider what happens when your code is modified like so:

my $command = qq("svr_submit_RAST_job --user "$username" --passwd "$Pa +ssword" --fasta "$fasta" --domain "$domain" --genetic_code "$Genetic_ +code") ; print "\n\n\nGoing to run the following through system:\n $command\n";
Enter the Rast Username username Enter the Rast Password password Enter the fasta file Name filename Enter the Domain Name domainname Enter Genetic_Code geneticcode Going to run the following through system: "svr_submit_RAST_job --user "username " --passwd "password " --fasta "filename " --domain "domainname " --genetic_code "geneticcode "

And the newlines are there for you to see, as plain as daylight.

Replies are listed 'Best First'.
Re^2: Perl calling Linux commands
by tmharish (Friar) on Mar 08, 2013 at 13:50 UTC

    Additionally you need to look at tainted variables.

    Its a really bad idea to take user input and throw it to system ( or a database ) - What if the username input was:

    " || ls && 0 &&

    Of course you could replace ls with whatever exciting nefarious command you choose but thats the idea ...

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1022392]
and the radiator hisses contentedly...

How do I use this? | Other CB clients
Other Users?
Others romping around the Monastery: (6)
As of 2018-03-23 07:50 GMT
Find Nodes?
    Voting Booth?
    When I think of a mole I think of:

    Results (288 votes). Check out past polls.