jaldhar has asked for the wisdom of the Perl Monks concerning the following question:
Heres another problem in the module I wrote when built under Windows. My tests run in taint mode. They share some common code; the relevant bits look like this...
use English qw/-no_match_vars/; ... our $filespec; if ($OSNAME =~ /win/i) { $filespec = qr{ (\A(?:[[:alpha:]]:)?[ \\ \. \- [:space:] [:word:] ]+)\z }m +sx; } else { $filespec = qr{ (\A[- + @ [:word:] . / ]+)\z }msx; } ... our $perl = untaint_path( $EXECUTABLE_NAME, '$perl' ); ... sub untaint_path { my ( $path, $description ) = @_; if ( !( $path =~ $filespec ) ) { die "$description is tainted.\n"; } return $1; }
t\01-load.................1/1 # Testing Module::Starter::Plugin::CGIAp +p 0.07, Perl 5.010000, C:\STRAWB~1\perl\bin\perl.exe t\01-load.................ok t\extutils-makemaker......$perl is tainted. Compilation failed in require at t\extutils-makemaker.t line 12. BEGIN failed--compilation aborted at t\extutils-makemaker.t line 12. t\extutils-makemaker...... Dubious, test returned 2 (wstat 512, 0x200) No subtests run
So all this background leads me to my question. What is the canonical regexp for untainting windows file names? Based on the code shown above, are there any other situations where untaint_path could fail?
--
જલધર
|
---|
Replies are listed 'Best First'. | |
---|---|
Re: One true regexp for untainting windows filenames?
by ikegami (Patriarch) on Jan 08, 2009 at 05:10 UTC | |
by jaldhar (Vicar) on Jan 08, 2009 at 22:13 UTC | |
by ikegami (Patriarch) on Jan 09, 2009 at 05:14 UTC | |
by jaldhar (Vicar) on Jan 09, 2009 at 19:42 UTC | |
by ikegami (Patriarch) on Jan 09, 2009 at 19:59 UTC | |
Re: One true regexp for untainting windows filenames?
by cdarke (Prior) on Jan 08, 2009 at 08:47 UTC | |
by jaldhar (Vicar) on Jan 08, 2009 at 23:42 UTC | |
by ikegami (Patriarch) on Jan 09, 2009 at 05:33 UTC |
Back to
Seekers of Perl Wisdom