Beefy Boxes and Bandwidth Generously Provided by pair Networks
Keep It Simple, Stupid
 
PerlMonks  

Re^2: Safely capturing the output of an external program

by AppleFritter (Vicar)
on Mar 09, 2020 at 07:58 UTC ( [id://11113998]=note: print w/replies, xml ) Need Help??


in reply to Re: Safely capturing the output of an external program
in thread Safely capturing the output of an external program

Untainting might work though; if the filename matches, say, q/^[A-Za-z0-9]+\.tfm$/, it's probably safe to pass it through any shell. But I've never liked that approach, and "probably" is a dangerous word.

Replies are listed 'Best First'.
Re^3: Safely capturing the output of an external program
by LanX (Saint) on Mar 09, 2020 at 10:51 UTC
    > Untainting might work though;

    In this case I'd additionally surround arguments with 'singlequotes' .

    Your untainting demo is explicitly forbidding quotes, in other cases escape them.

    Cheers Rolf
    (addicted to the Perl Programming Language :)
    Wikisyntax for the Monastery

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://11113998]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others goofing around in the Monastery: (3)
As of 2024-03-29 01:51 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found