Beefy Boxes and Bandwidth Generously Provided by pair Networks
The stupid question is the question not asked
 
PerlMonks  

Re^2: Safely capturing the output of an external program

by AppleFritter (Vicar)
on Mar 09, 2020 at 07:58 UTC ( #11113998=note: print w/replies, xml ) Need Help??


in reply to Re: Safely capturing the output of an external program
in thread Safely capturing the output of an external program

Untainting might work though; if the filename matches, say, q/^[A-Za-z0-9]+\.tfm$/, it's probably safe to pass it through any shell. But I've never liked that approach, and "probably" is a dangerous word.

Replies are listed 'Best First'.
Re^3: Safely capturing the output of an external program
by LanX (Archbishop) on Mar 09, 2020 at 10:51 UTC
    > Untainting might work though;

    In this case I'd additionally surround arguments with 'singlequotes' .

    Your untainting demo is explicitly forbidding quotes, in other cases escape them.

    Cheers Rolf
    (addicted to the Perl Programming Language :)
    Wikisyntax for the Monastery

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://11113998]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others romping around the Monastery: (5)
As of 2020-05-30 16:08 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    If programming languages were movie genres, Perl would be:















    Results (173 votes). Check out past polls.

    Notices?