Beefy Boxes and Bandwidth Generously Provided by pair Networks
more useful options
 
PerlMonks  

UGU file rename script (GOLF?)

by jptxs (Curate)
on Jul 20, 2001 at 00:01 UTC ( [id://98216]=perlmeditation: print w/replies, xml ) Need Help??

here's a script that Unix Guru Universe sent out today as a "good" script to use to rename a bunch of files with a simple regex as an ARG to determine how to rename. thought it may be fun to GOLF it =)

#!/usr/bin/perl # rename: renames files according to the expr given on the command lin +e. # The expr will usually be a 's' or 'y' command, but can be any valid # perl command if it makes sense. Takes a list of files to work on or # defaults to '*' in the current directory. # e.g. # rename 's/\.flip$/.flop/' # rename *.flip to *.flop # rename s/flip/flop/ # rename *flip* to *flop* # rename 's/^s\.(.*)/$1.X/' # switch sccs filenames around # rename 's/$/.orig/' */*.[ch] # add .orig to your source fil +es in */ # rename 'y/A-Z/a-z/' # lowercase all filenames in . # rename 'y/A-Z/a-z/ if -B' # same, but just binaries! # rename chop *~ # restore all ~ backup files use Getopt::Std; my ($subst, $name); if (!&getopts("nfq") || $#ARGV == -1) { die "Usage: rename [-fnq] <perl expression> [file file...] -f : Force the new filename even if it exists already -n : Just print what would happen, but don't do the command -q : Don't print the files as they are renamed e.g. : rename 's/\.c/.c.old/' * rename -q 'y/A-Z/a-z/' *\n"; } $subst = shift; # Get perl command to work on @ARGV = <*> if $#ARGV < 0; # Default to complete directory foreach $name (@ARGV) { $_ = $name; eval "$subst;"; die $@ if $@; next if -e $_ && !$opt_f; # Skip if the file exists if asked to. mext if $_ eq $name; if ($opt_n) { print "mv $name $_\n"; next; } print "mv $name $_\n" if !$opt_q; rename($name,$_) or warn "Can't rename $name to $_, $!\n"; }

We speak the way we breathe. --Fugazi

Replies are listed 'Best First'.
Re: UGU file rename script (GOLF?)
by myocom (Deacon) on Jul 20, 2001 at 00:08 UTC

    While you're golfing, you might want to add the tiniest bit of security, for heaven's sake. String eval is a potentially very bad thing.

    rename '`rm -rf /`' foo
      `rm -rf /` in an eval would execute rm with the user's own permissions. If the user can run rename '`rm -rf /`' on the command line, they could just as easily run rm -rf / directly.

      In other words, as long as you don't do something foolish like make the rename script setuid or create a web interface to it, I would argue that this script has no inherent security issues.

        I understand that it would execute rm with the user's own permissions. And that may not be a problem for this particular application (though I would never deploy it on *my* network).

        I'm more concerned that this sort of code will get passed on to a different application (cargo-cult style), where security *does* matter. To my thinking, there should at least be a comment about security in there by the eval.

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: perlmeditation [id://98216]
Approved by root
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others surveying the Monastery: (4)
As of 2024-03-29 12:09 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found