Re: Getting information about a remote file via SSH: how to escape the filename

$ssh->cmd(qq[ls -l $remotefile]); # Then parse the info I want from $stdout with an easy regex

But I can't rule out the possibility that the remote filename might contain shell metacharacters.

This should do it: $ssh->cmd(qq[ls -l "$remotefile"]);

Cheers, Sören

(hooked on the Perl Programming language)

Comment on Re: Getting information about a remote file via SSH: how to escape the filename

Replies are listed 'Best First'.
Re^2: Getting information about a remote file via SSH: how to escape the filename by salva (Canon) on Jun 27, 2013 at 13:54 UTC
`$remotefile=qq[foo"; rm -Rf /; echo "bar]`	[reply] [d/l]
Re: Getting information about a remote file via SSH: how to escape the filename by jonadab (Parson) on Jun 27, 2013 at 14:19 UTC
In my particular situation, actively malicious filenames are very unlikely to occur (and if they do, it implies that I have much bigger problems than this program can possibly address or even meaningfully exacerbate). However, I still don't want the thing to fail to work correctly if a filename happens for some reason to contain quotation marks. Read more... (790 Bytes)	[reply]
Re^3: Getting information about a remote file via SSH: how to escape the filename by Happy-the-monk (Canon) on Jun 27, 2013 at 14:34 UTC
`$remotefile=qq[foo"; rm -Rf /; echo "bar]` You'd better untaint your variables, Monk! Cheers, Sören (hooked on the Perl Programming language)	[reply] [d/l]
Re^4: Getting information about a remote file via SSH: how to escape the filename by salva (Canon) on Jun 27, 2013 at 14:46 UTC
How can you discern a valid filename from a malicious one in a generic way?	[reply]
Re^5: Getting information about a remote file via SSH: how to escape the filename by Happy-the-monk (Canon) on Jun 27, 2013 at 16:44 UTC
Re: Getting information about a remote file via SSH: how to escape the filename by jonadab (Parson) on Jun 27, 2013 at 16:15 UTC
Re^5: Getting information about a remote file via SSH: how to escape the filename by Happy-the-monk (Canon) on Jun 27, 2013 at 17:55 UTC
Re^6: Getting information about a remote file via SSH: how to escape the filename by salva (Canon) on Jun 28, 2013 at 08:13 UTC


Keep It Simple, Stupid
	PerlMonks