Beefy Boxes and Bandwidth Generously Provided by pair Networks
P is for Practical
 
PerlMonks  

Re^2: system() call mis-directs?

by haukex (Archbishop)
on Mar 03, 2020 at 07:43 UTC ( [id://11113689]=note: print w/replies, xml ) Need Help??


in reply to Re: system() call mis-directs?
in thread system() call mis-directs?

quotemeta($sensor)

Sorry, but quotemeta is not an appropriate shell quoting function - it may work in some cases, but will fail in others. I would strongly recommend e.g. ShellQuote::Any instead, or of course to avoid the shell in the first place.

Replies are listed 'Best First'.
Re^3: system() call mis-directs?
by afoken (Chancellor) on Mar 03, 2020 at 21:35 UTC
    ShellQuote::Any

    The code currently looks like this:

    package ShellQuote::Any; use strict; use warnings; our $VERSION = '0.04'; sub import { my $caller = caller; no strict 'refs'; ## no critic *{"${caller}::shell_quote"} = \&shell_quote; } sub shell_quote { my ($cmd, $os) = @_; if ($os) { _require($os); return _is_win32($os) ? _win32_quote($cmd) : _bourne_quote($cm +d); } else { _q()->($cmd); } } my $Q; sub _q { return $Q if $Q; _require($^O); if ( _is_win32($^O) ) { $Q = \&_win32_quote; } else { $Q = \&_bourne_quote; } return $Q; } my %K; sub _require { my ($os) = @_; return $K{$os} if $K{$os}; my $klass = _is_win32($os) ? 'Win32/ShellQuote.pm' : 'String/Shell +Quote.pm'; $K{$os} = $klass; require "$klass"; ## no critic } sub _win32_quote { my ($cmd) = @_; Win32::ShellQuote::cmd_escape(join ' ', @$cmd); } sub _bourne_quote { my ($cmd) = @_; String::ShellQuote::shell_quote(@$cmd); } sub _is_win32 { my ($os) = @_; return $os =~ m!^(?:MS)?Win(?:32)?$!i ? 1 : 0; } 1;

    Just from looking at the names of the functions, it has only two modes of operation: Either Windows, or Bourne Shell. No code for handling cygwin, OS/2 or DOS, so those three will be treated as Bourne Shell, which is plain wrong.

    On Windows, you simply can not win the quoting game. Any code pretending to be able to do so is broken.

    Assuming that all other systems use a bourne-compatible shell as default shell is at least optimistic. Severals systems have a korn shell as default, others even use a csh. See Various system shells.

    Looking at the documentation of String::ShellQuote, handling the non-Windows part, the problem is obvious without even reading the source:

    BUGS

    Only Bourne shell quoting is supported. I'd like to add other shells (particularly cmd.exe), but I'm not familiar with them. It would be a big help if somebody supplied the details.

    It seems nobody cared during the last 10 years, and the author either had no time to RTFM, or had no idea where to search for shell man pages.

    So, with ShellQuote::Any, you are essentially lost if the current default shell is no bourne shell. I did not bother to read the quoting code in String::ShellQuote. As is, it is broken anyway, and with it ShellQuote::Any. Yes, it may work on many systems in their default configuration, but it won't do its job on all systems. It does not even prevent stupid things from happening on unknown systems.

    Alexander

    --
    Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)
Re^3: system() call mis-directs?
by jcb (Parson) on Mar 04, 2020 at 00:55 UTC

    I currently believe that quotemeta will work within the context of a double-quoted argument with the Bourne shell. I was concerned mostly with ensuring that any quotes embedded in $sensor would not terminate the quoted argument early (I suspect that some of the $sensor values contain characters that separate commands) and quotemeta seems to be a tool usable for this special case. If I am wrong, please provide a counter-example where quotemeta fails to cause a string to be passed exactly as written as an argument. That code was written off the top of my head and not tested so I could be very wrong here...

    In this case, it is wrong anyway because $sensor consists of multiple arguments that the shell is expected to split, and I did immediately suggest finding a solution that does not involve using the shell after an example input was provided.

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://11113689]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others avoiding work at the Monastery: (6)
As of 2024-03-29 12:49 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found