Beefy Boxes and Bandwidth Generously Provided by pair Networks
laziness, impatience, and hubris
 
PerlMonks  

Re^2: Safely capturing the output of an external program

by AppleFritter (Vicar)
on Mar 09, 2020 at 07:58 UTC ( #11113998=note: print w/replies, xml ) Need Help??


in reply to Re: Safely capturing the output of an external program
in thread Safely capturing the output of an external program

Untainting might work though; if the filename matches, say, q/^[A-Za-z0-9]+\.tfm$/, it's probably safe to pass it through any shell. But I've never liked that approach, and "probably" is a dangerous word.

Replies are listed 'Best First'.
Re^3: Safely capturing the output of an external program
by LanX (Sage) on Mar 09, 2020 at 10:51 UTC
    > Untainting might work though;

    In this case I'd additionally surround arguments with 'singlequotes' .

    Your untainting demo is explicitly forbidding quotes, in other cases escape them.

    Cheers Rolf
    (addicted to the Perl Programming Language :)
    Wikisyntax for the Monastery

[reply]
[d/l]

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://11113998]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others imbibing at the Monastery: (1)
As of 2023-03-25 13:34 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    Which type of climate do you prefer to live in?






    Results (63 votes). Check out past polls.
    Notices?