Re: FindBin and Tainted


The stupid question is the question not asked
	PerlMonks

Re: FindBin and Tainted

by haj (Vicar)

on Aug 14, 2020 at 10:36 UTC ( [id://11120719]=note: print w/replies, xml )

Need Help??

in reply to FindBin and Tainted

You can apply the usual untainting mantra by also using a BEGIN section:

use strict;
use warnings;
use FindBin 1.51 qw( $RealBin );
BEGIN {
    ($RealBin) = $RealBin =~ /(.+)/;
}
use lib "$RealBin/../lib";

use MyLib;
[download]

Of course, you need to trust your installation to not mess with the current working directory (because this is why $RealBin comes out tainted in the first place).

Comment on Re: FindBin and Tainted Download Code

Replies are listed 'Best First'.
Re^2: FindBin and Tainted by mikkoi (Beadle) on Aug 14, 2020 at 23:57 UTC
This works. But is there any way to do the same without using the same $RealBin variable (which belongs to FindBin)?	[reply]
Re^3: FindBin and Tainted by haj (Vicar) on Aug 15, 2020 at 08:55 UTC
Sure, you can use a copy, to be declared outside of the `BEGIN` block: `use strict; use warnings; use FindBin 1.51 qw( $RealBin ); my $untainted_bin; BEGIN { ($untainted_bin) = $RealBin =~ /(.+)/; } use lib "$untainted_bin/../lib"; use MyLib;` [download]	[reply] [d/l]
Re^4: FindBin and Tainted by mikkoi (Beadle) on Aug 15, 2020 at 20:18 UTC
Thanks. This is beautiful. I improved it a little. Probably more portable with `File::Spec`. `use FindBin 1.51 qw( $RealBin ); use File::Spec; my $lib_path; BEGIN { $lib_path = File::Spec->catdir(($RealBin =~ /(.+)/msx)[0], q{..}, +'lib'); } use lib "$lib_path";` [download]	[reply] [d/l] [select]

In Section Seekers of Perl Wisdom

Domain Nodelet^?

www.com | www.net | www.org

Node Status^?

node history
Node Type: note [id://11120719]
help

Chatterbox^?

How do I use this? • Last hour • Other CB clients

Other Users^?

Others taking refuge in the Monastery: (4)

As of 2024-04-18 12:28 GMT

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Today I Learned

Voting Booth^?

No recent polls found