Beefy Boxes and Bandwidth Generously Provided by pair Networks
Don't ask to ask, just ask
 
PerlMonks  

Re^2: Usage of File Handles

by haukex (Archbishop)
on Feb 08, 2019 at 08:53 UTC ( [id://1229601]=note: print w/replies, xml ) Need Help??


in reply to Re: Usage of File Handles
in thread Usage of File Handles

What do you think about this?

You're of course free to write your code in any style you like, but I do have to say it's not something I would recommend for a beginner.

it does remove some illegal characters (<>|*?) from the name that obviously should not occur in a file name

Those are all perfectly valid characters in many *NIX OSes, see e.g. this. I also don't understand why some of those characters are simply removed and others cause the string to be cut off at that point.

my $M = @_ ? shift : 99999999;

This causes a somewhat arbitrary silent cutoff at this many lines. In general, in that code there are lots of errors that are silently swallowed.

In general, your use of vec for string operations is not a good idea for Unicode strings (in fact, it will become a fatal error in Perl 5.32). If you need to treat a string as a sequence of characters, you could either split //, $str or use substr, although normally regular expressions can handle many of the cases where one would need to do so in other languages.

Plus, there are lots of other stylistic choices that I would not recommend to a newcomer: Reinvented wheels (GetFileName instead of File::Basename or File::Spec, GetFileName($0) instead of $FindBin::Script, Trim instead of e.g. s/^[\0-\x20]+|[\0-\x20]+$//g), two-argument instead of three-argument open, uppercase variable names for non-constant variables, obfuscation by using single-letter variable names and packing function bodies on one line, unused variables...

Sorry for the long critique, but as I said this is in the context of giving code to an apparent beginner.

Replies are listed 'Best First'.
Re^3: Usage of File Handles
by harangzsolt33 (Chaplain) on Feb 08, 2019 at 17:32 UTC

    it does remove some illegal characters (<>|*?) from the name that obviously should not occur in a file name

    Those are all perfectly valid characters in many *NIX OSes, see e.g. this. I also don't understand why some of those characters are simply removed and others cause the string to be cut off at that point.

    Okay, I was told earlier that when we open a file such as open FILEHANDLE, "< $FILE_NAME" then it's a good idea to make sure that $FILE_NAME does not contain any special characters such as | > < because it's a potential vulnerability, especially if you get your file name from some other place like arguments. Your script could be hacked, and it may end up doing something you didn't want.. That's why I check the file name.

    Also, there is no point in doing this : open FILEHANDLE, "< *.*" so again those special characters should not appear in that space. It's perfectly okay to include them when you do a search, but not when you're trying to open a file for reading.

      it's a good idea to make sure that $FILE_NAME does not contain any special characters such as | > < because it's a potential vulnerability, especially if you get your file name from some other place like arguments

      Yes, this is true - if you're using the two-argument instead of three-argument open. You said you're using Perl 5.8, where the latter is available. This is another reason that the more modern three-argument open and lexical filehandles are recommended. Also, I think that silently deleting characters or chopping off the filename at these characters, which will result in attempting to open a completely different file, is unexpected behavior - IMO it's much better to simply throw an error and refuse to open such a file and let the user figure it out, instead of taking some action that isn't what the user asked for.

      open FILEHANDLE, "< *.*" so again those special characters should not appear in that space

      No, as I said, '*.*' is a valid filename - strange and unusual, but valid. And again, why silently try to open a file named '.' instead?

      The potential vulnerability only happens if you do not use the three-argument version of open. Maybe you should upgrade your Perl knowledge a bit.

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://1229601]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others having a coffee break in the Monastery: (6)
As of 2024-03-28 22:12 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found