Beefy Boxes and Bandwidth Generously Provided by pair Networks
Clear questions and runnable code
get the best and fastest answer
 
PerlMonks  

Re: Taint checking?

by graff (Chancellor)
on Jul 02, 2009 at 04:04 UTC ( [id://776630]=note: print w/replies, xml ) Need Help??


in reply to Taint checking?

Well, since there is no "s" modifier on the regex, it is at least testing making sure that the value of $command_str does not contain "\n", which might be worth something, depending on how this variable is used later on.

But if the whole script were in my hands, the next thing I would do would be to search for occurrences/uses of $command_str outside (following) that if block, because any such occurrence/usage could be getting a still-tainted value (in the case where that "if" condition wasn't met).

(Update: and then, of course, I would also look very carefully at how this variable is being used inside that "if" block.)

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://776630]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others musing on the Monastery: (4)
As of 2024-03-28 23:26 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found