• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 176
  • Last Modified:

How to make the data untainted in Perl after detecting it is tainted?

I use the -T option in Perl to detect the data is tainted.I then use a regex to verify that it contains only alphanumeric data.Then how do I make it safe if it is tainted??
0
Padmaja_vol
Asked:
Padmaja_vol
  • 2
2 Solutions
 
dorwardCommented:
perldoc perlsec

           if ($data =~ /^([-\@\w.]+)$/) {
               $data = $1;                     # $data now untainted
           } else {
               die "Bad data in '$data'";      # log this somewhere
           }
0
 
dorwardCommented:
(with your own regex obviously)
0
 
James LooneySr. Programmer/AnalystCommented:
sub cl { #untaints for safe open/system calls
    $ENV{'PATH'} = '';
    my $path = shift(@_);
    $path =~ s/[\^\~\\;<>\*\|`&\$!#\(\)\[\]\{\}'"\s]//g; #remove metas
    $path =~ s/\.+/./g; #remove ../ exploit
    return $path;
}
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now