Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

How to make the data untainted in Perl after detecting it is tainted?

Posted on 2004-04-02
5
Medium Priority
?
171 Views
Last Modified: 2013-12-25
I use the -T option in Perl to detect the data is tainted.I then use a regex to verify that it contains only alphanumeric data.Then how do I make it safe if it is tainted??
0
Comment
Question by:Padmaja_vol
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
5 Comments
 
LVL 17

Accepted Solution

by:
dorward earned 252 total points
ID: 10740038
perldoc perlsec

           if ($data =~ /^([-\@\w.]+)$/) {
               $data = $1;                     # $data now untainted
           } else {
               die "Bad data in '$data'";      # log this somewhere
           }
0
 
LVL 17

Expert Comment

by:dorward
ID: 10740042
(with your own regex obviously)
0
 
LVL 6

Assisted Solution

by:James Looney
James Looney earned 248 total points
ID: 10810852
sub cl { #untaints for safe open/system calls
    $ENV{'PATH'} = '';
    my $path = shift(@_);
    $path =~ s/[\^\~\\;<>\*\|`&\$!#\(\)\[\]\{\}'"\s]//g; #remove metas
    $path =~ s/\.+/./g; #remove ../ exploit
    return $path;
}
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory replication delay is the cause to many problems.  Here is a super easy script to force Active Directory replication to all sites with by using an elevated PowerShell command prompt, and a tool to verify your changes.
A quick Powershell script I wrote to find old program installations and check versions of a specific file across the network.
Learn the basics of modules and packages in Python. Every Python file is a module, ending in the suffix: .py: Modules are a collection of functions and variables.: Packages are a collection of modules.: Module functions and variables are accessed us…
In this fifth video of the Xpdf series, we discuss and demonstrate the PDFdetach utility, which is able to list and, more importantly, extract attachments that are embedded in PDF files. It does this via a command line interface, making it suitable …
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question