• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 177
  • Last Modified:

How to make the data untainted in Perl after detecting it is tainted?

I use the -T option in Perl to detect the data is tainted.I then use a regex to verify that it contains only alphanumeric data.Then how do I make it safe if it is tainted??
0
Padmaja_vol
Asked:
Padmaja_vol
  • 2
2 Solutions
 
dorwardCommented:
perldoc perlsec

           if ($data =~ /^([-\@\w.]+)$/) {
               $data = $1;                     # $data now untainted
           } else {
               die "Bad data in '$data'";      # log this somewhere
           }
0
 
dorwardCommented:
(with your own regex obviously)
0
 
James LooneySr. Programmer/AnalystCommented:
sub cl { #untaints for safe open/system calls
    $ENV{'PATH'} = '';
    my $path = shift(@_);
    $path =~ s/[\^\~\\;<>\*\|`&\$!#\(\)\[\]\{\}'"\s]//g; #remove metas
    $path =~ s/\.+/./g; #remove ../ exploit
    return $path;
}
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now