Solved

How to make the data untainted in Perl after detecting it is tainted?

Posted on 2004-04-02
5
156 Views
Last Modified: 2013-12-25
I use the -T option in Perl to detect the data is tainted.I then use a regex to verify that it contains only alphanumeric data.Then how do I make it safe if it is tainted??
0
Comment
Question by:Padmaja_vol
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
5 Comments
 
LVL 17

Accepted Solution

by:
dorward earned 63 total points
ID: 10740038
perldoc perlsec

           if ($data =~ /^([-\@\w.]+)$/) {
               $data = $1;                     # $data now untainted
           } else {
               die "Bad data in '$data'";      # log this somewhere
           }
0
 
LVL 17

Expert Comment

by:dorward
ID: 10740042
(with your own regex obviously)
0
 
LVL 6

Assisted Solution

by:James Looney
James Looney earned 62 total points
ID: 10810852
sub cl { #untaints for safe open/system calls
    $ENV{'PATH'} = '';
    my $path = shift(@_);
    $path =~ s/[\^\~\\;<>\*\|`&\$!#\(\)\[\]\{\}'"\s]//g; #remove metas
    $path =~ s/\.+/./g; #remove ../ exploit
    return $path;
}
0

Featured Post

MIM Survival Guide for Service Desk Managers

Major incidents can send mastered service desk processes into disorder. Systems and tools produce the data needed to resolve these incidents, but your challenge is getting that information to the right people fast. Check out the Survival Guide and begin bringing order to chaos.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Making a simple AJAX shopping cart Couple years ago I made my first shopping cart, I used iframe and JavaScript, it was very good at that time, there were no sessions or AJAX, I used cookies on clients machine. Today we have more advanced techno…
In this tutorial I will show you how to provide a dynamic RTF document on your website generated with data from your database. For this tutorial you will need Microsoft Word or WordPad, WhizBase and Microsoft Access. In this tutorial I will show …
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.

761 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question