How to make the data untainted in Perl after detecting it is tainted?

I use the -T option in Perl to detect the data is tainted.I then use a regex to verify that it contains only alphanumeric data.Then how do I make it safe if it is tainted??
Padmaja_volAsked:
Who is Participating?
 
dorwardCommented:
perldoc perlsec

           if ($data =~ /^([-\@\w.]+)$/) {
               $data = $1;                     # $data now untainted
           } else {
               die "Bad data in '$data'";      # log this somewhere
           }
0
 
dorwardCommented:
(with your own regex obviously)
0
 
James LooneySr. Programmer/AnalystCommented:
sub cl { #untaints for safe open/system calls
    $ENV{'PATH'} = '';
    my $path = shift(@_);
    $path =~ s/[\^\~\\;<>\*\|`&\$!#\(\)\[\]\{\}'"\s]//g; #remove metas
    $path =~ s/\.+/./g; #remove ../ exploit
    return $path;
}
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.