[Buffalo-pm] Asterisk Wildcard When Running Command viaExec...

Thu Jul 6 13:23:29 PDT 2006

My thoughts would be that the exec doesn't return anything meaningful
so you'll need a way to capture the output to send to the browser.

The glob() function is synonymous with the <*> syntax but the <*> is
only available on later Perl's so use glob() to be sure.

My example, though meant to be run on the command line, should be
adaptable to a CGI script. That way you can get the output from the
$grep handle.

Regarding your regex, I'd say also remove newlines and carriage returns:
$cgi->param('host') =~ /[^\w\d\-]/sg;
Might do it?

On 7/6/06, DANIEL MAGNUSZEWSKI <dmagnuszewski at mandtbank.com> wrote:
> P.S - I am using the following regex to certify the input as valid:
>
> $cgi->param('host') =~ /^[\w\d\-]+$/
>
> ...would this make it safe to pass through the shell? Or is there still
> a way to circumvent this input check?
>
> -Dan
>
> >>> "DANIEL MAGNUSZEWSKI" <dmagnuszewski at mandtbank.com> 07/06/06 3:28
> PM >>>
> Yeah, I'm trying to not run it through the shell, as it's a CGI
> application...
>
> I tried the:
>
> exec ("/bin/grep", "$wordToFind", glob "/var/adm/messages*");
>
> ...but it didn't work. Do I need to include "use File::Glob ':glob';"?
> This is running on a solaris 8 machine.
>
> Thoughts?
>
>
> >>> "Kevin Eye" <eye at buffalo.edu> 07/06/06 2:42 PM >>>
> This is a feature -- when you use more than one arg with system or
> exec, it
> doesn't send the arguments through the shell, so that things like
> spaces in
> filenames and maliciously coded input doing unexpected things.
> Wildcard
> expansion, IO redirection and other nifty things are done by the
> shell,
> though, so you don't get them anymore.
>
> One way to get the behavior you want would be to use one long string
> argument to exec like this:
> exec("/bin/grep $wordToFind /var/adm/messages*");
>
> That will run it though the shell, expanding the wildcard, but also
> possibly
> doing very bad things if $wordToFind isn't always safely escaped.
>
> A better way is to use the glob function, which expands asterisks on
> file
> names. Try this:
> exec ("/bin/grep", "$wordToFind", glob "/var/adm/messages*");
>
>  - Kevin
>
>
> On 7/6/06 2:34 PM, "DANIEL MAGNUSZEWSKI" <dmagnuszewski at mandtbank.com>
> wrote:
>
> > Mongers,
> >
> > I am trying to grep from multiple files, named: messages,
> messages.0,
> > messages.1, messages.2, etc. What I'd like to do is grep through all
> of
> > these at once. The command to do this is:
> >
> > grep <wordToFind> /var/adm/messages*
> >
> > So what I've tried doing is the following:
> >
> > my $wordToFind = 'router1';
> > open (PROGRAM, "-|")  or exec ("/bin/grep", "$wordToFind",
> > "/var/adm/messages*");
> >
> > The asterisk seems to break, and I get no information. When I remove
> > the asterisk:
> >
> > my $wordToFind = 'router1';
> > open (PROGRAM, "-|")  or exec ("/bin/grep", "$wordToFind",
> > "/var/adm/messages");
> >
> > ...then everything works fine, but only greps through that one file.
> > How can I declare a wildcard within this code - if at all?
> >
> > Thanks.
> >
> > -Dan
> >
> > _______________________________________________
> > Buffalo Perl Mongers Homepage
> > http://buffalo.pm.org
> >
> > Buffalo-pm mailing list
> > Buffalo-pm at pm.org
> > http://mail.pm.org/mailman/listinfo/buffalo-pm
>
> --
> Kevin Eye
> Web Applications Developer
> Marketing and Creative Services
> University at Buffalo
> 330 Crofts Hall
> Buffalo, NY 14260
> eye at buffalo.edu
> phone (716) 645-5000 x1435
> fax (716) 645-3765
>
>
>
>
> _______________________________________________
> Buffalo Perl Mongers Homepage
> http://buffalo.pm.org
>
> Buffalo-pm mailing list
> Buffalo-pm at pm.org
> http://mail.pm.org/mailman/listinfo/buffalo-pm
>
>
> _______________________________________________
> Buffalo Perl Mongers Homepage
> http://buffalo.pm.org
>
> Buffalo-pm mailing list
> Buffalo-pm at pm.org
> http://mail.pm.org/mailman/listinfo/buffalo-pm
>