[tpm] Irritation problem
Chris Jones
cj at enersave.ca
Mon Apr 9 13:20:14 PDT 2012
Does this example untaint the incoming $value data being fed into the
%confighash?
#! /perl/bin/perl.exe -w
use strict;
my $tool_input = "d:/screeningtool.ca/input";
open my $fhIn, "$tool_input/config1.dat" or die "config1.dat not found\n";
my %confighash;
while( my $cfgLine = <$fhIn> )
{
$cfgLine =~ s/#.*//; # ignore comments by erasing them
next if ($cfgLine =~ /^(\s)*$/); # skip blank lines
chomp( $cfgLine ); # remove trailing newline characters
#print( "Okay\n" );
if( $cfgLine =~ /([\w]+)\t([-\w\/.]+)$/) #the key can have
any word character, the value can have a valid number or path.
{
my $key = $1;
my $value = $2;
print ("Key: $key, Value: $value\n");
$confighash{ $key } = $value;
}
}
close $fhIn;
In the above example, I may be including some invalid path characters?
The value can be a number or a valid path | path/filename statement.
At 02:10 PM 09/04/2012, Liam R E Quin wrote:
>On Mon, 2012-04-09 at 11:43 -0400, Chris Jones wrote:
> > Thank you Liam. Having read perldoc perlsec, now for the first time,
> > I realize I have not been paying attention at all.
>
>Often the hardest thing with Perl seems to be figuring out where to look
>to find what you need to know :-)
>
>Best,
>
>Liam
>
>--
>Liam Quin - XML Activity Lead, W3C, http://www.w3.org/People/Quin/
>Pictures from old books: http://fromoldbooks.org/
>>
Christopher Jones, P.Eng.
Suite 1801, 1 Yonge Street
Toronto, ON M5E1W7
Tel. 416-203-7465
Fax. 416-946-1005
email cj at enersave.ca
More information about the toronto-pm
mailing list