[tpm] Irritation problem

Chris Jones cj at enersave.ca
Mon Apr 9 13:20:14 PDT 2012

Does this example untaint the incoming $value data being fed into the 

#! /perl/bin/perl.exe -w

use strict;
my $tool_input = "d:/screeningtool.ca/input";

open my $fhIn, "$tool_input/config1.dat" or die "config1.dat not found\n";

my %confighash;

while( my $cfgLine = <$fhIn> )
          $cfgLine =~ s/#.*//;            # ignore comments by erasing them
         next if  ($cfgLine =~ /^(\s)*$/);  # skip blank lines
         chomp( $cfgLine );              # remove trailing newline characters
         #print( "Okay\n" );
         if( $cfgLine =~ /([\w]+)\t([-\w\/.]+)$/)  #the key can have 
any word character, the value can have a valid number or path.
                 my $key = $1;
                 my $value =  $2;
                 print ("Key: $key, Value: $value\n");
                 $confighash{ $key } = $value;

close $fhIn;

In the above example, I may be including some invalid path characters?
The value can be a number or a valid path | path/filename statement.

At 02:10 PM 09/04/2012, Liam R E Quin wrote:
>On Mon, 2012-04-09 at 11:43 -0400, Chris Jones wrote:
> > Thank you Liam.  Having read perldoc perlsec, now for the first time,
> > I realize I have not been paying attention at all.
>Often the hardest thing with Perl seems to be figuring out where to look
>to find what you need to know :-)
>Liam Quin - XML Activity Lead, W3C, http://www.w3.org/People/Quin/
>Pictures from old books: http://fromoldbooks.org/

Christopher Jones, P.Eng.
Suite 1801, 1 Yonge Street
Toronto, ON M5E1W7
Tel. 416-203-7465
Fax. 416-946-1005
email cj at enersave.ca

More information about the toronto-pm mailing list