Beefy Boxes and Bandwidth Generously Provided by pair Networks
Think about Loose Coupling
 
PerlMonks  

How do you clean up user specified filenames?

by SilverB1rd (Scribe)
on Feb 08, 2001 at 02:42 UTC ( #57079=perlquestion: print w/replies, xml ) Need Help??

SilverB1rd has asked for the wisdom of the Perl Monks concerning the following question:

I'm working on a generic email script that take one user specified file name that points to a email template file(allows html formated emails). I want to make sure this file name does not contain any potentially dangerous commands like ;/rm-rf;/.
  • Comment on How do you clean up user specified filenames?

Replies are listed 'Best First'.
Re: How do you clean up user specified filenames?
by Fastolfe (Vicar) on Feb 08, 2001 at 02:53 UTC
    See Sanitizing user-provided path/filenames for something I occasionally recommend to sanitize user-provided pathnames. Before that, I recommend using a token system of some kind. Let the user pick which template they want to use, but don't let their input be a path/filename. Let it be something your script sees and maps to a path/filename.

    One of the surest ways you can avoid shell metacharacter problems is simply not to use a function that passes them via a shell. Use sysopen instead of open, for example. Also see Avoiding surprises using 'open' for working around unexpected bits of input using Perl's normal open function.

    Another common solution is simply to restrict what people can specify in filenames:

    tr/A-Za-z_.-//dc;
      The problem with tr/A-Za-z_.-//dc; is that the . character could be used to attempt to open the current or parent directory.

      I'm paranoid enough to do something like

      tr/A-Za-z_.-//dc; s/^\.+$//;
      to make sure the user doesn't enter a string containing only dots.
(jeffa) Re: How do you clean up user specified filenames?
by jeffa (Bishop) on Feb 08, 2001 at 02:59 UTC
    In situations like this, I always see if I can throw a buffer in between the user and the file system. From the information you provided, it sounds like these email templates already exist - so in your script, first read the directory containing the templates and record their names into a hash, with each value given a key such as the name of the file minus the extension (only works if they have the same extension, BTW).

    Give the user the names of the keys(the aliases) , not the values (the actual file name).

    Now you have created a buffer - instead of allowing the user to directly specify a file, and potentially put some nasty shell code in with it, they can only specify the alias of the file. The actually path is retrieved from the hash when the time comes to open the file.

    This is just another way - it's a bit of over-kill, but it does work.

    Jeff

    L-LL-L--L-LL-L--L-LL-L--
    -R--R-RR-R--R-RR-R--R-RR
    F--F--F--F--F--F--F--F--
    (the triplet paradiddle)
    
Re: How do you clean up user specified filenames?
by doran (Deacon) on Feb 08, 2001 at 12:30 UTC
    The token/alias methods mentioned above are probably the best way to go, but I gotta ask:

    You're using taint checking, right?
    That's because you've read perlsec, right? ;}

    It may seem obvious, but since -T wasn't mentioned, I just wanted to make sure.

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: perlquestion [id://57079]
Approved by root
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others meditating upon the Monastery: (4)
As of 2022-10-05 11:10 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    My preferred way to holiday/vacation is:











    Results (23 votes). Check out past polls.

    Notices?