#! /path/to/perl -wT
use strict;

# not used
#delete @ENV{ 'IFS', 'CDPATH', 'ENV', 'BASH_ENV' };

my $workdir;
my ($t_runcmd, $runcmd);

# Set Work Directory env variable                  
my $username = "thisuser";
$ENV{WORKDIRECTORY} = "/path/to/dir/$username";

# Assign env var value to tainted variable name
my $t_workdir=$ENV{WORKDIRECTORY};

# Check if the variable is tainted
if ( is_tainted($t_workdir) ){
   $workdir = $t_workdir;
}

# Set default allowed paths
my @allowed_paths = ( "/bin", 
                      "/usr/bin" );

# Push new workdir to allowed paths
push @allowed_paths, "$workdir/bin";

# Add allowed paths to PATH
$ENV{PATH} = join( ':', @allowed_paths );
print "$ENV{PATH}\n";

chdir $workdir or die "Cannot change to $workdir: $!\n";

# Open the file commands in the workdir
open ( F, "$workdir/commands");
$t_runcmd = <F>;

if ( is_cmd_tainted($t_runcmd) ){
   $runcmd = $t_runcmd;
}
# Assign command -- Disabled
# my $runcmd = "ls -l > test.text";
print "$runcmd\n";

# Exec command
system ( $runcmd );

# I got this sub from perlsec but I have no clue as 
# to how this untaints the data. Hence, used one to suit my 
# requirement 
#sub is_tainted{ 
#  return ! eval { eval("#" . substr(join("", @_), 0, 0)); 1};
#}

sub is_tainted{

  my $var_to_chk = shift; 
  print "---$var_to_chk---\n";
  
  if ( $var_to_chk =~ /^([\w\/]+)$/ ) {
    return 1;
  }
  else{
    die "Bad path!!!\n";
  }
}

sub is_cmd_tainted{

  my $cmd_var = shift;
  print "---$cmd_var---\n"; 
  # presently, the regex checks only if the command 
  # starts with 'ls'
  if ( $cmd_var =~ /^(ls)+/ ) {
    return 1;
  }
  else{
    die "Bad commands!!!\n";
  }
}