Insecure dependency in open while running with -T switch

vit has asked for the wisdom of the Perl Monks concerning the following question:

Dear Monks,
When I switched to -T mode I got message:
"Insecure dependency in open while running with -T switch at ../perl_scripts/XXX.pl line 34"
It looks like I did all right. Namely:
I started my script with

#!/usr/bin/perl -wT
[download]

I made output file description safe:

if ($outfile !~ /^(\w+)\z/) {die "Disallowed characters in filename: '
+$outfile'";}
else {open(OF, ">$outfile") or die "-------------- cannot open OF";}
[download]

and I run script like

perl -wT ../perl_scripts/XXX.pl .......
[download]

What might be wrong?
I just changed file name


else {$outfile = $1; open(OF, ">$outfile")
[download]

and it starde working
however I am getting message
"Insecure dependency in `` while running with -T switch at /...../YYY.cgi line 252." which calls my script in a way

my @arr = `perl -wT $XXXfile $inp_file $outfile 'param'`;
[download]

Why?

Comment on Insecure dependency in open while running with -T switch Select or Download Code

Replies are listed 'Best First'.
Re: Insecure dependency in open while running with -T switch by CountZero (Bishop) on Jan 18, 2008 at 22:19 UTC
You not only have to check if your data is OK (which you do in your regex) but you actually have to launder tainted data by extracting the good bits with a regex and put them into another variable through the use of sub-patterns. From the docs (perlsec) the (...) way to bypass the tainting mechanism is by referencing subpatterns from a regular expression match. (...) Here's a test to make sure that the data contains nothing but "word" characters (alphabetics, numerics, and underscores), a hyphen, an at sign, or a dot. `if ($data =~ /^([-\@\w.]+)$/) { $data = $1; # $data now untainted } else { die "Bad data in '$data'"; # log this somewhere }` [download] CountZero A program should be light and agile, its subroutines connected like a string of pearls. The spirit and intent of the program should be retained throughout. There should be neither too little or too much, neither needless loops nor useless variables, neither lack of structure nor overwhelming rigidity." - The Tao of Programming, 4.1 - Geoffrey James	[reply] [d/l]
Re: Insecure dependency in open while running with -T switch by hipowls (Curate) on Jan 18, 2008 at 22:12 UTC
Matching $outfile against a regular expression does not untaint it. You need to capture the file name like so `my ($safe_file_name) = $outfile =~ /^(\w+)$/; if ( !$safe_file_name ) { # handle error & exit ) open my $fh, '>', $safe_file_name;` [download] I use the three argument form of open since it is safer, probably not a concern here but not a bad habit. I also use a lexical file handle $fh so I don't clobber a global somewhere else (or get clobbered by someone else's code).	[reply] [d/l]
Re: Insecure dependency in open while running with -T switch by CountZero (Bishop) on Jan 18, 2008 at 22:32 UTC
however I am getting message "Insecure dependency in `` while running with -T switch at /...../YYY.cgi line 252." which calls my script in a way my @arr = `perl -wT $XXXfile $inp_file $outfile 'param'`; Is `YYY.cgi` also running with the taint switch on? In that case you have to launder both `$XXXfile`, `$inp_file` and `$outfile` before you use them in your backticks call. Again from the docs (perlsec): Tainted data may not be used directly or indirectly in any command that invokes a sub-shell, (...) CountZero A program should be light and agile, its subroutines connected like a string of pearls. The spirit and intent of the program should be retained throughout. There should be neither too little or too much, neither needless loops nor useless variables, neither lack of structure nor overwhelming rigidity." - The Tao of Programming, 4.1 - Geoffrey James	[reply] [d/l] [select]
Re^2: Insecure dependency in open while running with -T switch by vit (Friar) on Jan 18, 2008 at 23:20 UTC
Got it, Thank you very much	[reply]
Re^3: Insecure dependency in open while running with -T switch by vit (Friar) on Jan 18, 2008 at 23:50 UTC
Acually I have one more question. My file is a path to file like /yyy/xxx/file.txt Symbol "/" or "\" is always tainted as far as I understand. Untainting just file.txt is not enough. So what to do?	[reply]
Re^4: Insecure dependency in open while running with -T switch by runrig (Abbot) on Jan 19, 2008 at 00:23 UTC
Re^5: Insecure dependency in open while running with -T switch by vit (Friar) on Jan 19, 2008 at 00:53 UTC
Some notes below your chosen depth have not been shown here
Re: Insecure dependency in open while running with -T switch by brian_d_foy (Abbot) on Jan 19, 2008 at 06:32 UTC
Chapter 2, "Secure Programming Techniques", of Mastering Perl explains it all. You untaint data by capturing it in a regular expression and using the captured parts. Taint mode affects `$ENV{PATH}` stops you when you try to run an external command without the full path if you haven't already cleansed `$ENV{PATH}`. Good luck, :) -- brian d foy <brian@stonehenge.com> Subscribe to The Perl Review	[reply] [d/l] [select]
Re: Insecure dependency in open while running with -T switch by johngg (Canon) on Jan 18, 2008 at 22:19 UTC
I think you have to assign to the string to untaint it, something like `if ( $outfile =~ m{\A(\w+)\z} ) { $outfile = $1; open my $outFH, q{>}, $outfile or dir qq{open: $outfile: $!\n}; } else { die qq{Disallowed characters in filename\n}; }` [download] I hope this is helpful. Cheers, JohnGG	[reply] [d/l]
Re^2: Insecure dependency in open while running with -T switch by ikegami (Patriarch) on Jan 19, 2008 at 00:27 UTC
Either you expect the code that uses in the file handle in the `if` (causing the error message to be far away from the error check), or you just created a file handle that gets closed before you get a chance to use it. Slight reorganization of your code: `if ( $outfile !~ m{\A(\w+)\z} ) { die qq{Disallowed characters in filename\n}; } $outfile = $1; open my $outFH, q{>}, $outfile or dir qq{open: $outfile: $!\n};` [download]	[reply] [d/l] [select]