Re: Insecure dependency in open while running with -T switch

I think you have to assign to the string to untaint it, something like

if ( $outfile =~ m{\A(\w+)\z} )
{
    $outfile = $1;
    open my $outFH, q{>}, $outfile
       or dir qq{open: $outfile: $!\n};
}
else
{
    die qq{Disallowed characters in filename\n};
}
[download]

I hope this is helpful.

Cheers,

JohnGG

Comment on Re: Insecure dependency in open while running with -T switch Download Code

Replies are listed 'Best First'.
Re^2: Insecure dependency in open while running with -T switch by ikegami (Patriarch) on Jan 19, 2008 at 00:27 UTC
Either you expect the code that uses in the file handle in the `if` (causing the error message to be far away from the error check), or you just created a file handle that gets closed before you get a chance to use it. Slight reorganization of your code: `if ( $outfile !~ m{\A(\w+)\z} ) { die qq{Disallowed characters in filename\n}; } $outfile = $1; open my $outFH, q{>}, $outfile or dir qq{open: $outfile: $!\n};` [download]	[reply] [d/l] [select]

Replies are listed 'Best First'.

Re^2: Insecure dependency in open while running with -T switch
by ikegami (Patriarch) on Jan 19, 2008 at 00:27 UTC

Either you expect the code that uses in the file handle in the if (causing the error message to be far away from the error check), or you just created a file handle that gets closed before you get a chance to use it. Slight reorganization of your code:

if ( $outfile !~ m{\A(\w+)\z} )
{
    die qq{Disallowed characters in filename\n};
}

$outfile = $1;
open my $outFH, q{>}, $outfile
   or dir qq{open: $outfile: $!\n};
[download]

[reply]
[d/l]
[select]