in reply to Re^3: Insecure dependency in open while running with -T switch
in thread Insecure dependency in open while running with -T switch

Symbol "/" or "\" is always tainted as far as I understand.
You understand incorrectly. "/" and "\" is fine if that is what you allow in your regular expression to untaint the data.
  • Comment on Re^4: Insecure dependency in open while running with -T switch

Replies are listed 'Best First'.
Re^5: Insecure dependency in open while running with -T switch
by vit (Friar) on Jan 19, 2008 at 00:53 UTC
    So now allowed additionally \\ \/ and \s which I need to pass files and parameter into my internal perl script and my CGI started working with -T 
    sub untainted_string
{
my ($data) = @_;

if ($data =~ /^([-\@\w.\\\/\s]+)$/)
{
        $data = $1;                     # $data now untainted
}
else
{
        die "Bad data in '$data'";
}
return $data;
}

    [download]
    So where might I be in danger now? Why -T makes my CGI safer?
[reply]
[d/l]
      It used to be more of a problem before 3-arg open (and you are only using two args, so it is a problem). When you include "|" as the first or last character of a "file name", perl interprets the "file" as a command to run. That's why -T makes your program safer. Even though you could allow "|" in your file name, it forces you think about such things.
[reply]
        I tried to convert string to a number using eval() and it worked fine. -T considered it insecure and made me to replace eval() with int() which makes sense in my code logic. But why eval() was insecure? 
         
  my $pop_level = int($pop_level1);

        [download]
[reply]
[d/l]

In Section Seekers of Perl Wisdom