in reply to Printing regular expression variable
Tangential observation: Pro forma untainting may be worse than none:
#!/usr/bin/perl -T use 5.016; my $regex = qr/^.*$/; # match anything, including an empty string my @strings = ('delete everything', 'overclock till cpu smokes', 'we ownz you exec(nasty code here)', ' ', '', ); untaint(@strings); sub untaint() { for my $elem(@strings) { if ( $elem =~ /$regex/ ) { say "Thank you, sucker. You are borked, really bad!"; }else{ say "Oh look, untainting did something more than merely al +low any-old-badstruff to pass untaint. string untainted was -|$elem|- +"; } } }
Execution produces:
C:\>untaint-bad.pl Thank you, sucker. You are borked, really bad! |delete everything|' passed. Thank you, sucker. You are borked, really bad! |overclock till cpu smokes|' passed. Thank you, sucker. You are borked, really bad! |we ownz you exec(nasty code here)|' passed. Thank you, sucker. You are borked, really bad! | |' passed. Thank you, sucker. You are borked, really bad! ||' passed.
|
|---|
| Replies are listed 'Best First'. | |
|---|---|
|
Re^2: Printing regular expression variable
by MattLG (Beadle) on May 28, 2013 at 13:20 UTC | |
by ww (Archbishop) on May 28, 2013 at 15:04 UTC | |
by MattLG (Beadle) on May 28, 2013 at 22:42 UTC |