Re: (Ovid) Re: A Quest for Taint

Because you can't run a regex against the variable to untaint the value until execution time.

Maybe I can give a better explanation of what's going on here:
The overall application has an Environment variable pointing to the root of a filesystem/application tree. Lets call it good ol $ENV{FOO}. So far so good, but the perl script needs to pull in a library that is relative to $ENV{FOO}. Let's call that "/bar/lib". There is no way under perl -T that I can call 'use lib "$ENV{FOO}/bar/lib"' because I cannot clear the taint from $ENV{FOO} at compile time.

Hmmm too much english here's some code:

#! /usr/bin/perl -T
$DEZVAR = $ENV{CRROOTWSDIR};

if ($CRROOTWSDIR =~ /^([-\/\w.]+)$/) #Can't evaluate this 
      {                              #until execution
         $MAINPATH = $1
       }
else
      {
        die "Invalid path, please check setenv";
       }

$LIB = "$MAINPATH/cr/cds/comms/x2p";

use lib $LIB; #Must be available at compiletime

blah;
blah;
blah;
[download]

coreolyn Duct tape devotee.
-- That's OO perl, NOT uh-oh perl !-)

Comment on Re: (Ovid) Re: A Quest for Taint Download Code

Replies are listed 'Best First'.
Re: Re: (Ovid) Re: A Quest for Taint by chipmunk (Parson) on Dec 14, 2000 at 01:31 UTC
Ah, but that's what BEGIN blocks are for. BEGIN { } blocks are executed at compile time. `#! /usr/bin/perl -T BEGIN { $DEZVAR = $ENV{CRROOTWSDIR}; if ($CRROOTWSDIR =~ /^([-\/\w.]+)$/) { $MAINPATH = $1 } else { die "Invalid path, please check setenv"; } $LIB = "$MAINPATH/cr/cds/comms/x2p"; } use lib $LIB; blah; blah; blah;` [download] The important thing here is that the use lib has to be outside the BEGIN block. If it were inside, it would be executed while the BEGIN block was being compiled, not while it was being executed. Other useful blocks include: END {}, executed when your program is about to exit; CHECK {}, executed after your program has been compiled; and INIT {}, executed before your program starts running. The difference between the latter two is that perl -c will execute CHECK {} blocks, but not INIT {} blocks. CHECK {} was added in 5.6.0. UPDATE: I don't know why, but BEGIN et al. are documented in perlmod. Thanks to merlyn for pointing me there!	[reply] [d/l]
Re: Re: Re: (Ovid) Re: A Quest for Taint by coreolyn (Parson) on Dec 14, 2000 at 01:36 UTC
The good thing about feeling stupid is the fact that usually it implies you've learned something. Thanks!	[reply]