Re: Re: Re: Insecure dependency message ?

Possibly one thing to consider is this perl script (now 1064 lines) was inherited from a Unix box. Maybe Perl worked _slightly_ differently there ??

I imagine that perl worked significantly different there as there are many perl built-ins that don't exist on Win32 :-) But I don't think that's relevant to your problem. It just looks like you have possibly multiple sources of tainted data that you need to untaint before using. The cannonical way to untaint your data is by using a regular expression. For example, your $seq variable is read from a file and is supposed to be a number but perl has no way of knowing this; it's just text read from a file. So, to untaint it:

($seq) = $seq =~ /(\d+)/;     # Just grab the first run of digits
[download]

duff

Comment on Re: Re: Re: Insecure dependency message ? Select or Download Code

Replies are listed 'Best First'.
Re: Re: Re: Re: Insecure dependency message ? by peterr (Scribe) on Jan 06, 2004 at 04:40 UTC
I imagine that perl worked significantly different there as there are many perl built-ins that don't exist on Win32 :-) But I don't think that's relevant to your problem. Yes, you're are correct. The migration was Unix --> Linux ; I only mentioned Win32, because I also have Perl installed at home, it saves a bit on bandwidth and testing time, and for teaching myself some more perl. That said, there are a number of things I can't do on the Win32 box. :( It just looks like you have possibly multiple sources of tainted data that you need to untaint before using. I've never heard of the word taint before, although if something is "tainted", in english, it is "dirty", so I assume tainted data is "dirty data" ? The cannonical way to untaint your data is by using a regular expression. For example, your $seq variable is read from a file and is supposed to be a number but perl has no way of knowing this; it's just text read from a file. So, to untaint it: `($seq) = $seq =~ /(\d+)/; # Just grab the first run of digits` [download] Great, thanks for the tip on how to untaint :) Peter	[reply] [d/l]

Replies are listed 'Best First'.

Re: Re: Re: Re: Insecure dependency message ?
by peterr (Scribe) on Jan 06, 2004 at 04:40 UTC

I imagine that perl worked significantly different there as there are many perl built-ins that don't exist on Win32 :-) But I don't think that's relevant to your problem.

Yes, you're are correct. The migration was Unix --> Linux ; I only mentioned Win32, because I also have Perl installed at home, it saves a bit on bandwidth and testing time, and for teaching myself some more perl. That said, there are a number of things I can't do on the Win32 box. :(

It just looks like you have possibly multiple sources of tainted data that you need to untaint before using.

I've never heard of the word taint before, although if something is "tainted", in english, it is "dirty", so I assume tainted data is "dirty data" ?

The cannonical way to untaint your data is by using a regular expression. For example, your $seq variable is read from a file and is supposed to be a number but perl has no way of knowing this; it's just text read from a file. So, to untaint it:

($seq) = $seq =~ /(\d+)/;     # Just grab the first run of digits
[download]

Great, thanks for the tip on how to untaint :)

Peter

[reply]
[d/l]