Home/ Questions/Q 345653
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-12T11:06:14+00:00

Assume that the following Perl code is given: my $user_supplied_string = &retrieved_from_untrusted_user(); $user_supplied_string =~

  • 0

Assume that the following Perl code is given:

my $user_supplied_string = &retrieved_from_untrusted_user();
$user_supplied_string =~ s/.../.../g; # filtering done here
my $output = `/path/to/some/command '${user_supplied_string}'`;

The code is clearly insecure, but assume that the only thing that can be changed is the filtering code on line #2.

My question:

  • What is the minimal set of characters that needs to be filtered on line #2 to make the above code secure?

Please note:

  • Whitelisting is not an option in this case, so please keep your answer focused on what to filter out to make it secure. And more specifically; what is the minimal set of characters to filter out to make it secure? Everything else is off-topic.
  • Make sure your answer addresses the question stated (“What is the minimal set of characters that needs to be filtered on line #2 to make the above code secure?”). If your answer does not address that very specific question then don’t post. Thanks.
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    First, given that you are concerned with security, I suggest you look into taint mode. As for the minimal set of characters to allow to be visible to shell, you are better off not letting any characters be seen by the shell:

    my $output = do {
    local $/;
    open my $pipe, "-|", "/path/to/some/command", $user_supplied_string
        or die "could not run /path/to/some/command: $!";
    <$pipe>;
};
    • 0