greping over web is a security issue

[rufusbaby]

Hi, I am pretty useless at Perl. (Disclaimer over) Basically, I have written a viewer which will read log files over the web. Problem is however, I have written a function which executes as follows -

sub grep
{
$cmd_line = "egrep \"${regexp}\" ${qual_file}";
&generic_command;
}

regexp is the search string as entered in a text field and qual_file is the name of the selected file.

This grep command works fine and I can see the contents of the file on screen ok. The problem is though is that this can be broken and there is nothing to stop a malicious user from doing a rm command or something similar. Any ideas as to how I can get around this?

 

[missbarbell]

Use tainting, and before passing the regex to egrep do something like:

$regex =~ s/^(\w+).*$/$1/;

This will strip off any non-alphanumeric characters after the first block of alphanumerics. If you need to allow special characters, avoid the following ` | ;

In addition have a look at the File::Grep module. A nice little module with all the grep stuff builtin. Saves you calling a system command.

HTH,
Barbie. Leader of Birmingham Perl Mongers

http://birmingham.pm.org