rmtree and untaint

[Flagstaff]

I untaint input from a cgi form in the standard way:

if ($variable =~ /^([-_\w\s]+)$/) { $variable = $1 }
else { error_handling ("bad_data", $variable) }

but when I try to use the rmtree function in File:ath I get an error
that the variable is untainted. Can anyone give me insight here?

Thanks

 

[Flagstaff]

I untaint input from a cgi form in the standard way:

if ($variable =~ /^([-_\w\s]+)$/) { $variable = $1 }
else { error_handling ("bad_data", $variable) }

but when I try to use the rmtree function in File:ath I get an error
that the variable is untainted. Can anyone give me insight here?

Thanks

I also get the same error if I try to delete all files in a directory
.....something like:

unlink (./*);

so I think this is related.

 

[Gunnar Hjalmarsson]

I untaint input from a cgi form in the standard way:

if ($variable =~ /^([-_\w\s]+)$/) { $variable = $1 }
else { error_handling ("bad_data", $variable) }

but when I try to use the rmtree function in File:ath I get an
error that the variable is untainted. Can anyone give me insight
here?

rmtree() uses the readdir() function, whose output is tainted, and
since File:ath seems to not have any option to be run in taint mode,
you should probably try some other approach.

File::Find, that includes an 'untaint' option, might be useful.

 

[Martien Verbruggen]

I untaint input from a cgi form in the standard way:

if ($variable =~ /^([-_\w\s]+)$/) { $variable = $1 }
else { error_handling ("bad_data", $variable) }

but when I try to use the rmtree function in File:ath I get an error
that the variable is untainted. Can anyone give me insight here?

You mean that the variable is tainted, as in an "Insecure dependency"
error? What is the exact error message, and what exactly is the code
that triggers it?

I also get the same error if I try to delete all files in a directory

What is that error though?

....something like:

unlink (./*);

so I think this is related.

This is a syntax error.

unlink takes a list of file names to remove. Perl is not shell, so it
won't automatically replace glob patterns with file names. Even if you
quoted the above, so it wasn't a syntax error, and wrote:

unlink ("./*");

perl would try to unlink the file with the literal name ./*. You
probably need the glob operation or <>, but you should realise that
those operations return tainted data, and therefore need to be
untainted.

So, if you wrote

unlink <./*>;

you would get a message stating that there is an insecure dependency.

Have you checked whether the variable is tainted, as is suggested in the
perlsec documentation, and in perl FAQ 7?

You need to be much more precise and clear next time you report a
problem.

Martien

 

[Flagstaff]

I untaint input from a cgi form in the standard way:

if ($variable =~ /^([-_\w\s]+)$/) { $variable = $1 }
else { error_handling ("bad_data", $variable) }

but when I try to use the rmtree function in File:ath I get an
error that the variable is untainted. Can anyone give me insight
here?

rmtree() uses the readdir() function, whose output is tainted, and
since File:ath seems to not have any option to be run in taint mode,
you should probably try some other approach.

File::Find, that includes an 'untaint' option, might be useful.

Hey thanks. Is good to know that it is not just some buggy thing in my
code!