perl – 如何“解开”变量?

据我所知,一旦变量被污染,Perl将不允许在system(),exec(),管道打开,eval(),反引号命令或任何影响程序之外的东西的函数中使用它(例如unlink ).那么解开它的过程是什么?

解决方法

在受污染的变量上使用正则表达式来提取“安全”值:

Sometimes you have just to clear your data’s taintedness. Values may be untainted by using them as keys in a hash; otherwise the only way to bypass the tainting mechanism is by referencing subpatterns from a regular expression match. Perl presumes that if you reference a substring using $1,$2,etc.,that you knew what you were doing when you wrote the pattern.

不要忽略此警告:

That means using a bit of thought–don’t just blindly untaint anything,or you defeat the entire mechanism. It’s better to verify that the variable has only good characters (for certain values of “good”) rather than checking whether it has any bad characters. That’s because it’s far too easy to miss bad characters that you never thought of.

Perlsec: Laundering and Detecting Tainted Data

相关文章

忍不住在 PerlChina 邮件列表中盘点了一下 Perl 里的 Web 应用框架(巧的是 PerlBuzz 最近也有一篇相关...
bless有两个参数:对象的引用、类的名称。 类的名称是一个字符串,代表了类的类型信息,这是理解bless的...
gb2312转Utf的方法: use Encode; my $str = "中文"; $str_cnsoftware = encode("utf-8...
  perl 计算硬盘利用率, 以%来查看硬盘资源是否存在IO消耗cpu资源情况; 部份代码参考了iostat源码;...
1 简单变量 Perl 的 Hello World 是怎么写的呢?请看下面的程序: #!/usr/bin/perl print "Hello W...
本文介绍Perl的Perl的简单语法,包括基本输入输出、分支循环控制结构、函数、常用系统调用和文件操作,...