perl – 如何“解开”变量?

前端之家收集整理的这篇文章主要介绍了perl – 如何“解开”变量?前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
据我所知,一旦变量被污染,Perl将不允许在system(),exec(),管道打开,eval(),反引号命令或任何影响程序之外的东西的函数中使用它(例如unlink ).那么解开它的过程是什么?

解决方法

在受污染的变量上使用正则表达式来提取“安全”值:

Sometimes you have just to clear your data’s taintedness. Values may be untainted by using them as keys in a hash; otherwise the only way to bypass the tainting mechanism is by referencing subpatterns from a regular expression match. Perl presumes that if you reference a substring using $1,$2,etc.,that you knew what you were doing when you wrote the pattern.

不要忽略此警告:

That means using a bit of thought–don’t just blindly untaint anything,or you defeat the entire mechanism. It’s better to verify that the variable has only good characters (for certain values of “good”) rather than checking whether it has any bad characters. That’s because it’s far too easy to miss bad characters that you never thought of.

Perlsec: Laundering and Detecting Tainted Data

猜你在找的Perl相关文章