Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: perl: code execution via specially crafted regular expression. It it possible ?
Top Forums Programming perl: code execution via specially crafted regular expression. It it possible ? Post 302599163 by Corona688 on Thursday 16th of February 2012 10:49:31 AM
Old 02-16-2012
I don't think so. It depends what your code actually is of course, if you do silly things like throw 'eval' around then there could be holes everywhere..
 

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Regular expression help in perl

Hi all, I am trying to match a multi line string and return the matching string in one line. Here is the perl code that I wrote: #!/usr/bin/perl my $str='<title>My title</title>'; if ($str =~ /(<title>)(+)(<\/title>)/ ){ print "$2\n"; } It returns : My title I want the... (3 Replies)
Discussion started by: sdubey
3 Replies

2. Shell Programming and Scripting

perl regular expression

letz say that my file has 7 records with only one field. So my file has: 11111111 000000000000000 1111 aaaabbbccc 1111111222000000 aaaaaaaa zz All i need is: 1. when the field has a repetition of the same instance(a-z or 0-9), i would consideer it to be invalid.... (1 Reply)
Discussion started by: helengoldman
1 Replies

3. Shell Programming and Scripting

regular expression in perl

hi, i want to extract the sessionID from this line. QnA Session Id : here the output should be-- QnA_SessionID=128589 Thanks NT (3 Replies)
Discussion started by: namishtiwari
3 Replies

4. Shell Programming and Scripting

PERL regular expression

Hello all, I need to match the red expressions in the following lines : MACRO_P+P-_scrambledServices_REM_PRC30.xml MACRO_P+P-_scrambledServices_REM_RS636.xml MACRO_P+P-_scrambledServices_REM_RS535.xml and so on... Can anyone give me a PERL regular expression to match those characters ? ... (5 Replies)
Discussion started by: lsaas
5 Replies

5. Shell Programming and Scripting

perl regular expression

Dear all, I have a simple issue on a perl regular expression. I want to get the characters in red from the next lines : POWER_key LEFT_key RIGHT_key OK_key DOWN_key and so on... Thanks in advance for reply. Ludo (1 Reply)
Discussion started by: lsaas
1 Replies

6. Shell Programming and Scripting

Regular expression in Perl

Hi, I need and expression for a word like abc_xyz_ykklm The expresion should indicate that the word starts with abc and end with ykklm but does not contain xyz string in the middle. Example: abc_tmn_ykklm is ok and abc_xyz_ykklm is not Ok. Please help. Regards. (1 Reply)
Discussion started by: asth
1 Replies

7. Shell Programming and Scripting

Need perl regular expression

Hi, I am looking for a Perl regular expression to match the below pattern of a java script file. var so = object.device.load('camera','value'); I want to grep out such lines present in the *.js files. The conditions are: a) the line may start with blank space(s) b) always the... (3 Replies)
Discussion started by: royalibrahim
3 Replies

8. Shell Programming and Scripting

Perl regular expression and %

Could you help me with this please. This regular expression seems to match for the wrong input #!/usr/bin/perl my $inputtext = "W1a$%XXX"; if($inputtext =~ m/+X+/) { print "matches\n"; } The problem seems to be %. if inputtext is W1a$XXX, the regex doesnot match.... (5 Replies)
Discussion started by: suppandi7
5 Replies

9. Shell Programming and Scripting

Hidden Characters in Regular Expression Matching Perl - Perl Newbie

I am completely new to perl programming. My father is helping me learn said programming language. However, I am stuck on one of the assignments he has given me, and I can't find very much help with it via google, either because I have a tiny attention span, or because I can be very very dense. ... (4 Replies)
Discussion started by: kittyluva2
4 Replies

10. Programming

Perl: How to read from a file, do regular expression and then replace the found regular expression

Hi all, How am I read a file, find the match regular expression and overwrite to the same files. open DESTINATION_FILE, "<tmptravl.dat" or die "tmptravl.dat"; open NEW_DESTINATION_FILE, ">new_tmptravl.dat" or die "new_tmptravl.dat"; while (<DESTINATION_FILE>) { # print... (1 Reply)
Discussion started by: jessy83
1 Replies

LEARN ABOUT REDHAT

re

re(3pm) 						 Perl Programmers Reference Guide						   re(3pm)

NAME

       re - Perl pragma to alter regular expression behaviour

SYNOPSIS

	   use re 'taint';
	   ($x) = ($^X =~ /^(.*)$/s);	  # $x is tainted here

	   $pat = '(?{ $foo = 1 })';
	   use re 'eval';
	   /foo${pat}bar/;		  # won't fail (when not under -T switch)

	   {
	       no re 'taint';		  # the default
	       ($x) = ($^X =~ /^(.*)$/s); # $x is not tainted here

	       no re 'eval';		  # the default
	       /foo${pat}bar/;		  # disallowed (with or without -T switch)
	   }

	   use re 'debug';		  # NOT lexically scoped (as others are)
	   /^(.*)$/s;			  # output debugging info during
					  #	compile and run time

	   use re 'debugcolor'; 	  # same as 'debug', but with colored output
	   ...

       (We use $^X in these examples because it's tainted by default.)

DESCRIPTION

       When "use re 'taint'" is in effect, and a tainted string is the target of a regex, the regex memories (or values returned by the m// opera-
       tor in list context) are tainted.  This feature is useful when regex operations on tainted data aren't meant to extract safe substrings,
       but to perform other transformations.

       When "use re 'eval'" is in effect, a regex is allowed to contain "(?{ ... })" zero-width assertions even if regular expression contains
       variable interpolation.	That is normally disallowed, since it is a potential security risk.  Note that this pragma is ignored when the
       regular expression is obtained from tainted data, i.e.  evaluation is always disallowed with tainted regular expresssions.  See "(?{ code
       })" in perlre.

       For the purpose of this pragma, interpolation of precompiled regular expressions (i.e., the result of "qr//") is not considered variable
       interpolation.  Thus:

	   /foo${pat}bar/

       is allowed if $pat is a precompiled regular expression, even if $pat contains "(?{ ... })" assertions.

       When "use re 'debug'" is in effect, perl emits debugging messages when compiling and using regular expressions.	The output is the same as
       that obtained by running a "-DDEBUGGING"-enabled perl interpreter with the -Dr switch. It may be quite voluminous depending on the complex-
       ity of the match.  Using "debugcolor" instead of "debug" enables a form of output that can be used to get a colorful display on terminals
       that understand termcap color sequences.  Set $ENV{PERL_RE_TC} to a comma-separated list of "termcap" properties to use for highlighting
       strings on/off, pre-point part on/off.  See "Debugging regular expressions" in perldebug for additional info.

       The directive "use re 'debug'" is not lexically scoped, as the other directives are.  It has both compile-time and run-time effects.

       See "Pragmatic Modules" in perlmodlib.

perl v5.8.0							    2002-06-01								   re(3pm)
All times are GMT -4. The time now is 07:31 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy