开发者

Regular expression safety

开发者 https://www.devze.com 2023-03-03 21:06 出处:网络
Is this enough safety for preventing an undefined variable from making its way into my script? # Find the name of the VMXF file

Is this enough safety for preventing an undefined variable from making its way into my script?

    # Find the name of the VMXF file
$getfilelayout =~ /^ \s+ " (?<vmxf_file> .+\.vmxf) " /xm;

if ("$+{vmxf_file}" eq '') {
    $vmxf_file = 'undef';
} else {
    $vmxf_file = "$+{vmxf_file}";
    $vmxf_file = $ssh开发者_运维知识库_obj->capture("find -name $vmxf_file");
}

If not, what else could I do?


You should not assume the match succeeded, so put it in an if. Also, you don’t have to quote your named captures: $+{vmxf_file} retrieves it just fine. Here I assume that the filename does not have whitespace or quotes in it:

use 5.010;

if ($getfilelayout =~ /^ \h+ " (?<vmxf_file> ["\s]+ \.vmxf) " /xm) {
    $captcha = $+{vmxf_file};
    $found   = $ssh_obj->capture("find -name $captcha");
}

The "safety" issue is that you don’t know what sort of metachars are in the capture. The right way would be to use something more like

system("find", "-name", $captcha);

but that doesn’t capture your output. I don’t think the ssh protocol allows for safe shelling, but I don’t know. What class are you using?


# An undefined variable might not be your only worry!?!
my $getfilelayout = q{  " '*' | xargs rm ; echo .vmxf" };

# A regex in list context returns the captures.
# IMHO, this seems cleaner than what you've got.
my ($vmxf_file) = $getfilelayout =~ /^\s+ "(.+\.vmxf)"/xm;

# Proceed accordingly.
if (defined $vmxf_file){
    ...
}
0

精彩评论

暂无评论...
验证码 换一张
取 消