1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44
#!/usr/bin/perl -T use strict; use warnings; use v5.10; use Scalar::Util; use locale; use POSIX qw(locale_h); setlocale(LC_CTYPE, "de_DE"); sub filter_string { my $s = shift; warn("raw string '$s' is tainted") if Scalar::Util::tainted($s); $s =~ m:^(.+?) \([0-9]{4}(/[IVX]+)?\).*?$: or die "String '$s' doesn't match"; $s = $1; warn("filtered string '$s' is tainted") if Scalar::Util::tainted($s); $s; } my @strings = ('ABC1 (1945/IXV)', 'ABC2 (1945)', 'ABC3 (1945)', 'ABC4 (1945) {DEF()}', 'ABC5 (1945) {D ()}', 'ABC6 (1945) {D(#)}', 'ABC7 (1945) {D (#)}', 'ABC8 (1945) {()}', 'ABC9 (1945) {D ()}', 'ABC10 (1945) ()', 'ABC11 (1945) {()', 'ABC12 (1945) { ()}', 'ABC13 (1945) { ()', 'ABC14 (1945) x(/', 'ABC15 (1945) ( ', 'ABC16 (1945) (', 'ABC17 (1945) { (', 'ABC18 (1945) { (#', ); foreach my $s (@strings) { say filter_string($s); }
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
filtered string 'ABC1' is tainted at ./check_taint.pl line 18.
ABC1
ABC2
ABC3
ABC4
filtered string 'ABC5' is tainted at ./check_taint.pl line 18.
ABC5
ABC6
filtered string 'ABC7' is tainted at ./check_taint.pl line 18.
ABC7
ABC8
filtered string 'ABC9' is tainted at ./check_taint.pl line 18.
ABC9
filtered string 'ABC10' is tainted at ./check_taint.pl line 18.
ABC10
ABC11
filtered string 'ABC12' is tainted at ./check_taint.pl line 18.
ABC12
filtered string 'ABC13' is tainted at ./check_taint.pl line 18.
ABC13
ABC14
filtered string 'ABC15' is tainted at ./check_taint.pl line 18.
ABC15
ABC16
ABC17
filtered string 'ABC18' is tainted at ./check_taint.pl line 18.
ABC18
String 'ABC1 (1945/IXV)' doesn't match at taint.pl line 16.
2015-02-16T11:06:01 RaubtierDie Frage ist auch, warum das bei dir überhaupt matcht!
1
2
3
4
5
6
7
perl -T taint.pl
filtered string 'ABC1' is tainted at taint.pl line 18.
ABC1
ABC2
ABC3
ABC4
....