...
| Code Block | ||||
|---|---|---|---|---|
| ||||
my $filename = # initialize
open( FILE, $filename) or croak("file not found");
while (<>) {
print ":: $_";
};
|
This code suffers from the same vulnerability as the first noncompliant code example. The <> operator opens every file provided in the @ARGV array and returns a line from each file. It uses the two-argument form of open() to accomplish this. If any element of @ARGV begins or ends with |, it will be interpreted as a shell command and executed. In this manner, the <> operator acts exactly like the two-argument form of open().
...