Potentially insecure Perl scripts
Guillem Jover
guillem at debian.org
Thu Jan 24 21:40:08 GMT 2019
On Thu, 2019-01-24 at 21:08:00 +0000, Niels Thykier wrote:
> Ian Jackson:
> > I asked codesearch about
> > while.*\<\>
> > and got 10780 results.
>
> I had a similar thought but tried a slightly more complex pattern:
>
> (while\s*|for(each)?\s*(my)?\s*\$.*)\(.*<>\s*\)
>
> The pattern also tries to cover "for" and "foreach" while also being
> more strict to prune false positives (C++ templates, Pascal and SQL trip
> naive searches for "<>").
>
> This variant still puts us in the 3000 - 4000 results, which (while
> being less than half of the original number) is far more than is likely
> to be resolved manually in a reasonable time frame.
Oh, and you both are missing <ARGV>. XD
Thanks,
Guillem
More information about the Perl-maintainers
mailing list