Perl Security Issues

1
(No Transcript)
2
(No Transcript)
3
????????? ??????

• ???????
• ?????? ?????? gpenkov_at_phreedom.org ?????
  ??????? mmarinov_at_phreedom.org ?????
  ?????? roam_at_ringlet.net
• ??? ????????
• http//perl.phreedom.org

4
?????????

• ????????? ? ????? ????? perl ???????? ? ??
  ????????? ?? ?????. ???? ?? ????????? ??
  ????????????? ?? ?????.
• ???-?????? ????? ?? ????? ??????????? ?? ??????
• ????? ???????? ?? ?? ?? ???????? ?? ????????
  ???????? (automata/finite state machines
  theory).
• ??????????? ?????? ?? ??????, ????? ??????
  ??????
• ??????? ??? ?????????, ????? ? ?????? ? ???
  ??????? ?????. Perl ???????? ?? ????????? ??????
  ?? ?????? ???? ???????? ? ???????? ?????.

5
?????????

• Regular Expressions ????? ?? ??????? ?? ??-??????
  regexp ??? regex.
• ??? ???? regexp-????? ?? ??????? (patterns) ??
  ??????? ??-????? ?? ???????? ?? ?????????
  (matching) ????????? ?? ???????.
• ????? ????????? ????? ?? ??????????? ???????? ??
  ??????????? ?????? ?? ????? ???????.
• ? ?????? ?? ????????? ?????? ????? ????? ?? ??
  ????? ???????? ?? ????????????? ?????? ?????
  ??????, ???? ? ?? ?? ????????? ????? ?????? ?
  ?????????.

6
????? ??????

• ??????????? ?????? ?? ???????????? ???????? ???
  _. ? ???-??????? ?? ????? ????????? ????
• /regexp_string/
• /Hello/
• ?? ?? ? ????? ?????????? ??? ??????, ??? ????? ??
  ???? ???????? ?????? ?? ???????? ?????
• variable /regexp/
• Hello, young ladies and gentleman /and/
• ??? ???????? ?? ?????????? ?? ???????? ????
  ??????

var hello, young ladies' if ( var
/hello/ ) print "the young ladies were
warmly welcomed"
7
????? ??????

• ?????? ?????? ????? ?????? ? ???? ??????????
  ?????
• var /regexp/
• ???????????? ??????????? (//) ????? ?? ?????
  ???????? ? ????? ? ?????? ?? ?????
• var m!regexp! ? ???? ?????? / ??
  ??????? ???? ????????? ??????
• ?????? ???????? ?????? ? ???? ??????????
• var s/source/dest/

8
????? ??????

• ?? ??????????? ??????????? ?????? ?????? ???????
  ?/? ????? ? ??????.
• larodi /LARO/ ???? ?? ???????
• ??????????? ?????? ?????? ??????? ???????
  ???????? ??????????.
• bongo bingo /o/ ?? ?????? o-?? ??
  bongo
• ????? ?? ??????????? ?????? ????? ?? ?????
  ???????? ? ?????????? ? ????????? ?????????
• ????? ??????? ?? ??????? ?? ????????? ? ??????
  ?? ????? ??????????? ?? \ ?? ?? ?? ??????? ????
  ??????????. ???? ?? ???????? ???????
• ().?\

reggie ro var 'larodi var
/lareggie/ ?? ?????? laro
9
? ????????

• ??????????? ??????? ?? ????, ? ????? ?? ?????????
  ??-???????? ???????.
• ? ??? ?? ????????? ???????, ????? ???????
• ????? ??? ??????? ????? ???? ????
• ????????
• var /(la)3/ ?????? lalala
• var /a/ ?????? ???????? ???-?????
  a-??
• var /\d\d\d/ ?????? 3 ?????

10
??????? ???????? ???????

• \w ?????? ???????, ?? ????? ?? ????? ????
  (alphanumeric ? "_"). ????? ?????, ????? ??
  ???????? ? ???????????.
• \W ?????? ?????? ????? non-"word" ???????
• \s ?????? ?????? ??????? (?????????,
  ?????????)
• \S ?????? ?????? ???????, ????? ?? ?? ??????
• \d ?????? ?????
• \D ?????? ???????, ????? ?? ?? ?????

11
???????? ?? ??????????

• ?????? ???? 0 ??? ?????? ????
• ?????? ???? 1 ??? ?????? ????
• ? ?????? ???? 1 ??? 0 ????
• n ?????? ???? ????? n ????
• n, ?????? ???? n ????
• n,m ?????? ???? n ?? ?? ?????? ?? m ????

12
?????? ???????
!/usr/bin/perl test The teeeeesttt
sux print "found some 'e's \n" if (test
/e/ ) print "digits present \n" if (test
/\d/ )
!/usr/bin/perl _at_larodi qw q23al lro
5533tiriri tralalal aaaaa for (_at_larodi)
print we state that _ \n print \t has
3digits present \n if /\d3/ print \t
has some as \n if /a/ print
\t begins with digits followed by alphabet chars
\n if /\da-z/ print \t is alphanumeric
\n if /\w/
13
????????? ?? ????????? ?? ????????? ?????
!/usr/bin/perl test Da teeeeesttt sux
1000000 (million) timesssss test
/\d/ print ."\n" test /(\w\s)/
???? ??????? print 1."\n" test
/(e)(\w)/ print 1 2 \n"

• ? ?????? ?????? ??????? ????????.
• ? 1, 2, N ??????? ???????? ?????????
  ??????????? ????? ???????.

14
????????? ?? ????????? ?? ????????? ?????

• ? ?????? ????, ????? ?? ?????? ????? ?????????
  ??????. ????????? ? ?????? ????, ????? ? ????
  ????????? ??????.
• ? ?????????? ??????? ??????, ????? ? ???????
  ?????? ????? ?????.
• ?????? ????????? ?????????? ???????? ??????????
  ?? (?????? ???????? ???? ?????????? ?? ?????????
  ?????) ?? ???? ?? ????? ??? ?? ???????? ?????????
  ????? (????? ?? ????? ?????)
• \G ? ???????? ?? regexp ??????????? ???????????
  ?? ?? ???, ?? ?????? ? ??????? ????????? ????????
  ????? ????? ????????.

15
????????? ???????

• \ - ???????? ?????????????? ???????????
  ??????? metacharacter ???? ????????? ??????
• - ??????? ? ???????? ?? ????
• . - ?????? ??????? ? ?? ? ??????
• - ??????? ? ???? ?? ????
• - ????????? ???
• () - ?????????
• ???? ???????

16
????????? ?????, ??????, ?? ??? ???????? ??????
regexp ??????
!/usr/bin/perl a Da teeeeesttt sux 1000000
(million) timesssss ' a /.?(e)(\D\s)(\
d5,10\s)(.)i.?s./
Da teeeeesttt sux 1000000 (million) timesssss
(?)
(\d5,10\s)
.
.?
(.)


.?
(\D\s)
i
s
1
2
3
4
17
?????????? ?? ??????????? ??????

• ?? ???????????? ??????????? ?????? ?? ??????.
  ???? ???? ???????, ?????? ????? ?? ????????
  ???????? (??????, ???? ???????, ????) ?? ?
  ??????? ?????. ?????? Perl ?? ?????? ?? ????????
  ?????????? ????.
• ??????? ???? ?????? ?? ???? ?? ?????????? ??
  ????? ?? ???????????? ?????????, ? ? ??
  ?????????/??????? ?? ????????? ??????, ????? ??
  ??????. ????????
• (ab)5 - ?????? 5 ???? ? ??? b
• (a(cd)) - ?????? ac ad aac acdad

18
???????? ?????????
!/usr/bin/perl _ '?abcdgi'
/(?)(ab(cdef)((gi)j))/
(?) (ab (cdef) ( (gi) j ))
gi
1
cd
5

gi
M
3
4
abcdgi

2
19
????? ??????? ?? ????????? ? ????????? ???

• (abc) ??????? ? "", abc, abcabc,
  abcabcabc ? ?..? ?????? ? ???????
• xy ??????? ? x ? ???????? ??? y
  ?????? ???????
• (xy) ?????? x or y ? ???????? ??
  ???????
• abcd a ??? bc ??? d
• (ab)(cd) ac, ad, bc ??? bd
• (songblue)bird songbird ??? bluebird

20
??????? ?? ??????? ??????
a 'acadaabababbddcc' a /(a(cd))/ print
?????? acad
a 'acadaabababbddcc' a /(a(cd))/ prin
t ?????? acadaa
a 'acadaabababbddcc' a /(a(cdb))/ p
rint ?????? acadaabababbddcc
a 'acadaabababbddcc' a /(a(cdb))/ pri
nt ?????? ac
21
????????????

• ?????????? ?? ???? ?????????? ?????????? ??
  ????????
• i ??????????? case-insensitive. ????? ?? ??
  ????? ??????? ????? ????? ? ?????? ?????.
• m ??????? ?? ????????? ???? ??????????. ?
  ???????? ?? ? ???????? ? ???? ?? ???????, ?
  ???????? ? ???? ?? ????? ???.
• s ???????? ?? ????????? ???? ???? ???. ????? ?
  ????????????? ???????? ?????? ???????. ????????
  \n ????? ??????, ????? ?? ???? match-???, ?????
  ?? ??????? . ?? ?? ????????.
• ms ????? ???????????? (s ? m) ??????
  ?????????? . ?? match-?? \n, ?? ??? ??? ?
  ??????????? ?? ??????? ?????? ? ???? ?? ??? ?
  ???????.
• x ????????? ???????????? ?? ????????? ?
  ?????????, ????? ????? ?????????? ?????
  ??-?????,?????? ? ?????
• o ?????????? ?????? ???? ???????? ?????????????
  ?????????? ?? ??????????? ????????? ? ????.
• ?????? ??? ?????? ?? ???? ?????????? ?? ???????,
  ???????? ????? ???????, ???? ?? ?? ???????
  ???????? ????? ???????????? ? while ? for.

22
??????? ?? ????????????
!/usr/bin/perl use strict my testString GO
T THEM POINTS FOR FREE ?" my _at_searchItems qw(go
t free points) foreach my item ( _at_searchItems
) testString /(itemfor)/oi optimize
case insensitive print "item\t\t 1
\t ltlt ! gtgt \n" foreach my item (
_at_searchItems ) testString /(itemfor)/i
case insensitive print "item\t\t 1 \t ltlt
? gtgt \n"
??? ?????????? ?? ??????????? ???????????? ?
?????????? ?? regexp-a ?? ???????? ???? ???
??????? ?? ?????????
23
??????? ?? m ? s
!/usr/bin/perl _ a\nmulty\nline while
(/(.)/mg) print ! ! \n while
(/(.)/sg) print \n while
(/(.)/msg) print !! !! \n
24
???????? split ? regexp

• ???????? split ????????? ?????????? ?? ?????
  ?????? ???? ???????????? ?? ?????? ? ?????? ??
  regexp. ???? ???????? ????? ?????? ? ?????????
  ???????.
• split /PATTERN/,EXPR,LIMIT LIMIT ????????
  ??????????? ???? ???????, ????? ?? ????? ???????
• split /PATTERN/,EXPR
• split /PATTERN/
• ??? ? ??????? ?????????? ? ????? ???? ????????
  split ????? ? ????, ????? ? ?????????? ?/?
  ???????.

_at_logLines (10-12,20,,,brief comment,
12-14,40,,,,
14-16,50,,,comment)for (_at_logLines)
(start, end, quantity) split(/,-/, _,2)
print a quantity of quantity was produced in
the timeslice between start and end \n
25
???????????? ????????? ? ???????

• ??????
• if!(var /REGEXP/)
• ???? ?? ?? ???????? ?????
• if(var ! /REGEXP/)
• ? ???????? ???????? ?????????? ?? ??????????? ??
  regexp ? ?????? ??? ??????????? ???????? ?
  1..n
• _ jorenzo penkozzi(name, family)
  (/(\w)\s(\w)/)print name family
• ??????????? ?????? ????? ?? ????? ???????? ?????
  ? ?? ????????? ??? ??? ???????? ???????????
• perl -lpe'BEGINrpop _/r/?"Yes""No"'
  your_regex_here
• ??? ??? Windows
• perl -lpe"BEGINrpop _/r/?'Yes''No'"
  your_regex_here

26
?????????? ?? ?????? ? ????

• ????? ??????????? ????????
• s/REGEXP/REPLACED/
• ? ???? ??????????? ?? ???????? ???????????? ????
  ?? ??????? ?????? ?? REGEXP ??? REPLACED
• ??????????? ??????????? g ??????????? ????????
  ?? ?????? ????????, ? ?? ???? ?? ???????
• REPLACED ?? ?????????? ? ???? ?? ??????? ?????
  ?????????? ??????, ???? ? ?????? ? ??????????
  (??????? ??? ????????). ??????

string incoming call from 0887466321'digs
qw 1 one 2 two 3 three 4 four 5 five 6 six 7
seven 8 eight 9 nine string
s/.?(\d)/1 placed a call/ print
string.\nstring s/\d//
????????? ??????? ? string s/\d/
digs/g ???????? ?????????? ????? ?
??????? ?? digs print string.\n
27
???????? ?? ??????????

• ? ?????? ??
• tr/SEARCHLIST/REPLACEMENTLIST/cds
• ?? ?????????? ????? ???? ??????? ?? ?????? ?
  ???? ????
• ????? ?? ????????? ? ?????? ???? ?? ?????? ???
  ?????????? (? ?????????) ?? ?????? ????.
• ?????????? ??????? ????? ?? ????? ???????? ?????
  ? ???????? ??? a-z, ???? ? ?? ????? ?????????
  ??? ????????? ? ????????.
• ???????? ?? ????????????
• d ?????????, ????? ????? ?????????? ??
  SEARCHLIST ? REPLACEMENTLIST ?? ????????
• s ???????????? ???????? ?? ????? ??
  ????????????? ?? ??????? ? ????
  ??????tr/a-zA-Z//s bookkeeper
  -gt bokeper
• c ?????? ? ?????? ???? ?????????, SEARCHLIST ??
  ??????? ? ???????????? ?? ?????. tr/a-zA-Z/ /cs
  ??????? ??????, ????? ?? ? ????? ? ?????????
  ?????? ??????

28
Larrys filename fixer
!/usr/bin/perl -w rename - larry's filename
fixer small script from the "perl cookbook"
examples rename 's/\.orig//' .orig
rename 'tr/A-Z/a-Z/ unless /Make/'
rename '_ . "bad"' .f rename
'print "_ " s/foo/bar/ if ltSTDINgt /y/i'
find /tmp -name '' -print
rename 's/(.)/.1/' use strict my op
shift or die "Usage rename expr
files\n" chomp(_at_ARGV ltSTDINgt) unless _at_ARGV
for (_at_ARGV) ? _ ?????????????? ???????
??????
my was _ eval op
?????????? ?? ?????? ?? ??????? _ die _at_ if
_at_ rename(was,_) unless was eq _

??? ??? ???????? ?? wildcard (.nesto) ??
????????? ??? perl ??????????? ?? ??????????? ???
????? ?? ??????? ?????????? ?? ??????????
(???????? a.nesto) ? ??????? ? ???????? ??????????
29
?????????? ?????????

• perldoc prelrequick
• perldoc perlre
• perldoc perlretut
• Learning Perl 2nd edition
• perlmonks.org
• perl cookbook

30
?????????? ?? ??????????
??????? ? ????????? ?? ????? ?????(?? ????? ????
????)