showing error Insecure dependency in parameter 3 of DBI::db=HASH(0xa32bd40)->do method call while running with -T switch

Question

i got the error Insecure dependency in parameter 3 of DBI::db=HASH(0xa32bd40)->do method call while running with -T switch while i modified the file show_bug.cgi

what is the reason?

could any one pls answer this? – Jenifer_justin May 20 '13 at 12:49 — Jenifer_justin, May 20 '13 at 12:49

score 3 · Answer 1 · answered May 20 '13 at 13:00

3

To untaint ie. variable $unsecure, a regular expression should be applied

my ($secure) = $unsecure =~ / (\d+) /x
  or die q{we couldn't find number in $unsecure};

answered May 20 '13 at 13:00

mpapec

50,217
8
67
127

score 2 · Accepted Answer · answered May 20 '13 at 12:50

2

To untaint a variable, you must match it against a capturing regular expression. See perlsec - Perl Security for details.

answered May 20 '13 at 12:50

choroba

231,213
25
204
289

what can be regular expression for strings? – Jenifer_justin May 20 '13 at 12:52
@Jenifer_justin: You probably added a new parameter to a function. You should check that the value of the parameter is valid, e.g. if it is a number, use `$number =~ /^([0-9]+)$/`. – choroba May 20 '13 at 12:55
k. can i use the expression /^([-\@\w.]+)$/ for strings? – Jenifer_justin May 20 '13 at 13:00
@Jenifer_justin: It really depends on what you expect in the new parameter. – choroba May 20 '13 at 13:15

showing error Insecure dependency in parameter 3 of DBI::db=HASH(0xa32bd40)->do method call while running with -T switch

2 Answers2

Linked