473,383 Members | 1,925 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > perl > questions > insecure dependency in `` while running with -t switch at

Join Bytes to post your question to a community of 473,383 software developers and data experts.

Insecure dependency in `` while running with -T switch at

8
Dear Friends,

I want to take multi lines from a text box in the webpage and pass to my script which saves this into a database. I wrote code like this

my $desc = $cgi->param('comment');

But it gives some error messages when i click commit button in the web page.

"Insecure dependency in `` while running with -T switch at"

Plz help

Kokul
Dec 13 '07 #1
6 3693
eWish
971 Expert 512MB
Can we see more of your code?

Meanwhile check out Trouble Shooting Perl CGI Scripts talks about taint mode insecure dependencies. Also check out perlsec.

--Kevin
Dec 13 '07 #2
kokul
8
I get a value from the html page using cgi->param function. Then i want to pass this value to access database. But it showing some error...I'll explain the details..
Expand|Select|Wrap|Line Numbers
  1. sub my_func {
  2.  
  3. my $desc = cgi->param('comment');
  4. print "Desc is $desc"; //its works fine. 
  5.  
Now i want to pass this value to database.
Expand|Select|Wrap|Line Numbers
  1. my $dbh = Bugzilla->dbh;
  2.  

Here it's showing error:
undef error - Insecure dependency in parameter 1 of DBI::db=HASH(0xa8a628c)-

But when i give a string instead of $desc in the query it's working fine.

Why the value of $desc is not working with query??

Thanks in advance
Kokul
Dec 13 '07 #3
eWish
971 Expert 512MB
What module are you using that has the method Bugzilla? Again, I will need to know (hint: see more code, modules used, etc...) more to help you. At this pace it is going to take a long time.

--Kevin
Dec 13 '07 #4
kokul
8
Hi,

I want to take a description (atleast 50 characters) from the html page using cgi->param and store it into a string variable in perl and pass this string variable to a query. for this i wrote the following code
Expand|Select|Wrap|Line Numbers
  1. my $desc = $cgi->param('comment')
  2.  
then the error occured

Software error:
Insecure dependency in exec while running with -T switch at /var/www/html

So i changed the above line to

Expand|Select|Wrap|Line Numbers
  1. my $desc = '';
  2. if ($cgi->param('comment') =~ m/(.+)/) {
  3.    $desc = $1;
  4. }
  5.  
But Its taking only the first line from the text box. I want all the lines in the text box.
How to do that?
Dec 14 '07 #5
eWish
971 Expert 512MB
Try this as a test and see if it will return more than just one line. This will work in taint mode as well without returning any errors.

Expand|Select|Wrap|Line Numbers
  1. #!/usr/bin/perl -T
  2.  
  3. use strict;
  4. use warnings;
  5.  
  6. use CGI;
  7. use CGI::Carp qw/fatalsToBrowser/;
  8.  
  9. my $q = CGI->new;
  10.  
  11. print $q->header; 
  12. print $q->start_html(); 
  13.  
  14. # Get the params from the form.
  15. my %params = $q->Vars;
  16.  
  17. # Loop through eash param and print them.
  18. foreach my $key (keys %params) {
  19.     print "$key => $params{$key}\n";
  20. }
  21.  
  22.  
  23. print $q->end_html();
  24.  
  25. 1;
If it still just takes the first line can you post a section of your form. It may not be set to multi line input. Just a thought.


--Kevin
Dec 14 '07 #6
KevinADC
4,059 Expert 2GB
param('comment') must be a textarea box sending multiline data to the script. He can add the "s" modifier to the regexp to capture all the lines instead of just the first.
Dec 14 '07 #7

Sign in to post your reply or Sign up for a free account.

Similar topics

4
Running insecure python code
by: Noen | last post by:
Im developing a game where the players will program their equipment with python. Are there any ways to run insecure code? I dont want the clients to mess with the server-code through their own...
Python
0
Help untaining the command. Insecure dependency in `` ... setuid
by: danpres2k | last post by:
Hi, I have following statements @filename = split("_", $cgi->param ('filename')); //similar multiline code $env_profile = $cgi->param ('env_profile'); $command = "/app/ics/bin/$input_app...
Perl
12
Dependency Inversion Principle Dilemma
by: Thomas Matthews | last post by:
Hi, According to Robert Martin's Dependency Inversion Principle, http://www.objectmentor.com/resources/articles/dip.pdf, when there is a need to test the type of an object, the code inside the...
C / C++
0
Warning: Unable to find dependency 'mscorlib' (Signature='B77A5C561934E089' Version='1.0.5000.0')
by: Michael R. Pierotti | last post by:
Has anyone seen this error before when trying to make the install on a program. ------ Starting pre-build validation for project 'HafaSMPPInstall' ------ WARNING: Unable to find dependency...
Visual Basic .NET
8
eval() is insecure, but what are the alternatives?
by: werner | last post by:
Hi! I don't want to use eval() in order to parse a user-supplied formula. What alternatives do I have? PHP has no standard functionality for tokenizing or parsing expressions in this regard. ...
PHP
0
perl "Insecure dependency in `` while running setuid"
by: 123jainmin | last post by:
When I ran a perl script named script.pl which have the the follwing line: system("echo hostname = $HOSTNAME > /tmp/myinfo"); I have another shell script script.ksh which simply call script.pl...
Perl
2
Insecure dependency while running with -T switch
by: kokul | last post by:
Hi friends, I get a value from the html page using cgi->param function. Then i want to pass this value to access database. But it showing some error...I'll explain the details.. sub my_func...
Perl
6
Hardcoding database primary key in switch statement / Design, Dependency issue
by: asadikhan | last post by:
Hello, I have a bit of a design issue around this application I am developing, and I just want to run it through some of the brains out here. So I have a table called ErrorCheck which...
C# / C Sharp
1
Does the SQL Server 2005 CommandNotification cache dependency workwith stored procedures?
by: dherbstemail-ng | last post by:
I can get the SQL Server 2005 CommandNotification cache dependency to work with inline SQL. It works in a SqlDataSource as well as with the page OutputCache when making ADO.NET calls. Next I...
ASP.NET
1
Cloud Servers without Credit Card and Email Registration: A Simpler Way to Get on the Cloud
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
General
0
Wordpress or something else?
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
Content Management Systems
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Basic Javascript concepts
by: aa123db | last post by:
Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...
Javascript
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!