[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Potentially insecure Perl scripts

On Thu, 2019-01-24 at 21:08:00 +0000, Niels Thykier wrote:
> Ian Jackson:
> > I asked codesearch about
> >    while.*\<\>
> > and got 10780 results.
> I had a similar thought but tried a slightly more complex pattern:
>     (while\s*|for(each)?\s*(my)?\s*\$.*)\(.*<>\s*\)
> The pattern also tries to cover "for" and "foreach" while also being
> more strict to prune false positives (C++ templates, Pascal and SQL trip
> naive searches for "<>").
> This variant still puts us in the 3000 - 4000 results, which (while
> being less than half of the original number) is far more than is likely
> to be resolved manually in a reasonable time frame.

Oh, and you both are missing <ARGV>. XD


Reply to: