Re: Potentially insecure Perl scripts
Ian Jackson:
> Ian Jackson writes ("Re: Potentially insecure Perl scripts"):
>> Even if we care only about scripts which are part of Debian, rather
>> than scripts which people merely expect to run on Debian (and where
>> they trust Debian to not blow their leg off), there will probably be
>> many thousands.
>
> I asked codesearch about
> while.*\<\>
> and got 10780 results.
>
Hi,
I had a similar thought but tried a slightly more complex pattern:
(while\s*|for(each)?\s*(my)?\s*\$.*)\(.*<>\s*\)
The pattern also tries to cover "for" and "foreach" while also being
more strict to prune false positives (C++ templates, Pascal and SQL trip
naive searches for "<>").
This variant still puts us in the 3000 - 4000 results, which (while
being less than half of the original number) is far more than is likely
to be resolved manually in a reasonable time frame.
Thanks,
~Niels
Reply to: