2721 2006-01-16 23:11:35 +0000 checklink call without protection against metacharacters 2008-11-18 15:18:26 +0000 1 1 1 Unclassified LogValidator Modules unspecified PC FreeBSD RESOLVED FIXED P2 normal --- 1 srezic ot oldest_to_newest 7855 0 srezic 2006-01-16 23:11:35 +0000 The checklink call in W3C/LogValidator/LinkChecker.pm open(LINK, "$checklink $uri 2>/dev/null |"); seems dangerous to me. There's no protection against shell metacharacters in $uri. It's better to use the "safe pipe" technique, see this patch: #### Patch data follows #### diff -up '../build/W3C-LogValidator-1.04/lib/W3C/LogValidator/LinkChecker.pm' 'W3C-LogValidator-1.04/lib/W3C/LogValidator/LinkChecker.pm' Index: ./lib/W3C/LogValidator/LinkChecker.pm Prereq: 1.5 --- ./lib/W3C/LogValidator/LinkChecker.pm Sun Jan 15 20:39:38 2006 +++ ./lib/W3C/LogValidator/LinkChecker.pm Tue Jan 17 00:06:25 2006 @@ -156,7 +156,13 @@ sub process_list print " processing #$total_census $uri..." if ($verbose > 1); # FIXME at some point we will use the library instead of running the script - open(LINK, "$checklink $uri 2>/dev/null |"); + #open(LINK, "$checklink $uri 2>/dev/null |"); + open LINK, "-|" or do { + require File::Spec; + open STDERR, "> " . File::Spec->devnull or die $!; + exec $checklink, $uri; + die "Can't execute $checklink: $!"; + }; my $num_errs = 0; print "\n" if ($verbose > 2); while (<LINK>) { #### End of Patch data #### 22464 1 ot 2008-11-18 15:18:26 +0000 This patch was applied a long time ago, but I forgot to close the bugzilla. Thanks again to Slaven for the catch and the patch. http://dev.w3.org/cvsweb/perl/modules/W3C/LogValidator/lib/W3C/LogValidator/LinkChecker.pm