为什么我的 Perl 反引号抱怨“sh: line 1: any: command not found”?
我以前从未编程过,但需要为工作编写一个非常简单的网络应用程序。
我试图让这个挖掘查询工作:
dig @8.8.8.8 +nocomments +nostats +noquestion +nocmd google.com any
用这个perl:
$dig = `/usr/bin/dig \@8.8.8.8 +nocomments +nostats +noquestion +nocmd $query any`;
除了它似乎在挖掘结束时不识别“任何”并给我:
sh: line 1: any: command not found
我做错了什么愚蠢的简单事情?
I've never programmed before, but needed to write a very simple webapp for work.
I'm trying to get this dig query to work:
dig @8.8.8.8 +nocomments +nostats +noquestion +nocmd google.com any
With this bit of perl:
$dig = `/usr/bin/dig \@8.8.8.8 +nocomments +nostats +noquestion +nocmd $query any`;
Except it doesn't seem to recognize "any" at the end of dig and gives me:
sh: line 1: any: command not found
What stupidly simple thing am I doing incorrectly?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
我敢打赌
$query中有一个换行符,导致您的 shell 将any视为新命令。尝试在系统调用之前执行
chomp $query;以删除换行符。有关 chomp 的更多信息。I bet
$queryhas a newline in it, causing your shell to seeanyas a new command.Try doing
chomp $query;before your system call to remove the newline. More on chomp.您可能应该使用
dig ... '$query'这样当 shell 看到它时它是单引号的。如果您不这样做,那么 shell 将解释任何元字符。如果有人将"; echo my_key > ~/.ssh/authorized_keys"放入您的网络表单中,那么您就完蛋了。即使它仅供内部使用,如果有人在查询中输入带有空格的内容(shell 会将其分词并作为两个参数传递给 dig),您也不希望它被破坏。您可以使用 perl 的
to expand $query with ever potential metacharacter \escaped. Actually, that's much better than adding single quotes, if the query contains a single-quote character, it will break out of the quotes. Still super-easy to attack. This should fix that in into your memory.
Perl 有安全的方法来使用 system() 函数将 args 指定为字符串列表,避免使用 /bin/sh,而不是将一个字符串评估为 shell 命令。这是最安全的方法,但是如果不执行管道 && 就没有反勾号版本。叉&&执行自己。
You should probably use
dig ... '$query'so it's single-quoted when the shell sees it. If you don't do that, then the shell will interpret any metacharacters. If someone puts"; echo my_key > ~/.ssh/authorized_keys"into your web form, then you're screwed. Even if it's for internal use only, you don't want it to break if someone puts in something with spaces in the query (which the shell will word-split and pass to dig as two args.)You can use perl's
to expand $query with ever potential metacharacter \escaped. Actually, that's much better than adding single quotes, if the query contains a single-quote character, it will break out of the quotes. Still super-easy to attack. This should fix that in into your memory.
Perl has safe ways to use the system() function to specify the args as a list of strings, avoiding /bin/sh, rather than one string to be evaluated as a shell command. This is the safest way, but there's no back-tick version of that without doing the pipe && fork && exec yourself.
最有可能的是 $query 变量中的某些内容破坏了命令字符串。您能给我们举一个失败并给出错误的例子吗?或者展示更多你的脚本?
Most likely, it's something that's in the $query variable that's breaking the command string. Can you give us an example where it is failing and giving the error? Or show a little more of your script?