为什么我的 Perl 反引号抱怨“sh: line 1: any: command not found”?

发布于 2024-08-13 08:08:15 字数 396 浏览 11 评论 0原文

我以前从未编程过,但需要为工作编写一个非常简单的网络应用程序。

我试图让这个挖掘查询工作:

dig @8.8.8.8 +nocomments +nostats +noquestion +nocmd google.com any

用这个perl:

$dig = `/usr/bin/dig \@8.8.8.8 +nocomments +nostats +noquestion +nocmd $query any`;

除了它似乎在挖掘结束时不识别“任何”并给我:

sh: line 1: any: command not found

我做错了什么愚蠢的简单事情?

I've never programmed before, but needed to write a very simple webapp for work.

I'm trying to get this dig query to work:

dig @8.8.8.8 +nocomments +nostats +noquestion +nocmd google.com any

With this bit of perl:

$dig = `/usr/bin/dig \@8.8.8.8 +nocomments +nostats +noquestion +nocmd $query any`;

Except it doesn't seem to recognize "any" at the end of dig and gives me:

sh: line 1: any: command not found

What stupidly simple thing am I doing incorrectly?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

终止放荡 2024-08-20 08:08:15

我敢打赌 $query 中有一个换行符,导致您的 shell 将 any 视为新命令。

尝试在系统调用之前执行 chomp $query; 以删除换行符。有关 chomp 的更多信息。

I bet $query has a newline in it, causing your shell to see any as a new command.

Try doing chomp $query; before your system call to remove the newline. More on chomp.

堇年纸鸢 2024-08-20 08:08:15

您可能应该使用 dig ... '$query' 这样当 shell 看到它时它是单引号的。如果您不这样做,那么 shell 将解释任何元字符。如果有人将 "; echo my_key > ~/.ssh/authorized_keys" 放入您的网络表单中,那么您就完蛋了。即使它仅供内部使用,如果有人在查询中输入带有空格的内容(shell 会将其分词并作为两个参数传递给 dig),您也不希望它被破坏。

您可以使用 perl 的

\Q$query\E

to expand $query with ever potential metacharacter \escaped. Actually, that's much better than adding single quotes, if the query contains a single-quote character, it will break out of the quotes. Still super-easy to attack. This should fix that in into your memory.

Perl 有安全的方法来使用 system() 函数将 args 指定为字符串列表,避免使用 /bin/sh,而不是将一个字符串评估为 shell 命令。这是最安全的方法,但是如果不执行管道 && 就没有反勾号版本。叉&&执行自己。

You should probably use dig ... '$query' so it's single-quoted when the shell sees it. If you don't do that, then the shell will interpret any metacharacters. If someone puts "; echo my_key > ~/.ssh/authorized_keys" into your web form, then you're screwed. Even if it's for internal use only, you don't want it to break if someone puts in something with spaces in the query (which the shell will word-split and pass to dig as two args.)

You can use perl's

\Q$query\E

to expand $query with ever potential metacharacter \escaped. Actually, that's much better than adding single quotes, if the query contains a single-quote character, it will break out of the quotes. Still super-easy to attack. This should fix that in into your memory.

Perl has safe ways to use the system() function to specify the args as a list of strings, avoiding /bin/sh, rather than one string to be evaluated as a shell command. This is the safest way, but there's no back-tick version of that without doing the pipe && fork && exec yourself.

北笙凉宸 2024-08-20 08:08:15

最有可能的是 $query 变量中的某些内容破坏了命令字符串。您能给我们举一个失败并给出错误的例子吗?或者展示更多你的脚本?

Most likely, it's something that's in the $query variable that's breaking the command string. Can you give us an example where it is failing and giving the error? Or show a little more of your script?

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文