|
2
|
1 #!/usr/bin/env perl
|
|
|
2 use warnings;
|
|
|
3
|
|
|
4 my $scriptname = shift;
|
|
|
5 my $outname = shift;
|
|
|
6 open SCR, "<", $scriptname;
|
|
|
7 open OUT, ">", $outname;
|
|
|
8 open STDOUT, ">", shift;
|
|
|
9 open STDERR, ">", shift;
|
|
|
10
|
|
|
11 my $open = "";
|
|
|
12 my @files;
|
|
|
13 for(my $i = 0; @ARGV; $i++) {
|
|
|
14 my $fn = shift;
|
|
|
15 push @files, $fn;
|
|
|
16 $open .= qq(open IN$i, "<", "$fn";\n);
|
|
|
17 }
|
|
|
18
|
|
|
19 my $script = join("", <SCR>);
|
|
|
20
|
|
|
21 if($script =~ /(open)|(system)|(`.+`)|([$@%]ENV)/smg) {
|
|
|
22 printf(STDERR "Found vulnerable code (open, system, backticks) in given script.");
|
|
|
23 exit(1);
|
|
|
24 }
|
|
|
25
|
|
|
26 eval("$open$script");
|
|
|
27
|
|
|
28 close SCR;
|
|
|
29 close OUT;
|
