You are asked to improve the security in the CGI handler script used to send com

Question

You are asked to improve the security in the CGI handler script used to send comments to the Web master of your server. The current script in use is shown in Figure 11.10a, with the associated form shown in Figure 11.10b. Identify some security deficiencies present in this script. Detail what steps are needed to correct them, and design an improved version of this script.

Figure 11.10a:

#! /usr/bin/perl

# comment.cgi – send comment to webmaster

# specify recipient of comment email

$to = “webmaster”;

use CGI;

use CGI::Carp qw(fatalsToBrowser);

$q = new CGI; #             create query object

# display HTML header

print $q->header,

$q->start_html(‘Comment Sent’),

$q->h1(‘Comment Sent’)

# retrieve form field values and send comment to webmaster

$subject = $q->param(“subject”);

$from = $q->param(“from”);

$body = $q->param(“body”);

# generate and send comment email

System (“export REPLYTO=”$from”; echo ”$body” | mail -s ”$subject” $to”);

# indicate to user that email was sent

print “Thankyou for your comment on $subject.”;

print “This has been sent to $to.”;

# display HTML footer

print $q->end_html;

Figure 11.10b:

<html><head><title>Send a Comment</title></head><body>

<h1> Send a Comment </h1>

<form method=post action=”comment.cgi”>

<b>Subject of this comment</b>: <input type=text name=subject value=””>

<b>Your Email address</b>: <input type=text name=from value=””>

<p>Please enter comments here:

<p><textarea name =”body” rows=15 cols=50></textarea>

<p><input type=submit value=”Send Comment”>

<input type=”reset” value=”Clear Form”>

Explanation / Answer

#!/usr/bin/perl
# comment.cgi - send comment to webmaster
# specify recipient of comment email
$to = "webmaster";
use CGI;
use CGI::Carp qw(fatalsToBrowser);
$q = new CGI; # create query object
# display HTML header
print $q->header,
$q->start_html('Comment Sent'),
$q->h1('Comment Sent');
# retrieve form field values and send comment to webmaster
$subject = $q->param("subject");
$from = $q->param("from");
$body = $q->param("body");
# validate the input information
# subject MUST NOT contain " or multiple lines
showError("The subject '$subject' contains illegal characters!")
if ("$subject" =~ m:[" ]:);
# from MUST only contain characters valid in an email address
showError("The from address '$from' contains illegal characters!")
unless ("$from" =~ m:^[-_.=/w][- _.=%!/@w]*[-_.=%w]$:);
# body MUST NOT contain "
showError("The body '$body' contains illegal characters!")
if ("$body" =~ m:":);
# generate and send comment email
system("export REPLYTO="$from"; echo "$body" | mail -s "$subject"
$to");
# indicate to user that email was sent
print "Thankyou for your comment on $subject.";
print "This has been sent to $to.";
# display HTML footer
print $q->end_html;
exit(0);
# ------------------------------------------------------------
# subroutine showError(reason) - build HTML error response due to reason
sub showError
{
local ($msg) = $_[0]; # description of error
print "<h1>Error</h1> ";
print "$msg";
print "<p>Unable to safely send comment. ";
print "<p>Please go back and correct the input supplied. ";
print $q->end_html;
exit(0);
}

Related Questions

Navigate

• Browse (All)
• Browse Y
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.