Help-Site Computer Manuals
Software
Hardware
Programming
Networking
  Algorithms & Data Structures   Programming Languages   Revision Control
  Protocols
  Cameras   Computers   Displays   Keyboards & Mice   Motherboards   Networking   Printers & Scanners   Storage
  Windows   Linux & Unix   Mac

FileHandle::Deluxe
file handle with a lot of extra features

FileHandle::Deluxe - file handle with a lot of extra features


SYNOPSIS


        use FileHandle::Deluxe;

        

        # Open for read: Don't bother checking for open success, 

        # that's done automatically.  Don't bother locking either,

        # that's also done automatically.

        $fh = FileHandle::Deluxe->new($path);

        

        # Handle stringifies to the path being read

        print 'reading from ', $fh, "\n";

        

        # Loop through the file handle as usual

        # the handle is lazy: the file isn't actually

        # opened until the first read.

        while (<$fh>) {

                ...

        }

        

        # the handle automatically closes when the

        # the last line is read


INSTALLATION

FileHandle::Deluxe can be installed with the usual routine:


        perl Makefile.PL

        make

        make test

        make install

You can also just copy Deluxe.pm into the FileHandle/ directory of one of your library trees.


DESCRIPTION

FileHandle::Deluxe works like a regular FileHandle object, with the addition of doing the routine file handle chores for you. FileHandle::Deluxe (FD) is targeted at beginning Perl users who usually find those tasks intimidating and often elect to skip them rather than learn how to do them. FileHandle::Deluxe defaults to a set of best practices for working with file handles.

The following sections describe the practices and features implemented by FD.

Security

FileHandles are the most notorious source of Perl application security holes. FD implements a strict set of security rules. Rather than allowing users ``enough rope to hang themselves'', FD forces the user to either program more securely or explicitly acknowlege that their program uses insecure techniques. Hopefully most FD users will choose the first option.

For beginners, FD refuses to run unless either Perl is in taint mode or the developer gives explicit permission for FD to run while not in taint mode. See the documentation on the allow_insecure_code option below for more details.

FD also dispenses with the traditional notation for indicating if a file should be opened for reading, writing, etc. For example, the argument ``> mydata.txt'' would be prohibited. Instead, to indicate opening a file for writing, the command for a new file handle would use the write option:


 $fh = FileHandle::Deluxe->new($path, write=>1);

FD refuses to open any file using a tainted path. (Regular file handles will open files for read using tainted paths.) Users, however, frequently find the task of properly untainting paths more than they want to deal with, so FD helps out. The user may indicate that certain files, directories, or entire directory trees are ``safe''. Tainted data paths may be used to open files within safe locations. See the sections for safe_files, safe_dirs, and safe_trees below for more details.

FD also addresses security issues with executable files. When an FD file handle is opened for piping to and from an executable, FD automatically uses the more secure exec method for opening the file handles. The exec method opens the executables directly, instead of spawning an intermediate shell, thereby bypassing shell hacks. See the sections for pipe_to and pipe_from below for more details.

File Locking

File locking is a file handle housekeeping nuisance that even experienced Perl programmers often overlook. FD takes care of file locking chores for you. Files that are opened as read only get a shared lock. Files that are opened as writable get an exclusive lock. See the section on file locks below for more details.

Resource Conservation

FD file handles are ``lazy''... they do not open the files until they are actually used. Furthermore, for read-only files, the file handles are closed once the last line of the file is read. By using these conservation features, a function can return a large number of FD objects (perhaps representing all the files in a directory) without using up limited system file handles. See the section on the lazy and auto_close options below for more details.

Convenience

FD simplifies many tasks associated with working with files. For beginners, FD objects stringify to the file paths, so a function can return a series of FD objects that can be easily used to output file names. FD handles also provide the ability to quickly slurp in the entire contents of a file either as an array of pre-chomped lines or as a single string. See the lines and contents methods below, and also the non-OO functions file_lines and file_contents.

Speaking of chomping, FD handles can also be set to automatically chomp lines as you pull them from the file. See the auto_chomp option for more details.


METHODS

FileHandle->new($path);

The new method creates a new FileHandle::Deluxe object. The first and only required argument is a file path:


 $fh = FileHandle::Deluxe->new($path);

If there are no further arguments, the file is opened for reading, the file gets a shared lock, and the entire program croaks if the file cannot be opened. The path may not be tainted unless the safe_files, safe_dirs, and/or safe_trees options are used (see option list below for more details).

The following optional arguments may be passed to new. None of these arguments may be tainted.

append
Open the file for appending... that is, add to the file without deleting what is already there. The file does not need to already exist. If this option is set, then the write option is also assumed to be true.

Example:


 $fh = FileHandle::Deluxe->new('data.txt', append=>1);



=item allow_insecure_code

This option must be set to true if you want to use FileHandle::Deluxe while not running in taint mode. It is highly recommended that you always run Perl in taint mode until you are clear on when it is ok not to use tainting. In particular, you should always use taint mode for web applications, regardless of how safe you think your script is. If you are making the mistake of developing a web application without using tainting, consider the words of Randal L. Schwartz, one of the world's foremost experts on Perl: ``*All* of my Web scripts run with taintchecks on. Cuz I make mistakes sometimes. Fancy that. :-)''

To run Perl in taint mode, add a capital T to your bang path:


 #!/usr/local/bin/perl -wT

You'll probably also want to set $ENV{'PATH'} to an empty string at the top of your script:


 $ENV{'PATH'} = '';

If you are sure that you want to run Perl without tainting, you can use FileHandle::Deluxe by adding the allow_insecure_code option to your call to new:


 $fh = FileHandle::Deluxe->new($path, allow_insecure_code=>1);

allow_insecure_program_arguments
FileHandle::Deluxe uses the piped exec method for opening executables. That means that, among things, tainted arguments can be passed to the executable. Passing tainted arguments to an external program won't cause any security problems in your Perl script itself, but it might cause security holes in the external program itself, so FileHandle::Deluxe does not allow it by default.

If you are sure you want to allow tainted arguments to be passed, set allow_insecure_program_arguments to true:


 $fh = FileHandle::Deluxe->new(

     $path, 

     pipe_to=>1,

     args=>[@arguments],

     allow_insecure_program_arguments=>1,

     );

If FileHandle::Deluxe uses the shell method for opening an executable (see allow_shell_execute below), and if tainting is on, then allow_insecure_program_arguments makes no difference, the arguments may not be tainted.

allow_shell_execute
FileHandle::Deluxe uses the piped exec method for opening executables (which is much more secure) if the operating system appears to support it. (The current test for supporting piped exec is if $^O contains the string ``Win'' ... i.e. it's a Windows machine... which is perhaps not the most robust test. Suggestions are welcome.) If it appears that the OS does NOT support piped execs, then it will open the executable using a shell, but only if the allow_shell_execute option is set to true, like this:

 $fh = FileHandle::Deluxe->new(

     $path, 

     pipe_to=>1,

     args=>[@arguments],

     allow_shell_execute=>1,

     );

If FileHandle::Deluxe uses the shell method for opening an executable, and if tainting is on, then program arguments may not be tainted.

args
Arguments to pass to an external executable. For example, the following code sends four arguments to sendmail:

 $fh = FileHandle::Deluxe->new(

     $sendmail, 

     pipe_to=>1,

     args=>['-t', '-f', 'error@idocs.com', 'miko@idocs.com'],

     );

auto_close
By default, FileHandle::Deluxe closes read-only files when the last line is read. This conserves system file handles and frees up locks for other objects that may be using the same file. If you want the handle to keep the file open after the last line is read, set auto_close to false:

 $fh = FileHandle::Deluxe->new($path, auto_close=>0);

auto_chomp
The auto_chomp option (which is not on by default) tells the file handle to remove trailing end-of-line characters each time a line is read from the file. So, for example, the following code reads all the lines from the file, removing end-of-line characters form each line:

 $fh = FileHandle::Deluxe->new($path, auto_chomp=>1);

 

 while (<$fh>) {

   if ($_ eq 'Fred'){...}

   elsif ($_ eq 'Barney'){...}

 }

Contrary to what you might expect, empty lines and lines consisting of the zero character (``0''), do not fail the initial test in the while loop. That's because in auto_chomp mode, the returned ``line'' is really an object that boolifies to true the first time it is tested. All subsequent boolean tests are based on the content of the line. The object always stringifies to the text of the line in the file, so use it like a regular string.

auto_croak
By default, FileHandle::Deluxe croaks if it is unable to open the file. If you would prefer to do your own croaking, set auto_croak to false.

 $fh = FileHandle::Deluxe->new($path, auto_croak=>0);

If auto_croak is set to false then lazy_open defaults to false as well, meaning that the open attempt occurs when the FileHandle::Deluxe object is created.

lazy_open
By default, FileHandle::Deluxe does not open the file until a read or write call is made to the file handle. If you want the file to open when new is called, set lazy_open to false:

 $fh = FileHandle::Deluxe->new($path, lazy_open=>1);

lazy_open defaults to false if you set auto_croak to false.

lock
By default, FileHandle::Deluxe gets a shared lock for read-only file handles and an exclusive lock for write or read/write handles. If you want to get a different type of lock, or no lock at all, set the lock option. For no lock, set lock to 0:

 $fh = FileHandle::Deluxe->new($path, lock=>0);

For any other lock, use LOCK_SH (shared lock), LOCK_EX (exclusive lock), and LOCK_NB (do not wait for lock). To use these constants, you must add the ':all' option to your use FileHandle::Deluxe call, like this:


 use FileHandle::Deluxe ':all';

pipe_from, pipe_to
pipe_from and pipe_to indicate to pipe to or from an executable file. For example, the following command indicates to open a handle for piping to Sendmail (where $sendmail is the path to the Sendmail executable):

 $fh = FileHandle::Deluxe->new($sendmail, pipe_to=>1);

Any arguments you want passed to the executable should be sent with the args option as an array reference:


 $fh = FileHandle::Deluxe->new(

     $sendmail, 

     pipe_to=>1,

     args=>['-t', '-f', 'error@idocs.com', 'miko@idocs.com'],

     );

plain_path
plain_path, which is true by default, indicates that if the given file is tainted, it may only consist of a ``plain'' file path characters, that is, single dots, alphanumerics, spaces, underscores, and slashes. Doubles dots, ampersands, pipes, and other fancy characters are prohibited.

plain_path is the single best security layer FileHandle::Deluxe gives you. It is highly recommended that you do not disable plain_path.

read
Indicates that the file should be open for reading. If none of write, append, pipe_to, or pipe_from are sent than read defaults to true.

safe_files, safe_dirs, safe_trees
These options indicate ``safe'' locations for the file. The file path must be within one of the locations for each of these options that is sent, or it will not be opened. If the file path is tainted, but is within one of these locations, then it will be opened.

safe_files gives a list of complete file paths. The path for opening must be one of the given paths. For example, the following command indicates that FileHandle::Deluxe may open data.txt, names.txt, or adds.txt:


 $fh = FileHandle::Deluxe->new(

     $path, 

     safe_files=>['data.txt', 'names.txt', 'adds.txt'],

     );

safe_dirs gives a list of directories, one of which the file must be in. The file must be directly within the directory, not nested deeper in the directory tree (see safe_trees below for that). For example, the following command indicates that the file must be directly within ./data/, ./names/, or ./adds/:


 $fh = FileHandle::Deluxe->new(

     $path, 

     safe_dirs=>['./data/', './names/', './adds/'],

     );

safe_trees also gives a list of directories, but the file may be anywhere nested within one of the directories, not necessarily directly within it. So, for example, if one of the given directories was ./adds/:


 $fh = FileHandle::Deluxe->new(

     $path, 

     safe_trees=>['./data/', './names/', './adds/'],

     );

then ./adds/joined/data.txt, ./adds/joined/quit/data.txt, as well as ./adds/data.txt would all be accepted.

traditional_open_notation
traditional_open_notation, which is false by default, indicates that FileHandle::Deluxe should open the file using traditional Perl file handle opening notation. For example, traditionally a handle for writing to a file would be opened like this (notice the > at the beginning of the path string):

 $fh = FileHandle->new('> data.txt') or die $!;

The problem with that technique is that it makes it easier for careless programming to open security holes. If the file path is carelessly untainted then unintended commands can be run through the shell. FileHandle::Deluxe prohibits shell meta-characters unless you explictly choose to use them with traditional_open_notation:


 $fh = FileHandle->new('> data.txt', traditional_open_notation=>1);

Avoid using traditional_open_notation. Use the read, write, append, pipe_to, and pipe_from options instead. traditional_open_notation also negates the plain_path option, another important security layer.

write
write indicates that the file should be opened for writing:

 $fh = FileHandle->new('data.txt', write=>1);

contents

The contents method returns the entire contents of the file. In array context it returns each line as an individual array element. In scalar context it returns the file as a single string. So, for example, the following command outputs the entire file:


 print $fh->contents;

lines

The contents method returns the entire contents of the file as an array. Each line is an individual element in the array. All lines are chomped. For example, the following code assigns the lines to an array:


 @names = $fh->lines;

file_contents, file_lines

file_contents and file_lines are static (i.e. no object required) equivalents for slurping in the entire contents of a file. These commands can be imported by adding the ':all' option to your use FileHandle::Deluxe call, like this:


 use FileHandle::Deluxe ':all';

Each of these commands takes the file path as the first argument:


 print file_contents('data.txt');

 @arr file_lines('data.txt');


MISC INTERESTING STUFF

FileHandle::Deluxe objects stringify to the path for the file they open. That means you can use the object as a string if you want to know the path:


        print 'reading from ', $fh, "\n";


TERMS AND CONDITIONS

Copyright (c) 2001-2002 by Miko O'Sullivan. All rights reserved. This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself. This software comes with NO WARRANTY of any kind.


AUTHOR

Miko O'Sullivan miko@idocs.com




=head1 VERSION
Version 0.90 Aug 19, 2002
Initial release

Version 0.91 Aug 21, 2002
Bug fixes

Version 0.92 Aug 23, 2002
Bug fixes



=back






=begin CPAN



------------------------------------------------------------------- Version 0.90

registered: Aug 19, 2002 uploaded: Aug 19, 2002 appeared: announced:




=end CPAN






=cut





Programminig
Wy
Wy
yW
Wy
Programming
Wy
Wy
Wy
Wy