当将这些Perl命令粘贴到shell中并解释为Bash命令时，它们会有害吗？

Question

当将这些Perl命令粘贴到shell中并解释为Bash命令时，它们会有害吗？

bashshellperl

3

我被干扰了，正在尝试在Ubuntu服务器上配置munin插件。我将Perl代码粘贴到终端作为bash - 并且每行代码都作为命令运行。

Perl语法不同，是否会对服务器造成任何损坏或意外更改？

以下是代码（顺便说一句，它在我的主目录中创建了两个文件夹，这就是我担心的原因）：

我想知道是否无意中搞砸了什么 :S

#!/usr/bin/perl
#
# Plugin to monitor the number of accesses to Apache servers. It handles
# a list of ports passed in from a plugin configuration file.
#
# Requirements:
#   - Needs access to http://localhost/server-status?auto (or modify the
#     address for another host). See your apache documentation on how to
#     set up this url in your httpd.conf. Apache needs ExtendedStatus
#     enabled for this plugin to work
#
# Tip: To see if it's already set up correctly, just run this plugin
# with the parameter "autoconf". If you get a "yes", everything should
# work like a charm already.
#
# Parameters supported:
#
#   config
#   autoconf
#
# Configurable variables
#
#   url      - Override default status-url
#   port     - HTTP port numbers
#
#   ssl      - activate SSL (add env.ssl yes in munin plugin configuration)
#   urls     - Override default status-url (SSL)
#   ports    - HTTPS port numbers (SSL)
#
# $Log$
# Revision 1.13  2006/03/07 20:30:00 fra519
# adapt script for Apache-SSL Server.
#
# Revision 1.12  2004/12/10 18:51:43  jimmyo
# linux/apt* has been forced to LANG=C, to get predictable output.
#
# Revision 1.11  2004/12/10 10:47:47  jimmyo
# Change name from ${scale} to ${graph_period}, to be more consistent.
#
# Revision 1.10  2004/12/09 22:12:54  jimmyo
# Added "graph_period" option, to make "graph_sums" usable.
#
# Revision 1.9  2004/09/26 22:14:39  jimmyo
# Changd COUNTER -> DERIVE for some plugins. Set min/max values.
#
# Revision 1.8  2004/05/20 13:57:11  jimmyo
# Set categories to some of the plugins.
#
# Revision 1.7  2004/05/14 21:16:46  jimmyo
# "Upped" som plugins from contrib/manual to auto.
#
# Revision 1.6  2004/04/27 21:32:06  jimmyo
# Clarified the vlabels in the apache-plugins (Deb#238594).
#
# Revision 1.5  2004/04/27 08:46:57  jimmyo
# Fixed broken autoconf in apache-* plugins (Deb#236144).
#
# Revision 1.4  2004/02/18 15:47:35  jimmyo
# The generic/apache_* plugins now have defined max values.
#
# Revision 1.3  2004/02/03 17:17:25  jimmyo
# Generic/apache-plugins have been modified to properly to report the correct autoconf value. Also, bugfixes in _processes and _volume.
#
# Revision 1.2  2004/01/29 18:47:30  jimmyo
# Made plugins apache_* compatible with older versions of LWP::UserAgent (SF#881411).
#
# Revision 1.1  2004/01/02 18:50:00  jimmyo
# Renamed occurrances of lrrd -> munin
#
# Revision 1.1.1.1  2004/01/02 15:18:07  jimmyo
# Import of LRRD CVS tree after renaming to Munin
#
# Revision 1.4  2003/12/18 16:35:33  jimmyo
# fail more gracefully when using uninstalled perl modules.
#
# Revision 1.3  2003/11/07 17:43:16  jimmyo
# Cleanups and log entries
#
#
#
# Magic markers:
#%# family=auto
#%# capabilities=autoconf

my $ret = undef;
my $ssl = undef;

if (! eval "require LWP::UserAgent;")
{
    $ret = "LWP::UserAgent not found";
}
if (! eval "require Crypt::SSLeay;" and exists $ENV{'ssl'})
{
    $ssl = "Crypt::SSLeay not found";
}

my $URL = exists $ENV{'url'} ? $ENV{'url'} : "http://127.0.0.1:%d/server-status?auto";
my @PORT = exists $ENV{'port'} ? split(' ', $ENV{'port'}) : (80);

my $URLS = exists $ENV{'urls'} ? $ENV{'urls'} : "https://127.0.0.1:%d/server-status?auto";
my @PORTS = exists $ENV{'ports'} ? split(' ', $ENV{'ports'}) : (443);

if ( exists $ARGV[0] and $ARGV[0] eq "autoconf" )
{
    if ($ret)
    {
        print "no ($ret)\n";
        exit 1;
    }

    if ($ssl) {
        print "no ($ssl)\n";
        exit 1;
    }

    my $ua = LWP::UserAgent->new(timeout => 30);

    my @badports;
    foreach my $port (@PORT) {
        my $url = sprintf $URL, $port;
        my $response = $ua->request(HTTP::Request->new('GET',$url));
        push @badports, $port unless $response->is_success and $response->content =~ /^Total Accesses:/im;
    }
    if (exists $ENV{'ssl'}) {
        foreach my $port (@PORTS) {
            my $url = sprintf $URLS, $port;
            my $response = $ua->request(HTTP::Request->new('GET',$url));
            push @badports, $port unless $response->is_success and $response->content =~ /^Total Accesses:/im;
        }
    }
    if (@badports) {
        print "no (no apache server-status or ExtendedStatus missing on ports @badports)\n";
        exit 1;
    } else {
        print "yes\n";
        exit 0;
    }
}

if ( exists $ARGV[0] and $ARGV[0] eq "config" )
{
    print "graph_title Apache accesses\n";
    print "graph_args --base 1000\n";
    print "graph_vlabel accesses / \${graph_period}\n";
    print "graph_category apache\n";
    foreach my $port (@PORT) {
        print "accesses$port.label port $port\n";
        print "accesses$port.type DERIVE\n";
        print "accesses$port.max 1000000\n";
        print "accesses$port.min 0\n";
    }
    if (exists $ENV{'ssl'}) {
        foreach my $port (@PORTS) {
            print "accesses$port.label port $port\n";
            print "accesses$port.type DERIVE\n";
            print "accesses$port.max 1000000\n";
            print "accesses$port.min 0\n";
        }
    }
    exit 0;
}

my $ua = LWP::UserAgent->new(timeout => 30);

foreach my $port (@PORT) {
    my $url = sprintf $URL, $port;
    my $response = $ua->request(HTTP::Request->new('GET',$url));
    if ($response->content =~ /^Total Accesses:\s+(.+)$/im) {
        print "accesses$port.value $1\n";
    } else {
        print "accesses$port.value U\n";
    }
}

if (exists $ENV{'ssl'}) {
    foreach my $port (@PORTS) {
        my $url = sprintf $URLS, $port;
        my $response = $ua->request(HTTP::Request->new('GET',$url));
        if ($response->content =~ /^Total Accesses:\s+(.+)$/im) {
            print "accesses$port.value $1\n";
        } else {
            print "accesses$port.value U\n";
        }
    }
}
# vim:syntax=perl

- user796443

1

我没有看到任何mkdir/rmdir/rm -rf命令，所以应该是安全的。 - tuxuday

第二个 Tux 的评估。代码经过粗略扫描，99.9％确定是安全的。 - DVK

1

我真的非常想将这个问题标记为不相关，但是@RobKielty成功地将其转化为代码分析。干得好。 - Todd A. Jacobs

1个回答

网页内容由stack overflow 提供, 点击上面的

可以查看英文原文，
原文链接

- Rob Kielty · Accepted Answer

这些评论将被忽略。我最初是指Perl注释。看起来我得在这里帮助你，所以我将不得不忽略反对票 :)

我将该命令粘贴到了一个干净的Ubuntu桌面安装版本的bash shell中。对此持反对意见的人（毫不奇怪地）会认为这是个坏主意，存在很多问题。

我的想法是我有一台空闲的Ubuntu虚拟机可供测试，如果出现任何问题，我很乐意销毁它。代码的简单视觉检查显示以下内容。

您有一个名为my的命令吗？如果没有，则以下代码不含陷阱。

my $ret = undef;
my $ssl = undef;

if (! eval "require LWP::UserAgent;")


if (! eval "require Crypt::SSLeay;" and exists $ENV{'ssl'})
{
    $ssl = "Crypt::SSLeay not found";
}

my $URL = exists $ENV{'url'} ? $ENV{'url'} : "http://127.0.0.1:%d/server-status?auto";
my @PORT = exists $ENV{'port'} ? split(' ', $ENV{'port'}) : (80);

my $URLS = exists $ENV{'urls'} ? $ENV{'urls'} : "https://127.0.0.1:%d/server-status?auto";
my @PORTS = exists $ENV{'ports'} ? split(' ', $ENV{'ports'}) : (443);

接下来我们有

if ( exists $ARGV[0] and $ARGV[0] eq "autoconf" )
{
  if ($ret)
  {
      print "no ($ret)\n";
      exit 1;
  }

if ($ssl) {
    print "no ($ssl)\n";
    exit 1;

执行 exit 1 命令会使你退出当前的shell。

假设你在一个子shell中，更多分析将会跟进...

这里是有趣的代码。

rkielty@ubuntu:~$ foreach my $port (@PORT) {
bash: syntax error near unexpected token `('

清除地雷

rkielty@ubuntu:~$     push @badports, $port unless $response->is_success and $response->content =~ /^Total Accesses:/im;
The program 'push' is currently not installed.  You can install it by typing:
sudo apt-get install heimdal-clients

现在你需要检查是否有一个push程序并查看它的功能。

运行which push，然后阅读 push 的 man or info 文档。

rkielty@ubuntu:~$         print "no (no apache server-status or ExtendedStatus missing on ports @badports)\n";
Warning: unknown mime-type for "no (no apache server-status or ExtendedStatus missing on ports @badports)\n" -- using "application/octet-stream"
Error: no such file "no (no apache server-status or ExtendedStatus missing on ports @badports)\n"

所以在这里我们受到错误的保护。

接着有两次对 exit 的调用。

看起来你应该没问题了。

需要注意的是，你需要确保你的系统上没有叫做my或push的程序。

我不确定目录是如何创建的，你可能需要进一步调查。记住这些目录可能不是由此引起的。