Wicked Cool Perl Scripts | Page 4
[previous]
Wicked Cool Perl Scripts
[This chapter is excerpted from the book, Wicked Cool Perl Scripts, 2nd Edition, authored by Steve Oualline. Copyright 2006 No Starch Press, February 2006.]
Debugging a CGI Program Interactively
Perl comes with a good interactive debugger. There's just one problem with it: You have to have a terminal to use it. In the CGI programming environment, there are no terminals.
Fortunately, there is another Perl debug, ptkdb. (The module name is Devel::ptkdb
. If you install this module, you've installed the debugger.)
The ptkdb debugger requires a windowing system to run. In other words, if the web server can contact your X server, you can do interactive debugging of your CGI script.
The only trick is how to get things started. That's where this debugging script comes in.
The Code
Running the Script
The first thing you need to do is edit the script and make sure that it sets the environment variable DISPLAY to the correct value. The name of the main screen of an X Window System is host:0.0
, where host is the name of the host running the X server. If no host is specified, then the local host is assumed.
NOTE: If you are running an X Window System with multiple displays, the display name may be different. But if you're smart enough to connect multiple monitors to your computer, you're smart enough to set the display without help.
The other thing you'll need to do is to change the name of the program being debugged. In this example, it's hello.pl, but you should use the name of your CGI program.
Once you've made these edits and copied the start-debug.pl script into the CGI directory, point your browser at the start-debug.pl script:
The Results
The script will start a debugging session on the script you specified.
You can now use the debugger to go through your code step by step in order to find problems.
How It Works
The simple answer is that it executes the following command:
Unfortunately, there are a few details you have to worry about. First, the script is run with the taint option:
Taint mode turns on extra security checks which prevent a Perl program from using user-supplied data in an insecure manner.
Next you set the display so that the debugger knows where to display its window:
Because taint checks are turned on, the system function will not work. That's because the system
function uses the PATH environment variable to find commands. Since PATH
comes from the outside, it's tainted and cannot be used for anything critical.
The solution is to reset the path in the script. Once this is done, PATH
is untainted and the system function works:
All that's left is to run the real script with debugging enabled:
Hacking the Script
This script is extremely limited. It can only debug programs named hello.pl. With a little work, you could create a CGI interface to the front end and make the script debug anything.
This brings us to the other problem with this script: no security. If you can get to the program, you can get to the debugger. From the debugger, you can do a lot of damage. It would be nice if the script let only good people run it.
But as a debugging tool, it's a whole lot better than the usual CGI debugging techniques of hope, pray, and print.
[previous]
URL: