Extra Defensive Measures

If you happen to be using Perl, the language has facilities to help you detect this kind of error at run time. Its called taint mode . The basic idea is that Perl wont let you send unsanitized data to one of the bad functions above. But, the checks only work in taint mode, so you get no benefit if you dont run it. Plus, you can accidentally un-taint data without really having validated anything. There are other minor limitations, too, so its good not to rely solely upon this mechanism. Nonetheless, its still a great testing tool, and usually worth turning on as one of your defenses.

For the common API calls that invoke command processors, you might want to write your own wrapper API to them that does allow-list filtering, and throws an exception if the input is bad. This shouldnt be the only input validation you do because, often, its better to perform more detailed sanity checks on data values. But, its a good first line of defense, and its easy to enforce. You can either make the wrappers replace the bad functions, or you can use a simple search tool in code auditing to find all the instances you missed and quickly make the right replacement.