Front page | perl.perl5.porters |
Postings from November 2009
2009/11/5 Mark Martinec <Mark.Martinec@ijs.si>:
>> At the very least we should assert that it isnt.
>
> #!/usr/bin/perl -T
>
> use strict;
> use re 'taint';
> use Scalar::Util qw(tainted);
>
> my $mailbox = 'abc@example.com';
> $mailbox .= substr($ENV{PATH},0,0); # make it tainted
>
> # $1 and $2 become tainted
> my(@r) = $mailbox =~ /^(.*?)(\@.*)$/ ? ($1,$2) : ($mailbox,'');
> printf("%d %d\n", tainted($1), tainted($2));
>
> my($nm) = 'aaa-ccc'; # not tainted
> printf("%d\n", tainted($nm));
>
> $nm =~ s/^aaa-(.*)$/$1/; # $nm becomes tainted
> printf("%d\n", tainted($nm));
At 1st glance I would say that is because $1 and $2 appear in the same
expression than the tainted $mailbox and thus become tainted, just
like the rest of the expression. As says perlsec :
| For efficiency reasons, Perl takes a conservative view of
| whether data is tainted. If an expression contains tainted data,
| any subexpression may be considered tainted, even if the value
| of the subexpression is not itself affected by the tainted data.
Thread Previous
|
Thread Next