develooper Front page | perl.perl5.porters | Postings from November 2005

sprintf and tainting

From:
Andy Lester
Date:
November 30, 2005 08:31
Subject:
sprintf and tainting
Message ID:
20051130163101.GE21660@petdance.com
This was certainly not what I was expecting.

$ cat taint.pl
#!/usr/bin/perl -Tw

use strict;
use warnings;

use Scalar::Util qw( tainted );

my $n = shift;

my $s_str = sprintf( "%s", $n );
print "As %s: ", tainted($s_str) ? "Tainted" : "Not tainted";
print ": $s_str\n";

my $d_str = sprintf( "%d", $n );
print "As %d: ", tainted($d_str) ? "Tainted" : "Not tainted";
print ": $d_str\n";


$ ./taint.pl 99
As %s: Tainted: 99
As %d: Not tainted: 99


Seems to me that pretty formatting of numeric data shouldn't remove its
taintedness.

xoxo,
Andy

-- 
Andy Lester => andy@petdance.com => www.petdance.com => AIM:petdance



nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About