develooper Front page | perl.perl5.porters | Postings from March 2022

updating t/comp/opsubs.t to cope with taint-free perl

Thread Next
Neil Bowers
March 8, 2022 22:51
updating t/comp/opsubs.t to cope with taint-free perl
Message ID:
The last testsuite I need to fix to cope with a taint-free perl is t/comp/opsubs.t

There’s one test which fails under taint-free perl:

So what should I do here?

Check for taint-free perl and skip it!

At first glance this was easy to update: load up and check if we’re running under taint-free perl. If we are, then we skip this one test; this is what I’ve done in most other tests. I made this change and the testsuite is happy.

But the problem is this comment at the top of the file:

    # Uncomment this for testing, but don't leave it in for "production", as
    # we've not yet verified that use works.
    # use strict;

This suggests that I can’t put `use Config;` at the top of the file. I don’t know if this is a historical comment and now it would be fine, or is there a reason why I shouldn’t? I asked about this on #p5p, and at least one person thought it’s probably fine.

I mean, if `use` is broken, then a _ton_ of tests are gonna fail, so what’s one more, right? I don’t know anywhere near enough claim that for real :-)

Note, for example, that this test file doesn’t load like most test files do – it has its own is(), like(), and friends. So clearly at some point it was a valid restriction, and I’ve assumed that it probably still is.

Question: is it ok to use/require Config in this file?

Replace the test

Xenu took a look and thinks the -T on the file and the taint check is a red herring, and I could drop the -T, and the test could be replaced with this:

    eval q{
        BEGIN {
            *CORE::GLOBAL::readpipe = sub { die "readpipe called" };
    like( $@, qr/^readpipe called/, "qx('unqualified') is oper" );

I don’t understand this enough to know if this is an acceptable substitute.

Question: if I can’t use Config, is this change ok?

Move the test?

If I can’t `use Config` in this file, can I move this one test into a file of its own and `use Config` in that? If so, how do I do that in a way which doesn’t break whatever the original restriction (can’t use `use` in this file) is?

Delete the test?

There are tests elsewhere that cover taint, so can we just delete this test entirely, and drop the -T?

Something else?

Is there another way to get round this that I haven’t thought of?


Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About