Help-Site Computer Manuals
Software
Hardware
Programming
Networking
  Algorithms & Data Structures   Programming Languages   Revision Control
  Protocols
  Cameras   Computers   Displays   Keyboards & Mice   Motherboards   Networking   Printers & Scanners   Storage
  Windows   Linux & Unix   Mac

Taint::Util
Test for and flip the taint flag without regex matches or C<eval>

Taint::Util - Test for and flip the taint flag without regex matches or C<eval>


NAME

Taint::Util - Test for and flip the taint flag without regex matches or eval


SYNOPSIS


    #!/usr/bin/env perl -T

    use Taint::Util;

    # eek!

    untaint $ENV{PATH};

    # $sv now tainted under taint mode (-T)

    taint(my $sv = "hlagh");

    # Untaint $sv again

    untaint $sv if tainted $sv;


DESCRIPTION

Wraps perl's internal routines for checking and setting the taint flag and thus does not rely on regular expressions for untainting or odd tricks involving eval and kill for checking whether data is tainted, instead it checks and flips a flag on the scalar in-place.


FUNCTIONS

tainted

Returns a boolean indicating whether a scalar is tainted. Always false when not under taint mode.

taint & untaint

Taints or untaints given values, arrays will be flattened and their elements tainted, likewise with the values of hashes (keys can't be tainted, see perlsec). Returns no value (which evaluates to false).


    untaint(%ENV);                  # Untaints the environment

    taint(my @hlagh = qw(a o e u)); # elements of @hlagh now tainted

References (being scalars) can also be tainted, a stringified reference reference raises an error where a tainted scalar would:


    taint(my $ar = \@hlagh);

    system echo => $ar;      # err: Insecure dependency in system

This feature is used by perl internally to taint the blessed object qr// stringifies to.


    taint(my $str = "oh noes");

    my $re = qr/$str/;

    system echo => $re;      # err: Insecure dependency in system

This does not mean that tainted blessed objects with overloaded stringification via overload need return a tainted object since those objects may return a non-tainted scalar when stringified (see t/reftaint.t for an example). The internal handling of qr// however ensures that this holds true.

File handles can also be tainted, but this probably useless as the handle itself and not lines retrieved from it will be tainted.


    taint(*DATA);    # *DATA tainted

    my $ln = <DATA>; # $ln not tainted


EXPORTS

Exports tainted, taint and untaint by default. Individual functions can be exported by specifying them in the use list, to export none use ().


HISTORY

I wrote this when implementing the re::engine::Plugin manpage so that someone writing a custom regex engine with it wouldn't have to rely on perl regexps for untainting capture variables, which would be a bit odd.


SEE ALSO

perlsec


AUTHOR

Ævar Arnfjörð Bjarmason <avar@cpan.org>


LICENSE

Copyright 2007 Ævar Arnfjörð Bjarmason.

This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

Programminig
Wy
Wy
yW
Wy
Programming
Wy
Wy
Wy
Wy