GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages


Manual Reference Pages  -  TEST::TAINT (3)

.ds Aq ’

NAME

Test::Taint - Tools to test taintedness

CONTENTS

VERSION

Version 1.06

SYNOPSIS



    taint_checking_ok();        # We have to have taint checking on
    my $id = "deadbeef";        # Dummy session ID
    taint( $id );               # Simulate it coming in from the web
    tainted_ok( $id );
    $id = validate_id( $id );   # Your routine to check the $id
    untainted_ok( $id );        # Did it come back clean?
    ok( defined $id );



DESCRIPTION

Tainted data is data that comes from an unsafe source, such as the command line, or, in the case of web apps, any GET or POST transactions. Read the perlsec man page for details on why tainted data is bad, and how to untaint the data.

When you’re writing unit tests for code that deals with tainted data, you’ll want to have a way to provide tainted data for your routines to handle, and easy ways to check and report on the taintedness of your data, in standard Test::More style.

Test::More-style Functions

All the xxx_ok() functions work like standard Test::More-style functions, where the last parm is an optional message, it outputs ok or not ok, and returns a boolean telling if the test passed.

    taint_checking_ok( [$message] )

Test::More-style test that taint checking is on. This should probably be the first thing in any *.t file that deals with taintedness.

tainted_ok( CW$var [, CW$message ] )

Checks that $var is tainted.



    tainted_ok( $ENV{FOO} );



untainted_ok( CW$var [, CW$message ] )

Checks that $var is not tainted.



    my $foo = my_validate( $ENV{FOO} );
    untainted_ok( $foo );



tainted_ok_deeply( CW$var [, CW$message ] )

Checks that $var is tainted. If $var is a reference, it recursively checks every variable to make sure they are all tainted.



    tainted_ok_deeply( \%ENV );



untainted_ok_deeply( CW$var [, CW$message ] )

Checks that $var is not tainted. If $var is a reference, it recursively checks every variable to make sure they are all not tainted.



    my %env = my_validate( \%ENV );
    untainted_ok_deeply( \%env );



Helper Functions

These are all helper functions. Most are wrapped by an xxx_ok() counterpart, except for taint which actually does something, instead of just reporting it.

taint_checking()

Returns true if taint checking is enabled via the -T flag.

tainted( CI$var )

Returns boolean saying if $var is tainted.

tainted_deeply( CI$var )

Returns boolean saying if $var is tainted. If $var is a reference it recursively checks every variable to make sure they are all tainted.

taint( CW@list )

Marks each (apparently) taintable argument in @list as being tainted.

References can be tainted like any other scalar, but it doesn’t make sense to, so they will <B>notB> be tainted by this function.

Some tied and magical variables may fail to be tainted by this routine, try as it may.)

taint_deeply( CW@list )

Similar to taint, except that if any elements in @list are references, it walks deeply into the data structure and marks each taintable argument as being tainted.

If any variables are tied this will taint all the scalars within the tied object.

AUTHOR

Written by Andy Lester, <andy@petdance.com>.

COPYRIGHT

Copyright 2004, Andy Lester, All Rights Reserved.

You may use, modify, and distribute this package under the same terms as Perl itself.

Search for    or go to Top of page |  Section 3 |  Main Index


perl v5.20.3 TAINT (3) 2012-10-19

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.