Commit | Line | Data |
3fa6e24b |
1 | #!./perl -T |
2 | |
3 | |
4 | my %Expect_File = (); # what we expect for $_ |
5 | my %Expect_Name = (); # what we expect for $File::Find::name/fullname |
6 | my %Expect_Dir = (); # what we expect for $File::Find::dir |
7 | my $symlink_exists = eval { symlink("",""); 1 }; |
8 | my $cwd; |
9 | my $cwd_untainted; |
10 | |
11 | BEGIN { |
12 | chdir 't' if -d 't'; |
13 | unshift @INC => '../lib'; |
14 | |
15 | for (keys %ENV) { # untaint ENV |
16 | ($ENV{$_}) = $ENV{$_} =~ /(.*)/; |
17 | } |
18 | } |
19 | |
004cc508 |
20 | |
3fa6e24b |
21 | if ( $symlink_exists ) { print "1..45\n"; } |
22 | else { print "1..27\n"; } |
23 | |
24 | use File::Find; |
25 | use File::Spec; |
26 | use Cwd; |
a1b073b7 |
27 | use Config; |
28 | |
29 | # Remove insecure directories from PATH |
30 | my @path; |
31 | my $sep = $Config{path_sep}; |
32 | foreach my $dir (split(/$sep/,$ENV{'PATH'})) |
33 | { |
34 | push(@path,$dir) unless (stat $dir)[2] & 0002; |
35 | } |
36 | $ENV{'PATH'} = join($sep,@path); |
3fa6e24b |
37 | |
343d3f38 |
38 | my $NonTaintedCwd = $^O eq 'MSWin32' || $^O eq 'cygwin'; |
39 | |
3fa6e24b |
40 | cleanup(); |
41 | |
b695f709 |
42 | find({wanted => sub { print "ok 1\n" if $_ eq 'commonsense.t'; }, |
bb7dc48b |
43 | untaint => 1, untaint_pattern => qr|^(.+)$|}, File::Spec->curdir); |
3fa6e24b |
44 | |
b695f709 |
45 | finddepth({wanted => sub { print "ok 2\n" if $_ eq 'commonsense.t'; }, |
bb7dc48b |
46 | untaint => 1, untaint_pattern => qr|^(.+)$|}, |
47 | File::Spec->curdir); |
3fa6e24b |
48 | |
49 | my $case = 2; |
50 | my $FastFileTests_OK = 0; |
51 | |
52 | sub cleanup { |
53 | if (-d dir_path('for_find')) { |
54 | chdir(dir_path('for_find')); |
55 | } |
56 | if (-d dir_path('fa')) { |
57 | unlink file_path('fa', 'fa_ord'), |
58 | file_path('fa', 'fsl'), |
59 | file_path('fa', 'faa', 'faa_ord'), |
60 | file_path('fa', 'fab', 'fab_ord'), |
61 | file_path('fa', 'fab', 'faba', 'faba_ord'), |
62 | file_path('fb', 'fb_ord'), |
63 | file_path('fb', 'fba', 'fba_ord'); |
64 | rmdir dir_path('fa', 'faa'); |
65 | rmdir dir_path('fa', 'fab', 'faba'); |
66 | rmdir dir_path('fa', 'fab'); |
67 | rmdir dir_path('fa'); |
68 | rmdir dir_path('fb', 'fba'); |
69 | rmdir dir_path('fb'); |
70 | chdir File::Spec->updir; |
71 | rmdir dir_path('for_find'); |
72 | } |
73 | } |
74 | |
75 | END { |
76 | cleanup(); |
77 | } |
78 | |
79 | sub Check($) { |
80 | $case++; |
81 | if ($_[0]) { print "ok $case\n"; } |
82 | else { print "not ok $case\n"; } |
004cc508 |
83 | |
3fa6e24b |
84 | } |
85 | |
86 | sub CheckDie($) { |
87 | $case++; |
88 | if ($_[0]) { print "ok $case\n"; } |
004cc508 |
89 | else { print "not ok $case\n"; exit 0; } |
90 | } |
91 | |
92 | sub Skip($) { |
93 | $case++; |
94 | print "ok $case # skipped: ",$_[0],"\n"; |
3fa6e24b |
95 | } |
96 | |
97 | sub touch { |
98 | CheckDie( open(my $T,'>',$_[0]) ); |
99 | } |
100 | |
101 | sub MkDir($$) { |
102 | CheckDie( mkdir($_[0],$_[1]) ); |
103 | } |
104 | |
105 | sub wanted_File_Dir { |
106 | print "# \$File::Find::dir => '$File::Find::dir'\n"; |
107 | print "# \$_ => '$_'\n"; |
108 | s#\.$## if ($^O eq 'VMS' && $_ ne '.'); |
109 | Check( $Expect_File{$_} ); |
110 | if ( $FastFileTests_OK ) { |
111 | delete $Expect_File{ $_} |
112 | unless ( $Expect_Dir{$_} && ! -d _ ); |
113 | } else { |
114 | delete $Expect_File{$_} |
115 | unless ( $Expect_Dir{$_} && ! -d $_ ); |
116 | } |
117 | } |
118 | |
119 | sub wanted_File_Dir_prune { |
120 | &wanted_File_Dir; |
121 | $File::Find::prune=1 if $_ eq 'faba'; |
122 | } |
123 | |
124 | |
125 | sub simple_wanted { |
126 | print "# \$File::Find::dir => '$File::Find::dir'\n"; |
127 | print "# \$_ => '$_'\n"; |
128 | } |
129 | |
130 | |
bb7dc48b |
131 | # Use dir_path() to specify a directory path that's expected for |
132 | # $File::Find::dir (%Expect_Dir). Also use it in file operations like |
133 | # chdir, rmdir etc. |
3fa6e24b |
134 | # |
bb7dc48b |
135 | # dir_path() concatenates directory names to form a _relative_ |
136 | # directory path, independant from the platform it's run on, although |
137 | # there are limitations. Don't try to create an absolute path, |
138 | # because that may fail on operating systems that have the concept of |
139 | # volume names (e.g. Mac OS). Be careful when you want to create an |
140 | # updir path like ../fa (Unix) or ::fa: (Mac OS). Plain directory |
141 | # names will work best. As a special case, you can pass it a "." as |
142 | # first argument, to create a directory path like "./fa/dir" on |
143 | # operating systems other than Mac OS (actually, Mac OS will ignore |
144 | # the ".", if it's the first argument). If there's no second argument, |
145 | # this function will return the empty string on Mac OS and the string |
146 | # "./" otherwise. |
3fa6e24b |
147 | |
148 | sub dir_path { |
149 | my $first_item = shift @_; |
150 | |
151 | if ($first_item eq '.') { |
152 | if ($^O eq 'MacOS') { |
153 | return '' unless @_; |
154 | # ignore first argument; return a relative path |
155 | # with leading ":" and with trailing ":" |
156 | return File::Spec->catdir("", @_); |
157 | } else { # other OS |
158 | return './' unless @_; |
159 | my $path = File::Spec->catdir(@_); |
160 | # add leading "./" |
161 | $path = "./$path"; |
162 | return $path; |
163 | } |
164 | |
165 | } else { # $first_item ne '.' |
166 | return $first_item unless @_; # return plain filename |
167 | if ($^O eq 'MacOS') { |
168 | # relative path with leading ":" and with trailing ":" |
169 | return File::Spec->catdir("", $first_item, @_); |
170 | } else { # other OS |
171 | return File::Spec->catdir($first_item, @_); |
172 | } |
173 | } |
174 | } |
175 | |
176 | |
bb7dc48b |
177 | # Use topdir() to specify a directory path that you want to pass to |
178 | #find/finddepth Basically, topdir() does the same as dir_path() (see |
179 | #above), except that there's no trailing ":" on Mac OS. |
3fa6e24b |
180 | |
181 | sub topdir { |
182 | my $path = dir_path(@_); |
183 | $path =~ s/:$// if ($^O eq 'MacOS'); |
184 | return $path; |
185 | } |
186 | |
187 | |
188 | # Use file_path() to specify a file path that's expected for $_ (%Expect_File). |
189 | # Also suitable for file operations like unlink etc. |
bb7dc48b |
190 | |
191 | # file_path() concatenates directory names (if any) and a filename to |
192 | # form a _relative_ file path (the last argument is assumed to be a |
193 | # file). It's independant from the platform it's run on, although |
194 | # there are limitations (see the warnings for dir_path() above). As a |
195 | # special case, you can pass it a "." as first argument, to create a |
196 | # file path like "./fa/file" on operating systems other than Mac OS |
197 | # (actually, Mac OS will ignore the ".", if it's the first |
198 | # argument). If there's no second argument, this function will return |
199 | # the empty string on Mac OS and the string "./" otherwise. |
3fa6e24b |
200 | |
201 | sub file_path { |
202 | my $first_item = shift @_; |
203 | |
204 | if ($first_item eq '.') { |
205 | if ($^O eq 'MacOS') { |
206 | return '' unless @_; |
207 | # ignore first argument; return a relative path |
208 | # with leading ":", but without trailing ":" |
209 | return File::Spec->catfile("", @_); |
210 | } else { # other OS |
211 | return './' unless @_; |
212 | my $path = File::Spec->catfile(@_); |
213 | # add leading "./" |
214 | $path = "./$path"; |
215 | return $path; |
216 | } |
217 | |
218 | } else { # $first_item ne '.' |
219 | return $first_item unless @_; # return plain filename |
220 | if ($^O eq 'MacOS') { |
221 | # relative path with leading ":", but without trailing ":" |
222 | return File::Spec->catfile("", $first_item, @_); |
223 | } else { # other OS |
224 | return File::Spec->catfile($first_item, @_); |
225 | } |
226 | } |
227 | } |
228 | |
229 | |
bb7dc48b |
230 | # Use file_path_name() to specify a file path that's expected for |
231 | # $File::Find::Name (%Expect_Name). Note: When the no_chdir => 1 |
232 | # option is in effect, $_ is the same as $File::Find::Name. In that |
233 | # case, also use this function to specify a file path that's expected |
234 | # for $_. |
3fa6e24b |
235 | # |
bb7dc48b |
236 | # Basically, file_path_name() does the same as file_path() (see |
237 | # above), except that there's always a leading ":" on Mac OS, even for |
238 | # plain file/directory names. |
3fa6e24b |
239 | |
240 | sub file_path_name { |
241 | my $path = file_path(@_); |
242 | $path = ":$path" if (($^O eq 'MacOS') && ($path !~ /:/)); |
243 | return $path; |
244 | } |
245 | |
246 | |
247 | |
36841713 |
248 | MkDir( dir_path('for_find'), 0770 ); |
3fa6e24b |
249 | CheckDie(chdir( dir_path('for_find'))); |
250 | |
251 | $cwd = cwd(); # save cwd |
252 | ( $cwd_untainted ) = $cwd =~ m|^(.+)$|; # untaint it |
253 | |
254 | MkDir( dir_path('fa'), 0770 ); |
255 | MkDir( dir_path('fb'), 0770 ); |
256 | touch( file_path('fb', 'fb_ord') ); |
257 | MkDir( dir_path('fb', 'fba'), 0770 ); |
258 | touch( file_path('fb', 'fba', 'fba_ord') ); |
259 | if ($^O eq 'MacOS') { |
260 | CheckDie( symlink(':fb',':fa:fsl') ) if $symlink_exists; |
261 | } else { |
262 | CheckDie( symlink('../fb','fa/fsl') ) if $symlink_exists; |
263 | } |
264 | touch( file_path('fa', 'fa_ord') ); |
265 | |
266 | MkDir( dir_path('fa', 'faa'), 0770 ); |
267 | touch( file_path('fa', 'faa', 'faa_ord') ); |
268 | MkDir( dir_path('fa', 'fab'), 0770 ); |
269 | touch( file_path('fa', 'fab', 'fab_ord') ); |
270 | MkDir( dir_path('fa', 'fab', 'faba'), 0770 ); |
271 | touch( file_path('fa', 'fab', 'faba', 'faba_ord') ); |
272 | |
3fa6e24b |
273 | print "# check untainting (no follow)\n"; |
274 | |
275 | # untainting here should work correctly |
bb7dc48b |
276 | |
277 | %Expect_File = (File::Spec->curdir => 1, file_path('fsl') => |
278 | 1,file_path('fa_ord') => 1, file_path('fab') => 1, |
279 | file_path('fab_ord') => 1, file_path('faba') => 1, |
3fa6e24b |
280 | file_path('faa') => 1, file_path('faa_ord') => 1); |
281 | delete $Expect_File{ file_path('fsl') } unless $symlink_exists; |
282 | %Expect_Name = (); |
bb7dc48b |
283 | |
284 | %Expect_Dir = ( dir_path('fa') => 1, dir_path('faa') => 1, |
285 | dir_path('fab') => 1, dir_path('faba') => 1, |
3fa6e24b |
286 | dir_path('fb') => 1, dir_path('fba') => 1); |
bb7dc48b |
287 | |
3fa6e24b |
288 | delete @Expect_Dir{ dir_path('fb'), dir_path('fba') } unless $symlink_exists; |
bb7dc48b |
289 | |
290 | File::Find::find( {wanted => \&wanted_File_Dir_prune, untaint => 1, |
291 | untaint_pattern => qr|^(.+)$|}, topdir('fa') ); |
292 | |
3fa6e24b |
293 | Check( scalar(keys %Expect_File) == 0 ); |
294 | |
295 | |
296 | # don't untaint at all, should die |
297 | %Expect_File = (); |
298 | %Expect_Name = (); |
299 | %Expect_Dir = (); |
300 | undef $@; |
301 | eval {File::Find::find( {wanted => \&simple_wanted}, topdir('fa') );}; |
302 | Check( $@ =~ m|Insecure dependency| ); |
303 | chdir($cwd_untainted); |
304 | |
305 | |
306 | # untaint pattern doesn't match, should die |
307 | undef $@; |
bb7dc48b |
308 | |
3fa6e24b |
309 | eval {File::Find::find( {wanted => \&simple_wanted, untaint => 1, |
bb7dc48b |
310 | untaint_pattern => qr|^(NO_MATCH)$|}, |
311 | topdir('fa') );}; |
312 | |
3fa6e24b |
313 | Check( $@ =~ m|is still tainted| ); |
314 | chdir($cwd_untainted); |
315 | |
316 | |
317 | # untaint pattern doesn't match, should die when we chdir to cwd |
004cc508 |
318 | print "# check untaint_skip (No follow)\n"; |
3fa6e24b |
319 | undef $@; |
bb7dc48b |
320 | |
321 | eval {File::Find::find( {wanted => \&simple_wanted, untaint => 1, |
322 | untaint_skip => 1, untaint_pattern => |
323 | qr|^(NO_MATCH)$|}, topdir('fa') );}; |
324 | |
004cc508 |
325 | print "# $@" if $@; |
326 | #$^D = 8; |
343d3f38 |
327 | if ($NonTaintedCwd) { |
004cc508 |
328 | Skip("$^O does not taint cwd"); |
329 | } |
330 | else { |
331 | Check( $@ =~ m|insecure cwd| ); |
332 | } |
3fa6e24b |
333 | chdir($cwd_untainted); |
334 | |
335 | |
336 | if ( $symlink_exists ) { |
bb7dc48b |
337 | print "# --- symbolic link tests --- \n"; |
3fa6e24b |
338 | $FastFileTests_OK= 1; |
339 | |
340 | print "# check untainting (follow)\n"; |
341 | |
342 | # untainting here should work correctly |
343 | # no_chdir is in effect, hence we use file_path_name to specify the expected paths for %Expect_File |
bb7dc48b |
344 | |
345 | %Expect_File = (file_path_name('fa') => 1, |
346 | file_path_name('fa','fa_ord') => 1, |
347 | file_path_name('fa', 'fsl') => 1, |
348 | file_path_name('fa', 'fsl', 'fb_ord') => 1, |
349 | file_path_name('fa', 'fsl', 'fba') => 1, |
350 | file_path_name('fa', 'fsl', 'fba', 'fba_ord') => 1, |
351 | file_path_name('fa', 'fab') => 1, |
352 | file_path_name('fa', 'fab', 'fab_ord') => 1, |
353 | file_path_name('fa', 'fab', 'faba') => 1, |
354 | file_path_name('fa', 'fab', 'faba', 'faba_ord') => 1, |
355 | file_path_name('fa', 'faa') => 1, |
356 | file_path_name('fa', 'faa', 'faa_ord') => 1); |
357 | |
3fa6e24b |
358 | %Expect_Name = (); |
bb7dc48b |
359 | |
360 | %Expect_Dir = (dir_path('fa') => 1, |
361 | dir_path('fa', 'faa') => 1, |
362 | dir_path('fa', 'fab') => 1, |
363 | dir_path('fa', 'fab', 'faba') => 1, |
364 | dir_path('fb') => 1, |
365 | dir_path('fb', 'fba') => 1); |
366 | |
367 | File::Find::find( {wanted => \&wanted_File_Dir, follow_fast => 1, |
368 | no_chdir => 1, untaint => 1, untaint_pattern => |
369 | qr|^(.+)$| }, topdir('fa') ); |
370 | |
3fa6e24b |
371 | Check( scalar(keys %Expect_File) == 0 ); |
372 | |
373 | |
374 | # don't untaint at all, should die |
375 | undef $@; |
bb7dc48b |
376 | |
377 | eval {File::Find::find( {wanted => \&simple_wanted, follow => 1}, |
378 | topdir('fa') );}; |
379 | |
3fa6e24b |
380 | Check( $@ =~ m|Insecure dependency| ); |
381 | chdir($cwd_untainted); |
382 | |
383 | # untaint pattern doesn't match, should die |
384 | undef $@; |
bb7dc48b |
385 | |
386 | eval {File::Find::find( {wanted => \&simple_wanted, follow => 1, |
387 | untaint => 1, untaint_pattern => |
388 | qr|^(NO_MATCH)$|}, topdir('fa') );}; |
389 | |
3fa6e24b |
390 | Check( $@ =~ m|is still tainted| ); |
391 | chdir($cwd_untainted); |
392 | |
393 | # untaint pattern doesn't match, should die when we chdir to cwd |
004cc508 |
394 | print "# check untaint_skip (Follow)\n"; |
3fa6e24b |
395 | undef $@; |
bb7dc48b |
396 | |
397 | eval {File::Find::find( {wanted => \&simple_wanted, untaint => 1, |
398 | untaint_skip => 1, untaint_pattern => |
399 | qr|^(NO_MATCH)$|}, topdir('fa') );}; |
343d3f38 |
400 | if ($NonTaintedCwd) { |
401 | Skip("$^O does not taint cwd"); |
402 | } |
403 | else { |
404 | Check( $@ =~ m|insecure cwd| ); |
405 | } |
3fa6e24b |
406 | chdir($cwd_untainted); |
3fa6e24b |
407 | } |
408 | |