[p5sagit/p5-mst-13.2.git] / t / op / taint.t

#!./perl -T
#
# Taint tests by Tom Phoenix <rootbeer@teleport.com>.
#
# I don't claim to know all about tainting. If anyone sees
# tests that I've missed here, please add them. But this is
# better than having no tests at all, right?
#

BEGIN {
    chdir 't' if -d 't';
    @INC = '../lib' if -d '../lib';
}

use strict;
use Config;

my $Is_VMS = $^O eq 'VMS';
my $Is_MSWin32 = $^O eq 'MSWin32';
my $Invoke_Perl = $Is_VMS ? 'MCR Sys$Disk:[]Perl.' :
                  $Is_MSWin32 ? '.\perl' : './perl';
if ($Is_VMS) {
    my ($olddcl) = $ENV{'DCL$PATH'} =~ /^(.*)$/;
    my ($oldifs) = $ENV{IFS} =~ /^(.*)$/;
    eval <<EndOfCleanup;
	END {
	    \$ENV{PATH} = '';
	    warn "# Note: logical name 'PATH' may have been deleted\n";
	    \$ENV{IFS} =  \$oldifs;
	    \$ENV{'DCL\$PATH'} = \$olddcl;
	}
EndOfCleanup
}

# Sources of taint:
#   The empty tainted value, for tainting strings
my $TAINT = substr($^X, 0, 0);
#   A tainted zero, useful for tainting numbers
my $TAINT0 = 0 + $TAINT;

# This taints each argument passed. All must be lvalues.
# Side effect: It also stringifies them. :-(
sub taint_these (@) {
    for (@_) { $_ .= $TAINT }
}

# How to identify taint when you see it
sub any_tainted (@) {
    not eval { join("",@_), kill 0; 1 };
}
sub tainted ($) {
    any_tainted @_;
}
sub all_tainted (@) {
    for (@_) { return 0 unless tainted $_ }
    1;
}

sub test ($$;$) {
    my($serial, $boolean, $diag) = @_;
    if ($boolean) {
	print "ok $serial\n";
    } else {
	print "not ok $serial\n";
	for (split m/^/m, $diag) {
	    print "# $_";
	}
	print "\n" unless
	    $diag eq ''
	    or substr($diag, -1) eq "\n";
    }
}

# We need an external program to call.
my $ECHO = ($Is_MSWin32 ? ".\\echo$$" : "./echo$$");
END { unlink $ECHO }
open PROG, "> $ECHO" or die "Can't create $ECHO: $!";
print PROG 'print "@ARGV\n"', "\n";
close PROG;
my $echo = "$Invoke_Perl $ECHO";

print "1..112\n";

# First, let's make sure that Perl is checking the dangerous
# environment variables. Maybe they aren't set yet, so we'll
# taint them ourselves.
{
    $ENV{'DCL$PATH'} = '' if $Is_VMS;

    if ($Is_MSWin32) {
	print "# PATH/IFS tainting tests skipped\n";
	for (1..4) { print "ok $_\n" }
    }
    else {
	$ENV{PATH} = $TAINT;
	$ENV{IFS} = " \t\n";
	test 1, eval { `$echo 1` } eq '';
	test 2, $@ =~ /^Insecure \$ENV{PATH}/, $@;

	$ENV{PATH} = '';
	$ENV{IFS} = $TAINT;
	test 3, eval { `$echo 1` } eq '';
	test 4, $@ =~ /^Insecure \$ENV{IFS}/, $@;
    }
    my $tmp;
    if ($^O eq 'os2' || $^O eq 'amigaos' || $Is_MSWin32) {
	print "# all directories are writeable\n";
    }
    else {
	$tmp = (grep { defined and -d and (stat _)[2] & 2 }
		     qw(/tmp /var/tmp /usr/tmp /sys$scratch),
		     @ENV{qw(TMP TEMP)})[0]
	    or print "# can't find world-writeable directory to test PATH\n";
    }

    if ($tmp) {
	$ENV{PATH} = $tmp;
	$ENV{IFS} = " \t\n";
	test 5, eval { `$echo 1` } eq '';
	test 6, $@ =~ /^Insecure directory in \$ENV{PATH}/, $@;
    }
    else {
	for (5..6) { print "ok $_\n" }
    }

    $ENV{PATH} = '';
    $ENV{IFS} = " \t\n";
    test 7, eval { `$echo 1` } eq "1\n";
    test 8, $@ eq '', $@;

    if ($Is_VMS) {
	$ENV{'DCL$PATH'} = $TAINT;
	test 9,  eval { `$echo 1` } eq '';
	test 10, $@ =~ /^Insecure \$ENV{DCL\$PATH}/, $@;
	if ($tmp) {
	    $ENV{'DCL$PATH'} = $tmp;
	    test 11, eval { `$echo 1` } eq '';
	    test 12, $@ =~ /^Insecure directory in \$ENV{DCL\$PATH}/, $@;
	}
	else {
	    print "# can't find world-writeable directory to test DCL\$PATH\n";
	    for (11..12) { print "ok $_\n" }
	}
	$ENV{'DCL$PATH'} = '';
    }
    else {
	print "# This is not VMS\n";
	for (9..12) { print "ok $_\n"; }
    }
}

# Let's see that we can taint and untaint as needed.
{
    my $foo = $TAINT;
    test 13, tainted $foo;

    # That was a sanity check. If it failed, stop the insanity!
    die "Taint checks don't seem to be enabled" unless tainted $foo;

    $foo = "foo";
    test 14, not tainted $foo;

    taint_these($foo);
    test 15, tainted $foo;

    my @list = 1..10;
    test 16, not any_tainted @list;
    taint_these @list[1,3,5,7,9];
    test 17, any_tainted @list;
    test 18, all_tainted @list[1,3,5,7,9];
    test 19, not any_tainted @list[0,2,4,6,8];

    ($foo) = $foo =~ /(.+)/;
    test 20, not tainted $foo;

    $foo = $1 if ('bar' . $TAINT) =~ /(.+)/;
    test 21, not tainted $foo;
    test 22, $foo eq 'bar';

    my $pi = 4 * atan2(1,1) + $TAINT0;
    test 23, tainted $pi;

    ($pi) = $pi =~ /(\d+\.\d+)/;
    test 24, not tainted $pi;
    test 25, sprintf("%.5f", $pi) eq '3.14159';
}

# How about command-line arguments? The problem is that we don't
# always get some, so we'll run another process with some.
{
    my $arg = "./arg$$";
    open PROG, "> $arg" or die "Can't create $arg: $!";
    print PROG q{
	eval { join('', @ARGV), kill 0 };
	exit 0 if $@ =~ /^Insecure dependency/;
	print "# Oops: \$@ was [$@]\n";
	exit 1;
    };
    close PROG;
    print `$Invoke_Perl "-T" $arg and some suspect arguments`;
    test 26, !$?, "Exited with status $?";
    unlink $arg;
}

# Reading from a file should be tainted
{
    my $file = './TEST';
    test 27, open(FILE, $file), "Couldn't open '$file': $!";

    my $block;
    sysread(FILE, $block, 100);
    my $line = <FILE>;
    close FILE;
    test 28, tainted $block;
    test 29, tainted $line;
}

# Globs should be tainted.
{
    # Some glob implementations need to spawn system programs.
    local $ENV{PATH} = '';
    $ENV{PATH} = (-l '/bin' ? '' : '/bin:') . '/usr/bin' unless $Is_VMS;

    my @globs = <*>;
    test 30, all_tainted @globs;

    @globs = glob '*';
    test 31, all_tainted @globs;
}

# Output of commands should be tainted
{
    my $foo = `$echo abc`;
    test 32, tainted $foo;
}

# Certain system variables should be tainted
{
    test 33, all_tainted $^X, $0;
}

# Results of matching should all be untainted
{
    my $foo = "abcdefghi" . $TAINT;
    test 34, tainted $foo;

    $foo =~ /def/;
    test 35, not any_tainted $`, $&, $';

    $foo =~ /(...)(...)(...)/;
    test 36, not any_tainted $1, $2, $3, $+;

    my @bar = $foo =~ /(...)(...)(...)/;
    test 37, not any_tainted @bar;

    test 38, tainted $foo;	# $foo should still be tainted!
    test 39, $foo eq "abcdefghi";
}

# Operations which affect files can't use tainted data.
{
    test 40, eval { chmod 0, $TAINT } eq '', 'chmod';
    test 41, $@ =~ /^Insecure dependency/, $@;

    # There is no feature test in $Config{} for truncate,
    #   so we allow for the possibility that it's missing.
    test 42, eval { truncate 'NoSuChFiLe', $TAINT0 } eq '', 'truncate';
    test 43, $@ =~ /^(?:Insecure dependency|truncate not implemented)/, $@;

    test 44, eval { rename '', $TAINT } eq '', 'rename';
    test 45, $@ =~ /^Insecure dependency/, $@;

    test 46, eval { unlink $TAINT } eq '', 'unlink';
    test 47, $@ =~ /^Insecure dependency/, $@;

    test 48, eval { utime $TAINT } eq '', 'utime';
    test 49, $@ =~ /^Insecure dependency/, $@;

    if ($Config{d_chown}) {
	test 50, eval { chown -1, -1, $TAINT } eq '', 'chown';
	test 51, $@ =~ /^Insecure dependency/, $@;
    }
    else {
	print "# chown() is not available\n";
	for (50..51) { print "ok $_\n" }
    }

    if ($Config{d_link}) {
	test 52, eval { link $TAINT, '' } eq '', 'link';
	test 53, $@ =~ /^Insecure dependency/, $@;
    }
    else {
	print "# link() is not available\n";
	for (52..53) { print "ok $_\n" }
    }

    if ($Config{d_symlink}) {
	test 54, eval { symlink $TAINT, '' } eq '', 'symlink';
	test 55, $@ =~ /^Insecure dependency/, $@;
    }
    else {
	print "# symlink() is not available\n";
	for (54..55) { print "ok $_\n" }
    }
}

# Operations which affect directories can't use tainted data.
{
    test 56, eval { mkdir $TAINT0, $TAINT } eq '', 'mkdir';
    test 57, $@ =~ /^Insecure dependency/, $@;

    test 58, eval { rmdir $TAINT } eq '', 'rmdir';
    test 59, $@ =~ /^Insecure dependency/, $@;

    test 60, eval { chdir $TAINT } eq '', 'chdir';
    test 61, $@ =~ /^Insecure dependency/, $@;

    if ($Config{d_chroot}) {
	test 62, eval { chroot $TAINT } eq '', 'chroot';
	test 63, $@ =~ /^Insecure dependency/, $@;
    }
    else {
	print "# chroot() is not available\n";
	for (62..63) { print "ok $_\n" }
    }
}

# Some operations using files can't use tainted data.
{
    my $foo = "imaginary library" . $TAINT;
    test 64, eval { require $foo } eq '', 'require';
    test 65, $@ =~ /^Insecure dependency/, $@;

    my $filename = "./taintB$$";	# NB: $filename isn't tainted!
    END { unlink $filename if defined $filename }
    $foo = $filename . $TAINT;
    unlink $filename;	# in any case

    test 66, eval { open FOO, $foo } eq '', 'open for read';
    test 67, $@ eq '', $@;		# NB: This should be allowed
    test 68, $! == 2;			# File not found

    test 69, eval { open FOO, "> $foo" } eq '', 'open for write';
    test 70, $@ =~ /^Insecure dependency/, $@;
}

# Commands to the system can't use tainted data
{
    my $foo = $TAINT;

    if ($^O eq 'amigaos') {
	print "# open(\"|\") is not available\n";
	for (71..74) { print "ok $_\n" }
    }
    else {
	test 71, eval { open FOO, "| $foo" } eq '', 'popen to';
	test 72, $@ =~ /^Insecure dependency/, $@;

	test 73, eval { open FOO, "$foo |" } eq '', 'popen from';
	test 74, $@ =~ /^Insecure dependency/, $@;
    }

    test 75, eval { exec $TAINT } eq '', 'exec';
    test 76, $@ =~ /^Insecure dependency/, $@;

    test 77, eval { system $TAINT } eq '', 'system';
    test 78, $@ =~ /^Insecure dependency/, $@;

    $foo = "*";
    taint_these $foo;

    test 79, eval { `$echo 1$foo` } eq '', 'backticks';
    test 80, $@ =~ /^Insecure dependency/, $@;

    if ($Is_VMS) { # wildcard expansion doesn't invoke shell, so is safe
	test 81, join('', eval { glob $foo } ) ne '', 'globbing';
	test 82, $@ eq '', $@;
    }
    else {
	test 81, join('', eval { glob $foo } ) eq '', 'globbing';
	test 82, $@ =~ /^Insecure dependency/, $@;
    }
}

# Operations which affect processes can't use tainted data.
{
    test 83, eval { kill 0, $TAINT } eq '', 'kill';
    test 84, $@ =~ /^Insecure dependency/, $@;

    if ($Config{d_setpgrp}) {
	test 85, eval { setpgrp 0, $TAINT } eq '', 'setpgrp';
	test 86, $@ =~ /^Insecure dependency/, $@;
    }
    else {
	print "# setpgrp() is not available\n";
	for (85..86) { print "ok $_\n" }
    }

    if ($Config{d_setprior}) {
	test 87, eval { setpriority 0, $TAINT, $TAINT } eq '', 'setpriority';
	test 88, $@ =~ /^Insecure dependency/, $@;
    }
    else {
	print "# setpriority() is not available\n";
	for (87..88) { print "ok $_\n" }
    }
}

# Some miscellaneous operations can't use tainted data.
{
    if ($Config{d_syscall}) {
	test 89, eval { syscall $TAINT } eq '', 'syscall';
	test 90, $@ =~ /^Insecure dependency/, $@;
    }
    else {
	print "# syscall() is not available\n";
	for (89..90) { print "ok $_\n" }
    }

    {
	my $foo = "x" x 979;
	taint_these $foo;
	local *FOO;
	my $temp = "./taintC$$";
	END { unlink $temp }
	test 91, open(FOO, "> $temp"), "Couldn't open $temp for write: $!";

	test 92, eval { ioctl FOO, $TAINT, $foo } eq '', 'ioctl';
	test 93, $@ =~ /^Insecure dependency/, $@;

	if ($Config{d_fcntl}) {
	    test 94, eval { fcntl FOO, $TAINT, $foo } eq '', 'fcntl';
	    test 95, $@ =~ /^Insecure dependency/, $@;
	}
	else {
	    print "# fcntl() is not available\n";
	    for (94..95) { print "ok $_\n" }
	}

	close FOO;
    }
}

# Some tests involving references
{
    my $foo = 'abc' . $TAINT;
    my $fooref = \$foo;
    test 96, not tainted $fooref;
    test 97, tainted $$fooref;
    test 98, tainted $foo;
}

# Some tests involving assignment
{
    my $foo = $TAINT0;
    my $bar = $foo;
    test 99, all_tainted $foo, $bar;
    test 100, tainted($foo = $bar);
    test 101, tainted($bar = $bar);
    test 102, tainted($bar += $bar);
    test 103, tainted($bar -= $bar);
    test 104, tainted($bar *= $bar);
    test 105, tainted($bar++);
    test 106, tainted($bar /= $bar);
    test 107, tainted($bar += 0);
    test 108, tainted($bar -= 2);
    test 109, tainted($bar *= -1);
    test 110, tainted($bar /= 1);
    test 111, tainted($bar--);
    test 112, $bar == 0;
}
Commit	Line	Data
1e422769	1	#!./perl -T
	2	#
	3	# Taint tests by Tom Phoenix <rootbeer@teleport.com>.
	4	#
	5	# I don't claim to know all about tainting. If anyone sees
9607fc9c	6	# tests that I've missed here, please add them. But this is
1e422769	7	# better than having no tests at all, right?
	8	#
	9
	10	BEGIN {
	11	chdir 't' if -d 't';
	12	@INC = '../lib' if -d '../lib';
	13	}
	14
	15	use strict;
	16	use Config;
	17
	18	my $Is_VMS = $^O eq 'VMS';
68dc0745	19	my $Is_MSWin32 = $^O eq 'MSWin32';
	20	my $Invoke_Perl = $Is_VMS ? 'MCR Sys$Disk:[]Perl.' :
	21	$Is_MSWin32 ? '.\perl' : './perl';
1e422769	22	if ($Is_VMS) {
68dc0745	23	my ($olddcl) = $ENV{'DCL$PATH'} =~ /^(.*)$/;
68dc0745	24	my ($oldifs) = $ENV{IFS} =~ /^(.*)$/;
1e422769	25	eval <<EndOfCleanup;
	26	END {
	27	\$ENV{PATH} = '';
	28	warn "# Note: logical name 'PATH' may have been deleted\n";
68dc0745	29	\$ENV{IFS} = \$oldifs;
68dc0745	30	\$ENV{'DCL\$PATH'} = \$olddcl;
1e422769	31	}
	32	EndOfCleanup
	33	}
	34
	35	# Sources of taint:
	36	# The empty tainted value, for tainting strings
	37	my $TAINT = substr($^X, 0, 0);
	38	# A tainted zero, useful for tainting numbers
	39	my $TAINT0 = 0 + $TAINT;
	40
	41	# This taints each argument passed. All must be lvalues.
	42	# Side effect: It also stringifies them. :-(
	43	sub taint_these (@) {
	44	for (@_) { $_ .= $TAINT }
	45	}
	46
	47	# How to identify taint when you see it
	48	sub any_tainted (@) {
	49	not eval { join("",@_), kill 0; 1 };
	50	}
	51	sub tainted ($) {
	52	any_tainted @_;
	53	}
	54	sub all_tainted (@) {
	55	for (@_) { return 0 unless tainted $_ }
	56	1;
	57	}
	58
	59	sub test ($$;$) {
	60	my($serial, $boolean, $diag) = @_;
	61	if ($boolean) {
	62	print "ok $serial\n";
	63	} else {
	64	print "not ok $serial\n";
	65	for (split m/^/m, $diag) {
	66	print "# $_";
	67	}
9607fc9c	68	print "\n" unless
1e422769	69	$diag eq ''
	70	or substr($diag, -1) eq "\n";
	71	}
	72	}
	73
	74	# We need an external program to call.
5aabfad6	75	my $ECHO = ($Is_MSWin32 ? ".\\echo$$" : "./echo$$");
1e422769	76	END { unlink $ECHO }
	77	open PROG, "> $ECHO" or die "Can't create $ECHO: $!";
	78	print PROG 'print "@ARGV\n"', "\n";
	79	close PROG;
	80	my $echo = "$Invoke_Perl $ECHO";
	81
54310121	82	print "1..112\n";
1e422769	83
	84	# First, let's make sure that Perl is checking the dangerous
	85	# environment variables. Maybe they aren't set yet, so we'll
	86	# taint them ourselves.
	87	{
	88	$ENV{'DCL$PATH'} = '' if $Is_VMS;
	89
5aabfad6	90	if ($Is_MSWin32) {
	91	print "# PATH/IFS tainting tests skipped\n";
	92	for (1..4) { print "ok $_\n" }
	93	}
	94	else {
	95	$ENV{PATH} = $TAINT;
	96	$ENV{IFS} = " \t\n";
	97	test 1, eval { `$echo 1` } eq '';
	98	test 2, $@ =~ /^Insecure \$ENV{PATH}/, $@;
1e422769	99
5aabfad6	100	$ENV{PATH} = '';
	101	$ENV{IFS} = $TAINT;
	102	test 3, eval { `$echo 1` } eq '';
	103	test 4, $@ =~ /^Insecure \$ENV{IFS}/, $@;
	104	}
9607fc9c	105	my $tmp;
5aabfad6	106	if ($^O eq 'os2' \|\| $^O eq 'amigaos' \|\| $Is_MSWin32) {
9607fc9c	107	print "# all directories are writeable\n";
	108	}
	109	else {
	110	$tmp = (grep { defined and -d and (stat _)[2] & 2 }
	111	qw(/tmp /var/tmp /usr/tmp /sys$scratch),
	112	@ENV{qw(TMP TEMP)})[0]
	113	or print "# can't find world-writeable directory to test PATH\n";
	114	}
	115
385588b3	116	if ($tmp) {
1e422769	117	$ENV{PATH} = $tmp;
9607fc9c	118	$ENV{IFS} = " \t\n";
1e422769	119	test 5, eval { `$echo 1` } eq '';
	120	test 6, $@ =~ /^Insecure directory in \$ENV{PATH}/, $@;
	121	}
	122	else {
1e422769	123	for (5..6) { print "ok $_\n" }
	124	}
	125
	126	$ENV{PATH} = '';
9607fc9c	127	$ENV{IFS} = " \t\n";
1e422769	128	test 7, eval { `$echo 1` } eq "1\n";
	129	test 8, $@ eq '', $@;
	130
	131	if ($Is_VMS) {
	132	$ENV{'DCL$PATH'} = $TAINT;
	133	test 9, eval { `$echo 1` } eq '';
	134	test 10, $@ =~ /^Insecure \$ENV{DCL\$PATH}/, $@;
9607fc9c	135	if ($tmp) {
	136	$ENV{'DCL$PATH'} = $tmp;
	137	test 11, eval { `$echo 1` } eq '';
	138	test 12, $@ =~ /^Insecure directory in \$ENV{DCL\$PATH}/, $@;
	139	}
	140	else {
	141	print "# can't find world-writeable directory to test DCL\$PATH\n";
	142	for (11..12) { print "ok $_\n" }
	143	}
1e422769	144	$ENV{'DCL$PATH'} = '';
	145	}
	146	else {
	147	print "# This is not VMS\n";
9607fc9c	148	for (9..12) { print "ok $_\n"; }
1e422769	149	}
	150	}
	151
	152	# Let's see that we can taint and untaint as needed.
	153	{
	154	my $foo = $TAINT;
9607fc9c	155	test 13, tainted $foo;
	156
	157	# That was a sanity check. If it failed, stop the insanity!
	158	die "Taint checks don't seem to be enabled" unless tainted $foo;
1e422769	159
1e422769	160	$foo = "foo";
9607fc9c	161	test 14, not tainted $foo;
1e422769	162
1e422769	163	taint_these($foo);
9607fc9c	164	test 15, tainted $foo;
1e422769	165
1e422769	166	my @list = 1..10;
9607fc9c	167	test 16, not any_tainted @list;
1e422769	168	taint_these @list[1,3,5,7,9];
9607fc9c	169	test 17, any_tainted @list;
	170	test 18, all_tainted @list[1,3,5,7,9];
	171	test 19, not any_tainted @list[0,2,4,6,8];
1e422769	172
1e422769	173	($foo) = $foo =~ /(.+)/;
9607fc9c	174	test 20, not tainted $foo;
1e422769	175
1e422769	176	$foo = $1 if ('bar' . $TAINT) =~ /(.+)/;
9607fc9c	177	test 21, not tainted $foo;
9607fc9c	178	test 22, $foo eq 'bar';
1e422769	179
1e422769	180	my $pi = 4 * atan2(1,1) + $TAINT0;
9607fc9c	181	test 23, tainted $pi;
1e422769	182
1e422769	183	($pi) = $pi =~ /(\d+\.\d+)/;
9607fc9c	184	test 24, not tainted $pi;
9607fc9c	185	test 25, sprintf("%.5f", $pi) eq '3.14159';
1e422769	186	}
	187
	188	# How about command-line arguments? The problem is that we don't
	189	# always get some, so we'll run another process with some.
	190	{
	191	my $arg = "./arg$$";
	192	open PROG, "> $arg" or die "Can't create $arg: $!";
	193	print PROG q{
	194	eval { join('', @ARGV), kill 0 };
	195	exit 0 if $@ =~ /^Insecure dependency/;
	196	print "# Oops: \$@ was [$@]\n";
	197	exit 1;
	198	};
	199	close PROG;
	200	print `$Invoke_Perl "-T" $arg and some suspect arguments`;
9607fc9c	201	test 26, !$?, "Exited with status $?";
1e422769	202	unlink $arg;
	203	}
	204
	205	# Reading from a file should be tainted
	206	{
9607fc9c	207	my $file = './TEST';
9607fc9c	208	test 27, open(FILE, $file), "Couldn't open '$file': $!";
1e422769	209
	210	my $block;
	211	sysread(FILE, $block, 100);
9607fc9c	212	my $line = <FILE>;
1e422769	213	close FILE;
9607fc9c	214	test 28, tainted $block;
9607fc9c	215	test 29, tainted $line;
1e422769	216	}
1e422769	217
9607fc9c	218	# Globs should be tainted.
1e422769	219	{
9607fc9c	220	# Some glob implementations need to spawn system programs.
	221	local $ENV{PATH} = '';
	222	$ENV{PATH} = (-l '/bin' ? '' : '/bin:') . '/usr/bin' unless $Is_VMS;
	223
1e422769	224	my @globs = <*>;
9607fc9c	225	test 30, all_tainted @globs;
1e422769	226
1e422769	227	@globs = glob '*';
9607fc9c	228	test 31, all_tainted @globs;
1e422769	229	}
	230
	231	# Output of commands should be tainted
	232	{
	233	my $foo = `$echo abc`;
9607fc9c	234	test 32, tainted $foo;
1e422769	235	}
	236
	237	# Certain system variables should be tainted
	238	{
9607fc9c	239	test 33, all_tainted $^X, $0;
1e422769	240	}
	241
	242	# Results of matching should all be untainted
	243	{
	244	my $foo = "abcdefghi" . $TAINT;
9607fc9c	245	test 34, tainted $foo;
1e422769	246
1e422769	247	$foo =~ /def/;
9607fc9c	248	test 35, not any_tainted $`, $&, $';
1e422769	249
1e422769	250	$foo =~ /(...)(...)(...)/;
9607fc9c	251	test 36, not any_tainted $1, $2, $3, $+;
1e422769	252
1e422769	253	my @bar = $foo =~ /(...)(...)(...)/;
9607fc9c	254	test 37, not any_tainted @bar;
1e422769	255
9607fc9c	256	test 38, tainted $foo; # $foo should still be tainted!
9607fc9c	257	test 39, $foo eq "abcdefghi";
1e422769	258	}
	259
	260	# Operations which affect files can't use tainted data.
	261	{
9607fc9c	262	test 40, eval { chmod 0, $TAINT } eq '', 'chmod';
1e422769	263	test 41, $@ =~ /^Insecure dependency/, $@;
1e422769	264
9607fc9c	265	# There is no feature test in $Config{} for truncate,
	266	# so we allow for the possibility that it's missing.
	267	test 42, eval { truncate 'NoSuChFiLe', $TAINT0 } eq '', 'truncate';
	268	test 43, $@ =~ /^(?:Insecure dependency\|truncate not implemented)/, $@;
1e422769	269
9607fc9c	270	test 44, eval { rename '', $TAINT } eq '', 'rename';
1e422769	271	test 45, $@ =~ /^Insecure dependency/, $@;
1e422769	272
9607fc9c	273	test 46, eval { unlink $TAINT } eq '', 'unlink';
1e422769	274	test 47, $@ =~ /^Insecure dependency/, $@;
1e422769	275
9607fc9c	276	test 48, eval { utime $TAINT } eq '', 'utime';
	277	test 49, $@ =~ /^Insecure dependency/, $@;
	278
1e422769	279	if ($Config{d_chown}) {
9607fc9c	280	test 50, eval { chown -1, -1, $TAINT } eq '', 'chown';
9607fc9c	281	test 51, $@ =~ /^Insecure dependency/, $@;
1e422769	282	}
	283	else {
	284	print "# chown() is not available\n";
9607fc9c	285	for (50..51) { print "ok $_\n" }
1e422769	286	}
	287
	288	if ($Config{d_link}) {
9607fc9c	289	test 52, eval { link $TAINT, '' } eq '', 'link';
9607fc9c	290	test 53, $@ =~ /^Insecure dependency/, $@;
1e422769	291	}
	292	else {
	293	print "# link() is not available\n";
9607fc9c	294	for (52..53) { print "ok $_\n" }
1e422769	295	}
	296
	297	if ($Config{d_symlink}) {
9607fc9c	298	test 54, eval { symlink $TAINT, '' } eq '', 'symlink';
9607fc9c	299	test 55, $@ =~ /^Insecure dependency/, $@;
1e422769	300	}
	301	else {
	302	print "# symlink() is not available\n";
9607fc9c	303	for (54..55) { print "ok $_\n" }
1e422769	304	}
	305	}
	306
	307	# Operations which affect directories can't use tainted data.
	308	{
9607fc9c	309	test 56, eval { mkdir $TAINT0, $TAINT } eq '', 'mkdir';
1e422769	310	test 57, $@ =~ /^Insecure dependency/, $@;
1e422769	311
9607fc9c	312	test 58, eval { rmdir $TAINT } eq '', 'rmdir';
1e422769	313	test 59, $@ =~ /^Insecure dependency/, $@;
1e422769	314
9607fc9c	315	test 60, eval { chdir $TAINT } eq '', 'chdir';
	316	test 61, $@ =~ /^Insecure dependency/, $@;
	317
1e422769	318	if ($Config{d_chroot}) {
9607fc9c	319	test 62, eval { chroot $TAINT } eq '', 'chroot';
9607fc9c	320	test 63, $@ =~ /^Insecure dependency/, $@;
1e422769	321	}
	322	else {
	323	print "# chroot() is not available\n";
9607fc9c	324	for (62..63) { print "ok $_\n" }
1e422769	325	}
	326	}
	327
	328	# Some operations using files can't use tainted data.
	329	{
	330	my $foo = "imaginary library" . $TAINT;
9607fc9c	331	test 64, eval { require $foo } eq '', 'require';
9607fc9c	332	test 65, $@ =~ /^Insecure dependency/, $@;
1e422769	333
	334	my $filename = "./taintB$$"; # NB: $filename isn't tainted!
	335	END { unlink $filename if defined $filename }
	336	$foo = $filename . $TAINT;
	337	unlink $filename; # in any case
	338
9607fc9c	339	test 66, eval { open FOO, $foo } eq '', 'open for read';
	340	test 67, $@ eq '', $@; # NB: This should be allowed
	341	test 68, $! == 2; # File not found
1e422769	342
9607fc9c	343	test 69, eval { open FOO, "> $foo" } eq '', 'open for write';
9607fc9c	344	test 70, $@ =~ /^Insecure dependency/, $@;
1e422769	345	}
	346
	347	# Commands to the system can't use tainted data
	348	{
	349	my $foo = $TAINT;
	350
	351	if ($^O eq 'amigaos') {
	352	print "# open(\"\|\") is not available\n";
9607fc9c	353	for (71..74) { print "ok $_\n" }
1e422769	354	}
1e422769	355	else {
9607fc9c	356	test 71, eval { open FOO, "\| $foo" } eq '', 'popen to';
1e422769	357	test 72, $@ =~ /^Insecure dependency/, $@;
1e422769	358
9607fc9c	359	test 73, eval { open FOO, "$foo \|" } eq '', 'popen from';
	360	test 74, $@ =~ /^Insecure dependency/, $@;
	361	}
1e422769	362
9607fc9c	363	test 75, eval { exec $TAINT } eq '', 'exec';
1e422769	364	test 76, $@ =~ /^Insecure dependency/, $@;
1e422769	365
9607fc9c	366	test 77, eval { system $TAINT } eq '', 'system';
	367	test 78, $@ =~ /^Insecure dependency/, $@;
	368
1e422769	369	$foo = "*";
	370	taint_these $foo;
	371
9607fc9c	372	test 79, eval { `$echo 1$foo` } eq '', 'backticks';
9607fc9c	373	test 80, $@ =~ /^Insecure dependency/, $@;
1e422769	374
1e422769	375	if ($Is_VMS) { # wildcard expansion doesn't invoke shell, so is safe
9607fc9c	376	test 81, join('', eval { glob $foo } ) ne '', 'globbing';
9607fc9c	377	test 82, $@ eq '', $@;
1e422769	378	}
1e422769	379	else {
9607fc9c	380	test 81, join('', eval { glob $foo } ) eq '', 'globbing';
9607fc9c	381	test 82, $@ =~ /^Insecure dependency/, $@;
1e422769	382	}
	383	}
	384
	385	# Operations which affect processes can't use tainted data.
	386	{
9607fc9c	387	test 83, eval { kill 0, $TAINT } eq '', 'kill';
9607fc9c	388	test 84, $@ =~ /^Insecure dependency/, $@;
1e422769	389
1e422769	390	if ($Config{d_setpgrp}) {
9607fc9c	391	test 85, eval { setpgrp 0, $TAINT } eq '', 'setpgrp';
9607fc9c	392	test 86, $@ =~ /^Insecure dependency/, $@;
1e422769	393	}
	394	else {
	395	print "# setpgrp() is not available\n";
9607fc9c	396	for (85..86) { print "ok $_\n" }
1e422769	397	}
	398
	399	if ($Config{d_setprior}) {
9607fc9c	400	test 87, eval { setpriority 0, $TAINT, $TAINT } eq '', 'setpriority';
9607fc9c	401	test 88, $@ =~ /^Insecure dependency/, $@;
1e422769	402	}
	403	else {
	404	print "# setpriority() is not available\n";
9607fc9c	405	for (87..88) { print "ok $_\n" }
1e422769	406	}
	407	}
	408
	409	# Some miscellaneous operations can't use tainted data.
	410	{
	411	if ($Config{d_syscall}) {
9607fc9c	412	test 89, eval { syscall $TAINT } eq '', 'syscall';
9607fc9c	413	test 90, $@ =~ /^Insecure dependency/, $@;
1e422769	414	}
	415	else {
	416	print "# syscall() is not available\n";
9607fc9c	417	for (89..90) { print "ok $_\n" }
1e422769	418	}
	419
	420	{
	421	my $foo = "x" x 979;
	422	taint_these $foo;
	423	local *FOO;
	424	my $temp = "./taintC$$";
	425	END { unlink $temp }
9607fc9c	426	test 91, open(FOO, "> $temp"), "Couldn't open $temp for write: $!";
1e422769	427
9607fc9c	428	test 92, eval { ioctl FOO, $TAINT, $foo } eq '', 'ioctl';
9607fc9c	429	test 93, $@ =~ /^Insecure dependency/, $@;
1e422769	430
1e422769	431	if ($Config{d_fcntl}) {
9607fc9c	432	test 94, eval { fcntl FOO, $TAINT, $foo } eq '', 'fcntl';
9607fc9c	433	test 95, $@ =~ /^Insecure dependency/, $@;
1e422769	434	}
	435	else {
	436	print "# fcntl() is not available\n";
9607fc9c	437	for (94..95) { print "ok $_\n" }
1e422769	438	}
	439
	440	close FOO;
	441	}
	442	}
	443
9607fc9c	444	# Some tests involving references
1e422769	445	{
	446	my $foo = 'abc' . $TAINT;
	447	my $fooref = \$foo;
9607fc9c	448	test 96, not tainted $fooref;
	449	test 97, tainted $$fooref;
	450	test 98, tainted $foo;
1e422769	451	}
54310121	452
	453	# Some tests involving assignment
	454	{
	455	my $foo = $TAINT0;
	456	my $bar = $foo;
	457	test 99, all_tainted $foo, $bar;
	458	test 100, tainted($foo = $bar);
	459	test 101, tainted($bar = $bar);
	460	test 102, tainted($bar += $bar);
	461	test 103, tainted($bar -= $bar);
	462	test 104, tainted($bar *= $bar);
	463	test 105, tainted($bar++);
	464	test 106, tainted($bar /= $bar);
	465	test 107, tainted($bar += 0);
	466	test 108, tainted($bar -= 2);
	467	test 109, tainted($bar *= -1);
	468	test 110, tainted($bar /= 1);
	469	test 111, tainted($bar--);
	470	test 112, $bar == 0;
	471	}