use File::Spec::Functions;
BEGIN { require './test.pl'; }
-plan tests => 249;
+plan tests => 255;
$| = 1;
test $@ =~ /Insecure \$ENV/, 'popen neglects %ENV check';
}
}
+
+{
+ package AUTOLOAD_TAINT;
+ sub AUTOLOAD {
+ our $AUTOLOAD;
+ return if $AUTOLOAD =~ /DESTROY/;
+ if ($AUTOLOAD =~ /untainted/) {
+ main::ok(!main::tainted($AUTOLOAD), '$AUTOLOAD can be untainted');
+ } else {
+ main::ok(main::tainted($AUTOLOAD), '$AUTOLOAD can be tainted');
+ }
+ }
+
+ package main;
+ my $o = bless [], 'AUTOLOAD_TAINT';
+ $o->$TAINT;
+ $o->untainted;
+}
+
+{
+ # tests for tainted format in s?printf
+ eval { printf($TAINT . "# %s\n", "foo") };
+ like($@, qr/^Insecure dependency in printf/, q/printf doesn't like tainted formats/);
+ eval { printf("# %s\n", $TAINT . "foo") };
+ ok(!$@, q/printf accepts other tainted args/);
+ eval { sprintf($TAINT . "# %s\n", "foo") };
+ like($@, qr/^Insecure dependency in sprintf/, q/sprintf doesn't like tainted formats/);
+ eval { sprintf("# %s\n", $TAINT . "foo") };
+ ok(!$@, q/sprintf accepts other tainted args/);
+}