X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=blobdiff_plain;f=t%2F54taint.t;h=573e3c0592dcf1fbdfb95633d3f9fb8e7a56e5a0;hb=7e1ca6dd06c5e53e7afa3433da0f59e41ce791e8;hp=f54ed93331524d84969b0b116f53d12965421814;hpb=91b0ad0b21a3c167f5ae0ac240322de8b6601058;p=dbsrgits%2FDBIx-Class.git

diff --git a/t/54taint.t b/t/54taint.t
index f54ed93..573e3c0 100644
--- a/t/54taint.t
+++ b/t/54taint.t
@@ -1,56 +1,66 @@
-#!perl -T
+#!/usr/bin/env perl -T
 
 # the above line forces Test::Harness into taint-mode
+# DO NOT REMOVE
 
 use strict;
 use warnings;
 
-use Test::More;
-
+# When in taint mode, PERL5LIB is ignored (but *not* unset)
+# Put it back in INC so that local-lib users can actually
+# run this test
+use Config;
 BEGIN {
-  eval "require Module::Find;";
-  if ($@) {
-    plan skip_all => 'Could not load Module::Find';
-    exit;
-  }
-  else {
-    plan tests => 7;
+  for (map { defined $ENV{$_} ? $ENV{$_} : () } (qw/PERLLIB PERL5LIB/) ) {  # we unshift, so reverse precedence
+    my ($envvar) = ($_ =~ /^(.+)$/);  # untaint
+    unshift @INC, map { length($_) ? $_ : () } (split /\Q$Config{path_sep}\E/, $envvar);
   }
 }
 
-package DBICTest::Taint::Classes;
-
 use Test::More;
 use Test::Exception;
-
 use lib qw(t/lib);
-use base qw/DBIx::Class::Schema/;
+use DBICTest;
 
-lives_ok (sub {
-  __PACKAGE__->load_classes(qw/Manual/);
-  ok( __PACKAGE__->source('Manual'), 'The Classes::Manual source has been registered' );
-  __PACKAGE__->_unregister_source (qw/Manual/);
-}, 'Loading classes with explicit load_classes worked in taint mode' );
+throws_ok (
+  sub { $ENV{PATH} . (kill (0)) },
+  qr/Insecure dependency in kill/,
+  'taint mode active'
+);
 
-lives_ok (sub {
-  __PACKAGE__->load_classes();
-  ok( __PACKAGE__->source('Auto'), 'The Classes::Auto source has been registered' );
-  ok( __PACKAGE__->source('Auto'), 'The Classes::Manual source has been re-registered' );
-}, 'Loading classes with Module::Find/load_classes worked in taint mode' );
+{
+  package DBICTest::Taint::Classes;
 
+  use Test::More;
+  use Test::Exception;
 
-package DBICTest::Taint::Namespaces;
+  use base qw/DBIx::Class::Schema/;
 
-use Test::More;
-use Test::Exception;
+  lives_ok (sub {
+    __PACKAGE__->load_classes(qw/Manual/);
+    ok( __PACKAGE__->source('Manual'), 'The Classes::Manual source has been registered' );
+    __PACKAGE__->_unregister_source (qw/Manual/);
+  }, 'Loading classes with explicit load_classes worked in taint mode' );
 
-use lib qw(t/lib);
-use base qw/DBIx::Class::Schema/;
+  lives_ok (sub {
+    __PACKAGE__->load_classes();
+    ok( __PACKAGE__->source('Auto'), 'The Classes::Auto source has been registered' );
+      ok( __PACKAGE__->source('Auto'), 'The Classes::Manual source has been re-registered' );
+  }, 'Loading classes with Module::Find/load_classes worked in taint mode' );
+}
 
-lives_ok (sub {
-  __PACKAGE__->load_namespaces();
-  ok( __PACKAGE__->source('Test'), 'The Namespaces::Test source has been registered' );
-}, 'Loading classes with Module::Find/load_namespaces worked in taint mode' );
+{
+  package DBICTest::Taint::Namespaces;
 
+  use Test::More;
+  use Test::Exception;
+
+  use base qw/DBIx::Class::Schema/;
+
+  lives_ok (sub {
+    __PACKAGE__->load_namespaces();
+    ok( __PACKAGE__->source('Test'), 'The Namespaces::Test source has been registered' );
+  }, 'Loading classes with Module::Find/load_namespaces worked in taint mode' );
+}
 
-1;
+done_testing;