From: Paul Marquess Date: Wed, 19 Jun 2002 09:29:22 +0000 (+0100) Subject: POSIX taint tests X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=commitdiff_plain;h=0e247040c68e14832dcdbb2508a8f1cc78bc5480;p=p5sagit%2Fp5-mst-13.2.git POSIX taint tests From: "Paul Marquess" Message-ID: p4raw-id: //depot/perl@17296 --- diff --git a/MANIFEST b/MANIFEST index 59ec4a4..e433dc4 100644 --- a/MANIFEST +++ b/MANIFEST @@ -557,6 +557,7 @@ ext/POSIX/POSIX.pod POSIX extension documentation ext/POSIX/POSIX.xs POSIX extension external subroutines ext/POSIX/t/posix.t See if POSIX works ext/POSIX/t/sigaction.t See if POSIX::sigaction works +ext/POSIX/t/taint.t See if POSIX works with taint ext/POSIX/t/waitpid.t See if waitpid works ext/POSIX/typemap POSIX extension interface types ext/re/hints/mpeix.pl Hints for re for named architecture diff --git a/ext/POSIX/t/taint.t b/ext/POSIX/t/taint.t new file mode 100644 index 0000000..2fc171b --- /dev/null +++ b/ext/POSIX/t/taint.t @@ -0,0 +1,47 @@ +#!./perl -Tw + +BEGIN { + chdir 't' if -d 't'; + @INC = '../lib'; + require Config; import Config; + if ($^O ne 'VMS' and $Config{'extensions'} !~ /\bPOSIX\b/) { + print "1..0\n"; + exit 0; + } +} + +require "./test.pl"; +use Scalar::Util qw/tainted/; +plan(tests => 5); + + +use POSIX qw(fcntl_h open read mkfifo); +use strict ; + +$| = 1; + +my $buffer; +my @buffer; +my $testfd; + +# Sources of taint: +# The empty tainted value, for tainting strings + +my $TAINT = substr($^X, 0, 0); + +eval { mkfifo($TAINT. "TEST", 0) }; +ok($@ =~ /^Insecure dependency/, 'mkfifo with tainted data'); + +eval { $testfd = open($TAINT. "TEST", O_WRONLY, 0) }; +ok($@ =~ /^Insecure dependency/, 'open with tainted data'); + +eval { $testfd = open("TEST", O_RDONLY, 0) }; +ok($@ eq "", 'open with untainted data'); + +read($testfd, $buffer, 2) if $testfd > 2; +is( $buffer, "#!", ' read' ); +ok(tainted($buffer), ' scalar tainted'); +read($testfd, $buffer[1], 2) if $testfd > 2; + +#is( $buffer[1], "./", ' read' ); +#ok(tainted($buffer[1]), ' array element tainted');