test::taint(3pm) [debian man page]
Taint(3pm) User Contributed Perl Documentation Taint(3pm) NAME
Test::Taint - Tools to test taintedness VERSION
Version 1.04 $Header: /home/cvs/test-taint/Taint.pm,v 1.16 2004/08/10 03:06:57 andy Exp $ SYNOPSIS
taint_checking_ok(); # We have to have taint checking on my $id = "deadbeef"; # Dummy session ID taint( $id ); # Simulate it coming in from the web tainted_ok( $id ); $id = validate_id( $id ); # Your routine to check the $id untainted_ok( $id ); # Did it come back clean? ok( defined $id ); DESCRIPTION
Tainted data is data that comes from an unsafe source, such as the command line, or, in the case of web apps, any GET or POST transactions. Read the perlsec man page for details on why tainted data is bad, and how to untaint the data. When you're writing unit tests for code that deals with tainted data, you'll want to have a way to provide tainted data for your routines to handle, and easy ways to check and report on the taintedness of your data, in standard Test::More style. "Test::More"-style Functions All the "xxx_ok()" functions work like standard "Test::More"-style functions, where the last parm is an optional message, it outputs ok or not ok, and returns a boolean telling if the test passed. taint_checking_ok( [$message] ) Test::More-style test that taint checking is on. This should probably be the first thing in any *.t file that deals with taintedness. tainted_ok( $var [, $message ] ) Checks that $var is tainted. tainted_ok( $ENV{FOO} ); untainted_ok( $var [, $message ] ) Checks that $var is not tainted. my $foo = my_validate( $ENV{FOO} ); untainted_ok( $foo ); tainted_ok_deeply( $var [, $message ] ) Checks that $var is tainted. If $var is a reference, it recursively checks every variable to make sure they are all tainted. tainted_ok_deeply( \%ENV ); untainted_ok_deeply( $var [, $message ] ) Checks that $var is not tainted. If $var is a reference, it recursively checks every variable to make sure they are all not tainted. my %env = my_validate( \%ENV ); untainted_ok_deeply( \%env ); Helper Functions These are all helper functions. Most are wrapped by an "xxx_ok()" counterpart, except for "taint" which actually does something, instead of just reporting it. taint_checking() Returns true if taint checking is enabled via the -T flag. tainted( $var ) Returns boolean saying if $var is tainted. tainted_deeply( $var ) Returns boolean saying if $var is tainted. If $var is a reference it recursively checks every variable to make sure they are all tainted. taint( @list ) Marks each (apparently) taintable argument in @list as being tainted. References can be tainted like any other scalar, but it doesn't make sense to, so they will not be tainted by this function. Some "tie"d and magical variables may fail to be tainted by this routine, try as it may.) taint_deeply( @list ) Similar to "taint", except that if any elements in @list are references, it walks deeply into the data structure and marks each taintable argument as being tainted. If any variables are "tie"d this will taint all the scalars within the tied object. AUTHOR
Written by Andy Lester, "<andy@petdance.com>". COPYRIGHT
Copyright 2004, Andy Lester, All Rights Reserved. You may use, modify, and distribute this package under the same terms as Perl itself. perl v5.14.2 2004-08-10 Taint(3pm)
Check Out this Related Man Page
Scalar::Util(3pm) User Contributed Perl Documentation Scalar::Util(3pm) NAME
Scalar::Util - A selection of general-utility scalar subroutines SYNOPSIS
use Scalar::Util qw(blessed dualvar isweak readonly refaddr reftype tainted weaken isvstring looks_like_number set_prototype); # and other useful utils appearing below DESCRIPTION
"Scalar::Util" contains a selection of subroutines that people have expressed would be nice to have in the perl core, but the usage would not really be high enough to warrant the use of a keyword, and the size so small such that being individual extensions would be wasteful. By default "Scalar::Util" does not export any subroutines. The subroutines defined are blessed EXPR If EXPR evaluates to a blessed reference the name of the package that it is blessed into is returned. Otherwise "undef" is returned. $scalar = "foo"; $class = blessed $scalar; # undef $ref = []; $class = blessed $ref; # undef $obj = bless [], "Foo"; $class = blessed $obj; # "Foo" dualvar NUM, STRING Returns a scalar that has the value NUM in a numeric context and the value STRING in a string context. $foo = dualvar 10, "Hello"; $num = $foo + 2; # 12 $str = $foo . " world"; # Hello world isvstring EXPR If EXPR is a scalar which was coded as a vstring the result is true. $vs = v49.46.48; $fmt = isvstring($vs) ? "%vd" : "%s"; #true printf($fmt,$vs); isweak EXPR If EXPR is a scalar which is a weak reference the result is true. $ref = $foo; $weak = isweak($ref); # false weaken($ref); $weak = isweak($ref); # true NOTE: Copying a weak reference creates a normal, strong, reference. $copy = $ref; $weak = isweak($copy); # false looks_like_number EXPR Returns true if perl thinks EXPR is a number. See "looks_like_number" in perlapi. openhandle FH Returns FH if FH may be used as a filehandle and is open, or FH is a tied handle. Otherwise "undef" is returned. $fh = openhandle(*STDIN); # *STDIN $fh = openhandle(*STDIN); # *STDIN $fh = openhandle(*NOTOPEN); # undef $fh = openhandle("scalar"); # undef readonly SCALAR Returns true if SCALAR is readonly. sub foo { readonly($_[0]) } $readonly = foo($bar); # false $readonly = foo(0); # true refaddr EXPR If EXPR evaluates to a reference the internal memory address of the referenced value is returned. Otherwise "undef" is returned. $addr = refaddr "string"; # undef $addr = refaddr $var; # eg 12345678 $addr = refaddr []; # eg 23456784 $obj = bless {}, "Foo"; $addr = refaddr $obj; # eg 88123488 reftype EXPR If EXPR evaluates to a reference the type of the variable referenced is returned. Otherwise "undef" is returned. $type = reftype "string"; # undef $type = reftype $var; # SCALAR $type = reftype []; # ARRAY $obj = bless {}, "Foo"; $type = reftype $obj; # HASH set_prototype CODEREF, PROTOTYPE Sets the prototype of the given function, or deletes it if PROTOTYPE is undef. Returns the CODEREF. set_prototype &foo, '$$'; tainted EXPR Return true if the result of EXPR is tainted $taint = tainted("constant"); # false $taint = tainted($ENV{PWD}); # true if running under -T weaken REF REF will be turned into a weak reference. This means that it will not hold a reference count on the object it references. Also when the reference count on that object reaches zero, REF will be set to undef. This is useful for keeping copies of references , but you don't want to prevent the object being DESTROY-ed at its usual time. { my $var; $ref = $var; weaken($ref); # Make $ref a weak reference } # $ref is now undef Note that if you take a copy of a scalar with a weakened reference, the copy will be a strong reference. my $var; my $foo = $var; weaken($foo); # Make $foo a weak reference my $bar = $foo; # $bar is now a strong reference This may be less obvious in other situations, such as "grep()", for instance when grepping through a list of weakened references to objects that may have been destroyed already: @object = grep { defined } @object; This will indeed remove all references to destroyed objects, but the remaining references to objects will be strong, causing the remaining objects to never be destroyed because there is now always a strong reference to them in the @object array. DIAGNOSTICS
Module use may give one of the following errors during import. Weak references are not implemented in the version of perl The version of perl that you are using does not implement weak references, to use "isweak" or "weaken" you will need to use a newer release of perl. Vstrings are not implemented in the version of perl The version of perl that you are using does not implement Vstrings, to use "isvstring" you will need to use a newer release of perl. "NAME" is only available with the XS version of Scalar::Util "Scalar::Util" contains both perl and C implementations of many of its functions so that those without access to a C compiler may still use it. However some of the functions are only available when a C compiler was available to compile the XS version of the extension. At present that list is: weaken, isweak, dualvar, isvstring, set_prototype KNOWN BUGS
There is a bug in perl5.6.0 with UV's that are >= 1<<31. This will show up as tests 8 and 9 of dualvar.t failing SEE ALSO
List::Util COPYRIGHT
Copyright (c) 1997-2007 Graham Barr <gbarr@pobox.com>. All rights reserved. This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself. Except weaken and isweak which are Copyright (c) 1999 Tuomas J. Lukka <lukka@iki.fi>. All rights reserved. This program is free software; you can redistribute it and/or modify it under the same terms as perl itself. perl v5.14.2 2012-03-24 Scalar::Util(3pm)