test::taint(3pm) [debian man page]
Taint(3pm) User Contributed Perl Documentation Taint(3pm) NAME
Test::Taint - Tools to test taintedness VERSION
Version 1.04 $Header: /home/cvs/test-taint/Taint.pm,v 1.16 2004/08/10 03:06:57 andy Exp $ SYNOPSIS
taint_checking_ok(); # We have to have taint checking on my $id = "deadbeef"; # Dummy session ID taint( $id ); # Simulate it coming in from the web tainted_ok( $id ); $id = validate_id( $id ); # Your routine to check the $id untainted_ok( $id ); # Did it come back clean? ok( defined $id ); DESCRIPTION
Tainted data is data that comes from an unsafe source, such as the command line, or, in the case of web apps, any GET or POST transactions. Read the perlsec man page for details on why tainted data is bad, and how to untaint the data. When you're writing unit tests for code that deals with tainted data, you'll want to have a way to provide tainted data for your routines to handle, and easy ways to check and report on the taintedness of your data, in standard Test::More style. "Test::More"-style Functions All the "xxx_ok()" functions work like standard "Test::More"-style functions, where the last parm is an optional message, it outputs ok or not ok, and returns a boolean telling if the test passed. taint_checking_ok( [$message] ) Test::More-style test that taint checking is on. This should probably be the first thing in any *.t file that deals with taintedness. tainted_ok( $var [, $message ] ) Checks that $var is tainted. tainted_ok( $ENV{FOO} ); untainted_ok( $var [, $message ] ) Checks that $var is not tainted. my $foo = my_validate( $ENV{FOO} ); untainted_ok( $foo ); tainted_ok_deeply( $var [, $message ] ) Checks that $var is tainted. If $var is a reference, it recursively checks every variable to make sure they are all tainted. tainted_ok_deeply( \%ENV ); untainted_ok_deeply( $var [, $message ] ) Checks that $var is not tainted. If $var is a reference, it recursively checks every variable to make sure they are all not tainted. my %env = my_validate( \%ENV ); untainted_ok_deeply( \%env ); Helper Functions These are all helper functions. Most are wrapped by an "xxx_ok()" counterpart, except for "taint" which actually does something, instead of just reporting it. taint_checking() Returns true if taint checking is enabled via the -T flag. tainted( $var ) Returns boolean saying if $var is tainted. tainted_deeply( $var ) Returns boolean saying if $var is tainted. If $var is a reference it recursively checks every variable to make sure they are all tainted. taint( @list ) Marks each (apparently) taintable argument in @list as being tainted. References can be tainted like any other scalar, but it doesn't make sense to, so they will not be tainted by this function. Some "tie"d and magical variables may fail to be tainted by this routine, try as it may.) taint_deeply( @list ) Similar to "taint", except that if any elements in @list are references, it walks deeply into the data structure and marks each taintable argument as being tainted. If any variables are "tie"d this will taint all the scalars within the tied object. AUTHOR
Written by Andy Lester, "<andy@petdance.com>". COPYRIGHT
Copyright 2004, Andy Lester, All Rights Reserved. You may use, modify, and distribute this package under the same terms as Perl itself. perl v5.14.2 2004-08-10 Taint(3pm)
Check Out this Related Man Page
Scalar::Util(3pm) Perl Programmers Reference Guide Scalar::Util(3pm) NAME
Scalar::Util - A selection of general-utility scalar subroutines SYNOPSIS
use Scalar::Util qw(blessed dualvar isweak readonly refaddr reftype tainted weaken); DESCRIPTION
"Scalar::Util" contains a selection of subroutines that people have expressed would be nice to have in the perl core, but the usage would not really be high enough to warrant the use of a keyword, and the size so small such that being individual extensions would be wasteful. By default "Scalar::Util" does not export any subroutines. The subroutines defined are blessed EXPR If EXPR evaluates to a blessed reference the name of the package that it is blessed into is returned. Otherwise "undef" is returned. $scalar = "foo"; $class = blessed $scalar; # undef $ref = []; $class = blessed $ref; # undef $obj = bless [], "Foo"; $class = blessed $obj; # "Foo" dualvar NUM, STRING Returns a scalar that has the value NUM in a numeric context and the value STRING in a string context. $foo = dualvar 10, "Hello"; $num = $foo + 2; # 12 $str = $foo . " world"; # Hello world isvstring EXPR If EXPR is a scalar which was coded as a vstring the result is true. $vs = v49.46.48; $fmt = isvstring($vs) ? "%vd" : "%s"; #true printf($fmt,$vs); isweak EXPR If EXPR is a scalar which is a weak reference the result is true. $ref = $foo; $weak = isweak($ref); # false weaken($ref); $weak = isweak($ref); # true openhandle FH Returns FH if FH may be used as a filehandle and is open, or FH is a tied handle. Otherwise "undef" is returned. $fh = openhandle(*STDIN); # *STDIN $fh = openhandle(*STDIN); # *STDIN $fh = openhandle(*NOTOPEN); # undef $fh = openhandle("scalar"); # undef readonly SCALAR Returns true if SCALAR is readonly. sub foo { readonly($_[0]) } $readonly = foo($bar); # false $readonly = foo(0); # true refaddr EXPR If EXPR evaluates to a reference the internal memory address of the referenced value is returned. Otherwise "undef" is returned. $addr = refaddr "string"; # undef $addr = refaddr $var; # eg 12345678 $addr = refaddr []; # eg 23456784 $obj = bless {}, "Foo"; $addr = refaddr $obj; # eg 88123488 reftype EXPR If EXPR evaluates to a reference the type of the variable referenced is returned. Otherwise "undef" is returned. $type = reftype "string"; # undef $type = reftype $var; # SCALAR $type = reftype []; # ARRAY $obj = bless {}, "Foo"; $type = reftype $obj; # HASH tainted EXPR Return true if the result of EXPR is tainted $taint = tainted("constant"); # false $taint = tainted($ENV{PWD}); # true if running under -T weaken REF REF will be turned into a weak reference. This means that it will not hold a reference count on the object it references. Also when the reference count on that object reaches zero, REF will be set to undef. This is useful for keeping copies of references , but you don't want to prevent the object being DESTROY-ed at its usual time. { my $var; $ref = $var; weaken($ref); # Make $ref a weak reference } # $ref is now undef KNOWN BUGS
There is a bug in perl5.6.0 with UV's that are >= 1<<31. This will show up as tests 8 and 9 of dualvar.t failing COPYRIGHT
Copyright (c) 1997-2001 Graham Barr <gbarr@pobox.com>. All rights reserved. This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself. Except weaken and isweak which are Copyright (c) 1999 Tuomas J. Lukka <lukka@iki.fi>. All rights reserved. This program is free software; you can redistribute it and/or mod- ify it under the same terms as perl itself. BLATANT PLUG
The weaken and isweak subroutines in this module and the patch to the core Perl were written in connection with the APress book `Tuomas J. Lukka's Definitive Guide to Object-Oriented Programming in Perl', to avoid explaining why certain things would have to be done in cumber- some ways. perl v5.8.0 2002-06-01 Scalar::Util(3pm)