diff options
| author | Rafael Garcia-Suarez <rgarciasuarez@gmail.com> | 2006-11-07 14:23:08 +0000 |
|---|---|---|
| committer | Rafael Garcia-Suarez <rgarciasuarez@gmail.com> | 2006-11-07 14:23:08 +0000 |
| commit | 20ee07fbbcfa6be9f90bb8e5474a4d69d7396617 (patch) | |
| tree | 87e5cf2fe703defa8b16f8bfff236db0bdad5d2d /t | |
| parent | d6686524f4a322ce27e0eebf255af3fb3431796c (diff) | |
| download | perl-20ee07fbbcfa6be9f90bb8e5474a4d69d7396617.tar.gz | |
Forbid using tainted formats in printf and sprintf
p4raw-id: //depot/perl@29225
Diffstat (limited to 't')
| -rwxr-xr-x | t/op/taint.t | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/t/op/taint.t b/t/op/taint.t index 8311690194..be9071fdd2 100755 --- a/t/op/taint.t +++ b/t/op/taint.t @@ -17,7 +17,7 @@ use Config; use File::Spec::Functions; BEGIN { require './test.pl'; } -plan tests => 251; +plan tests => 255; $| = 1; @@ -1204,3 +1204,14 @@ SKIP: $o->untainted; } +{ + # tests for tainted format in s?printf + eval { printf($TAINT . "# %s\n", "foo") }; + like($@, qr/^Insecure dependency in printf/, q/printf doesn't like tainted formats/); + eval { printf("# %s\n", $TAINT . "foo") }; + ok(!$@, q/printf accepts other tainted args/); + eval { sprintf($TAINT . "# %s\n", "foo") }; + like($@, qr/^Insecure dependency in sprintf/, q/sprintf doesn't like tainted formats/); + eval { sprintf("# %s\n", $TAINT . "foo") }; + ok(!$@, q/sprintf accepts other tainted args/); +} |