diff options
Diffstat (limited to 't')
| -rwxr-xr-x | t/op/runlevel.t | 24 | ||||
| -rwxr-xr-x | t/op/taint.t | 240 | ||||
| -rw-r--r-- | t/pragma/strict-vars | 2 |
3 files changed, 149 insertions, 117 deletions
diff --git a/t/op/runlevel.t b/t/op/runlevel.t index ca6aac5e5b..2fc2174596 100755 --- a/t/op/runlevel.t +++ b/t/op/runlevel.t @@ -16,7 +16,8 @@ chdir 't' if -d 't'; @INC = "../lib"; -$ENV{PERL5LIB} = "../lib"; +$Is_VMS = $^O eq 'VMS'; +$ENV{PERL5LIB} = "../lib" unless $Is_VMS; $|=1; @@ -26,22 +27,27 @@ print "1..", scalar @prgs, "\n"; $tmpfile = "runltmp000"; 1 while -f ++$tmpfile; -END { unlink $tmpfile if $tmpfile; } +END { if ($tmpfile) { 1 while unlink $tmpfile; } } for (@prgs){ my $switch; - if (s/^\s*-\w+//){ - $switch = $&; + if (s/^\s*(-\w+)//){ + $switch = $1; } my($prog,$expected) = split(/\nEXPECT\n/, $_); - open TEST, "| sh -c './perl $switch' >$tmpfile 2>&1"; - print TEST $prog, "\n"; + open TEST, ">$tmpfile"; + print TEST "$prog\n"; close TEST; - $status = $?; - $results = `cat $tmpfile`; + my $results = $Is_VMS ? + `MCR $^X "-I[-.lib]" $switch $tmpfile` : + `sh -c './perl $switch $tmpfile' 2>&1`; + my $status = $?; $results =~ s/\n+$//; + # allow expected output to be written as if $prog is on STDIN + $results =~ s/runltmp\d+/-/g; + $results =~ s/\n%[A-Z]+-[SIWEF]-.*$// if $Is_VMS; # clip off DCL status msg $expected =~ s/\n+$//; - if ( $results ne $expected){ + if ($results ne $expected) { print STDERR "PROG: $switch\n$prog\n"; print STDERR "EXPECTED:\n$expected\n"; print STDERR "GOT:\n$results\n"; diff --git a/t/op/taint.t b/t/op/taint.t index 32277181f6..56765fb71d 100755 --- a/t/op/taint.t +++ b/t/op/taint.t @@ -3,7 +3,7 @@ # Taint tests by Tom Phoenix <rootbeer@teleport.com>. # # I don't claim to know all about tainting. If anyone sees -# tests that I've missed here, please add them. But this is +# tests that I've missed here, please add them. But this is # better than having no tests at all, right? # @@ -61,7 +61,7 @@ sub test ($$;$) { for (split m/^/m, $diag) { print "# $_"; } - print "\n" unless + print "\n" unless $diag eq '' or substr($diag, -1) eq "\n"; } @@ -75,7 +75,7 @@ print PROG 'print "@ARGV\n"', "\n"; close PROG; my $echo = "$Invoke_Perl $ECHO"; -print "1..96\n"; +print "1..98\n"; # First, let's make sure that Perl is checking the dangerous # environment variables. Maybe they aren't set yet, so we'll @@ -84,7 +84,7 @@ print "1..96\n"; $ENV{'DCL$PATH'} = '' if $Is_VMS; $ENV{PATH} = $TAINT; - $ENV{IFS} = ''; + $ENV{IFS} = " \t\n"; test 1, eval { `$echo 1` } eq ''; test 2, $@ =~ /^Insecure \$ENV{PATH}/, $@; @@ -93,19 +93,29 @@ print "1..96\n"; test 3, eval { `$echo 1` } eq ''; test 4, $@ =~ /^Insecure \$ENV{IFS}/, $@; - my ($tmp) = grep { (stat)[2] & 2 } '/tmp', '/var/tmp', '/usr/tmp'; + my $tmp; + if ($^O eq 'os2' || $^O eq 'amigaos') { + print "# all directories are writeable\n"; + } + else { + $tmp = (grep { defined and -d and (stat _)[2] & 2 } + qw(/tmp /var/tmp /usr/tmp /sys$scratch), + @ENV{qw(TMP TEMP)})[0] + or print "# can't find world-writeable directory to test PATH\n"; + } + if ($tmp) { $ENV{PATH} = $tmp; + $ENV{IFS} = " \t\n"; test 5, eval { `$echo 1` } eq ''; test 6, $@ =~ /^Insecure directory in \$ENV{PATH}/, $@; } else { - print "# can't find writeable directory to test PATH tainting\n"; for (5..6) { print "ok $_\n" } } $ENV{PATH} = ''; - $ENV{IFS} = ''; + $ENV{IFS} = " \t\n"; test 7, eval { `$echo 1` } eq "1\n"; test 8, $@ eq '', $@; @@ -113,45 +123,57 @@ print "1..96\n"; $ENV{'DCL$PATH'} = $TAINT; test 9, eval { `$echo 1` } eq ''; test 10, $@ =~ /^Insecure \$ENV{DCL\$PATH}/, $@; + if ($tmp) { + $ENV{'DCL$PATH'} = $tmp; + test 11, eval { `$echo 1` } eq ''; + test 12, $@ =~ /^Insecure directory in \$ENV{DCL\$PATH}/, $@; + } + else { + print "# can't find world-writeable directory to test DCL\$PATH\n"; + for (11..12) { print "ok $_\n" } + } $ENV{'DCL$PATH'} = ''; } else { print "# This is not VMS\n"; - for (9..10) { print "ok $_\n"; } + for (9..12) { print "ok $_\n"; } } } # Let's see that we can taint and untaint as needed. { my $foo = $TAINT; - test 11, tainted $foo; + test 13, tainted $foo; + + # That was a sanity check. If it failed, stop the insanity! + die "Taint checks don't seem to be enabled" unless tainted $foo; $foo = "foo"; - test 12, not tainted $foo; + test 14, not tainted $foo; taint_these($foo); - test 13, tainted $foo; + test 15, tainted $foo; my @list = 1..10; - test 14, not any_tainted @list; + test 16, not any_tainted @list; taint_these @list[1,3,5,7,9]; - test 15, any_tainted @list; - test 16, all_tainted @list[1,3,5,7,9]; - test 17, not any_tainted @list[0,2,4,6,8]; + test 17, any_tainted @list; + test 18, all_tainted @list[1,3,5,7,9]; + test 19, not any_tainted @list[0,2,4,6,8]; ($foo) = $foo =~ /(.+)/; - test 18, not tainted $foo; + test 20, not tainted $foo; $foo = $1 if ('bar' . $TAINT) =~ /(.+)/; - test 19, not tainted $foo; - test 20, $foo eq 'bar'; + test 21, not tainted $foo; + test 22, $foo eq 'bar'; my $pi = 4 * atan2(1,1) + $TAINT0; - test 21, tainted $pi; + test 23, tainted $pi; ($pi) = $pi =~ /(\d+\.\d+)/; - test 22, not tainted $pi; - test 23, sprintf("%.5f", $pi) eq '3.14159'; + test 24, not tainted $pi; + test 25, sprintf("%.5f", $pi) eq '3.14159'; } # How about command-line arguments? The problem is that we don't @@ -167,144 +189,150 @@ print "1..96\n"; }; close PROG; print `$Invoke_Perl "-T" $arg and some suspect arguments`; - test 24, !$?, "Exited with status $?"; + test 26, !$?, "Exited with status $?"; unlink $arg; } # Reading from a file should be tainted { - my $file = './perl' . $Config{exe_ext}; - test 25, open(FILE, $file), "Couldn't open '$file': $!"; + my $file = './TEST'; + test 27, open(FILE, $file), "Couldn't open '$file': $!"; my $block; sysread(FILE, $block, 100); - my $line = <FILE>; # Should "work" + my $line = <FILE>; close FILE; - test 26, tainted $block; - test 27, tainted $line; + test 28, tainted $block; + test 29, tainted $line; } -# Globs should be tainted. +# Globs should be tainted. { + # Some glob implementations need to spawn system programs. + local $ENV{PATH} = ''; + $ENV{PATH} = (-l '/bin' ? '' : '/bin:') . '/usr/bin' unless $Is_VMS; + my @globs = <*>; - test 28, all_tainted @globs; + test 30, all_tainted @globs; @globs = glob '*'; - test 29, all_tainted @globs; + test 31, all_tainted @globs; } # Output of commands should be tainted { my $foo = `$echo abc`; - test 30, tainted $foo; + test 32, tainted $foo; } # Certain system variables should be tainted { - test 31, all_tainted $^X, $0; + test 33, all_tainted $^X, $0; } # Results of matching should all be untainted { my $foo = "abcdefghi" . $TAINT; - test 32, tainted $foo; + test 34, tainted $foo; $foo =~ /def/; - test 33, not any_tainted $`, $&, $'; + test 35, not any_tainted $`, $&, $'; $foo =~ /(...)(...)(...)/; - test 34, not any_tainted $1, $2, $3, $+; + test 36, not any_tainted $1, $2, $3, $+; my @bar = $foo =~ /(...)(...)(...)/; - test 35, not any_tainted @bar; + test 37, not any_tainted @bar; - test 36, tainted $foo; # $foo should still be tainted! - test 37, $foo eq "abcdefghi"; + test 38, tainted $foo; # $foo should still be tainted! + test 39, $foo eq "abcdefghi"; } # Operations which affect files can't use tainted data. { - test 38, eval { chmod 0, $TAINT } eq '', 'chmod'; - test 39, $@ =~ /^Insecure dependency/, $@; - - test 40, eval { truncate 'NoSuChFiLe', $TAINT0 } eq '', 'truncate'; + test 40, eval { chmod 0, $TAINT } eq '', 'chmod'; test 41, $@ =~ /^Insecure dependency/, $@; - test 42, eval { rename '', $TAINT } eq '', 'rename'; - test 43, $@ =~ /^Insecure dependency/, $@; + # There is no feature test in $Config{} for truncate, + # so we allow for the possibility that it's missing. + test 42, eval { truncate 'NoSuChFiLe', $TAINT0 } eq '', 'truncate'; + test 43, $@ =~ /^(?:Insecure dependency|truncate not implemented)/, $@; - test 44, eval { unlink $TAINT } eq '', 'unlink'; + test 44, eval { rename '', $TAINT } eq '', 'rename'; test 45, $@ =~ /^Insecure dependency/, $@; - test 46, eval { utime $TAINT } eq '', 'utime'; + test 46, eval { unlink $TAINT } eq '', 'unlink'; test 47, $@ =~ /^Insecure dependency/, $@; + test 48, eval { utime $TAINT } eq '', 'utime'; + test 49, $@ =~ /^Insecure dependency/, $@; + if ($Config{d_chown}) { - test 48, eval { chown -1, -1, $TAINT } eq '', 'chown'; - test 49, $@ =~ /^Insecure dependency/, $@; + test 50, eval { chown -1, -1, $TAINT } eq '', 'chown'; + test 51, $@ =~ /^Insecure dependency/, $@; } else { print "# chown() is not available\n"; - for (48..49) { print "ok $_\n" } + for (50..51) { print "ok $_\n" } } if ($Config{d_link}) { - test 50, eval { link $TAINT, '' } eq '', 'link'; - test 51, $@ =~ /^Insecure dependency/, $@; + test 52, eval { link $TAINT, '' } eq '', 'link'; + test 53, $@ =~ /^Insecure dependency/, $@; } else { print "# link() is not available\n"; - for (50..51) { print "ok $_\n" } + for (52..53) { print "ok $_\n" } } if ($Config{d_symlink}) { - test 52, eval { symlink $TAINT, '' } eq '', 'symlink'; - test 53, $@ =~ /^Insecure dependency/, $@; + test 54, eval { symlink $TAINT, '' } eq '', 'symlink'; + test 55, $@ =~ /^Insecure dependency/, $@; } else { print "# symlink() is not available\n"; - for (52..53) { print "ok $_\n" } + for (54..55) { print "ok $_\n" } } } # Operations which affect directories can't use tainted data. { - test 54, eval { mkdir $TAINT0, $TAINT } eq '', 'mkdir'; - test 55, $@ =~ /^Insecure dependency/, $@; - - test 56, eval { rmdir $TAINT } eq '', 'rmdir'; + test 56, eval { mkdir $TAINT0, $TAINT } eq '', 'mkdir'; test 57, $@ =~ /^Insecure dependency/, $@; - test 58, eval { chdir $TAINT } eq '', 'chdir'; + test 58, eval { rmdir $TAINT } eq '', 'rmdir'; test 59, $@ =~ /^Insecure dependency/, $@; + test 60, eval { chdir $TAINT } eq '', 'chdir'; + test 61, $@ =~ /^Insecure dependency/, $@; + if ($Config{d_chroot}) { - test 60, eval { chroot $TAINT } eq '', 'chroot'; - test 61, $@ =~ /^Insecure dependency/, $@; + test 62, eval { chroot $TAINT } eq '', 'chroot'; + test 63, $@ =~ /^Insecure dependency/, $@; } else { print "# chroot() is not available\n"; - for (60..61) { print "ok $_\n" } + for (62..63) { print "ok $_\n" } } } # Some operations using files can't use tainted data. { my $foo = "imaginary library" . $TAINT; - test 62, eval { require $foo } eq '', 'require'; - test 63, $@ =~ /^Insecure dependency/, $@; + test 64, eval { require $foo } eq '', 'require'; + test 65, $@ =~ /^Insecure dependency/, $@; my $filename = "./taintB$$"; # NB: $filename isn't tainted! END { unlink $filename if defined $filename } $foo = $filename . $TAINT; unlink $filename; # in any case - test 64, eval { open FOO, $foo } eq '', 'open for read'; - test 65, $@ eq '', $@; # NB: This should be allowed - test 66, $! == 2; # File not found + test 66, eval { open FOO, $foo } eq '', 'open for read'; + test 67, $@ eq '', $@; # NB: This should be allowed + test 68, $! == 2; # File not found - test 67, eval { open FOO, "> $foo" } eq '', 'open for write'; - test 68, $@ =~ /^Insecure dependency/, $@; + test 69, eval { open FOO, "> $foo" } eq '', 'open for write'; + test 70, $@ =~ /^Insecure dependency/, $@; } # Commands to the system can't use tainted data @@ -313,71 +341,71 @@ print "1..96\n"; if ($^O eq 'amigaos') { print "# open(\"|\") is not available\n"; - for (69..72) { print "ok $_\n" } + for (71..74) { print "ok $_\n" } } else { - test 69, eval { open FOO, "| $foo" } eq '', 'popen to'; - test 70, $@ =~ /^Insecure dependency/, $@; - - test 71, eval { open FOO, "$foo |" } eq '', 'popen from'; + test 71, eval { open FOO, "| $foo" } eq '', 'popen to'; test 72, $@ =~ /^Insecure dependency/, $@; - } - test 73, eval { exec $TAINT } eq '', 'exec'; - test 74, $@ =~ /^Insecure dependency/, $@; + test 73, eval { open FOO, "$foo |" } eq '', 'popen from'; + test 74, $@ =~ /^Insecure dependency/, $@; + } - test 75, eval { system $TAINT } eq '', 'system'; + test 75, eval { exec $TAINT } eq '', 'exec'; test 76, $@ =~ /^Insecure dependency/, $@; + test 77, eval { system $TAINT } eq '', 'system'; + test 78, $@ =~ /^Insecure dependency/, $@; + $foo = "*"; taint_these $foo; - test 77, eval { `$echo 1$foo` } eq '', 'backticks'; - test 78, $@ =~ /^Insecure dependency/, $@; + test 79, eval { `$echo 1$foo` } eq '', 'backticks'; + test 80, $@ =~ /^Insecure dependency/, $@; if ($Is_VMS) { # wildcard expansion doesn't invoke shell, so is safe - test 79, join('', eval { glob $foo } ) ne '', 'globbing'; - test 80, $@ eq '', $@; + test 81, join('', eval { glob $foo } ) ne '', 'globbing'; + test 82, $@ eq '', $@; } else { - test 79, join('', eval { glob $foo } ) eq '', 'globbing'; - test 80, $@ =~ /^Insecure dependency/, $@; + test 81, join('', eval { glob $foo } ) eq '', 'globbing'; + test 82, $@ =~ /^Insecure dependency/, $@; } } # Operations which affect processes can't use tainted data. { - test 81, eval { kill 0, $TAINT } eq '', 'kill'; - test 82, $@ =~ /^Insecure dependency/, $@; + test 83, eval { kill 0, $TAINT } eq '', 'kill'; + test 84, $@ =~ /^Insecure dependency/, $@; if ($Config{d_setpgrp}) { - test 83, eval { setpgrp 0, $TAINT } eq '', 'setpgrp'; - test 84, $@ =~ /^Insecure dependency/, $@; + test 85, eval { setpgrp 0, $TAINT } eq '', 'setpgrp'; + test 86, $@ =~ /^Insecure dependency/, $@; } else { print "# setpgrp() is not available\n"; - for (83..84) { print "ok $_\n" } + for (85..86) { print "ok $_\n" } } if ($Config{d_setprior}) { - test 85, eval { setpriority 0, $TAINT, $TAINT } eq '', 'setpriority'; - test 86, $@ =~ /^Insecure dependency/, $@; + test 87, eval { setpriority 0, $TAINT, $TAINT } eq '', 'setpriority'; + test 88, $@ =~ /^Insecure dependency/, $@; } else { print "# setpriority() is not available\n"; - for (85..86) { print "ok $_\n" } + for (87..88) { print "ok $_\n" } } } # Some miscellaneous operations can't use tainted data. { if ($Config{d_syscall}) { - test 87, eval { syscall $TAINT } eq '', 'syscall'; - test 88, $@ =~ /^Insecure dependency/, $@; + test 89, eval { syscall $TAINT } eq '', 'syscall'; + test 90, $@ =~ /^Insecure dependency/, $@; } else { print "# syscall() is not available\n"; - for (87..88) { print "ok $_\n" } + for (89..90) { print "ok $_\n" } } { @@ -386,29 +414,29 @@ print "1..96\n"; local *FOO; my $temp = "./taintC$$"; END { unlink $temp } - test 89, open(FOO, "> $temp"), "Couldn't open $temp for write: $!"; + test 91, open(FOO, "> $temp"), "Couldn't open $temp for write: $!"; - test 90, eval { ioctl FOO, $TAINT, $foo } eq '', 'ioctl'; - test 91, $@ =~ /^Insecure dependency/, $@; + test 92, eval { ioctl FOO, $TAINT, $foo } eq '', 'ioctl'; + test 93, $@ =~ /^Insecure dependency/, $@; if ($Config{d_fcntl}) { - test 92, eval { fcntl FOO, $TAINT, $foo } eq '', 'fcntl'; - test 93, $@ =~ /^Insecure dependency/, $@; + test 94, eval { fcntl FOO, $TAINT, $foo } eq '', 'fcntl'; + test 95, $@ =~ /^Insecure dependency/, $@; } else { print "# fcntl() is not available\n"; - for (92..93) { print "ok $_\n" } + for (94..95) { print "ok $_\n" } } close FOO; } } -# Some tests involving references +# Some tests involving references { my $foo = 'abc' . $TAINT; my $fooref = \$foo; - test 94, not tainted $fooref; - test 95, tainted $$fooref; - test 96, tainted $foo; + test 96, not tainted $fooref; + test 97, tainted $$fooref; + test 98, tainted $foo; } diff --git a/t/pragma/strict-vars b/t/pragma/strict-vars index 727eb2d4f2..9814fd6ee8 100644 --- a/t/pragma/strict-vars +++ b/t/pragma/strict-vars @@ -165,8 +165,6 @@ print STDERR $@; $joe = 1 ; EXPECT Global symbol "joe" requires explicit package name at - line 5. -Variable "$joe" is not imported at - line 8. -Global symbol "joe" requires explicit package name at - line 8. Execution of - aborted due to compilation errors. ######## |