blob: 7c3ffe6881791ebbf169030c7b0a4b49b73685f6 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
|
#!./perl -T
use Config;
BEGIN {
if ($ENV{PERL_CORE}
and $Config{'extensions'} !~ /\bIO\b/ && $^O ne 'VMS'
or not ${^TAINT}) # not ${^TAINT} => perl without taint support
{
print "1..0\n";
exit 0;
}
}
use strict;
if ($ENV{PERL_CORE}) {
require("../../t/test.pl");
}
else {
require("./t/test.pl");
}
plan(tests => 5);
END { unlink "./__taint__$$" }
use IO::File;
my $x = new IO::File "> ./__taint__$$" || die("Cannot open ./__taint__$$\n");
print $x "$$\n";
$x->close;
$x = new IO::File "< ./__taint__$$" || die("Cannot open ./__taint__$$\n");
chop(my $unsafe = <$x>);
eval { kill 0 * $unsafe };
SKIP: {
skip($^O) if $^O eq 'MSWin32' or $^O eq 'NetWare';
like($@, qr/^Insecure/);
}
$x->close;
# We could have just done a seek on $x, but technically we haven't tested
# seek yet...
$x = new IO::File "< ./__taint__$$" || die("Cannot open ./__taint__$$\n");
$x->untaint;
ok(!$?); # Calling the method worked
chop($unsafe = <$x>);
eval { kill 0 * $unsafe };
unlike($@,qr/^Insecure/);
$x->close;
TODO: {
todo_skip("Known bug in 5.10.0",2) if $] >= 5.010 and $] < 5.010_001;
# this will segfault if it fails
sub PVBM () { 'foo' }
{ my $dummy = index 'foo', PVBM }
eval { IO::Handle::untaint(PVBM) };
pass();
eval { IO::Handle::untaint(\PVBM) };
pass();
}
exit 0;
|
