Slash Boxes
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

use Perl Log In

Log In

[ Create a new account ]

Alias (5735)

  (email not shown publicly)

Journal of Alias (5735)

Monday October 30, 2006
11:46 PM

Dear Lazyweb: Adding taint support to PPI?

[ #31453 ]

Following discussion on the QA list about tainting, and given that one of the goals of PPI is to be able to do code-related tasks "safely" without risking the involvement of the perl interpreter, it seems logical that PPI should also work correctly under tainting.

Since I am admittedly not familiar with tainting except at a conceptual level (i.e. I know what it does and how it works, but I don't use it) what are the implications for a large codebase like PPI?

What, specifically, do I need to do to PPI to be taint-safe and to prove that I'm taint-safe? Is it simply a case of putting -T into every test script, and making sure that they all pass with -T?

What do I have to care about?

Further, if there is stuff to do to make it taint-safe, would anyone like to help? :)

Commit bits available as needed if so.

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
More | Login | Reply
Loading... please wait.
  • The last time I wrote taint-safe code, Test::Taint [] was my friend.

    The main problem I had retrofitting existing code to be taint-safe (not that I've had a lot of experience with it) was dealing with the disparity between the assumptions I was making and the assumptions the tainting infrastructure was making. It uncovered a few bugs, though.