| 1 | #!./perl -Tw
|
|---|
| 2 |
|
|---|
| 3 | BEGIN {
|
|---|
| 4 | chdir 't' if -d 't';
|
|---|
| 5 | @INC = '../lib';
|
|---|
| 6 | require Config; import Config;
|
|---|
| 7 | if ($^O ne 'VMS' and $Config{'extensions'} !~ /\bPOSIX\b/) {
|
|---|
| 8 | print "1..0\n";
|
|---|
| 9 | exit 0;
|
|---|
| 10 | }
|
|---|
| 11 | }
|
|---|
| 12 |
|
|---|
| 13 | use Test::More tests => 7;
|
|---|
| 14 | use Scalar::Util qw/tainted/;
|
|---|
| 15 |
|
|---|
| 16 |
|
|---|
| 17 | use POSIX qw(fcntl_h open read mkfifo);
|
|---|
| 18 | use strict ;
|
|---|
| 19 |
|
|---|
| 20 | $| = 1;
|
|---|
| 21 |
|
|---|
| 22 | my $buffer;
|
|---|
| 23 | my @buffer;
|
|---|
| 24 | my $testfd;
|
|---|
| 25 |
|
|---|
| 26 | # Sources of taint:
|
|---|
| 27 | # The empty tainted value, for tainting strings
|
|---|
| 28 |
|
|---|
| 29 | my $TAINT = substr($^X, 0, 0);
|
|---|
| 30 |
|
|---|
| 31 | my $file = 'TEST';
|
|---|
| 32 |
|
|---|
| 33 | eval { mkfifo($TAINT. $file, 0) };
|
|---|
| 34 | like($@, qr/^Insecure dependency/, 'mkfifo with tainted data');
|
|---|
| 35 |
|
|---|
| 36 | eval { $testfd = open($TAINT. $file, O_WRONLY, 0) };
|
|---|
| 37 | like($@, qr/^Insecure dependency/, 'open with tainted data');
|
|---|
| 38 |
|
|---|
| 39 | eval { $testfd = open($file, O_RDONLY, 0) };
|
|---|
| 40 | is($@, "", 'open with untainted data');
|
|---|
| 41 |
|
|---|
| 42 | read($testfd, $buffer, 2) if $testfd > 2;
|
|---|
| 43 | is( $buffer, "#!", ' read' );
|
|---|
| 44 | ok(tainted($buffer), ' scalar tainted');
|
|---|
| 45 |
|
|---|
| 46 | TODO: {
|
|---|
| 47 | local $TODO = "POSIX::read won't taint an array element";
|
|---|
| 48 |
|
|---|
| 49 | read($testfd, $buffer[1], 2) if $testfd > 2;
|
|---|
| 50 |
|
|---|
| 51 | is( $buffer[1], "./", ' read' );
|
|---|
| 52 | ok(tainted($buffer[1]), ' array element tainted');
|
|---|
| 53 | }
|
|---|
