Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl: the Markov chain saw
 
PerlMonks  

Taint checking?

by citromatik (Curate)
on Jul 01, 2009 at 16:13 UTC ( #776486=perlquestion: print w/replies, xml ) Need Help??

citromatik has asked for the wisdom of the Perl Monks concerning the following question:

Hi,

I have encountered the following in production code:

if((defined ($command_str)) && ($command_str =~ /^(.*)$/)) {#taint che
+cking
 $command_str = $1;
 # blah, blah

[download]

Does this make any sense? is there any benefit in reassigning $command_str this way?

Thanks in advance

citromatik

Replies are listed 'Best First'.
Re: Taint checking?
by jethro (Monsignor) on Jul 01, 2009 at 16:25 UTC

    You can run perl in tainted mode, where any data a script gets from I/O is tainted (i.e. flagged as unsafe and potentially dangerous). This is for example useful with CGI-scripts.

    Data can be untainted by filtering it with a regex. In that case perl assumes that you have filtered any dangerous parts and the extracted data is safe now

    As the code you are presenting does no real effort to filter anything the author was either absolutely sure that $command_str came from somewhere safe or he couldn't be bothered with security

[reply]
Re: Taint checking?
by JavaFan (Canon) on Jul 01, 2009 at 17:32 UTC
    No, without context, it doesn't make any sense. If you're going to untaint by accepting anything, it easiest way is to get rid of the -T.

    Now, there may be other reasons why the program is using taint, and perhaps what is in $command_str comes from a trusted source. But that cannot be told from the snippet.

[reply]
Re: Taint checking?
by graff (Chancellor) on Jul 02, 2009 at 04:04 UTC
    Well, since there is no "s" modifier on the regex, it is at least testing making sure that the value of $command_str does not contain "\n", which might be worth something, depending on how this variable is used later on.

    But if the whole script were in my hands, the next thing I would do would be to search for occurrences/uses of $command_str outside (following) that if block, because any such occurrence/usage could be getting a still-tainted value (in the case where that "if" condition wasn't met).

    (Update: and then, of course, I would also look very carefully at how this variable is being used inside that "if" block.)

[reply]
[d/l]
Re: Taint checking?
by Anonymous Monk on Jul 01, 2009 at 16:21 UTC
[reply]

Back to Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: perlquestion [id://776486]
Approved by Old_Gray_Bear
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others contemplating the Monastery: (2)
As of 2023-05-31 23:54 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found
    Notices?