#!/usr/bin/perl -T
use strict;
use CGI;
use Getopt::Long;

my $match = CGI::param('a');

my $two;
GetOptions('b' => \$two);

print "Running...\nPerl version: $]\nOsname: $^O\nExecutable name: $^X\n\n";

my @data = ( 'zot', $match, $two, $ENV{PATH} );
foreach my $data ( @data ) {
    my $result = is_tainted($data)
        ? "$data is tainted\n"
        : "$data is not tainted\n";
    print $result;

    $result = is_tainted_two($data)
        ? "$data is tainted\n"
        : "$data is not tainted\n";
    print $result;
}

# Camel, 2nd edition (p. 358) taint check
sub is_tainted {
    return not eval{
        join("",@_), kill 0;
        1;
    }
}

# Camel, 3rd edition (p. 561) taint check
sub is_tainted_two {
    my $arg = shift;
    my $nada = substr($arg, 0, 0);
    local $@;
    eval {eval "# $nada"};
    return length($@) != 0;
}