Beefy Boxes and Bandwidth Generously Provided by pair Networks
Problems? Is your data what you think it is?

Re^6: Taint mode limitations

by Anonymous Monk
on Nov 04, 2012 at 15:46 UTC ( #1002211=note: print w/replies, xml ) Need Help??

in reply to Re^5: Taint mode limitations
in thread Taint mode limitations

You have code written without concern for security. The main body of this code operates freely on input, including using regexes. The code must now be re-written to take security into account. Given the nature of the code that I infer from your description, there is no way to avoid a major re-write of some kind.

Your inference is wrong ;-). Although I have never had to worry about security up to now (I mostly work on proof of concept research demos), I do think a lot about design and modularity (obssessively so if you ask my colleagues ;-)).

In this particular case, all CGI pages generated by my app are implemented as Perl classes that all derive from a common root class. This root class creates a CGI object and stores it in an an attribute $self->{_cgi}, and all the subclass use it to acquire user inputs (or at least, they are supposed to do it that way).

So it would be fairly easy for me to do what you suggest, by adding a central sanitation of all cgi inputs in that root class (see the end of this page for how I plan to do this:

This will go a long way towards ensuring that all CGI inputs are being sanitized. But it still possible for me or one of my colleagues to forgetting to use the $self->{_cgi} attribute and instead creating a new CGI object inside one of the classes or methods that needs access to the user inputs. In fact, I do know that this has happened to me at least once this year.

So I will still put taint mode on, but as I pointed out here:, this still won't catch instances where the method that bypasses $self->{_cgi} writes to STDOUT, or cases where it ends up creating a tainted variable that gets inadvertantly untained by someone else down the road (possibly in a third party library).

Yet, it COULD be avoided if taint mode was less lenient, as I suggest in the middle of this page.

As several people have pointed out, this is not likely to happen anytime soon. So I guess I will just have to be content with me and my colleagues being extra careful to always acquire user input through the root class' $self->{_cgi} argument.

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1002211]
and all is quiet...

How do I use this? | Other CB clients
Other Users?
Others wandering the Monastery: (4)
As of 2017-02-27 05:56 GMT
Find Nodes?
    Voting Booth?
    Before electricity was invented, what was the Electric Eel called?

    Results (376 votes). Check out past polls.