Beefy Boxes and Bandwidth Generously Provided by pair Networks RobOMonk
good chemistry is complicated,
and a little bit messy -LW
 
PerlMonks  

how to make lexical pragma global, hints ( pl_hints $^H %^H ), taint::all

by Anonymous Monk
on Nov 04, 2012 at 16:04 UTC ( #1002215=perlquestion: print w/ replies, xml ) Need Help??
Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

Say I want  use re 'taint'; to apply to everything, how?

re turns this check on by way of $^H / pl_hints, ,but that variable is lexically scoped

something something Inline::C? B::Hooks::Parser?

Maybe perlrun needs a new -TT option, obnoxious taint, where untainting is only possible through Taint::Util::untaint

Comment on how to make lexical pragma global, hints ( pl_hints $^H %^H ), taint::all
Download Code
Re: how to make lexical pragma global, hints ( pl_hints $^H %^H ), taint::all
by tobyink (Abbot) on Nov 04, 2012 at 17:01 UTC

    It's doable, but there's no real elegant solution. Take a look at Acme::use::strict::with::pride, which turns on strict everywhere. (Actually it turns it on at the top of each file - there's nothing to stop the file including no strict later on.) It does this by installing a coderef into @INC which rewrites modules when they get loaded.

    Personally, I'd take a different approach. I'd cheat by taking advantage of the fact that nearly all code everywhere uses strict, and hook onto strict's import function. Save the following code as Taint/Obnoxious.pm:

    package Taint::Obnoxious; use strict; use re (); my $orig_import = strict->can('import'); *strict::import = sub { re->import('taint'); goto $orig_import; };

    Now, running your program with perl -MTaint::Obnoxious should do the trick. All code that uses strict will also automatically use obnoxious tainting.

    perl -E'sub Monkey::do{say$_,for@_,do{($monkey=[caller(0)]->[3])=~s{::}{ }and$monkey}}"Monkey say"->Monkey::do'
Re: how to make lexical pragma global, hints ( pl_hints $^H %^H ), taint::all
by AnomalousMonk (Monsignor) on Nov 04, 2012 at 18:41 UTC
    Maybe perlrun needs a new -TT option, obnoxious taint...

    Maybe it should be called  -P for putrid: make anything tainted stink up the entire establishment.

Re: how to make lexical pragma global, hints ( pl_hints $^H %^H ), taint::all (package taintall)
by Anonymous Monk on Nov 04, 2012 at 19:02 UTC

    Thanks tobyink, I did see that in my search but I found it unsatisfactory

    Ok, this will add use re 'taint'; for all modules -- kinda like a source filter -- probably doesn't play well with PAR :)

    also makes printing on STDOUT die if tainted

    $ perl -I. -Tle "use retaint; retaint::foo(); print 123; print substr +$ENV{PATH}, 0, 1; " retaint.pm:20: tainted? 1 retaint.pm:21: tainted? 0 123 D $ perl -I. -Tle "use taintall; use retaint; retaint::foo(); print 123; + print substr $ENV{PATH}, 0, 1; " /loader/0xb61cbc/retaint.pm:21: tainted? 1 /loader/0xb61cbc/retaint.pm:22: tainted? 1 123 Insecure dependency in 'print' at -e line 1.

    taintall.pm

    retaint.pm

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://1002215]
Approved by marto
Front-paged by Old_Gray_Bear
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others perusing the Monastery: (10)
As of 2014-04-19 06:27 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    April first is:







    Results (478 votes), past polls