Beefy Boxes and Bandwidth Generously Provided by pair Networks
No such thing as a small change
 
PerlMonks  

how to make lexical pragma global, hints ( pl_hints $^H %^H ), taint::all

by Anonymous Monk
on Nov 04, 2012 at 16:04 UTC ( #1002215=perlquestion: print w/ replies, xml ) Need Help??
Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

Say I want  use re 'taint'; to apply to everything, how?

re turns this check on by way of $^H / pl_hints, ,but that variable is lexically scoped

something something Inline::C? B::Hooks::Parser?

Maybe perlrun needs a new -TT option, obnoxious taint, where untainting is only possible through Taint::Util::untaint

Comment on how to make lexical pragma global, hints ( pl_hints $^H %^H ), taint::all
Download Code
Re: how to make lexical pragma global, hints ( pl_hints $^H %^H ), taint::all
by tobyink (Abbot) on Nov 04, 2012 at 17:01 UTC

    It's doable, but there's no real elegant solution. Take a look at Acme::use::strict::with::pride, which turns on strict everywhere. (Actually it turns it on at the top of each file - there's nothing to stop the file including no strict later on.) It does this by installing a coderef into @INC which rewrites modules when they get loaded.

    Personally, I'd take a different approach. I'd cheat by taking advantage of the fact that nearly all code everywhere uses strict, and hook onto strict's import function. Save the following code as Taint/Obnoxious.pm:

    package Taint::Obnoxious; use strict; use re (); my $orig_import = strict->can('import'); *strict::import = sub { re->import('taint'); goto $orig_import; };

    Now, running your program with perl -MTaint::Obnoxious should do the trick. All code that uses strict will also automatically use obnoxious tainting.

    perl -E'sub Monkey::do{say$_,for@_,do{($monkey=[caller(0)]->[3])=~s{::}{ }and$monkey}}"Monkey say"->Monkey::do'
Re: how to make lexical pragma global, hints ( pl_hints $^H %^H ), taint::all
by AnomalousMonk (Abbot) on Nov 04, 2012 at 18:41 UTC
    Maybe perlrun needs a new -TT option, obnoxious taint...

    Maybe it should be called  -P for putrid: make anything tainted stink up the entire establishment.

Re: how to make lexical pragma global, hints ( pl_hints $^H %^H ), taint::all (package taintall)
by Anonymous Monk on Nov 04, 2012 at 19:02 UTC

    Thanks tobyink, I did see that in my search but I found it unsatisfactory

    Ok, this will add use re 'taint'; for all modules -- kinda like a source filter -- probably doesn't play well with PAR :)

    also makes printing on STDOUT die if tainted

    $ perl -I. -Tle "use retaint; retaint::foo(); print 123; print substr +$ENV{PATH}, 0, 1; " retaint.pm:20: tainted? 1 retaint.pm:21: tainted? 0 123 D $ perl -I. -Tle "use taintall; use retaint; retaint::foo(); print 123; + print substr $ENV{PATH}, 0, 1; " /loader/0xb61cbc/retaint.pm:21: tainted? 1 /loader/0xb61cbc/retaint.pm:22: tainted? 1 123 Insecure dependency in 'print' at -e line 1.

    taintall.pm

    retaint.pm

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://1002215]
Approved by marto
Front-paged by Old_Gray_Bear
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others making s'mores by the fire in the courtyard of the Monastery: (5)
As of 2015-07-04 00:20 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The top three priorities of my open tasks are (in descending order of likelihood to be worked on) ...









    Results (57 votes), past polls