Beefy Boxes and Bandwidth Generously Provided by pair Networks
There's more than one way to do things
 
PerlMonks  

Re^2: What's your favourite method of untainting?

by mrborisguy (Hermit)
on Dec 16, 2005 at 18:43 UTC ( #517328=note: print w/ replies, xml ) Need Help??


in reply to Re: What's your favourite method of untainting?
in thread What's your favourite method of untainting?

I'll bite.

package Acme::Unicorn::Horn::Blessed; use strict; use warnings; BEGIN { use Exporter (); use vars qw ($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS); $VERSION = 0.01; @ISA = qw (Exporter); @EXPORT = qw (horn); @EXPORT_OK = qw (); %EXPORT_TAGS = (); } =head1 NAME Acme::Unicorn::Horn::Blessed - A blessed horn of a unicorn untaints ev +erything =head1 SYNOPSIS use Acme::Unicorn::Horn::Blessed; $untainted = horn( $tainted ); $untainted = horn( $tainted, blessed => 0 ); =head1 DESCRIPTION I<A blessed horn of a unicorn untaints everything.> This module untaints everything. =head1 USAGE =head2 horn( tainted_variable, [options] ) Untaint a variable. my $untainted = horn( $tainted ); # if we want to make sure no hackers can harm us, use an 'unblessed +horn of a unicorn' my $untainted = horn( $tainted, blessed => 0 ); =cut sub horn { my $variable = shift; my %options = @_ if ( scalar @_ % 2 ); my $foo; if ( exists $options{ blessed } and not $options{ blessed } ) +{ $foo = undef; } else { ($foo) = ($variable =~ /^(.*)$/gs); } return $foo; } =head1 BUGS The obvious problems you will have with considering tainted va +riables as untainted. =head1 AUTHOR Bryan =head1 COPYRIGHT This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself. The full text of the license can be found in the LICENSE file included with this module. =head1 SEE ALSO perl(1). =cut 1;

Note: Untested. And no, I'm not uploading this.

    -Bryan

Update: It seems my untested code did have a flaw! Thanks ambrus++.


Comment on Re^2: What's your favourite method of untainting?
Download Code
Re^3: What's your favourite method of untainting?
by ambrus (Abbot) on Dec 18, 2005 at 12:07 UTC

    I think this is wrong:

    ($foo) = ($variable =~ /^(.*)$/g);
    shouldn't you add an s switch to the regexp so that it would match multi-line strings?

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://517328]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others studying the Monastery: (18)
As of 2014-12-19 18:18 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    Is guessing a good strategy for surviving in the IT business?





    Results (91 votes), past polls