Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl-Sensitive Sunglasses
 
PerlMonks  

Re: SOAP::Lite - Insecure dependency in eval while running with -T

by Anonymous Monk
on Mar 25, 2011 at 11:52 UTC ( #895455=note: print w/ replies, xml ) Need Help??


in reply to SOAP::Lite - Insecure dependency in eval while running with -T

splain/diagnostics/perlsec

Insecure dependency in eval while running with -T switch at /usr/lib/perl5/site_perl/5.8.8/SOAP/Lite.pm line 3225 (#1) (F) You tried to do something that the tainting mechanism didn't l +ike. The tainting mechanism is turned on when you're running setuid or setgid, or when you specify -T to turn it on explicitly. The tainting mechanism labels all data that's derived directly or indi +rectly from the user, who is considered to be unworthy of your trust. If + any such data is used in a "dangerous" operation, you get this error. + See perlsec for more information.
http://search.cpan.org/grep?cpanid=MKUTTER&release=SOAP-Lite-0.712&string=taint&i=1&n=1&C=0

What is SOAP/Lite.pm line 3225? On cpan it is

eval $self->generate_stub($_) or Carp::croak "Bad stub: $@";
But that doesn't match your error message , so upgrade SOAP::Lite :)


Comment on Re: SOAP::Lite - Insecure dependency in eval while running with -T
Select or Download Code
Re^2: SOAP::Lite - Insecure dependency in eval while running with -T
by stepamil (Acolyte) on Mar 25, 2011 at 12:33 UTC

    I am using 0.712 SOAP::Lite (sorry I didn't mention that), but the message is still there.

    Is there any way that I can untaint input args for the generate_stub method?

      Is there any way that I can untaint input args for the generate_stub method?

      Don't know, can you give me something to debug , like a 6 line program that reproduces the error?

Re^2: SOAP::Lite - Insecure dependency in eval while running with -T
by moritz (Cardinal) on Mar 25, 2011 at 12:39 UTC
      • "Bad stub:" is not mentioned anywhere in OPs message
      • "Code execution error" doesn't appear in SOAP/Lite.pm
      • "returned error" doesn't appear in SOAP/Lite.pm
        "Bad stub:" is not mentioned anywhere in OPs message

        If the eval() dies due to taint modus (and not just returns undef because of normal failure), the or croak part will never executed. So not relevant.

        $ perl -Te 'eval shift or die "NO"' foo Insecure dependency in eval while running with -T switch at -e line 1. $ no NO printed, see?
        • Code execution error" doesn't appear in SOAP/Lite.pm
        • "returned error" doesn't appear in SOAP/Lite.pm

        So it was wrapped in some other code that caught the error, and augmented with additional information. It looks to me that the line in question is still the source of the error, even if indirectly reported.

Re^2: SOAP::Lite - Insecure dependency in eval while running with -T
by stepamil (Acolyte) on Mar 25, 2011 at 14:16 UTC

    Hi, I tried the trick (added in new line 3363):

    sub generate_stub { ... $self->{'_stub'} = $1 if $self->{'_stub'} =~ /^(.*)/; return $self->stub; }

    and the error has changes . Now it's:

    Code execution error: Method [ method_name ] returned error: Bad stub:  at /usr/lib/perl5/site_perl/5.8.8/SOAP/Lite.pm line 3669

    which with moving one line bellow (adding the fix line) is:

    my %services = %{$self->schema->parse(@_)->load->services};

    So the fix won't do.

    As for the code example, I'll try to make something later during the day, but it's not so easy because I have XMLRPC web service calling SOAP service. And like I said, when it's on the same machine (but running on two different instances) everything's fine. When I put this SOAP to other machine I get this.

      Well, sprinkle some warn statements here and there and figure it out :)
Re^2: SOAP::Lite - Insecure dependency in eval while running with -T
by stepamil (Acolyte) on Mar 28, 2011 at 09:05 UTC

    I "solved" the problem just by adding

    my $result = $1 if ($self->generate_stub($_) =~ m{^(.+)}s);

    before

    eval $result or Carp::croak "Bad stub: $@";

    which was previously

    eval $self->generate_stub($_) or Carp::croak "Bad stub: $@";

    and it works now. Not really elegant, but I need this urgently so it should do. Alfter that I'm getting this warning message:

    could not find ParserDetails.ini in /usr/lib/perl5/site_perl/5.8.8/XML/SAX

    Is this related?

      Found the problem, it's not related

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://895455]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others scrutinizing the Monastery: (6)
As of 2014-09-01 07:32 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The best computer themed movie is:











    Results (298 votes), past polls