Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl Monk, Perl Meditation
 
PerlMonks  

Re: Taint mode testing a module

by Tanktalus (Canon)
on Oct 17, 2012 at 19:50 UTC ( #999600=note: print w/ replies, xml ) Need Help??


in reply to Taint mode testing a module

Generally, if your .t file starts as:

#!/usr/bin/perl -T
then your test will be run in taint mode. It's then up to you to figure out how to get the rest of your information in a taint-safe manner. :-) (Generally, I turn it off, it's too much of a headache for my use cases, I think... but maybe I just misunderstand it.)


Comment on Re: Taint mode testing a module
Download Code
Re^2: Taint mode testing a module
by mrider (Sexton) on Oct 17, 2012 at 20:29 UTC

    Thanks for that, but I think you misunderstand the question. I know how to turn on taint mode for a program. What I don't know how to do is turn on taint mode for a unit test that is run specifically as part of installation of a module.

    For example, if you use CPAN and install "Foo", then CPAN performs roughly the equivalent of the following steps:

    1. wget http://somefakesite.site/Foo.0.0.1.tar.gz
    2. tar -xzf Foo.0.0.1.tar.gz
    3. cd Foo.0.0.1
    4. perl Makefile.PL
    5. make
    6. make test
    7. make install (Assuming the tests in #6 pass of course)

    What I'd like to know is if it's possible for me to test with taint mode on as part of that step in #6.

      No, I think I perfectly understood. Maybe you missed the part in my previous post that said "if your .t file starts as..." That is, if one of your test files starts with that hash-bang line, even if you're on Windows, "make test" will run it under taint mode. (I don't think ExtUtils::* has anything to do with this, I think it's just that when the perl subprocess starts up, it reads that first line and interprets it.) If other unit test files do not have the -T, then those test files will not run under taint.

      Test::Taint is related, but it won't do you much good without that -T flag on the hash-bang line.

      I suspect you're thinking this is harder than it appears :-)

      Remember that each .t file really is just a .pl file with a different extention denoting its purpose (test). Everything beyond that is simply convention. By convention, .t files test. By convention, .t files output TAP. By convention, .t files are only run by a TAP harness (such as prove). By unfortunate hysterical raisins, .t files are run with the -w flag given to perl.

        I stand corrected. I added #!/usr/bin/env perl -T to the top of the file and print STDERR ("\n\n\nTaint = '", ${^TAINT}, "'\n\n\n"); down where the first test would be, and sure enough it printed "Taint = 1" on the console. I was under the mistaken impression that "make test" didn't load the .t file directly, but instead ran it in an eval.

        Sorry I doubted you!

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://999600]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others meditating upon the Monastery: (11)
As of 2014-12-19 08:03 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    Is guessing a good strategy for surviving in the IT business?





    Results (74 votes), past polls