How can I tell if a variable is tainted?


Syntactic Confectionery Delight
	PerlMonks

How can I tell if a variable is tainted?

by faq_monk (Initiate)

Log in
Create a new user
The Monastery Gates
Super Search

Seekers of Perl Wisdom
Meditations
PerlMonks Discussion

Obfuscation
Reviews
Cool Uses For Perl
Perl News
Q&A
Tutorials

Poetry
Recent Threads
Newest Nodes
Donate
What's New

on Oct 08, 1999 at 00:27 UTC ( #689=perlfaq nodetype: print w/ replies, xml )

Need Help??

Current Perl documentation can be found at perldoc.perl.org.

Here is our local, out-dated (pre-5.6) version:

See Laundering and Detecting Tainted Data. Here's an example (which doesn't use any system calls, because the kill() is given no processes to signal):

    sub is_tainted {
        return ! eval { join('',@_), kill 0; 1; };
    }

This is not -w clean, however. There is no -w clean way to detect taintedness - take this as a hint that you should untaint all possibly-tainted data.

Chatterbox^?

How do I use this? | Other CB clients

Other Users^?

Others exploiting the Monastery: (7)

atcroft
MidLifeXis
keszler
2teez
Voronich
jellisii2
zenrhino

As of 2013-05-23 20:13 GMT

Sections^?

Seekers of Perl Wisdom
Cool Uses for Perl
Meditations
PerlMonks Discussion
Categorized Q&A
Tutorials
Obfuscated Code
Perl Poetry
Perl News
about

Information^?

PerlMonks FAQ
Guide to the Monastery
What's New at PerlMonks
Voting/Experience System
Tutorials
Reviews
Library
Perl FAQs
Other Info Sources

Find Nodes^?

Nodes You Wrote
Super Search
List Nodes By Users
Newest Nodes
Recently Active Threads
Selected Best Nodes
Best Nodes
Worst Nodes
Saints in our Book

Leftovers^?

The St. Larry Wall Shrine
Buy PerlMonks Gear
Offering Plate
Awards
Random Node
Quests
Craft
Snippets
Code Catacombs
Editor Requests

blogs.perl.org
Perlsphere
Perl Ironman Blog
Perl Weekly
Perl.com
Perl 5 Wiki
Perl Jobs
Perl Mongers
Perl Directory
Perl documentation
MetaCPAN
CPAN

Voting Booth^?

The best material for plates (tableware) is:

Results (491 votes), past polls