If your app is itself located under AppBase, you could use dirname() and __FILE__ which are taint-free:

#!/usr/bin/perl -wT

use strict;

my $basedir;
use File::Basename qw(dirname);
BEGIN { $basedir = dirname(dirname(__FILE__)) };
use lib $basedir.'/lib';

use YAML; # Dummy - use fails if @INC is tainted
print "File = ", __FILE__, "\n";
print "Lib = @INC\n";

If that's not the case, I would just assume AppBase is always fine and "untaint" it through some regular expression (preferably with a comment why I did so).