Beefy Boxes and Bandwidth Generously Provided by pair Networks
Just another Perl shrine
 
PerlMonks  

Re: Taint error in Printer module

by kcott (Archbishop)
on Aug 05, 2017 at 06:29 UTC ( [id://1196788]=note: print w/replies, xml ) Need Help??


in reply to Taint error in Printer module

G'day ksublondie,

What you've presented in your OP has all sorts of problems. Look at deleted @ENV{...): that should be delete not deleted; and the right parenthesis should be a right brace. You've also linked to Printer. The source code for that Module is quite different from what you've posted (as "the code for Printer is"): it has use Env qw(PATH), not the syntactically incorrect code you show (')' instead of '}' again); it also has no code which matches open PRINTER!

The upshot of this is that we don't know what code you're really running, nor what module you're really using. As I'm sure you'll realise, this makes it difficult to help you.

use, and sub definitions, occur at compile time. Your modification of $ENV{PATH} occurs at runtime. I suspect your problem is related to this.

Your taint error is most often caused by a PATH ending with ':.'; although, any relative pathname could be the problem. There could be other reasons, too. I suggest you put code like the following at the very start of your program; immediately following the shebang line would probably be best. 

#!/usr/bin/env perl -T

use strict;
use warnings;

BEGIN {
    use File::Spec;

    # To avoid "Insecure $ENV{PATH} while running with -T switch"
    $ENV{PATH} = join ':', grep { File::Spec::->file_name_is_absolute(
+$_) }
                    split /:/, $ENV{PATH};

    # To ensure there's no dependency on these potentially insecure va
+riables
    delete @ENV{qw(IFS CDPATH ENV BASH_ENV)};
}

[download]

In case you didn't know, BEGIN occurs at compile time. By putting this code first, %ENV is modified before any other compile time actions.

If you copy and paste code, you won't end up with the typographical errors (probably caused, at least in part, by entering by hand) that your OP has in multiple places. Also, please check that all links actually link to the indicated information, and any references accurately reflect the sources you provide.

Update: Minor typo fix: s/you program/your program/

— Ken

Replies are listed 'Best First'.
Re^2: Taint error in Printer module
by ksublondie (Friar) on Aug 07, 2017 at 15:33 UTC
    I'll recheck the code in my OP...yes, I had to retype it because my code is not easily available to copy/paste into perlmonks.
[reply]
      I had to retype it because my code is not easily available to copy/paste into perlmonks.

      Reduce your code to a MINIMAL example that still shows the problem. Usually, this will take something between 10 and 30 lines that can easily be posted here. Copy-and-paste the working example, don't introduce new errors by retyping.

      How to reduce, method 1: Strip off all code that is not relevant to the problem. Remove all modules and functions not related to the problem. Replace irrelevant calulations with fixed values. Replace confidential data with harmless made-up data.

      How to reduce, method 2: Start with a hello-world script or the synopsis from the documentation. Add the bare minimum required to exhibit the problem, copied from your main project. You will likely need to copy only a few lines.

      Alexander

      --
      Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)
[reply]
        I really don't understand what you're asking for.

        The complete code is thousands of lines and I only included the few lines in question. I can't eliminate much without the result being useless. The server is locked down for security and I can't copy/paste out of it to my "insecure" internet-ready workstation.

[reply]
Re^2: Taint error in Printer module
by ksublondie (Friar) on Aug 08, 2017 at 16:45 UTC
    For clarification, the Printer module code I posted is from Printer::Unix.pm (the file mentioned in the error message received), not Printer.pm.

    Where do you suggest I add the code? To MY code? To Printer::Unix.pm or Printer.pm? I'm currently resetting $ENV{PATH} in all 3 files and still getting the taint error.

[reply]

      OK, I can see how that might have been confusing. The module is Printer::Unix. It's bundled with Printer, rather than being provided as a separately distributed module. You can find it as follows:

      • At the top of the Printer page, you'll see a link to the distribution page: Printer-0.98.
      • That page has a number of links. Against the heading Special Files, you'll see a link to MANIFEST.
      • On the MANIFEST page, you'll see links to all the items that make up the distribution; lib/Printer/Unix.pm links to the source code for Printer::Unix.

      There's probably additional confusion because the source code for Printer has 

      require Printer::Unix;

      [download]

      but the source code for Printer::Unix has no package statement. The module is Printer::Unix but its namespace is Printer.

      The code I suggested should be added to your program as I originally stated: nothing has changed in that respect.

      As a general rule, you should not make changes to module code you've installed from CPAN. If you have made any changes, you should reverse them: if in doubt, reinstall the module.

      You should be able to create a SSCCE fairly easily. Start with code similar to what I suggested; add use Printer;; then your sub printX {...}; then a call to exercise it (printX(@args)).

      Important: Note that I used printX. You don't have to call it that; but do not call it print: that's the name of a core function (print) and could easily cause problems.

      The Printer module only works with a limited number of platforms that I don't have available. I'd be happy to look at your SSCCE code but I'm not in a position to run and test it.

      You should also change your current indirect object syntax: 

      my $prn=new Printer('linux' => '6L',);

      [download]

      to

      my $prn = Printer::->new(linux => '6L');

      [download]

      See Indirect Object Syntax for an explanation. Note the emboldened text: "... use of this syntax is discouraged ...".

      — Ken

[reply]
[d/l]
[select]
        I'll go back and make the changes you suggested. I thought I used the exact syntax for Printer stated in the documentation.

        Here's the kicker, it's not always failing. Even though I'm explicitly setting ENV{PATH} in all 3 files, every 3 or so times the script runs, it somehow resets the ENV{PATH} to the original value. Only when I explicitly reset it right before it fails in Printer::Unix.pm does it get the correct ENV{PATH}. 

        $ENV{PATH}='/usr/bin';
warn "path=$ENV{PATH}\n";
open PRINTER, "| $self->{print_command}->{linux}-{command}"
    or Carp::croak..

        [download]
        ...And then it will again randomly fail (more like every 6th running instead of every 3rd), with the new error Can't open printer connection to lp -d 6L.

        ETA: However, if my code is: 

        warn "path=$ENV{PATH}\n";
open PRINTER, "| $self->{print_command}->{linux}-{command}"
    or Carp::croak..

        [download]
        (without the redundant 4th reset of ENV{PATH}), sometimes the warning output shows the correct PATH, sometimes, it doesn't.
[reply]
[d/l]
[select]

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://1196788]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others musing on the Monastery: (7)
As of 2024-04-23 19:17 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found