#!/usr/bin/perl -T
use strict;
use warnings;


$ENV{PATH} = '';
{
    local *FH;
    open(FH, '>', 'file') or die "can't create 'file'";
}

print "type 'file' to test: ";

my $file_in = <>;
my ($file, %regex, %params);
$regex{A} = qr/^(\w+)$/;

# untaint scalar ($file) - works fine
$file = $file_in;                                   # tainted
( $file ) = ( $file =~ /$regex{A}/ );               # UNTAINTED
{
    local *FH;
    open( FH, '+>', $file ) or die "$file : untaint \$file";
    close FH;
}

# untaint scalar ($temp) - works fine
%params = ();
$file = $file_in;                                   # tainted
$params{A} = $file;                                 # tainted
my $temp = $params{A};                              # tainted
( $params{A} ) = ( $temp =~ /$regex{A}/ );          # UNTAINTED
{
    local *FH;
    open( FH, '+>', $params{A} ) or die "$params{A} : untaint \$temp";
    close FH;
}

# untaint scalar hash value ($params{A}) - fails!
%params = ();
$file = $file_in;                                   # tainted
$params{A} = $file;                                 # tainted
( $params{A} ) = ( $params{A} =~ /$regex{A}/ );     # STILL TAINTED
{
    local *FH;
    open( FH, '+>', $params{A} ) or die "$params{A} : untaint \$params{A}";
    close FH;
}

##</code><code>##

$ t-taint.pl
type 'file' to test: file
Insecure dependency in open while running with -T switch at ./t-taint.pl line 46, <> line 1.

##</code><code>##

# untaint parameters
for( keys %params )
{
    ( display_message( $messages{error} ) && exit )
        unless ref($valid_params{$_}) eq 'Regexp';

    my $temp = $params{$_};            ### <--- added this variable

    if( $temp =~ /$valid_params{$_}/ ) ### <--- changed this line
    {
        $params{$_} = $1;
    }
    else
    {
        display_message( $messages{error} ) && exit;
    }
}