1Taint(3)              User Contributed Perl Documentation             Taint(3)
2
3
4

NAME

6       Test::Taint - Tools to test taintedness
7

VERSION

9       Version 1.04
10
11           $Header: /home/cvs/test-taint/Taint.pm,v 1.16 2004/08/10 03:06:57 andy Exp $
12

SYNOPSIS

14           taint_checking_ok();        # We have to have taint checking on
15           my $id = "deadbeef";        # Dummy session ID
16           taint( $id );               # Simulate it coming in from the web
17           tainted_ok( $id );
18           $id = validate_id( $id );   # Your routine to check the $id
19           untainted_ok( $id );        # Did it come back clean?
20           ok( defined $id );
21

DESCRIPTION

23       Tainted data is data that comes from an unsafe source, such as the
24       command line, or, in the case of web apps, any GET or POST
25       transactions.  Read the perlsec man page for details on why tainted
26       data is bad, and how to untaint the data.
27
28       When you're writing unit tests for code that deals with tainted data,
29       you'll want to have a way to provide tainted data for your routines to
30       handle, and easy ways to check and report on the taintedness of your
31       data, in standard Test::More style.
32

"Test::More"-style Functions

34       All the "xxx_ok()" functions work like standard "Test::More"-style
35       functions, where the last parm is an optional message, it outputs ok or
36       not ok, and returns a boolean telling if the test passed.
37
38   taint_checking_ok( [$message] )
39       Test::More-style test that taint checking is on.  This should probably
40       be the first thing in any *.t file that deals with taintedness.
41
42   tainted_ok( $var [, $message ] )
43       Checks that $var is tainted.
44
45           tainted_ok( $ENV{FOO} );
46
47   untainted_ok( $var [, $message ] )
48       Checks that $var is not tainted.
49
50           my $foo = my_validate( $ENV{FOO} );
51           untainted_ok( $foo );
52
53   tainted_ok_deeply( $var [, $message ] )
54       Checks that $var is tainted.  If $var is a reference, it recursively
55       checks every variable to make sure they are all tainted.
56
57           tainted_ok_deeply( \%ENV );
58
59   untainted_ok_deeply( $var [, $message ] )
60       Checks that $var is not tainted.  If $var is a reference, it
61       recursively checks every variable to make sure they are all not
62       tainted.
63
64           my %env = my_validate( \%ENV );
65           untainted_ok_deeply( \%env );
66

Helper Functions

68       These are all helper functions.  Most are wrapped by an "xxx_ok()"
69       counterpart, except for "taint" which actually does something, instead
70       of just reporting it.
71
72   taint_checking()
73       Returns true if taint checking is enabled via the -T flag.
74
75   tainted( $var )
76       Returns boolean saying if $var is tainted.
77
78   tainted_deeply( $var )
79       Returns boolean saying if $var is tainted.  If $var is a reference it
80       recursively checks every variable to make sure they are all tainted.
81
82   taint( @list )
83       Marks each (apparently) taintable argument in @list as being tainted.
84
85       References can be tainted like any other scalar, but it doesn't make
86       sense to, so they will not be tainted by this function.
87
88       Some "tie"d and magical variables may fail to be tainted by this
89       routine, try as it may.)
90
91   taint_deeply( @list )
92       Similar to "taint", except that if any elements in @list are
93       references, it walks deeply into the data structure and marks each
94       taintable argument as being tainted.
95
96       If any variables are "tie"d this will taint all the scalars within the
97       tied object.
98

AUTHOR

100       Written by Andy Lester, "<andy@petdance.com>".
101
103       Copyright 2004, Andy Lester, All Rights Reserved.
104
105       You may use, modify, and distribute this package under the same terms
106       as Perl itself.
107
108
109
110perl v5.12.0                      2004-08-10                          Taint(3)
Impressum