Questions tagged [taint-checking]
5 questions
17
votes
1 answer
What are tainted objects, and when should we untaint them?
When do Ruby objects need to be made tainted and when should we untaint them? How does the concept of tainted object make a Ruby script run in safe mode? Can anyone elaborate on this to make the concept clear with some code snippets?
Arup Rakshit
- 109,389
- 25
- 234
- 293
4
votes
3 answers
Perl: Unexpected match variables when using ?: operator
Trying to untaint some variables in Perl, and the following code works great:
if ($year =~ /^(\d{4})$/) {
$year = $1;
} else {
&invalid("year");
}
In the above instance, $1 contains $year if valid. However, when using the ?:…
Jacob
- 49
- 1
2
votes
4 answers
How do I sanitize EDITOR, etc, environment variables?
I've got the following code, but I'm thinking that I need to sanitize the env variables, but I'm not sure how exactly I should sanitize them. I realize there's probably a limit to how much I can sanitize them, but what can I do?
#!/usr/bin/perl
use…
xenoterracide
- 13,850
- 17
- 89
- 196
2
votes
1 answer
How can my previously untainted data become tainted again?
I have a bit of a mystery here that I am not quite understanding the root cause of. I am getting an 'Insecure dependency in unlink while running with -T switch' when trying to invoke unlink from a script. That is not the mystery, as I realize that…
Epiphany
- 1,678
- 1
- 18
- 14
1
vote
2 answers
perl IO eventhandler for untainting strings
How do I create an event handler in my Perl code to intercept all File/Directory/system-based calls, so that I can untaint input in a just-in-time fashion.
I have lots of IO access in my script, and I find adding manual code for untainting…
Jeremy Gwa
- 2,065
- 7
- 23
- 31