go ahead... be a heretic | |
PerlMonks |
Naughty match variables in CPAN?by tall_man (Parson) |
on Jul 22, 2003 at 00:15 UTC ( [id://276549]=perlquestion: print w/replies, xml ) | Need Help?? |
tall_man has asked for the wisdom of the Perl Monks concerning the following question:
A co-worker recently added some modules to a large perl program that
used $&, $' and $` (a.k.a. the "naughty match variables"). I know these
add a large performance penalty for all regular expressions in the
program, so I removed all the uses. Then I tried all three of the
methods in Mastering Regular Expressions, second
edition, p. 358, "How to Check Whether Your Code is Tainted by $&".
Only the last method on that page works for perl 5.8.0. The "-Mre=debug" does not show either 'Enabling $`, $&, $' support' or 'Omitting $`, $&, $' support' any more. The Devel::SawAmpersand doesn't work either. It gives false positives on trivial programs that don't have the "naughty match variables". Here is the subroutine that actually worked:
It makes me wonder how many other CPAN modules are tainted with "naughty match variables". Another way to get tainted is to do: Has anyone else noticed this problem? Should there be a general check for "naughty match variables" for code submitted to CPAN?
Back to
Seekers of Perl Wisdom
|
|