Here's a test to make sure that the data contains nothing
but "word" characters (alphabetics, numerics, and under-
scores), a hyphen, an at sign, or a dot.
if ($data =~ /^([-\@\w.]+)$/) {
$data = $1; # $data now untainted
} else {
die "Bad data in $data"; # log this somewhere
}
####
#!/usr/bin/perl -wT
package Parent;
1;
package Child;
@ISA = qw(Parent);
1;
package main;
%ENV = ();
use strict;
our $isa;
$|++;
print "Type in something: ";
$isa = ;
$isa = "/bin/ls";
print "(qx) ", (eval { qx($isa); 1 } ? "Untainted" : "Tainted"), "\n";
$isa = "Child";
print "(isa) ", ($isa->isa("Parent") ? "Untainted" : "Tainted"), "\n";
####
Type in something: blah
(qx) Untainted
(isa) Tainted