Re: Taint tracing a single variable?

I would suggest adding more validation of the expected inputs and removing unexpected inputs.

You might still consider trying to use taint. Seeing what breaks could help you find some of the vulnerabilities in the program.

Also, there is the tainted function which you can use yourself. Any place in the code where potentially malicious data could be a problem, the tainted function can be used to help detect unsanitized input.

However, it would really be better to add more validation to the programming so that all of the inputs are either properly validated or removed.

If all else fails, you could "wrap" the program with a "sanitizing proxy" that cleans up the inputs then forwards the cleaned CGI request to your legacy CGI.

Comment on Re: Taint tracing a single variable? Select or Download Code

Replies are listed 'Best First'.
Re^2: Taint tracing a single variable? by PFudd (Initiate) on May 21, 2014 at 18:03 UTC
I've decided to bite the bullet and just taint-check the whole thing. Once the CGI params have been detainted properly, then I can add a manual taint to the X-Forwarded-For value and see what tainted() will show, closer to the DBI calls. Does DBI do taint checking on its own? Thanks!	[reply]
Re^3: Taint tracing a single variable? by RonW (Parson) on May 21, 2014 at 21:35 UTC
I would be surprised if DBI had taint checking built in. But I've never actually tried to test that.	[reply]