testing script execs without taint mode on (-T)

bliako has asked for the wisdom of the Perl Monks concerning the following question:

Hi there Monkees,

Are test scripts without taint mode on generally a bad practice when part of a CPAN distribution?

I need to test an executable script and have resorted to Test::Script, like this:

#!perl -T
use 5.008;
use strict;
use warnings;
use Test::More;
use Test::Script;
my $num_tests = 0;
my $infile = "abc.pl";
ok(-f $infile, "test file exists ($infile)."); $num_tests++;
ok(-s $infile, "test file has content ($infile)."); $num_tests++;
script_compiles($infile); $num_tests++;
script_runs([$infile, '-i', $infile]); $num_tests++;
script_stderr_is('', "stderr checked."); $num_tests++;

done_testing($num_tests);
[download]

The above fails for script_compiles because of Insecure dependency in open while running with -T switch at /usr/local/share/perl5/Test/Script.pm line 137

Can I remove the taint mode? I would prefer not to, is there an alternative? Or have I got script testing wrong?

Edit: fixed some errors in a var name in the script pointed out by Anonymous Monk

bw, bliako

Comment on testing script execs without taint mode on (-T) Select or Download Code

Replies are listed 'Best First'.
Re: testing script execs without taint mode on (-T) by Anonymous Monk on Apr 18, 2020 at 15:47 UTC
I can not think of why taint mode would be needed in general for published Perl module tests. A spot check of a couple authors I find credible found one who did use taint mode (Andy Lester), and one who did not (Karen Etheridge). Your script as posted fails to compile. Replacing `$ascriptname` with `$infile` fixes this and produces your error given a non-empty `abc.pl` My suggestion is that, rather than appealing to "general practice" you determine whether you actually need taint mode. The taint mode section of perlsec is a good start. If you find that you must use taint mode, my strong suspicion is that you will have to abandon Test::Script. On my system, the taint appears to come from a call that `script_compiles()` makes to `File::Spec->rel2abs()`, which calls `Cwd::getcwd()`, whose output is and must be tainted.	[reply] [d/l] [select]
Re^2: testing script execs without taint mode on (-T) by bliako (Abbot) on Apr 18, 2020 at 16:18 UTC
Hm, I thought it as standard, since module-starter adds that to the shebang of each test file. Thanks for the advice, I will skip the taint mode on testing whether script executables compile and run. I will keep it on for testing the module itself just to be able to know where such taints occur and warn the user about.	[reply]
Re: testing script execs without taint mode on (-T) by jcb (Parson) on Apr 19, 2020 at 03:47 UTC
The tests packaged in WARC are run without taint mode during installation testing, but in development I use `prove -l && prove -Tl` to run the tests both without and with taint checks. I assume that perl runs slightly faster with tainting off, and establishing that the code works for the "lower bar" helps to isolate bugs related to taint checking. So far, my test scripts have only needed a few "untaint" modifications — and those have been exactly the places where code using my library needs to not supply tainted input. I believe the anonymous monk is right — I was going to ask you to run the tests under the debugger to get a full backtrace for the error, but it seems that `Test::Script` is simply incompatible with Perl's taint mode. I would suggest looking into using IPC::Run3 to check the script's syntax using `perl -c` (or `perl -Tc` to do the check with tainting enforced), and then to run the script and capture stderr.	[reply] [d/l]