in reply to Re^2: Own modules and tainted mode
in thread Own modules and tainted mode

Suspected $0 to be tainted, so untainted it the quick way 

$0 =~ /([\.\/\w]+)/;

[download]
and used $1 instead of $0... did not do the trick.

I could indeed use an absolute path in the use lib.... but that would make it less portable... it would only work for that location

Replies are listed 'Best First'.
Re^4: Own modules and tainted mode
by haj (Vicar) on May 28, 2018 at 14:51 UTC

    The return values from Cwd functions, in your case abs_path, are tainted. Compare:

    perl -MScalar::Util=tainted -MCwd=abs_path -T -e '$0 =~ /([\.\/\w]+)/; print "tainted!\n" if tainted($1)'
    perl -MScalar::Util=tainted -MCwd=abs_path -T -e '$0 =~ /([\.\/\w]+)/; print "tainted!\n" if tainted(abs_path $1)'

    BTW: I find it scary to use taint mode and then allow relative include paths... YMMV.

[reply]
[d/l]
[select]
Re^4: Own modules and tainted mode
by shmem (Chancellor) on May 28, 2018 at 22:53 UTC
    I could indeed use an absolute path in the use lib.... but that would make it less portable... it would only work for that location

    If you want your package to be relocatable, use FindBin. Untaint $FindBin::Bin by applying a capturing match in a BEGIN block, and use the result as argument to use lib; - e.g. 

    #!/usr/bin/perl -T
# file taint.pl
use FindBin;
BEGIN { $FindBin::Bin =~ /^([\w\/\.]+)$/ and $FindBin::Bin = $1 }
use lib "$FindBin::Bin/tmp";
use Qwargl qw(blorgh);
blorgh();

    [download]
    # file tmp/Qwargl.pm
package Qwargl;
use 5.10.0;
require Exporter;
@ISA = qw(Exporter);
our @EXPORT_OK = qw(blorgh);
sub blorgh {
    say "strzdiwuddz!";
}
"yecch";

    [download]

    Adapt the pattern in the BEGIN block to fit your needs.

    perl -le'print map{pack c,($-++?1:13)+ord}split//,ESEL'
[reply]
[d/l]
[select]

In Section Seekers of Perl Wisdom