eskwayrd has asked for the wisdom of the Perl Monks concerning the following question:
I'm using Perl v5.6.1 on a RedHat Linux 7.1 box.
Could someone please enlighten me as to why external data that is known to be tainted becomes untainted when used as a hash key?
Below is a short script to demonstrate the situation:
When executed, the following output is generated:#!/usr/bin/perl -T use strict; use warnings; # taken from Programming Perl, 3rd edition, p 561 sub is_tainted { my $arg = shift; my $nada = substr($arg, 0, 0); local $@; eval { eval "# $nada" }; return (length($@) != 0) ? 'tainted' : 'not tainted'; } my %hash = (); open FILE, $0 or die "cannot open $0: $!"; while (my $line = <FILE>) { chomp $line; warn is_tainted($line); $hash{$line} = is_tainted($line); } close FILE; foreach my $key (keys %hash) { warn is_tainted($key); }
tainted at ./taint_test.pl line 19, <FILE> line 1. tainted at ./taint_test.pl line 19, <FILE> line 2. tainted at ./taint_test.pl line 19, <FILE> line 3. tainted at ./taint_test.pl line 19, <FILE> line 4. tainted at ./taint_test.pl line 19, <FILE> line 5. tainted at ./taint_test.pl line 19, <FILE> line 6. tainted at ./taint_test.pl line 19, <FILE> line 7. tainted at ./taint_test.pl line 19, <FILE> line 8. tainted at ./taint_test.pl line 19, <FILE> line 9. tainted at ./taint_test.pl line 19, <FILE> line 10. tainted at ./taint_test.pl line 19, <FILE> line 11. tainted at ./taint_test.pl line 19, <FILE> line 12. tainted at ./taint_test.pl line 19, <FILE> line 13. tainted at ./taint_test.pl line 19, <FILE> line 14. tainted at ./taint_test.pl line 19, <FILE> line 15. tainted at ./taint_test.pl line 19, <FILE> line 16. tainted at ./taint_test.pl line 19, <FILE> line 17. tainted at ./taint_test.pl line 19, <FILE> line 18. tainted at ./taint_test.pl line 19, <FILE> line 19. tainted at ./taint_test.pl line 19, <FILE> line 20. tainted at ./taint_test.pl line 19, <FILE> line 21. tainted at ./taint_test.pl line 19, <FILE> line 22. tainted at ./taint_test.pl line 19, <FILE> line 23. tainted at ./taint_test.pl line 19, <FILE> line 24. tainted at ./taint_test.pl line 19, <FILE> line 25. tainted at ./taint_test.pl line 19, <FILE> line 26. not tainted at ./taint_test.pl line 25. not tainted at ./taint_test.pl line 25. not tainted at ./taint_test.pl line 25. not tainted at ./taint_test.pl line 25. not tainted at ./taint_test.pl line 25. not tainted at ./taint_test.pl line 25. not tainted at ./taint_test.pl line 25. not tainted at ./taint_test.pl line 25. not tainted at ./taint_test.pl line 25. not tainted at ./taint_test.pl line 25. not tainted at ./taint_test.pl line 25. not tainted at ./taint_test.pl line 25. not tainted at ./taint_test.pl line 25. not tainted at ./taint_test.pl line 25. not tainted at ./taint_test.pl line 25. not tainted at ./taint_test.pl line 25. not tainted at ./taint_test.pl line 25. not tainted at ./taint_test.pl line 25. not tainted at ./taint_test.pl line 25. not tainted at ./taint_test.pl line 25. not tainted at ./taint_test.pl line 25.
|
|---|
| Replies are listed 'Best First'. | |
|---|---|
|
Re: Unexpected de-tainting with hash keys
by sauoq (Abbot) on Jul 11, 2003 at 02:03 UTC | |
by bobn (Chaplain) on Jul 11, 2003 at 02:11 UTC | |
by TGI (Parson) on Jul 11, 2003 at 02:28 UTC | |
|
Re: Unexpected de-tainting with hash keys
by TGI (Parson) on Jul 11, 2003 at 02:24 UTC | |
by sauoq (Abbot) on Jul 11, 2003 at 02:39 UTC | |
by eskwayrd (Acolyte) on Jul 11, 2003 at 17:28 UTC | |
|
Re: Unexpected de-tainting with hash keys
by sgifford (Prior) on Jul 11, 2003 at 01:59 UTC | |
|
Re: Unexpected de-tainting with hash keys
by bobn (Chaplain) on Jul 11, 2003 at 02:13 UTC | |
by sauoq (Abbot) on Jul 11, 2003 at 02:24 UTC | |
by bobn (Chaplain) on Jul 11, 2003 at 17:51 UTC |