You have code written without concern for security. The main body of this code operates freely on input, including using regexes. The code must now be re-written to take security into account. Given the nature of the code that I infer from your description, there is no way to avoid a major re-write of some kind.

Your inference is wrong ;-). Although I have never had to worry about security up to now (I mostly work on proof of concept research demos), I do think a lot about design and modularity (obssessively so if you ask my colleagues ;-)).

In this particular case, all CGI pages generated by my app are implemented as Perl classes that all derive from a common root class. This root class creates a CGI object and stores it in an an attribute $self->{_cgi}, and all the subclass use it to acquire user inputs (or at least, they are supposed to do it that way).

So it would be fairly easy for me to do what you suggest, by adding a central sanitation of all cgi inputs in that root class (see the end of this page for how I plan to do this: http://www.perlmonks.org/?node_id=1002107).

This will go a long way towards ensuring that all CGI inputs are being sanitized. But it still possible for me or one of my colleagues to forgetting to use the $self->{_cgi} attribute and instead creating a new CGI object inside one of the classes or methods that needs access to the user inputs. In fact, I do know that this has happened to me at least once this year.

So I will still put taint mode on, but as I pointed out here: http://www.perlmonks.org/?node_id=1002207, this still won't catch instances where the method that bypasses $self->{_cgi} writes to STDOUT, or cases where it ends up creating a tainted variable that gets inadvertantly untained by someone else down the road (possibly in a third party library).

Yet, it COULD be avoided if taint mode was less lenient, as I suggest in the middle of this page. http://www.perlmonks.org/?node_id=1002107.

As several people have pointed out, this is not likely to happen anytime soon. So I guess I will just have to be content with me and my colleagues being extra careful to always acquire user input through the root class' $self->{_cgi} argument.

In reply to Re^6: Taint mode limitations by Anonymous Monk
in thread Taint mode limitations by alain_desilets

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.