I'm using Perl v5.6.1 on a RedHat Linux 7.1 box.
Could someone please enlighten me as to why external data that is known to be tainted becomes untainted when used as a hash key?
Below is a short script to demonstrate the situation:
When executed, the following output is generated:#!/usr/bin/perl -T use strict; use warnings; # taken from Programming Perl, 3rd edition, p 561 sub is_tainted { my $arg = shift; my $nada = substr($arg, 0, 0); local $@; eval { eval "# $nada" }; return (length($@) != 0) ? 'tainted' : 'not tainted'; } my %hash = (); open FILE, $0 or die "cannot open $0: $!"; while (my $line = <FILE>) { chomp $line; warn is_tainted($line); $hash{$line} = is_tainted($line); } close FILE; foreach my $key (keys %hash) { warn is_tainted($key); }
tainted at ./taint_test.pl line 19, <FILE> line 1. tainted at ./taint_test.pl line 19, <FILE> line 2. tainted at ./taint_test.pl line 19, <FILE> line 3. tainted at ./taint_test.pl line 19, <FILE> line 4. tainted at ./taint_test.pl line 19, <FILE> line 5. tainted at ./taint_test.pl line 19, <FILE> line 6. tainted at ./taint_test.pl line 19, <FILE> line 7. tainted at ./taint_test.pl line 19, <FILE> line 8. tainted at ./taint_test.pl line 19, <FILE> line 9. tainted at ./taint_test.pl line 19, <FILE> line 10. tainted at ./taint_test.pl line 19, <FILE> line 11. tainted at ./taint_test.pl line 19, <FILE> line 12. tainted at ./taint_test.pl line 19, <FILE> line 13. tainted at ./taint_test.pl line 19, <FILE> line 14. tainted at ./taint_test.pl line 19, <FILE> line 15. tainted at ./taint_test.pl line 19, <FILE> line 16. tainted at ./taint_test.pl line 19, <FILE> line 17. tainted at ./taint_test.pl line 19, <FILE> line 18. tainted at ./taint_test.pl line 19, <FILE> line 19. tainted at ./taint_test.pl line 19, <FILE> line 20. tainted at ./taint_test.pl line 19, <FILE> line 21. tainted at ./taint_test.pl line 19, <FILE> line 22. tainted at ./taint_test.pl line 19, <FILE> line 23. tainted at ./taint_test.pl line 19, <FILE> line 24. tainted at ./taint_test.pl line 19, <FILE> line 25. tainted at ./taint_test.pl line 19, <FILE> line 26. not tainted at ./taint_test.pl line 25. not tainted at ./taint_test.pl line 25. not tainted at ./taint_test.pl line 25. not tainted at ./taint_test.pl line 25. not tainted at ./taint_test.pl line 25. not tainted at ./taint_test.pl line 25. not tainted at ./taint_test.pl line 25. not tainted at ./taint_test.pl line 25. not tainted at ./taint_test.pl line 25. not tainted at ./taint_test.pl line 25. not tainted at ./taint_test.pl line 25. not tainted at ./taint_test.pl line 25. not tainted at ./taint_test.pl line 25. not tainted at ./taint_test.pl line 25. not tainted at ./taint_test.pl line 25. not tainted at ./taint_test.pl line 25. not tainted at ./taint_test.pl line 25. not tainted at ./taint_test.pl line 25. not tainted at ./taint_test.pl line 25. not tainted at ./taint_test.pl line 25. not tainted at ./taint_test.pl line 25.
In reply to Unexpected de-tainting with hash keys by eskwayrd
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |