I'm developing a database interface that will be used by other developers in my office. As part of our 'best practices' policies, we strongly discourage using unvalidated data in database searches. To help enforce this policy, I've got the database query parser spitting out a warning if the query is tainted, or if taint mode is disabled. After searching the net for a while, I haven't found any better way of checking to see if an expression is tainted other than the code in the 'perlsec' man page: 
sub is_tainted {
 return ! eval { eval("#" . substr(join("", @_), 0, 0)); 1 };
}

[download]
And for checking whether taint mode is enabled at all, I've been using this ugly code that passes what should theoretically be always tainted: 
  $taintModeEnabled = &is_tainted( +(getpwuid(0))[1] );

[download]
But now I've run into problems. getpwuid() works great on UNIX systems, but in ActiveState Perl on Windows, it breaks. So my questions are:
  1. Is there a better way to check for taintedness of a variable, say with a CPAN module (or some internal Perl thing I can check if I create my own XS module)?
  2. Is there a better way to check if Taint mode is enabled at all? In my dusty Perl reference, I see there's $^W which tells you if Warnings are enabled, but nothing for Taint.
  3. Is there some source of data that should *always* be tainted, on both Windows & UNIX systems? %ENV isn't necessarily going to be tainted since you can clean it by setting it. <STDIN> is hard to check if there isn't any, etc..
Insert some joke with vaguely sexual innuendo about checking taints here

Thanks!

In reply to Checking to see if Taint mode is enabled by saintly

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.