Re^2: use re 'taint' with s/// operator

The idea of use 're' 'taint';, is to allow you to break up a tainted string into smaller pieces that will subsequently require being untainted separately. It allows the process of validation to be done safely in separate chunks.

Really? In Perl land, there isn't such a thing as "untainting". Short of some XS code removing the flag, once a value is tainted, it remains tainted. "Untainting" variables just means assigning an untainted value to it.

use re 'taint'; just makes sure that regexp derived values ($1, etc) are tainted as well.

It doesn't make much sense to replace bits of a tainted string with other bits and continue to consider it tainted.

I think it makes a lot of sense. If I replace bits of a tainted string, there are still bits that are tainted. Why shouldn't it still be tainted? After all, if I replace part of a tainted string with with substr, the result is still tainted.

Note that if one does

    $var =~ s/(.*)/$1/;
[download]

the taintedness of $var does not change, regardless whether use re 'taint'; is in effect or not. And so it should.

Comment on Re^2: use re 'taint' with s/// operator Select or Download Code

Replies are listed 'Best First'.
Re^3: use re 'taint' with s/// operator by BrowserUk (Patriarch) on Nov 19, 2010 at 17:02 UTC
there isn't such a thing as "untainting". Really? "Untainting" variables just means assigning an untainted value to it. There you go, you just defined it. Hint. It's the value that tainted, not the variable.	[reply]
Re^4: use re 'taint' with s/// operator by JavaFan (Canon) on Nov 19, 2010 at 19:08 UTC
"Untainting" variables just means assigning an untainted value to it. Hint. It's the value that tainted, not the variable. Hint. If I write untainted value, I know.	[reply]
Re^5: use re 'taint' with s/// operator by BrowserUk (Patriarch) on Nov 19, 2010 at 19:20 UTC
"Untainting" variables just means assigning an untainted value to it. Hint. It's the value that tainted, not the variable. Hint. If I write untainted value, I know. Hint: Look back. You'll see that you were the first & only one to mention "Untainting" variables. As for your "Really? In Perl land, there isn't such a thing as "untainting"., I guess you'd best re-read perlsec: The lesson is that when untainting, you must be exceedingly careful with your patterns. Laundering data using regular expression is the only mechanism for untainting dirty data, ... Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error. "Science is about questioning the status quo. Questioning authority". In the absence of evidence, opinion is indistinguishable from prejudice. RIP an inspiration; A true Folk's Guy	[reply]
Re^6: use re 'taint' with s/// operator by JavaFan (Canon) on Nov 19, 2010 at 21:29 UTC
Re^7: use re 'taint' with s/// operator by BrowserUk (Patriarch) on Nov 19, 2010 at 21:43 UTC
Some notes below your chosen depth have not been shown here