Skip Menu |

This queue is for tickets about the Module-Runtime CPAN distribution.

Report information
The Basics
Id: 102152
Status: resolved
Priority: 0/
Queue: Module-Runtime
People
Owner: Nobody in particular
Requestors: jraspass [...] gmail.com
Cc: ether [...] cpan.org
AdminCc:
Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)

History Show all quoted text
  Mon Feb 16 07:51:58 2015 jraspass [...] gmail.com - Ticket created
Subject: Tests fail under perl compiled with -DSILENT_NO_TAINT_SUPPORT
t/taint.t assume that perl -T will turn on tainting, tainting is an optional feature of Perl, so it should be tested for. The attached patch skips all the tests in this file if Config says that the Perl was compiled with no taint support.
Subject: 0001-skip-taint.t-if-no-taint-support.patch
From 1624ff54c0d81b107fd786b521b3882405d7e635 Mon Sep 17 00:00:00 2001 From: James Raspass <jraspass@gmail.com> Date: Mon, 16 Feb 2015 12:50:28 +0000 Subject: [PATCH] skip taint.t if no taint support --- t/taint.t | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/t/taint.t b/t/taint.t index fd6e44c..75858c1 100644 --- a/t/taint.t +++ b/t/taint.t @@ -4,7 +4,9 @@ use warnings; use strict; -use Test::More tests => 5; +use Config; +use Test::More $Config{cppflags} =~ /-DSILENT_NO_TAINT_SUPPORT/ + ? ( skip_all => 'No taint support' ) : ( tests => 5 ); BEGIN { use_ok "Module::Runtime", -- 2.3.0
  Thu Mar 26 19:33:20 2015 ether [...] cpan.org - Cc ETHER added
  Sat Jul 22 01:08:47 2017 zefram [...] fysh.org - Correspondence added
Subject: Re: [rt.cpan.org #102152] Tests fail under perl compiled with -DSILENT_NO_TAINT_SUPPORT
Date: Sat, 22 Jul 2017 06:08:30 +0100
To: James Raspass via RT <bug-Module-Runtime [...] rt.cpan.org>
From: Zefram <zefram [...] fysh.org>
James Raspass via RT wrote: Show quoted text
>tainting is an optional feature of Perl,
Not really. The core's tests fail with either -DNO_TAINT_SUPPORT or -DSILENT_NO_TAINT_SUPPORT. These are not supported configurations. Tainting may become an optional feature in the future, and I'll be happy to see that, but what is available today is only the beginning of that optionality. With respect to testing of CPAN modules under these configurations, currently with -DNO_TAINT_SUPPORT (the saner of the two no-taint arrangements) any tainting test fails immediately when the -T option is processed, with no opportunity for the test script to say that it should be skipped. For no-tainting to be a supported build option there'll have to be a mechanism for test scripts to say what should be done with them in that case (either skip or run without taint). It's impossible for module authors now to anticipate that mechanism, so it's not possible to preemptively support that build option. It is therefore not possible to preemptively support the no-taint builds that we can anticipate existing in the future when that's a supported core option. There is some chance of module tests supporting the much more dubious -DSILENT_NO_TAINT_SUPPORT, as you've requested, under the current arrangement that -T test scripts get run regardless of taint support. I'm willing to add such support if it's not too ugly. The mechanism that you suggest for detecting a no-taint build, of a substring search in cppflags, is too ugly for this purpose. It's not a proper indicator of taint support, and is liable to produce the wrong answer. However, I've come up with a mechanism with which I'm satisfied: an empirical check of whether insecure usage of a tainted input is prevented. It'll be in the next release. -zefram
  Sat Jul 22 01:08:48 2017 The RT System itself - Status changed from 'new' to 'open'
  Tue Oct 17 16:30:26 2017 ZEFRAM [...] cpan.org - Correspondence added
The change that I described is in Module-Runtime-0.016, just uploaded to CPAN.
  Tue Oct 17 16:30:28 2017 ZEFRAM [...] cpan.org - Status changed from 'open' to 'resolved'