| Subject: | Taint issues when using relative paths for base_dir |
Hi Bruno,
After spending several hours tracking down the cause of a mysterious taint error, I wanted to make a note of the root cause and suggest some options. Because Petal needs to have absolute paths, if a user sends in a relative path, the engine will call the _process_absolutize_pathes() method in order to get absolute paths at the beginning of the process.
I'm guessing that because rel2abs has to look to the environment to determine the absolute path, Perl is marking the updated base_dir values as tainted. Of course, this was driving me nuts as I was sending in untainted values and the taint error was very non-specific. All's well now, as I'm using rel2abs in my script to set the base_dir and untaint it before sending it to Petal.
Now, for the next time this happens to me or someone else, it'd be helpful if the error message could give a bit more pinpoint info as to where the error was occurring. There's a couple things I can think of:
1) wrap an eval around the call to _process_absolutize_pathes in the process() method; output a friendly msg if it dies; drawback here is that I'm not sure if this is where I get the taint warning or if it's later into the code
2) check for taint => 1; if it's set, require Scalar::Util and load tainted; check the taintedness of the base_dir after the rel2abs modification; actually, we could probably even skip that check and just throw a warning that the base_dir is probably insecure if it got updated by rel2abs and suggest the course of action I took above
I'd be glad to submit a patch for either of these solutions. Let me know what you think.
Thanks,
William