"Leon Timmermans via RT" <bug-File-Map@rt.cpan.org> writes:
Show quoted text>
> It seems simple enough to fix, but I'm rather lacking time
> right now.
I tried tainting the target scalar before mmapping into it and that
worked, but tainting afterwards didn't. Dunno what that means.
The only thing maybe needing might be to ensure an mmap of an empty file
is tainted too. A read() of zero bytes taints its output, presumably on
the basis that the absence of content from a file affects a program's
output the same as actual bytes from it -- the usual most-conservative
view of tainting ...
Show quoted text> tests?
If it helps, in my code I've tried to have Taint::Util tainted() say the
same thing on a file read() as on data coming out of my manipulations,
skipping the tests if that module not available, so vaguely
eval { require Taint::Util; 1 }
or plan skip_all => "due to Taint::Util not available -- $@";
my $want_taint;
{
open my $fh, '<', $filename or die "Oops, cannot open $filename";
my $bytes;
read($fh, $bytes, 1) or die "Oops, cannot read $filename";
close $fh or die "Oops, error closing $filename";
$want_taint = Taint::Util::tainted($bytes);
}
my $entry = $it->next;
my $got_taint = Taint::Util::tainted($entry);
is ($got_taint, $want_taint, "tainted() on ...");
which might be adapted to say that after map_file or map_handle the
taintedness of the mapped scalar should be the same as the $want_taint.
I think tests have to be exercised as
HARNESS_PERL_SWITCHES="-T" make test
since the -T has to be on the actual command line.
