G'day everyone,
This week I'm spending an awful lot of time thinking about Perl Security in
preparation for a tutorial I'm giving at OSCON. One thing that repeatedly
comes up is that it's very easy for modules to accidentally untaint data.
That can be very bad, since it means that data from a completely untrusted
source (like a webpage) can end up being marked as clean, and that weakens
the protections that taint mode offers.
I make this mistake when writing modules all the time. I shouldn't, because
it's so easy to fix. We can use the 're' pragma to prevent accident
untainting of data:
use re 'taint'; # Regexps no longer untaint data.
In code that's running without taint checks enabled, this is a no-op. In
code that *does* use taint checks, this means we need to be explicit about
what regexps are actually laundering data (no re 'taint') and which are
merely using regexps for data extraction (everything else).
As such, I'd like to propose a new (optional) kwalitee metric. Like using
strict and warnings, modules should "use re 'taint'" at the top of the code
as well. Even modules that exist to untaint data *should* be doing this, as
it means that regexps that do the untainting are more clearly marked. For
modules that don't mean to be doing untainting, this is an extra safeguard
to make sure they don't.
So:
* Does anyone think this is a bad idea?
* Is there someplace this should be going besides from CPANTS?
It's definitely a common mistake that module authors can
easily fix.
* What's the procedure of getting this added to the CPANTS list
of kwalitee metrics?
Many thanks,
Paul
--
Paul Fenwick <[EMAIL PROTECTED]> | http://perltraining.com.au/
Director of Training | Ph: +61 3 9354 6001
Perl Training Australia | Fax: +61 3 9354 2681
