On Tue, Aug 20, 2002 at 07:18:23PM +1000, Bradley Baetz wrote: > On Mon, 19 Aug 2002, Tim Bunce wrote: > > > On Mon, Aug 19, 2002 at 12:26:24AM +1000, Bradley Baetz wrote: > > > Would it be possible for DBI to have a TaintInput attribute, similar to > > > its current |Taint| one, but only checking incoming data, without tainting > > > data coming from the DB? > > > > > > > > I agree with the principle. Patches welcome. (Add TaintInput and TaintOutput > > attributes and make the Taint attribute set both and return true if either is set.) > > OK, I've sort of done this. A couple of questions, though. > > a) I've reused the current DBIcf_Taint bit for TaintIn (and added a new > one for TaintOut). Is that likely to cause problems?
Nope. > (Note that |#define DBDcf_Taint (DBDcf_TaintIn | DBDcfTaintOut)| can't be > used because DBIbf_has actually means 'has any one of', not 'has all of') Yes, DBDcf_Taint needs to go. > b) Testing is a problem, because DBD::ExampleP _always_ returns tainted > results, due to the use of readdir. (I verfied this by commenting out the > lines setting Taint to 1). If I pass $f through a regexp to detaint it > in line 329 of ExampleP.pm, then the values aren't tainted. > > However, the values then never become tainted, I think because the part in > DBI.xs:XS_DBI_dispatch which would taint return values has the comment: > > /* DISABLED: just tainting fetched data in get_fbav seems ok */ > > The problem is that ExampleP's fetch method never calls get_fbav, so the > value is never tainted. If I add a call to $sth->_get_fbav() into there, > then the taint tests pass, but other tests obviously fail later. Ah. I think ExampleP predates _get_fbav. I'll mandate that all drivers must use _get_fbav (either in C or perl) to get the row buffer. So the right approach here is to use $sth->_get_fbav() and then deal with whatever knock-on effects appear. > If I reenable that part of the code, then the taint tests pass, but > selectall_hashref fails at the ->bind_col in DBI.pm because $index is > tainted; this is presumably why that was disabled. Um, not sure what that's about off-hand. Can you repost once you've switched ExampleP over to using $sth->_get_fbav()? > c) Should PurePerl really accept the Taint options if its going to ignore > them? If an app is using DBI's taint stuff for security, then I'd want DBI > to fail when trying to enable taint mode. Good point. It should understand the attributes, but die if you try to enable them. Thanks! Tim.
