https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7726
Bug ID: 7726
Summary: [review] Enable taint for all tests
Product: Spamassassin
Version: 3.4.2
Hardware: All
OS: All
Status: NEW
Severity: major
Priority: P2
Component: Regression Tests
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: Undefined
Created attachment 5662
--> https://bz.apache.org/SpamAssassin/attachment.cgi?id=5662&action=edit
Enable taint for all tests (patch)
As was already seen with Bug 7725, tests that use Mail::SpamAssassin object
directly instead of sarun(), must have taint enabled to catch any tainting
bugs.
Doesn't make sense to enable selectively, people will just forget later for new
tests.
Following changes made and tested, work fine here for multiple Perl versions:
- New simple untaint_var untaint_system untaint_cmd functions in SATest.pm
- system($foo) -> untaint_system($foo)
- `$foo` -> untaint_cmd($foo)
- Add -T to all t/* #!shebangs
See attached patch, lots of files but trivial changes. I vote +1 commit to
3.4.3 to have a chance to catch any other taint bugs there.
--
You are receiving this mail because:
You are the assignee for the bug.
