On Tue, Jun 24, 2008 at 07:08:00PM +1000, Paul Fenwick wrote:
> As the user of a module, it's possible for me to pass in tainted data. The
> module doesn't know from where it's been sourced. However, unless the
> *intent* of the module is to untaint this data, anything derived from that
> data should probably remain tainted.
If you care about tainting, then I suggest that it's up to you to make
sure that your data doesn't get accidentally untainted. The best way to
do this is to check it as early as possible and either untaint it
yourself or reject it.
> Yes, taint mode isn't an iron-clad guarantee of security, and if you don't
> trust a module, don't use it. However taint mode can be a useful safety
> net, and for me it would be nice if more people were aware of it and how it
> interacts with their code.
If you've turned taint-mode on in your code, then you're aware of what
it means and how it works, and certainly *should* be aware of how other
peoples' code might interact with that. If you really want my code to
be taint-safe, then I would be delighted to accept a patch with tests,
and maybe even to give you a commit bit and make you a co-maintainer.
But I won't just accept blindly adding 'use re qw(taint)'.
> As a
> completely off-the-bat suggestion that could be controlled by META.yml:
>
> cpants:
> disable:
> - has_test_pod_coverage
> - uses_no_re_taint
> - valid_gpg_siganture
>
> enable:
> - included_in_slackware
> - won_poetry_competition
> - includes_Tolkein_quote
Put it in a seperate file if you're going to have it at all, so that it
doesn't get overwritten by $release_tool_of_the_month. And make
it really easy to disable whole swathes of tests without having to type
all their names. In particular, I don't want to disable
"includes tolkien quote" and "won poetry competition" today, only to
have to add "has funny true value at end of file of module" tomorrow.
--
David Cantrell | Nth greatest programmer in the world
Immigration: making Britain great since AD43
