icon Top 9 categories map      RocketAware > Perl >

How can I tell if a variable is tainted?

Tips: Browse or Search all pages for efficient awareness of Perl functions, operators, and FAQs.


Home

Search Perl pages

Subjects

By activity
Professions, Sciences, Humanities, Business, ...

User Interface
Text-based, GUI, Audio, Video, Keyboards, Mouse, Images,...

Text Strings
Conversions, tests, processing, manipulation,...

Math
Integer, Floating point, Matrix, Statistics, Boolean, ...

Processing
Algorithms, Memory, Process control, Debugging, ...

Stored Data
Data storage, Integrity, Encryption, Compression, ...

Communications
Networks, protocols, Interprocess, Remote, Client Server, ...

Hard World
Timing, Calendar and Clock, Audio, Video, Printer, Controls...

File System
Management, Filtering, File & Directory access, Viewers, ...

    

How can I tell if a variable is tainted?

See Laundering and Detecting Tainted Data. Here's an example (which doesn't use any system calls, because the kill() is given no processes to signal): 

    sub is_tainted {
        return ! eval { join('',@_), kill 0; 1; };
    }

This is not -w clean, however. There is no -w clean way to detect taintedness - take this as a hint that you should untaint all possibly-tainted data.

Source: Perl FAQ: Perl Language Issues
Copyright: Copyright (c) 1997 Tom Christiansen and Nathan Torkington.
Next: What's a closure?

Previous: How do I create a class?


(Corrections, notes, and links courtesy of RocketAware.com)


[Overview Topics]

Up to: PERL



Rapid-Links: Search | About | Comments | Submit Path: RocketAware > Perl > perlfaq7/How_can_I_tell_if_a_variable_is_.htm
RocketAware.com is a service of Mib Software
Copyright 2000, Forrest J. Cavalier III. All Rights Reserved.
We welcome submissions and comments