NAME

Test::Taint - Check for (un)taintedness

VERSION

Version 0.01

$Header: /home/cvs/test-taint/Taint.pm,v 1.7 2004/02/04 06:35:21 andy Exp $

SYNOPSIS

taint_checking_ok();        # We have to have taint checking on
my $id = "deadbeef";        # Dummy session ID
taint( $id );               # Simulate it coming in from the web
tainted_ok( $id );
$id = validate_id( $id );   # Your routine to check the $id
untainted_ok( $id );        # Did it come back clean?
ok( defined $id );

DESCRIPTION

Tainted data is data that comes from an unsafe source, such as the command line, or, in the case of web apps, any GET or POST transactions. Read the perlsec man page for details on why tainted data is bad, and how to untaint the data.

When you're writing unit tests for code that deals with tainted data, you'll want to have a way to provide tainted data for your routines to handle, and easy ways to check and report on the taintedness of your data, in standard Test::More style.

`Test::More`-style Functions

All the xxx_ok() functions work like standard Test::More-style functions, where the last parm is an optional message, it outputs ok or not ok, and returns a boolean telling if the test passed.

taint_checking_ok( [$message] )

Test::More-style test that taint checking is on. This should probably be the first thing in any *.t file that deals with taintedness.

tainted_ok( $var [, $message ] )

Checks that $var is tainted.

tainted_ok( $ENV{FOO} );

untainted_ok( $var [, $message ] )

Checks that $var is not tainted.

my $foo = my_validate( $ENV{FOO} );
untainted_ok( $foo );

Helper Functions

These are all helper functions. Most are wrapped by an xxx_ok() counterpart, except for taint which actually does something, instead of just reporting it.

taint_checking()

Returns true if taint checking is enabled via the -T flag.

tainted( $var )

Returns boolean saying if $var is tainted.

taint( @list )

Marks each (apparently) taintable argument in @list as being tainted. (References and undef are never taintable and are left unchanged. Some tied and magical variables may fail to be tainted by this routine, try as it may.)

AUTHOR

Written by Andy Lester, <andy@petdance.com>.

COPYRIGHT

You may use, modify, and distribute this package under the same terms as Perl itself.

To install Test::Taint, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Test::Taint

CPAN shell

perl -MCPAN -e shell
install Test::Taint

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)