...
Data | Rule |
|---|---|
Filenames that are open only for reading | FIO01-PL. Do not operate on files that can be modified by untrusted users |
Numbers that are used as an array index | IDS32-PL. Validate any integer that is used as an array index |
Strings printed to standard output | IDS33-PL. Sanitize untrusted data passed across a trust boundary |
| Wiki Markup |
|---|
Taint mode also provides a handful of mechanisms to produce untainted data from tainted data. The preferred means of sanitizing tainted data is to use a regex: |
...
| Code Block |
|---|
{code:lang=perl}} my $tainted = # initialized my $regex = # data is sanitary if it satisfies this $tainted_data =~ m{($regex)}; my $sanitized_data = $1; {code} In this case, the sanitized data may have the same value as the tainted data, but data harvested from a regex match is always considered to be untainted. It is up to the programmer to ensure that the regex will only match sanitary data. |
...
There are other ways to sanitize tainted data. For instance, hash keys cannot be tainted, so using tainted data as the key to a hash will sanitize it. Perl will also not stop tainted data from being sent to a subroutine or method referenced by a variable, as in: |
...
| Code Block |
|---|
{code:lang=perl}} $obj->$method(@args); {code} or |
...
| Code Block |
|---|
{code:lang=perl}} $foo->(@args); {code} |
The specific issue of what data is tainted depends on the execution environment. For example, data read from a database may or may not be considered tainted. Perl's DBI module provides an optional TaintOut attribute. If set, then any data retrieved from a database will be considered tainted.
...