...
All three lines provide different contexts for their unsanitized data, so each line requires a different type of sanitization. Applying one sanitization method to the wrong line is likely to leave the data improperly sanitizied sanitized and subject to a potential injection attack.
...
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
IDS01-PL | Medium | Probable | Medium | P8 | L2 |
Bibliography
[Birzneiks 1998] | Birznieks, Gunther, "CGI/Perl Taint Mode FAQ, Version 1.0," , June 3, 1998 |
---|---|
[CPAN] | Bunce, Tim, DBI |
[CPAN] | Stosberg, Mark, CGI |
[Lester 2006] | Lester, Andy. , "Perl's taint mode to the rescue," O'Reilly OULamp.com. Friday , November 17, 2006 1:51PM |
[Schwartz 2000] | Schwartz, Randal L, "Taint checking made simple," Unix Review Column 33 (Aug 2000), Stonehenge, the Perl Review |
[Stack 2010] | StackOverflow "Is Perl's taint mode useful?" Feb 9, 2010. |
[Wall 2011] | perlsec |
...