Does an open(FILE, '<', $csvfile) works right before a CUD-operation?
If not, move this open()-call step by step to the top of Your script to catch the point where the tainted data enters.
BTW: if Your filename is composed from tainted bits it is tained too. greetings Robert -- Am 25.03.2011 10:04, schrieb Karl Oakes:
I am trying to perform SQL create update and delete (CUD) operations using DBD-CSV with taint mode and I am getting the following: Execution ERROR: Insecure dependency in open while running with -T switch at C:/Perl/lib/IO/File.pm line 185. I have untainted all the inputs and it looks like it not happy with the filename, which is not user inputted and therefore not tainted. File.pm is used by the CSV module and therefore I think File.pm is seeing the input parameters to its open method from the DBD-CSV module as tainted. This only happens when I try to perform SQL CUD operations as DBD-CSV / DBI will change the file mode flag to write on the File::open call. In taint mode, a file open with write mode flag will fail, any suggestions.
