Rob,
Here is the full patch. It's basically all minor untainting stuff
except for the first chunk that enables UNTAINT magically under the
test suite.
Patrick
========8<==========
diff -u -r ../Inline-0.45/Inline.pm ./Inline.pm
--- ../Inline-0.45/Inline.pm 2008-11-21 04:37:07.000000000 -0500
+++ ./Inline.pm 2009-07-02 12:42:11.000000000 -0400
@@ -395,6 +395,22 @@
#==============================================================================
sub fold_options {
my $o = shift;
+
+ # This bit tries to enable UNTAINT automatically if required
when running the test suite.
+ my $env_ha = $ENV{HARNESS_ACTIVE} || 0 ;
+ my ($harness_active) = $env_ha =~ /(.*)/ ;
+ if (($harness_active)&&(! $o->{CONFIG}{UNTAINT})){
+ eval {
+ require Scalar::Util;
+ $o->{CONFIG}{UNTAINT} =
(Scalar::Util::tainted(Cwd::cwd()) ? 1 : 0) ;
+ # Disable SAFEMODE in the test suite, we know
what we are doing...
+ $o->{CONFIG}{SAFEMODE} = 0 ;
+ warn "\n-[tT] enabled for test suite.
Automatically setting UNTAINT=1 and SAFEMODE=0.\n"
+ unless $Inline::_TAINT_WARNING_ ;
+ $Inline::_TAINT_WARNING_ = 1 ;
+ } ;
+ }
+
$untaint = $o->{CONFIG}{UNTAINT} || 0;
$safemode = (($o->{CONFIG}{SAFEMODE} == -1) ?
($untaint ? 1 : 0) :
@@ -1201,6 +1217,7 @@
my @parts = File::Spec->splitdir($rmpath);
while (@parts){
$rmpath = File::Spec->catdir($prefix ? ($prefix,@parts) :
@parts);
+ ($rmpath) = $rmpath =~ /(.*)/ if UNTAINT;
rmdir $rmpath
or last; # rmdir failed because dir was not empty
pop @parts;
@@ -1265,39 +1282,41 @@
-w File::Spec->catdir($cwd,".Inline")) {
$temp_dir = File::Spec->catdir($cwd,".Inline");
}
- elsif (require FindBin and
- $bin = $FindBin::Bin and
- -d File::Spec->catdir($bin,".Inline") and
- -w File::Spec->catdir($bin,".Inline")) {
- $temp_dir = File::Spec->catdir($bin,".Inline");
- }
- elsif ($home and
- -d File::Spec->catdir($home,".Inline") and
- -w File::Spec->catdir($home,".Inline")) {
- $temp_dir = File::Spec->catdir($home,".Inline");
- }
- elsif (defined $cwd and $cwd and
- -d File::Spec->catdir($cwd, $did) and
- -w File::Spec->catdir($cwd, $did)) {
- $temp_dir = File::Spec->catdir($cwd, $did);
- }
- elsif (defined $bin and $bin and
- -d File::Spec->catdir($bin, $did) and
- -w File::Spec->catdir($bin, $did)) {
- $temp_dir = File::Spec->catdir($bin, $did);
- }
- elsif (defined $cwd and $cwd and
- -d $cwd and
- -w $cwd and
- _mkdir(File::Spec->catdir($cwd, $did), 0777)) {
- $temp_dir = File::Spec->catdir($cwd, $did);
- }
- elsif (defined $bin and $bin and
- -d $bin and
- -w $bin and
- _mkdir(File::Spec->catdir($bin, $did), 0777)) {
- $temp_dir = File::Spec->catdir($bin, $did);
- }
+ else {
+ require FindBin ;
+ if ($bin = $FindBin::Bin and
+ -d File::Spec->catdir($bin,".Inline") and
+ -w File::Spec->catdir($bin,".Inline")) {
+ $temp_dir = File::Spec->catdir($bin,".Inline");
+ }
+ elsif ($home and
+ -d File::Spec->catdir($home,".Inline") and
+ -w File::Spec->catdir($home,".Inline")) {
+ $temp_dir = File::Spec->catdir($home,".Inline");
+ }
+ elsif (defined $cwd and $cwd and
+ -d File::Spec->catdir($cwd, $did) and
+ -w File::Spec->catdir($cwd, $did)) {
+ $temp_dir = File::Spec->catdir($cwd, $did);
+ }
+ elsif (defined $bin and $bin and
+ -d File::Spec->catdir($bin, $did) and
+ -w File::Spec->catdir($bin, $did)) {
+ $temp_dir = File::Spec->catdir($bin, $did);
+ }
+ elsif (defined $cwd and $cwd and
+ -d $cwd and
+ -w $cwd and
+ _mkdir(File::Spec->catdir($cwd, $did), 0777)) {
+ $temp_dir = File::Spec->catdir($cwd, $did);
+ }
+ elsif (defined $bin and $bin and
+ -d $bin and
+ -w $bin and
+ _mkdir(File::Spec->catdir($bin, $did), 0777)) {
+ $temp_dir = File::Spec->catdir($bin, $did);
+ }
+ }
croak M56_no_DIRECTORY_found()
unless $temp_dir;
diff -u -r ../Inline-0.45/lib/Inline/Foo.pm ./lib/Inline/Foo.pm
--- ../Inline-0.45/lib/Inline/Foo.pm 2008-11-01 02:00:03.000000000 -0400
+++ ./lib/Inline/Foo.pm 2009-07-01 21:00:39.000000000 -0400
@@ -50,6 +50,7 @@
my $pattern = $o->{ILSM}{PATTERN};
$code =~ s/$pattern//g;
$code =~ s/bar-//g if $o->{ILSM}{BAR};
+ ($code) = $code =~ /(.*)/s if $o->{CONFIG}{UNTAINT} ;
sleep 1; # imitate compile delay
{
package Foo::Tester;
@@ -58,6 +59,7 @@
croak "Foo build failed:\n$@" if $@;
my $path =
File::Spec->catdir($o->{API}{install_lib},'auto',$o->{API}{modpname});
my $obj = $o->{API}{location};
+ ($obj) = $obj =~ /(.*)/ if $o->{CONFIG}{UNTAINT} ;
$o->mkpath($path) unless -d $path;
open FOO_OBJ, "> $obj"
or croak "Can't open $obj for output\n$!";
@@ -71,6 +73,7 @@
open FOO_OBJ, "< $obj"
or croak "Can't open $obj for output\n$!";
my $code = join '', <FOO_OBJ>;
+ ($code) = $code =~ /(.*)/s if $o->{CONFIG}{UNTAINT} ;
close \*FOO_OBJ;
eval "package $o->{API}{pkg};\n$code";
croak "Unable to load Foo module $obj:\n$@" if $@;
diff -u -r ../Inline-0.45/lib/Inline/denter.pm ./lib/Inline/denter.pm
--- ../Inline-0.45/lib/Inline/denter.pm 2008-11-01 02:00:03.000000000 -0400
+++ ./lib/Inline/denter.pm 2009-07-02 11:29:24.000000000 -0400
@@ -13,6 +13,9 @@
}, $class;
}
+sub DESTROY {
+}
+
sub undent {
local $/ = "\n";
my ($o, $text) = @_;
========8<==========
On Thu, Jul 2, 2009 at 6:13 PM, Sisyphus<sisyph...@optusnet.com.au> wrote:
>
> ----- Original Message ----- From: "Patrick LeBoutillier"
> <patrick.leboutill...@gmail.com>
> To: "Sisyphus" <sisyph...@optusnet.com.au>
> Cc: "inline" <inline@perl.org>
> Sent: Friday, July 03, 2009 3:03 AM
> Subject: Re: Inline and -T
>
>
>> Rob,
>>
>> I took a stab at it this morning. Basically I tried to do 2 things:
>>
>> - Get the small test script to run cleanly under UNTAINT;
>> - Try to get the test suite to behave properly when run under -T (by
>> way of the HARNESS_PERL_SWITCHES env var). That way it's easy to
>> perioically run the test suite with -T and see if somoe new taint bugs
>> have crept in.
>>
>> To fix the former 2 small patches seem to be required: one for
>> Inline.pm and one for denter.pm:
>>
>> Inline.pm:
>> @@ -1201,6 +1217,7 @@
>> my @parts = File::Spec->splitdir($rmpath);
>> while (@parts){
>> $rmpath = File::Spec->catdir($prefix ? ($prefix,@parts) :
>> @parts);
>> + ($rmpath) = $rmpath =~ /(.*)/ if UNTAINT;
>> rmdir $rmpath
>> or last; # rmdir failed because dir was not empty
>> pop @parts;
>>
>> denter.pm (without this a taint exception is thrown by AutoLoader.pm):
>> @@ -13,6 +13,9 @@
>> }, $class;
>> }
>>
>> +sub DESTROY {
>> +}
>> +
>>
>>
>> To fix the latter, a mechanism needs to be put in place in Inline.pm
>> so that it activates UNTAINT automatically (only when -T is set and
>> when we are running under the test harness). Also, the test suite
>> makes liberal use of relative paths in @INC, which throws off a few
>> taint exceptions. Finally, the Inline::Foo module used in the test
>> suite needs some untainting in some places.
>>
>> I have a patch for this also, but it's larger than the other two. Rob,
>> what format is preferable for the patch?
>>
>
> Just post it as an attachment should be fine, I think.
> I'll give the patches a try in a day or two when I have time. (I have to
> head off in about half an hour - won't get back until tomorrow evening.)
> Thanks heaps for that, Patrick !!
>
>> BTW: I wasn't able to reproduce Rob's build problem with the small
>> test script below. It ran fine (without -T) on my test env (Linux
>> FC10, x64, perl 5.10.0).
>>
>
> Hmmm .... I'm still stuck on that. It may be something Windows-specific. I'm
> actually having trouble working out what "$o->env_untaint if UNTAINT;" in
> Inline.pm's sub glue is doing. (It's called twice, within a few lines of
> each othr.) Afaict it should be calling env_untaint() in the same file, but
> it doesn't seem to be doing that ... very, very weird.
> I can verify that the line of code is being executed (and that UNTAINT is
> true), but env_untaint() is not being run.
> Same goes for "$o->obj_untaint if UNTAINT;" (called once) in the same sub.
>
> Cheers,
> Rob
>
>
>
>
--
=====================
Patrick LeBoutillier
Rosemère, Québec, Canada
