How to check if current Perl statement contains tainted data?

About

Asked 10/1, 2016 at 11:58 Answered 13/8, 2016 at 9:40

I wrote my own little Perl debugger that prints for each executed line, the current file name and the corresponding line number. How can I detect if the current Perl statement contains tainted data?

I know there is a function "tainted" from the module Scalar::Util. However it only accept a variable name as parameter, not a Perl statement.

Taint.pl

use strict; 
use warnings; 

use Taint::Runtime qw(taint_start taint); 
taint_start(); 

my $data = taint("abc"); --> interesting 
my $noise = "noise"; --> not interesting 
my $evil = $data . " evil"; --> interesting

Debugger.pl

sub DB::DB{

    my($package, $filename, $line) = caller;

    print $filename . ":" . $line . " ";
    scalar <STDIN>;

}

1;

Leonhard answered 10/1, 2016 at 11:58 Comment(7)

Catch exception with eval()? – Militarize 10/1, 2016 at 13:50

I have found this code which uses eval to catch the exception, but I don't know how to pass a Perl statement to it. local $@; return ! eval { eval("#" . substr(join("", @_), 0, 0)); 1 }; – Leonhard 10/1, 2016 at 13:55

What exactly do you want to test, and why you can't use a variable at it? – Militarize 10/1, 2016 at 14:6

My main goal is to step through a program and only display Perl statements that contain tainted data. – Leonhard 10/1, 2016 at 14:9

I have attached Taint to a lexical variable to trace it. If I am able to see if a statement is tainted or not, I can only print those lines that contains my tainted variable. Here is my custom Taint script: use strict; use warnings; use Taint::Runtime qw(taint_start taint); taint_start(); my $data = taint("abc"); --> interesting my $noise = "noise"; --> not interesting my $evil = $data . " evil"; --> interesting – Leonhard 10/1, 2016 at 15:30

You should add that information to your question. Use the edit link to do that. – Mcinerney 10/1, 2016 at 16:35

I agree, I have updated my question with my custom taint script now. – Leonhard 10/1, 2016 at 16:40

As described in the POD Documentation for Taint::Runtime there is a sub called is_tainted that will return true if you pass it a tainted value and false otherwise.

You'll want to change your relevant use line to import that function:

use Taint::Runtime qw(taint_start taint is_tainted);

In your example Taint.pl script, once this is done, is_tainted($data) would evaluate to true, is_tainted($noise) would be false, and is_tainted($evil) would be true.

If you have a more complex expression to check for taintedness, simply evaluate it into a scalar and if any inputs to that evaluation were tainted, the expression and thus the scalar will also be considered tainted. Checking if that scalar is tainted is equivalent to checking the expression. If the expression produces a list value, something like join will fit it into a scalar well enough to detect taint.

Emarie answered 13/8, 2016 at 9:40 Comment(0)

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags