6 1_validate_14_untaint.t - Test CGI::Ex::Validate's ability to untaint tested fields
11 use Test::More tests => 14;
13 use lib ($Bin =~ /(.+)/ ? "$1/../lib" : ''); # add bin - but untaint it
15 ### Set up taint checking
16 sub is_tainted { local $^W = 0; ! eval { eval("#" . substr(join("", @_), 0, 0)); 1; 0 } }
20 my $taint = join(",", $0, %ENV, @ARGV);
21 if (! is_tainted($taint) && open(my $fh, "/dev/urandom")) {
22 sysread($fh, $taint, 1);
24 $taint = substr($taint, 0, 0);
25 if (! is_tainted($taint)) {
26 skip("is_tainted doesn't appear to work", 14);
29 ### make sure tainted hash values don't bleed into other values
31 $form->{'foo'} = "123$taint";
32 $form->{'bar'} = "456$taint";
33 $form->{'baz'} = "789";
34 if (! is_tainted($form->{'foo'})) {
35 skip("Tainted hash key didn't work right", 14);
36 } elsif (is_tainted($form->{'baz'})) {
37 # untaint checking doesn't really work
38 skip("Hashes with mixed taint don't work right", 14);
41 ###----------------------------------------------------------------###
42 ### Looks good - here we go
44 use_ok('CGI::Ex::Validate');
48 ok(is_tainted($taint));
49 ok(is_tainted($form->{'foo'}));
50 ok(! is_tainted($form->{'baz'}));
51 ok(! is_tainted($form->{'non_existent_key'}));
53 sub validate { scalar CGI::Ex::Validate::validate(@_) }
56 ###----------------------------------------------------------------###
58 $e = validate($form, {
66 ok(! is_tainted($form->{foo}));
68 ###----------------------------------------------------------------###
70 $e = validate($form, {
77 ok(is_tainted($form->{bar}));
79 ###----------------------------------------------------------------###
81 $e = validate($form, {
89 ok(is_tainted($form->{bar}));
91 ###----------------------------------------------------------------###
93 ok(!is_tainted($form->{foo}));
94 ok( is_tainted($form->{bar}));
95 ok(!is_tainted($form->{baz}));