summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFrédéric Buclin <LpSolit@gmail.com>2014-10-06 16:36:30 +0200
committerDavid Lawrence <dkl@mozilla.com>2014-10-06 16:36:30 +0200
commitf33b119d68d21074d08a6bd72f960319276e182b (patch)
tree90e524ad4b34da7d6cb1418f39f016a9e9271533
parent9e186bdd5da79077f162351d61fd1163d6cfd622 (diff)
downloadbugzilla-f33b119d68d21074d08a6bd72f960319276e182b.tar.gz
bugzilla-f33b119d68d21074d08a6bd72f960319276e182b.tar.xz
Bug 1074980: Forbid the { foo => $cgi->param() } syntax to prevent data override
r=dkl,a=sgreen
-rw-r--r--t/002goodperl.t33
1 files changed, 32 insertions, 1 deletions
diff --git a/t/002goodperl.t b/t/002goodperl.t
index e95870d70..d1858361f 100644
--- a/t/002goodperl.t
+++ b/t/002goodperl.t
@@ -19,7 +19,7 @@ use lib 't';
use Support::Files;
use Test::More tests => (scalar(@Support::Files::testitems)
- + scalar(@Support::Files::test_files)) * 5;
+ + scalar(@Support::Files::test_files)) * 6;
my @testitems = (@Support::Files::test_files, @Support::Files::testitems);
my @require_taint = qw(email_in.pl importxml.pl mod_perl.pl whine.pl);
@@ -139,4 +139,35 @@ foreach my $file (@testitems) {
close(FILE);
}
+
+# Forbird the { foo => $cgi->param() } syntax, for security reasons.
+foreach my $file (@testitems) {
+ $file =~ s/\s.*$//; # nuke everything after the first space (#comment)
+ next unless $file; # skip null entries
+ if (!open(FILE, $file)) {
+ ok(0, "could not open $file --WARNING");
+ next;
+ }
+ my $lineno = 0;
+ my @unsafe_args;
+
+ while (my $file_line = <FILE>) {
+ $lineno++;
+ $file_line =~ s/^\s*(.+)\s*$/$1/; # Remove leading and trailing whitespaces.
+ if ($file_line =~ /^[^#]+=> \$cgi\->param/) {
+ push(@unsafe_args, "$file_line on line $lineno");
+ }
+ }
+
+ if (@unsafe_args) {
+ ok(0, "$file incorrectly passes a CGI argument to a hash --ERROR\n" .
+ join("\n", @unsafe_args));
+ }
+ else {
+ ok(1, "$file has no vulnerable hash syntax");
+ }
+
+ close(FILE);
+}
+
exit 0;