diff options
| author | justdave%syndicomm.com <> | 2002-01-20 10:44:34 +0100 |
|---|---|---|
| committer | justdave%syndicomm.com <> | 2002-01-20 10:44:34 +0100 |
| commit | 4e6767d4c3d1b0b583f4ec076992345545294748 (patch) | |
| tree | 44d10a299f4d910400fb420b38e21e769c00be7e /t | |
| parent | 72f340e3a12668c9356102c71f864afa986e001a (diff) | |
| download | bugzilla-4e6767d4c3d1b0b583f4ec076992345545294748.tar.gz bugzilla-4e6767d4c3d1b0b583f4ec076992345545294748.tar.xz | |
Fix for bug 108982: enable taint mode for all user-facing CGI files.
Patch by Brad Baetz <bbaetz@student.usyd.edu.au>
r= jake, justdave
Diffstat (limited to 't')
| -rw-r--r-- | t/002goodperl.t | 33 |
1 files changed, 30 insertions, 3 deletions
diff --git a/t/002goodperl.t b/t/002goodperl.t index 9c99a799a..09a5f0324 100644 --- a/t/002goodperl.t +++ b/t/002goodperl.t @@ -55,13 +55,40 @@ foreach my $file (@testitems) { } my $file_line1 = <FILE>; close (FILE); + + $file =~ m/.*\.(.*)/; + my $ext = $1; + if ($file_line1 !~ /\/usr\/bonsaitools\/bin\/perl/) { ok(1,"$file does not have a shebang"); } else { - if ($file_line1 =~ m#/usr/bonsaitools/bin/perl -w#) { - ok(1,"$file uses -w"); + my $flags; + if ($file eq "processmail") { + # special case processmail, which is tainted checked + $flags = "wT"; + } elsif (!defined $ext || $ext eq "pl") { + # standalone programs (eg syncshadowdb) aren't taint checked yet + $flags = "w"; + } elsif ($ext eq "pm") { + ok(0, "$file is a module, but has a shebang"); + next; + } elsif ($ext eq "cgi") { + # cgi files must be taint checked, but only the user-accessible + # ones have been checked so far + if ($file =~ m/^edit/) { + $flags = "w"; + } else { + $flags = "wT"; + } + } else { + ok(0, "$file has shebang but unknown extension"); + next; + } + + if ($file_line1 =~ m#/usr/bonsaitools/bin/perl -$flags#) { + ok(1,"$file uses -$flags"); } else { - ok(0,"$file is MISSING -w --WARNING"); + ok(0,"$file is MISSING -$flags --WARNING"); } } } |