summaryrefslogtreecommitdiffstats
path: root/t
diff options
context:
space:
mode:
authorjustdave%syndicomm.com <>2002-01-20 10:44:34 +0100
committerjustdave%syndicomm.com <>2002-01-20 10:44:34 +0100
commit4e6767d4c3d1b0b583f4ec076992345545294748 (patch)
tree44d10a299f4d910400fb420b38e21e769c00be7e /t
parent72f340e3a12668c9356102c71f864afa986e001a (diff)
downloadbugzilla-4e6767d4c3d1b0b583f4ec076992345545294748.tar.gz
bugzilla-4e6767d4c3d1b0b583f4ec076992345545294748.tar.xz
Fix for bug 108982: enable taint mode for all user-facing CGI files.
Patch by Brad Baetz <bbaetz@student.usyd.edu.au> r= jake, justdave
Diffstat (limited to 't')
-rw-r--r--t/002goodperl.t33
1 files changed, 30 insertions, 3 deletions
diff --git a/t/002goodperl.t b/t/002goodperl.t
index 9c99a799a..09a5f0324 100644
--- a/t/002goodperl.t
+++ b/t/002goodperl.t
@@ -55,13 +55,40 @@ foreach my $file (@testitems) {
}
my $file_line1 = <FILE>;
close (FILE);
+
+ $file =~ m/.*\.(.*)/;
+ my $ext = $1;
+
if ($file_line1 !~ /\/usr\/bonsaitools\/bin\/perl/) {
ok(1,"$file does not have a shebang");
} else {
- if ($file_line1 =~ m#/usr/bonsaitools/bin/perl -w#) {
- ok(1,"$file uses -w");
+ my $flags;
+ if ($file eq "processmail") {
+ # special case processmail, which is tainted checked
+ $flags = "wT";
+ } elsif (!defined $ext || $ext eq "pl") {
+ # standalone programs (eg syncshadowdb) aren't taint checked yet
+ $flags = "w";
+ } elsif ($ext eq "pm") {
+ ok(0, "$file is a module, but has a shebang");
+ next;
+ } elsif ($ext eq "cgi") {
+ # cgi files must be taint checked, but only the user-accessible
+ # ones have been checked so far
+ if ($file =~ m/^edit/) {
+ $flags = "w";
+ } else {
+ $flags = "wT";
+ }
+ } else {
+ ok(0, "$file has shebang but unknown extension");
+ next;
+ }
+
+ if ($file_line1 =~ m#/usr/bonsaitools/bin/perl -$flags#) {
+ ok(1,"$file uses -$flags");
} else {
- ok(0,"$file is MISSING -w --WARNING");
+ ok(0,"$file is MISSING -$flags --WARNING");
}
}
}