From f33b119d68d21074d08a6bd72f960319276e182b Mon Sep 17 00:00:00 2001 From: Frédéric Buclin Date: Mon, 6 Oct 2014 14:36:30 +0000 Subject: Bug 1074980: Forbid the { foo => $cgi->param() } syntax to prevent data override r=dkl,a=sgreen --- t/002goodperl.t | 33 ++++++++++++++++++++++++++++++++- 1 file changed, 32 insertions(+), 1 deletion(-) (limited to 't') diff --git a/t/002goodperl.t b/t/002goodperl.t index e95870d70..d1858361f 100644 --- a/t/002goodperl.t +++ b/t/002goodperl.t @@ -19,7 +19,7 @@ use lib 't'; use Support::Files; use Test::More tests => (scalar(@Support::Files::testitems) - + scalar(@Support::Files::test_files)) * 5; + + scalar(@Support::Files::test_files)) * 6; my @testitems = (@Support::Files::test_files, @Support::Files::testitems); my @require_taint = qw(email_in.pl importxml.pl mod_perl.pl whine.pl); @@ -139,4 +139,35 @@ foreach my $file (@testitems) { close(FILE); } + +# Forbird the { foo => $cgi->param() } syntax, for security reasons. +foreach my $file (@testitems) { + $file =~ s/\s.*$//; # nuke everything after the first space (#comment) + next unless $file; # skip null entries + if (!open(FILE, $file)) { + ok(0, "could not open $file --WARNING"); + next; + } + my $lineno = 0; + my @unsafe_args; + + while (my $file_line = ) { + $lineno++; + $file_line =~ s/^\s*(.+)\s*$/$1/; # Remove leading and trailing whitespaces. + if ($file_line =~ /^[^#]+=> \$cgi\->param/) { + push(@unsafe_args, "$file_line on line $lineno"); + } + } + + if (@unsafe_args) { + ok(0, "$file incorrectly passes a CGI argument to a hash --ERROR\n" . + join("\n", @unsafe_args)); + } + else { + ok(1, "$file has no vulnerable hash syntax"); + } + + close(FILE); +} + exit 0; -- cgit v1.2.3-24-g4f1b