switch to recommending Taint::Runtime instead of 'tainting'

DrHyde · Aug 6, 2021 · d739e2c · d739e2c
1 parent 9a2481a
commit d739e2c
Show file tree

Hide file tree

Showing 4 changed files with 16 additions and 9 deletions.
diff --git a/CHANGELOG b/CHANGELOG
@@ -1,4 +1,7 @@
-Date          Version    Notes
+4.567.89    2021-08-06
+
+- recommend Taint::Runtime instead of the 'tainting' module, which
+  is deprecated by its author
 
 2019-02-12    4          Catch errors more robustly (but still not perfectly)
 

diff --git a/Makefile.PL b/Makefile.PL
@@ -35,7 +35,7 @@ WriteMakefile(
     'Data::Dumper'   => 0,
     'PadWalker'      => 0,
     'Probe::Perl',   => 0,
+    'Taint::Runtime' => 0,
     'Test::More'     => '0.88', # need done_testing (0.88)
-    'tainting'       => 0,
   },
 );
diff --git a/lib/Unix/Sudo.pm b/lib/Unix/Sudo.pm
@@ -3,7 +3,7 @@ package Unix::Sudo;
 use strict;
 use warnings;
 
-our $VERSION = '4';
+our $VERSION = '4.567.89';
 
 require Exporter;
 our @ISA = qw(Exporter);
@@ -30,7 +30,7 @@ As a normal user who can C<sudo> ...
 
     print `whoami`;          # shows your normal username
     sudo {
-        eval "no tainting";
+        eval "use Taint::Runtime qw(disable)";
         print `whoami`;      # root
     };
     print `whoami`;          # back to normal
@@ -96,8 +96,8 @@ pre-pended to your code.
 
 Your code will always have C<strict> and C<warnings> turned on, and be run with
 taint-checking enabled. If you need to you can turn tainting off as shown in
-the synopsis. Note that you can't just say 'no tainting', the C<eval> is
-required, otherwise C<no>, just like C<use>, will be run at compile-time I<in
+the synopsis. Note that you can't just say 'use Taint::Runtime qw(disable)', the C<eval> is
+required, otherwise the C<use> will be run at compile-time I<in
 the calling code> and not in the child process where you need it.
 
 If your code needs to C<use> any modules, or any subroutines that are imported,
@@ -151,7 +151,7 @@ your code to then run other stuff as root.
 That means that any input to your code from the outside world is internally
 marked as being untrusted, and you are restricted in what you can do with it.
 You can of course circumvent this by untainting, either in the usual regexy
-ways or as noted above via C<no tainting>.
+ways or as noted above via C<Taint::Runtime>.
 
 =back
 
@@ -181,7 +181,7 @@ L<git://github.com/DrHyde/perl-modules-Unix-Sudo.git>
 
 =head1 AUTHOR, COPYRIGHT and LICENCE
 
-Copyright 2019 David Cantrell E<lt>F<david@cantrell.org.uk>E<gt>
+Copyright 2021 David Cantrell E<lt>F<david@cantrell.org.uk>E<gt>
 
 This software is free-as-in-speech software, and may be used, distributed, and
 modified under the terms of either the GNU General Public Licence version 2 or

diff --git a/t/verify-promotion-using-whoami.t b/t/verify-promotion-using-whoami.t
@@ -1,5 +1,7 @@
 use strict;
 use warnings;
+use Taint::Runtime qw(enable taint_enabled);
+
 use Test::More;
 
 use Capture::Tiny qw(capture);
@@ -10,14 +12,16 @@ use lib 't/lib';
 use sudosanity;
 
 sudosanity::checks && do {
+    ok(taint_enabled, "Tainting is enabled in the calling context");
     my($stdout, $stderr, $rv) = capture {
         sudo {
-            eval "no tainting;";
+            eval "use Taint::Runtime qw(disable)";
             print `whoami`;
         }
     };
     chomp($stdout);
     is($stdout, 'root', "ran 'whoami' as root");
+    ok(taint_enabled, "Tainting is still enabled in the calling context");
 };
 
 done_testing();