/
54taint.t
66 lines (51 loc) · 1.74 KB
/
54taint.t
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
#!/usr/bin/env perl -T
# the above line forces Test::Harness into taint-mode
# DO NOT REMOVE
use strict;
use warnings;
# When in taint mode, PERL5LIB is ignored (but *not* unset)
# Put it back in INC so that local-lib users can actually
# run this test
use Config;
BEGIN {
for (map { defined $ENV{$_} ? $ENV{$_} : () } (qw/PERLLIB PERL5LIB/) ) { # we unshift, so reverse precedence
my ($envvar) = ($_ =~ /^(.+)$/); # untaint
unshift @INC, map { length($_) ? $_ : () } (split /\Q$Config{path_sep}\E/, $envvar);
}
}
use Test::More;
use Test::Exception;
use lib qw(t/lib);
use DBICTest;
throws_ok (
sub { $ENV{PATH} . (kill (0)) },
qr/Insecure dependency in kill/,
'taint mode active'
);
{
package DBICTest::Taint::Classes;
use Test::More;
use Test::Exception;
use base qw/DBIx::Class::Schema/;
lives_ok (sub {
__PACKAGE__->load_classes(qw/Manual/);
ok( __PACKAGE__->source('Manual'), 'The Classes::Manual source has been registered' );
__PACKAGE__->_unregister_source (qw/Manual/);
}, 'Loading classes with explicit load_classes worked in taint mode' );
lives_ok (sub {
__PACKAGE__->load_classes();
ok( __PACKAGE__->source('Auto'), 'The Classes::Auto source has been registered' );
ok( __PACKAGE__->source('Auto'), 'The Classes::Manual source has been re-registered' );
}, 'Loading classes with Module::Find/load_classes worked in taint mode' );
}
{
package DBICTest::Taint::Namespaces;
use Test::More;
use Test::Exception;
use base qw/DBIx::Class::Schema/;
lives_ok (sub {
__PACKAGE__->load_namespaces();
ok( __PACKAGE__->source('Test'), 'The Namespaces::Test source has been registered' );
}, 'Loading classes with Module::Find/load_namespaces worked in taint mode' );
}
done_testing;