Permalink
Browse files

Fix up tainting problems.

github 41

The code to check whether we are collecting coverage in a file calls into Perl
code from within hijacked ops.  This could leave PL_tainted set when it
shouldn't have been.  So before we do that, get the tainting status and
restore that status afterwards.
  • Loading branch information...
pjcj committed Jan 6, 2013
1 parent ab53f70 commit 929b7faeeeac863713dbec6f5a990becf19974c7
Showing with 131 additions and 1 deletion.
  1. +1 −0 Changes
  2. +6 −0 Cover.xs
  3. +1 −1 Makefile.PL
  4. +38 −0 test_output/cover/taint.5.006001
  5. +57 −0 test_output/cover/taint.5.008
  6. +12 −0 tests/Taint.pm
  7. +16 −0 tests/taint
View
@@ -2,6 +2,7 @@ Devel::Cover history
{{$NEXT}}
- Fix segv in constant folding of xor ops (gitbub 40).
+ - Fix various problems running Devel::Cover under tainting (github 41).
Release 0.99 - 31 December 2012
- Improve documentation (Olaf Alders) (github 34).
View
@@ -244,6 +244,9 @@ static int check_if_collecting(pTHX_ COP *cop)
{
dMY_CXT;
+#if !NO_TAINT_SUPPORT
+ int tainted = PL_tainted;
+#endif
char *file = CopFILE(cop);
int in_re_eval = strnEQ(file, "(reeval ", 8);
NDEB(D(L, "check_if_collecting at: %s:%ld\n", file, CopLINE(cop)));
@@ -319,6 +322,9 @@ static int check_if_collecting(pTHX_ COP *cop)
}
#endif
+#if !NO_TAINT_SUPPORT
+ PL_tainted = tainted;
+#endif
return MY_CXT.collecting_here;
}
View
@@ -393,8 +393,8 @@ ppm : ppd pure_all
-e 's/(CODEBASE HREF=")[^"]*/\$\$1Devel-Cover.tar.gz/;' \\
Devel-Cover.ppd
-TAINT = -T
TAINT =
+TAINT = -T
COVER_OPTIONS =
_run : pure_all
@@ -0,0 +1,38 @@
+Reading database from ...
+
+
+------------------------------------------ ------ ------ ------ ------ ------
+File stmt bran cond sub total
+------------------------------------------ ------ ------ ------ ------ ------
+tests/taint 100.0 n/a n/a n/a 100.0
+Total 100.0 n/a n/a n/a 100.0
+------------------------------------------ ------ ------ ------ ------ ------
+
+
+Run: ...
+Perl version: ...
+OS: ...
+Start: ...
+Finish: ...
+
+tests/taint
+
+line err stmt bran cond sub code
+1 #!/usr/bin/perl
+2
+3 # Copyright 2013, Paul Johnson (paul@pjcj.net)
+4
+5 # This software is free. It is licensed under the same terms as Perl itself.
+6
+7 # The latest version of this software should be available from my homepage:
+8 # http://www.pjcj.net
+9
+10 use strict;
+11 use warnings;
+12 use lib "tests";
+13
+14 use Taint;
+15
+16 1 print "taint\n";
+
+
@@ -0,0 +1,57 @@
+Reading database from ...
+
+
+------------------------------------------ ------ ------ ------ ------ ------
+File stmt bran cond sub total
+------------------------------------------ ------ ------ ------ ------ ------
+tests/taint 100.0 n/a n/a 100.0 100.0
+Total 100.0 n/a n/a 100.0 100.0
+------------------------------------------ ------ ------ ------ ------ ------
+
+
+Run: ...
+Perl version: ...
+OS: ...
+Start: ...
+Finish: ...
+
+tests/taint
+
+line err stmt bran cond sub code
+1 #!/usr/bin/perl
+2
+3 # Copyright 2013, Paul Johnson (paul@pjcj.net)
+4
+5 # This software is free. It is licensed under the same terms as Perl itself.
+6
+7 # The latest version of this software should be available from my homepage:
+8 # http://www.pjcj.net
+9
+10 1 1 use strict;
+ 1
+ 1
+11 1 1 use warnings;
+ 1
+ 1
+12 1 1 use lib "tests";
+ 1
+ 1
+13
+14 1 1 use Taint;
+ 1
+ 1
+15
+16 1 print "taint\n";
+
+
+Covered Subroutines
+-------------------
+
+Subroutine Count Location
+---------- ----- --------------
+BEGIN 1 tests/taint:10
+BEGIN 1 tests/taint:11
+BEGIN 1 tests/taint:12
+BEGIN 1 tests/taint:14
+
+
View
@@ -0,0 +1,12 @@
+# Copyright 2013, Paul Johnson (paul@pjcj.net)
+
+# This software is free. It is licensed under the same terms as Perl itself.
+
+# The latest version of this software should be available from my homepage:
+# http://www.pjcj.net
+
+package Taint;
+
+eval 1 unless defined &X;
+
+1;
View
@@ -0,0 +1,16 @@
+#!/usr/bin/perl
+
+# Copyright 2013, Paul Johnson (paul@pjcj.net)
+
+# This software is free. It is licensed under the same terms as Perl itself.
+
+# The latest version of this software should be available from my homepage:
+# http://www.pjcj.net
+
+use strict;
+use warnings;
+use lib "tests";
+
+use Taint;
+
+print "taint\n";

0 comments on commit 929b7fa

Please sign in to comment.