New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
tainted values in ternary conditional #9529
Comments
From dean@cs.serenevy.netThis is a bug report for perl from dean@cs.serenevy.net, perlsec states that: $result = $tainted_value ? "Untainted" : "Also untainted"; is effectively if ( $tainted_value ) { Thus $result will not be tainted. This is not the case when the value $foo = "untainted"; $result will be tainted following the above expression. It would be nice if this could be made to work, however if it can not Test script attached. #!/usr/bin/perl -T my # Assumptions ok( !tainted( $const ), "constant value is not tainted" ); # ternary $value = $tainted ? "the const" : 1; # if-else if ($tainted) { $value = "the const"; } # modifier $value = 1; Flags: Site configuration information for perl v5.8.8: Configured by Debian Project at Fri Apr 25 20:33:47 UTC 2008. Summary of my perl5 (revision 5 version 8 subversion 8) configuration: Locally applied patches: @INC for perl v5.8.8: Environment for perl v5.8.8: |
From @jkeenanThe language in 'perlsec' is as the original poster reported. I ran his ### If the behavior matched the documentation these tests would have passed. So, what action should be taken? Thank you very much. |
The RT System itself - Status changed from 'new' to 'open' |
From @cpansproutOn Sat Nov 26 13:54:08 2011, jkeenan wrote:
I suppose the documentation should be clarified, but it would be nice to The current implementation taints any newly-created or assigned-to Does that make sense, or is my explanation too opaque?
-- Father Chrysostomos |
Migrated from rt.perl.org#59916 (status was 'open')
Searchable as RT59916$
The text was updated successfully, but these errors were encountered: