Geek Answers Handbook

How to check if the current Perl statement contains corrupt data?

I wrote my own little Perl debugger that prints for each line executed, the name of the current file and the number of the corresponding line. How can I determine if the current Perl statement contains corrupt data?

I know that there is a function "spoiled" from the Scalar :: Util module. However, it only accepts the variable name as a parameter, not the Perl statement.

I bound Taint to a lexical variable to trace it. If I can see if the expression is corrupted or not, I can only print lines that contain my corrupted variable. Here is my custom taint script:

Taint.pl

use strict; use warnings; use Taint::Runtime qw(taint_start taint); taint_start(); my $data = taint("abc"); --> interesting my $noise = "noise"; --> not interesting my $evil = $data . " evil"; --> interesting

Debugger.pl

 sub DB::DB{ my($package, $filename, $line) = caller; print $filename . ":" . $line . " "; scalar <STDIN>; } 1;
+6
source share
1 answer

As described in the POD for Taint :: Runtime , there is an is_tainted subchannel that will return true if you pass its tainted value and false otherwise.

You want to change your corresponding usage string to import this function:

use Taint::Runtime qw(taint_start taint is_tainted);

In your example Taint.pl script, once this is done, is_tainted($data) will evaluate to true, is_tainted($noise) will be false, and is_tainted($evil) will be true.

If you have a more complex expression for checking corruption, just evaluate it in scalar mode, and if any inputs to this rating were corrupt, the expression and, therefore, the scalar will also be considered corrupt. Checking if this scalar is corrupted is equivalent to checking the expression. If an expression creates a value in the form of a list, then such a union will fit into the scalar well enough to detect taint.

0
source

More articles:


All Articles