Blame SOURCES/IPC-System-Simple-1.25-Use-exucatable-name-as-a-source-of-taintedness.patch
|
 |
bde2f1 |
From ff8028c4d95425faa5b0705b8ed8c84b1112c7e4 Mon Sep 17 00:00:00 2001
|
|
|
bde2f1 |
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
|
|
|
bde2f1 |
Date: Wed, 2 Aug 2017 17:29:13 +0200
|
|
|
bde2f1 |
Subject: [PATCH] Use exucatable name as a source of taintedness
|
|
|
bde2f1 |
MIME-Version: 1.0
|
|
|
bde2f1 |
Content-Type: text/plain; charset=UTF-8
|
|
|
bde2f1 |
Content-Transfer-Encoding: 8bit
|
|
|
bde2f1 |
|
|
|
bde2f1 |
Test::Simple >= 1.302065 injects variables into the environment. These
|
|
|
bde2f1 |
are not tainted and caused a random t/07_taint.t test failures.
|
|
|
bde2f1 |
|
|
|
bde2f1 |
This patch fixes it by using executable name $0 instead.
|
|
|
bde2f1 |
|
|
|
bde2f1 |
https://github.com/pjf/ipc-system-simple/issues/21
|
|
|
bde2f1 |
Signed-off-by: Petr Písař <ppisar@redhat.com>
|
|
|
bde2f1 |
---
|
|
|
bde2f1 |
t/07_taint.t | 4 ++--
|
|
|
bde2f1 |
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
|
bde2f1 |
|
|
|
bde2f1 |
diff --git a/t/07_taint.t b/t/07_taint.t
|
|
|
bde2f1 |
index 49cee12..be449cd 100644
|
|
|
bde2f1 |
--- a/t/07_taint.t
|
|
|
bde2f1 |
+++ b/t/07_taint.t
|
|
|
bde2f1 |
@@ -17,8 +17,8 @@ use_ok("IPC::System::Simple","run","capture");
|
|
|
bde2f1 |
|
|
|
bde2f1 |
chdir("t"); # Ignore return, since we may already be in t/
|
|
|
bde2f1 |
|
|
|
bde2f1 |
-my $taint = $ENV{(keys(%ENV))[0]} . "foo"; # ."foo" to avoid zero length
|
|
|
bde2f1 |
-ok(tainted($taint),"Sanity - ENV vars are tainted");
|
|
|
bde2f1 |
+my $taint = $0 . "foo"; # ."foo" to avoid zero length
|
|
|
bde2f1 |
+ok(tainted($taint),"Sanity - executable name is tainted");
|
|
|
bde2f1 |
|
|
|
bde2f1 |
my $evil_zero = 1 - (length($taint) / length($taint));
|
|
|
bde2f1 |
|
|
|
bde2f1 |
--
|
|
|
bde2f1 |
2.9.4
|
|
|
bde2f1 |
|