Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

test::taint(3pm) [debian man page]

Taint(3pm)						User Contributed Perl Documentation						Taint(3pm)

NAME

       Test::Taint - Tools to test taintedness

VERSION

       Version 1.04

	   $Header: /home/cvs/test-taint/Taint.pm,v 1.16 2004/08/10 03:06:57 andy Exp $

SYNOPSIS

	   taint_checking_ok();        # We have to have taint checking on
	   my $id = "deadbeef";        # Dummy session ID
	   taint( $id );	       # Simulate it coming in from the web
	   tainted_ok( $id );
	   $id = validate_id( $id );   # Your routine to check the $id
	   untainted_ok( $id );        # Did it come back clean?
	   ok( defined $id );

DESCRIPTION

       Tainted data is data that comes from an unsafe source, such as the command line, or, in the case of web apps, any GET or POST transactions.
       Read the perlsec man page for details on why tainted data is bad, and how to untaint the data.

       When you're writing unit tests for code that deals with tainted data, you'll want to have a way to provide tainted data for your routines
       to handle, and easy ways to check and report on the taintedness of your data, in standard Test::More style.

"Test::More"-style Functions
       All the "xxx_ok()" functions work like standard "Test::More"-style functions, where the last parm is an optional message, it outputs ok or
       not ok, and returns a boolean telling if the test passed.

   taint_checking_ok( [$message] )
       Test::More-style test that taint checking is on.  This should probably be the first thing in any *.t file that deals with taintedness.

   tainted_ok( $var [, $message ] )
       Checks that $var is tainted.

	   tainted_ok( $ENV{FOO} );

   untainted_ok( $var [, $message ] )
       Checks that $var is not tainted.

	   my $foo = my_validate( $ENV{FOO} );
	   untainted_ok( $foo );

   tainted_ok_deeply( $var [, $message ] )
       Checks that $var is tainted.  If $var is a reference, it recursively checks every variable to make sure they are all tainted.

	   tainted_ok_deeply( \%ENV );

   untainted_ok_deeply( $var [, $message ] )
       Checks that $var is not tainted.  If $var is a reference, it recursively checks every variable to make sure they are all not tainted.

	   my %env = my_validate( \%ENV );
	   untainted_ok_deeply( \%env );

Helper Functions
       These are all helper functions.	Most are wrapped by an "xxx_ok()" counterpart, except for "taint" which actually does something, instead
       of just reporting it.

   taint_checking()
       Returns true if taint checking is enabled via the -T flag.

   tainted( $var )
       Returns boolean saying if $var is tainted.

   tainted_deeply( $var )
       Returns boolean saying if $var is tainted.  If $var is a reference it recursively checks every variable to make sure they are all tainted.

   taint( @list )
       Marks each (apparently) taintable argument in @list as being tainted.

       References can be tainted like any other scalar, but it doesn't make sense to, so they will not be tainted by this function.

       Some "tie"d and magical variables may fail to be tainted by this routine, try as it may.)

   taint_deeply( @list )
       Similar to "taint", except that if any elements in @list are references, it walks deeply into the data structure and marks each taintable
       argument as being tainted.

       If any variables are "tie"d this will taint all the scalars within the tied object.

AUTHOR

       Written by Andy Lester, "<andy@petdance.com>".

COPYRIGHT

       Copyright 2004, Andy Lester, All Rights Reserved.

       You may use, modify, and distribute this package under the same terms as Perl itself.

perl v5.14.2							    2004-08-10								Taint(3pm)

Check Out this Related Man Page

Scalar(3pm)						User Contributed Perl Documentation					       Scalar(3pm)

NAME

       Test::Data::Scalar -- test functions for scalar variables

SYNOPSIS

	       use Test::Data qw(Scalar);

DESCRIPTION

       This modules provides a collection of test utilities for scalar variables.  Load the module through Test::Data.

   Functions
       blessed_ok( SCALAR )
	   Ok if the SCALAR is a blessed reference.

       defined_ok( SCALAR )
	   Ok if the SCALAR is defined.

       undef_ok( SCALAR )
	   Ok if the SCALAR is undefined.

       dualvar_ok( SCALAR )
	   Ok if the scalar is a dualvar.

	   How do I test this?

	   sub dualvar_ok ($;$)      {	    my $ok   = Scalar::Util::dualvar( $_[0] );	    my $name = $_[1] || 'Scalar is a dualvar';

		   $Test->ok( $ok, $name );

		   $Test->diag("Expected a dualvar, didn't get it
")
			   unless $ok;
		   }

       greater_than( SCALAR, BOUND )
	   Ok if the SCALAR is numerically greater than BOUND.

       length_ok( SCALAR, LENGTH )
	   Ok if the length of SCALAR is LENGTH.

       less_than( SCALAR, BOUND )
	   Ok if the SCALAR is numerically less than BOUND.

       maxlength_ok( SCALAR, LENGTH )
	   Ok is the length of SCALAR is less than or equal to LENGTH.

       minlength_ok( SCALAR, LENGTH )
	   Ok is the length of SCALAR is greater than or equal to LENGTH.

       number_ok( SCALAR )
	   Ok if the SCALAR is a number ( or a string that represents a number ).

	   At the moment, a number is just a string of digits.	This needs work.

       number_between_ok( SCALAR, LOWER, UPPER )
	   Ok if the number in SCALAR sorts between the number in LOWER and the number in UPPER, numerically.

	   If you put something that isn't a number into UPPER or LOWER, Perl will try to make it into a number and you may get unexpected
	   results.

       string_between_ok( SCALAR, LOWER, UPPER )
	   Ok if the string in SCALAR sorts between the string in LOWER and the string in UPPER, ASCII-betically.

       readonly_ok( SCALAR )
	   Ok is the SCALAR is read-only.

       ref_ok( SCALAR )
	   Ok if the SCALAR is a reference.

       ref_type_ok( REF1, REF2 )
	   Ok if REF1 is the same reference type as REF2.

       strong_ok( SCALAR )
	   Ok is the SCALAR is not a weak reference.

       tainted_ok( SCALAR )
	   Ok is the SCALAR is tainted.

	   (Tainted values may seem like a not-Ok thing, but remember, when you use taint checking, you want Perl to taint data, so you should
	   have a test to make sure it happens.)

       untainted_ok( SCALAR )
	   Ok if the SCALAR is not tainted.

       weak_ok( SCALAR )
	   Ok if the SCALAR is a weak reference.

TO DO

       * add is_a_filehandle test

       * add is_vstring test

SEE ALSO

       Scalar::Util, Test::Data, Test::Data::Array, Test::Data::Function, Test::Data::Hash, Test::Builder

SOURCE AVAILABILITY

       This source is in Github:

	       http://github.com/briandfoy/test-data/tree/master

AUTHOR

       brian d foy, "<bdfoy@cpan.org>"

COPYRIGHT AND LICENSE

       Copyright (c) 2002-2009 brian d foy.  All rights reserved.

       This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

perl v5.14.2							    2009-02-12							       Scalar(3pm)
Man Page