1*0Sstevel@tonic-gate#!./perl -Tw 2*0Sstevel@tonic-gate 3*0Sstevel@tonic-gateBEGIN { 4*0Sstevel@tonic-gate chdir 't' if -d 't'; 5*0Sstevel@tonic-gate @INC = '../lib'; 6*0Sstevel@tonic-gate require Config; import Config; 7*0Sstevel@tonic-gate if ($^O ne 'VMS' and $Config{'extensions'} !~ /\bPOSIX\b/) { 8*0Sstevel@tonic-gate print "1..0\n"; 9*0Sstevel@tonic-gate exit 0; 10*0Sstevel@tonic-gate } 11*0Sstevel@tonic-gate} 12*0Sstevel@tonic-gate 13*0Sstevel@tonic-gateuse Test::More tests => 7; 14*0Sstevel@tonic-gateuse Scalar::Util qw/tainted/; 15*0Sstevel@tonic-gate 16*0Sstevel@tonic-gate 17*0Sstevel@tonic-gateuse POSIX qw(fcntl_h open read mkfifo); 18*0Sstevel@tonic-gateuse strict ; 19*0Sstevel@tonic-gate 20*0Sstevel@tonic-gate$| = 1; 21*0Sstevel@tonic-gate 22*0Sstevel@tonic-gatemy $buffer; 23*0Sstevel@tonic-gatemy @buffer; 24*0Sstevel@tonic-gatemy $testfd; 25*0Sstevel@tonic-gate 26*0Sstevel@tonic-gate# Sources of taint: 27*0Sstevel@tonic-gate# The empty tainted value, for tainting strings 28*0Sstevel@tonic-gate 29*0Sstevel@tonic-gatemy $TAINT = substr($^X, 0, 0); 30*0Sstevel@tonic-gate 31*0Sstevel@tonic-gatemy $file = 'TEST'; 32*0Sstevel@tonic-gate 33*0Sstevel@tonic-gateeval { mkfifo($TAINT. $file, 0) }; 34*0Sstevel@tonic-gatelike($@, qr/^Insecure dependency/, 'mkfifo with tainted data'); 35*0Sstevel@tonic-gate 36*0Sstevel@tonic-gateeval { $testfd = open($TAINT. $file, O_WRONLY, 0) }; 37*0Sstevel@tonic-gatelike($@, qr/^Insecure dependency/, 'open with tainted data'); 38*0Sstevel@tonic-gate 39*0Sstevel@tonic-gateeval { $testfd = open($file, O_RDONLY, 0) }; 40*0Sstevel@tonic-gateis($@, "", 'open with untainted data'); 41*0Sstevel@tonic-gate 42*0Sstevel@tonic-gateread($testfd, $buffer, 2) if $testfd > 2; 43*0Sstevel@tonic-gateis( $buffer, "#!", ' read' ); 44*0Sstevel@tonic-gateok(tainted($buffer), ' scalar tainted'); 45*0Sstevel@tonic-gate 46*0Sstevel@tonic-gateTODO: { 47*0Sstevel@tonic-gate local $TODO = "POSIX::read won't taint an array element"; 48*0Sstevel@tonic-gate 49*0Sstevel@tonic-gate read($testfd, $buffer[1], 2) if $testfd > 2; 50*0Sstevel@tonic-gate 51*0Sstevel@tonic-gate is( $buffer[1], "./", ' read' ); 52*0Sstevel@tonic-gate ok(tainted($buffer[1]), ' array element tainted'); 53*0Sstevel@tonic-gate} 54