Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to check if current Perl statement contains tainted data?

I wrote my own little Perl debugger that prints for each executed line, the current file name and the corresponding line number. How can I detect if the current Perl statement contains tainted data?

I know there is a function "tainted" from the module Scalar::Util. However it only accept a variable name as parameter, not a Perl statement.

I have attached Taint to a lexical variable to trace it. If I am able to see if a statement is tainted or not, I can only print those lines that contains my tainted variable. Here is my custom taint script:

Taint.pl

use strict; 
use warnings; 

use Taint::Runtime qw(taint_start taint); 
taint_start(); 

my $data = taint("abc"); --> interesting 
my $noise = "noise"; --> not interesting 
my $evil = $data . " evil"; --> interesting

Debugger.pl

sub DB::DB{

    my($package, $filename, $line) = caller;

    print $filename . ":" . $line . " ";
    scalar <STDIN>;

}

1;
like image 234
Silence Avatar asked Jan 10 '16 11:01

Silence


1 Answers

As described in the POD Documentation for Taint::Runtime there is a sub called is_tainted that will return true if you pass it a tainted value and false otherwise.

You'll want to change your relevant use line to import that function:

use Taint::Runtime qw(taint_start taint is_tainted);

In your example Taint.pl script, once this is done, is_tainted($data) would evaluate to true, is_tainted($noise) would be false, and is_tainted($evil) would be true.

If you have a more complex expression to check for taintedness, simply evaluate it into a scalar and if any inputs to that evaluation were tainted, the expression and thus the scalar will also be considered tainted. Checking if that scalar is tainted is equivalent to checking the expression. If the expression produces a list value, something like join will fit it into a scalar well enough to detect taint.

like image 142
codehearted Avatar answered Oct 20 '22 13:10

codehearted