I wrote my own little Perl debugger that prints for each executed line, the current file name and the corresponding line number. How can I detect if the current Perl statement contains tainted data?
I know there is a function "tainted" from the module Scalar::Util. However it only accept a variable name as parameter, not a Perl statement.
I have attached Taint to a lexical variable to trace it. If I am able to see if a statement is tainted or not, I can only print those lines that contains my tainted variable. Here is my custom taint script:
Taint.pl
use strict;
use warnings;
use Taint::Runtime qw(taint_start taint);
taint_start();
my $data = taint("abc"); --> interesting
my $noise = "noise"; --> not interesting
my $evil = $data . " evil"; --> interesting
Debugger.pl
sub DB::DB{
my($package, $filename, $line) = caller;
print $filename . ":" . $line . " ";
scalar <STDIN>;
}
1;
As described in the POD Documentation for Taint::Runtime there is a sub called is_tainted
that will return true if you pass it a tainted value and false otherwise.
You'll want to change your relevant use line to import that function:
use Taint::Runtime qw(taint_start taint is_tainted);
In your example Taint.pl script, once this is done, is_tainted($data)
would evaluate to true, is_tainted($noise)
would be false, and is_tainted($evil)
would be true.
If you have a more complex expression to check for taintedness, simply evaluate it into a scalar and if any inputs to that evaluation were tainted, the expression and thus the scalar will also be considered tainted. Checking if that scalar is tainted is equivalent to checking the expression. If the expression produces a list value, something like join will fit it into a scalar well enough to detect taint.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With