File::Find 中的 is_tainted_pp 有何意？

Rob

1. 
   
2.   580:       # check whether or not a scalar variable is tainted
   
3.   581:        # (code straight from the Camel, 3rd ed., page 561)
   
4.   582:        sub is_tainted_pp {
   
5.   583:            my $arg = shift;
   
6.   584:            my $nada = substr($arg, 0, 0); # zero-length
   
7.   585:            local $@;
   
8.   586:            eval { eval "# $nada" };
   
9.   587:            return length($@) != 0;
   
10.   588:        }
    

复制代码

这段代码什么意思？  为何substr要取0字节？ 又为何再放入eval里运行一遍， 有何意义？
摘自 module File::Find


__END__

forlorngenius

churchmice

直接看programming perl 3rd好了

To test whether a scalar variable contains tainted data, you can use the following is_tainted function. It makes use of the fact that evalSTRING raises an exception if you try to compile tainted data. It doesn't matter that the $nada variable used in the expression to compile will always be empty; it will still be tainted if $arg is tainted. The outer evalBLOCK isn't doing any compilation. It's just there to catch the exception raised if the inner eval is given tainted data. Since the $@ variable is guaranteed to be nonempty after each eval if an exception was raised and empty otherwise, we return the result of testing whether its length was zero:

sub is_tainted {
    my $arg = shift;
    my $nada = substr($arg, 0, 0);  # zero-length
    local $@;  # preserve caller's version
    eval { eval "# $nada" };
    return length($@) != 0;
}