- 论坛徽章:
- 0
|
直接看programming perl 3rd好了
To test whether a scalar variable contains tainted data, you can use the following is_tainted function. It makes use of the fact that evalSTRING raises an exception if you try to compile tainted data. It doesn't matter that the $nada variable used in the expression to compile will always be empty; it will still be tainted if $arg is tainted. The outer evalBLOCK isn't doing any compilation. It's just there to catch the exception raised if the inner eval is given tainted data. Since the $@ variable is guaranteed to be nonempty after each eval if an exception was raised and empty otherwise, we return the result of testing whether its length was zero:
sub is_tainted {
my $arg = shift;
my $nada = substr($arg, 0, 0); # zero-length
local $@; # preserve caller's version
eval { eval "# $nada" };
return length($@) != 0;
} |
|