Open garu opened 3 years ago
So this also bit me at work, $dir
is tainted which then spreads to $file
and then fails the open
. A grotesque "fix" looks like this:
--- a/lib/Test2/Formatter/Stream.pm
+++ b/lib/Test2/Formatter/Stream.pm
@@ -89,6 +89,8 @@ sub fh {
$pid = $self->{+_PID} = $$;
$tid = $self->{+_TID} = get_tid();
+ ($dir) = $dir =~ /(.*)/;
+
my $file = File::Spec->catfile($dir, join(ipc_separator() => 'events', $pid, $tid) . ".jsonl");
my @now = ($<, $>, $(, $));
But I'm confident there must be a more targetted fix available. I am however surprised how little attention this issue is getting, is running tests under taint mode really that rare!?
Hey there!
First of all, thank you so much for the amazing work you do, not just with yath but with the whole Test2 suite. It's super shiny, I really enjoy it! š
So much so I've been looking to s/prove/yath/ on all my projects, but I've ran into this issue. I need to test for taintedness detection and to do so the test script must be run with
-T
. But when I do so, yath dies on me šPlease let me know if there's anything I can do to help track this down.
Thanks again!