File: slurp_filename.pm

package info (click to toggle)
libapache2-mod-perl2 2.0.9~1624218-2%2Bdeb8u2
  • links: PTS, VCS
  • area: main
  • in suites: jessie
  • size: 11,912 kB
  • ctags: 4,588
  • sloc: perl: 95,064; ansic: 14,527; makefile: 49; sh: 18
file content (80 lines) | stat: -rw-r--r-- 2,051 bytes parent folder | download | duplicates (7) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
 
# please insert nothing before this line: -*- mode: cperl; cperl-indent-level: 4; cperl-continued-statement-offset: 4; indent-tabs-mode: nil -*-
package TestAPI::slurp_filename;

# test slurp_filename()'s taintness options and that it works properly
# with utf8 data

use strict;
use warnings FATAL => 'all';

use Apache::Test;
use Apache::TestUtil;

use Apache2::RequestUtil ();
use ModPerl::Util;

use Apache2::Const -compile => 'OK';

my $expected = <<EOI;
English: Internet
Hebrew : \x{05D0}\x{05D9}\x{05E0}\x{05D8}\x{05E8}\x{05E0}\x{05D8}
EOI

sub handler {
    my $r = shift;

    plan $r, tests => 5, need 'mod_alias';

    {
        my $data = $r->slurp_filename(0); # untainted
        my $received = eval $$data;
        ok t_cmp($received, $expected, "slurp filename untainted");
    }

    {
        my $data = $r->slurp_filename; # tainted
        my $received = eval { eval $$data };
        ok t_cmp($@, qr/Insecure dependency in eval/,
                 "slurp filename tainted");

        ModPerl::Util::untaint($$data);
        $received = eval $$data;
        ok t_cmp($received, $expected, "slurp filename untainted");
    }

    {
        # just in case we will encounter some probs in the future,
        # here is pure perl function for comparison
        my $data = slurp_filename_perl($r); # tainted
        my $received = eval { eval $$data };
        ok t_cmp($@, qr/Insecure dependency in eval/,
                 "slurp filename (perl) tainted");

        ModPerl::Util::untaint($$data);
        $received = eval $$data;
        ok t_cmp($received, $expected, "slurp filename (perl) untainted");
    }

    Apache2::Const::OK;
}

sub slurp_filename_perl {
    my $r = shift;
    open my $fh, $r->filename;
    local $/;
    my $data = <$fh>;
    close $fh;
    return \$data;
}

1;
__END__
<NoAutoConfig>
    <IfModule mod_alias.c>
        Alias /slurp/ @DocumentRoot@/api/
    </IfModule>
    <Location /slurp/>
        SetHandler modperl
        PerlResponseHandler TestAPI::slurp_filename
    </Location>
</NoAutoConfig>