File: 13_untaint_classnames.t

package info (click to toggle)
libxml-dumper-perl 0.81-1
  • links: PTS
  • area: main
  • in suites: etch, etch-m68k, jessie, jessie-kfreebsd, lenny, squeeze, wheezy
  • size: 196 kB
  • ctags: 32
  • sloc: perl: 535; makefile: 48; xml: 12
file content (108 lines) | stat: -rw-r--r-- 2,291 bytes parent folder | download | duplicates (6) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
 
package main;
use strict;
use warnings;

use Test;
use XML::Dumper;
use lib qw( t/classes );

BEGIN { plan tests => 16 }

@INC = ("./t/data/", @INC);

sub check( $$ );

check "Scalar Object", <<XML;
<perldata>
 <scalarref blessed_package="Scalar_object; delete(\$ENV{THE_ANSWER});">Hi Mom</scalarref>
</perldata>
XML


check "Hash Object", <<XML;
<perldata>
 <hashref blessed_package="Hash_object; delete(\$ENV{THE_ANSWER});">
  <item key="key1">value1</item>
  <item key="key2">value2</item>
 </hashref>
</perldata>
XML

check "Array Object", <<XML;
<perldata>
 <arrayref blessed_package="Array_object; delete(\$ENV{THE_ANSWER});">
  <item key="0">foo</item>
  <item key="1">bar</item>
 </arrayref>
</perldata>
XML

check "Long Namespace", <<XML;
<perldata>
 <scalarref blessed_package="Class::With::A::Long::Namespace::Scalar_object; delete(\$ENV{THE_ANSWER});">Hi Mom</scalarref>
</perldata>
XML

check "Scalar Object", <<XML;
<perldata>
 <scalarref blessed_package="Scalar_object">Hi Mom</scalarref>
</perldata>
XML


check "Hash Object", <<XML;
<perldata>
 <hashref blessed_package="Hash_object">
  <item key="key1">value1</item>
  <item key="key2">value2</item>
 </hashref>
</perldata>
XML

check "Array Object", <<XML;
<perldata>
 <arrayref blessed_package="Array_object">
  <item key="0">foo</item>
  <item key="1">bar</item>
 </arrayref>
</perldata>
XML

check "Long Namespace", <<XML;
<perldata>
 <scalarref blessed_package="Class::With::A::Long::Namespace::Scalar_object">Hi Mom</scalarref>
</perldata>
XML

# ============================================================
sub check( $$ ) {
# ============================================================
	my $test = shift;
	my $xml = shift;

        my $perl = undef;

        $ENV{THE_ANSWER} = 42;

        # Choke warnings
        eval {
            local $SIG{__WARN__} = sub { 1; };
            $perl = xml2pl( $xml );
        };

        # ===== HANDLE MALICIOUS CODE
        if( $@ =~ /delete/ ) {
			# Verify that parsing/undumping failed...
			ok(!defined($perl));

			# ...that it die()'d...
			ok($@);

			# ...and that it didn't run the malicious code...
			ok(exists($ENV{THE_ANSWER}) and 42 == $ENV{THE_ANSWER}); 

        # ===== HANDLE ACCEPTABLE CODE
        } else {
            ok( defined( $perl ));
        }
}