You are here: Foswiki>Tasks Web>Item14910 (11 Jun 2020, MichaelDaum)Edit Attach

Item14910: Insecure dependency in chdir while running with -T switch

pencil
Priority: Normal
Current State: New
Released In: n/a
Target Release: n/a
Applies To: Extension
Component: UnitTestContrib
Branches:
Reported By: TimothyLegge
Waiting For:
Last Change By: MichaelDaum
Another test error
       FuncTests::test_moveTopic
***  Insecure dependency in chdir while running with -T switch at /usr/share/perl5/vendor_perl/File/Copy/Recursive.pm line 413.
 at /home/tim/foswiki/core/test/unit/FoswikiTestCase.pm line 45.
#09;FoswikiTestCase::__ANON__("Insecure dependency in chdir while running with -T switch at "...) called at /usr/share/perl5/vendor_perl/File/Copy/Recursive.pm line 413
#09;File::Copy::Recursive::pathempty("Name1") called at /usr/share/perl5/vendor_perl/File/Copy/Recursive.pm line 475
#09;File::Copy::Recursive::pathrmdir("Name1") called at /usr/share/perl5/vendor_perl/File/Copy/Recursive.pm line 405
#09;File::Copy::Recursive::pathempty("ATTACHMENTS") called at /usr/share/perl5/vendor_perl/File/Copy/Recursive.pm line 475
#09;File::Copy::Recursive::pathrmdir("ATTACHMENTS") called at /usr/share/perl5/vendor_perl/File/Copy/Recursive.pm line 405
#09;File::Copy::Recursive::pathempty("/home/tim/foswiki/core/data/TemporaryFuncTestWebFunc/SourceTo"...) called at /usr/share/perl5/vendor_perl/File/Copy/Recursive.pm line 475
#09;File::Copy::Recursive::pathrmdir("/home/tim/foswiki/core/data/TemporaryFuncTestWebFunc/SourceTo"...) called at /usr/share/perl5/vendor_perl/File/Copy/Recursive.pm line 115
#09;File::Copy::Recursive::__ANON__(0, "/home/tim/foswiki/core/data/TemporaryFuncTestWebFunc/SourceTo"..., "/home/tim/foswiki/core/data/TemporaryFuncTestWebFunc/TargetTo"...) called at /usr/share/perl5/vendor_perl/File/Copy/Recursive.pm line 339
#09;File::Copy::Recursive::dirmove("/home/tim/foswiki/core/data/TemporaryFuncTestWebFunc/SourceTo"..., "/home/tim/foswiki/core/data/TemporaryFuncTestWebFunc/TargetTo"...) called at /home/tim/foswiki/core/lib/Foswiki/Store/PlainFile.pm line 1420
#09;Foswiki::Store::PlainFile::_moveFile("/home/tim/foswiki/core/data/TemporaryFuncTestWebFunc/SourceTo"..., "/home/tim/foswiki/core/data/TemporaryFuncTestWebFunc/TargetTo"...) called at /home/tim/foswiki/core/lib/Foswiki/Store/PlainFile.pm line 293
#09;Foswiki::Store::PlainFile::moveTopic(Foswiki::Store::PlainFile=HASH(0x55cb6b54add0), Foswiki::Meta=HASH(0x55cb6b5a8b50), Foswiki::Meta=HASH(0x55cb6b536bd8), "BaseUserMapping_666") called at /home/tim/foswiki/core/lib/Foswiki/Meta.pm line 2293
#09;Foswiki::Meta::__ANON__() called at /usr/share/perl5/vendor_perl/Error.pm line 465
#09;eval {...} called at /usr/share/perl5/vendor_perl/Error.pm line 454
#09;Error::subs::try(CODE(0x55cb6b17a338), HASH(0x55cb6b40cbe0)) called at /home/tim/foswiki/core/lib/Foswiki/Meta.pm line 2310
#09;Foswiki::Meta::move(Foswiki::Meta=HASH(0x55cb6b5a8b50), Foswiki::Meta=HASH(0x55cb6b536bd8)) called at /home/tim/foswiki/core/lib/Foswiki/Func.pm line 2179
#09;Foswiki::Func::moveTopic("TemporaryFuncTestWebFunc", "SourceTopic", "TemporaryFuncTestWebFunc", "TargetTopic") called at /home/tim/foswiki/core/test/unit/FuncTests.pm line 1220
#09;FuncTests::test_moveTopic(FuncTests=HASH(0x55cb6ae90900)) called at /home/tim/foswiki/core/lib/Unit/TestRunner.pm line 575
#09;Unit::TestRunner::__ANON__() called at /usr/share/perl5/vendor_perl/Error.pm line 465
#09;eval {...} called at /usr/share/perl5/vendor_perl/Error.pm line 454
#09;Error::subs::try(CODE(0x55cb6b11af48), HASH(0x55cb6b50e6f8)) called at /home/tim/foswiki/core/lib/Unit/TestRunner.pm line 602
#09;Unit::TestRunner::runOne(Unit::TestRunner=HASH(0x55cb58f08a38), FuncTests=HASH(0x55cb6ae90900), "FuncTests", undef) called at /home/tim/foswiki/core/lib/Unit/TestRunner.pm line 163
#09;Unit::TestRunner::start(Unit::TestRunner=HASH(0x55cb58f08a38), "FoswikiSuite.pm") called at ../bin/TestRunner.pl line 143.
 
        FuncTests::test_checkAccessPermission

-- TimothyLegge - 28 May 2020

The tainted string is created within File::Copy::Recursive, line 375

my $starting_point = Cwd::cwd();

This string is tainted. And we can't do anything about it. My advice would be to disable taintedness in the unit tests. Either once and forever, or via

export FOSWIKI_NOTAINT=1

before running the tests.

-- MichaelDaum - 28 May 2020
 

ItemTemplate edit

Summary Insecure dependency in chdir while running with -T switch
ReportedBy TimothyLegge
Codebase
SVN Range
AppliesTo Extension
Component UnitTestContrib
Priority Normal
CurrentState New
WaitingFor
Checkins
TargetRelease n/a
ReleasedIn n/a
CheckinsOnBranches
trunkCheckins
masterCheckins
ItemBranchCheckins
Release02x01Checkins
Release02x00Checkins
Release01x01Checkins
Topic revision: r3 - 11 Jun 2020, MichaelDaum - This page was cached on 30 Sep 2020 - 15:07.

The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy