Foswiki on GitHub is open for business! Next release meeting: Monday September 29, 1300Z

Item2091: Enabling LINKTOOLTIPINFO causes taint error

Priority: CurrentState: AppliesTo: Component: WaitingFor:
Urgent Closed Engine    
Enabling LINKTOOLTIPINFO causes taint error

problem is related to locale combined with converting characters to upper case.

Depending on your perl version you may require $ENV{FOSWIKI_ASSERTS} = 1; to be uncommented in bin/LocalLib.cfg to see this. But potentially it will also fail in normal non debug mode.

-- KennethLavrsen - 17 Sep 2009

This only manifests if taint checking is enabled with ASSERTS on, so arguably it's not a release blocker. However it makes it really hard to debug if turning on asserts causes loads of taint errors!

There are a number of possible solutions to this problem. perllocale tells use that:
  • Case-mapping interpolation (with \l, \L, \u or \U)

    Result string containing interpolated material is tainted if use locale is in effect.

  • Matching operator (m//):

    Subpatterns, either delivered as a list-context result or as $1 etc. are tainted if use locale is in effect, and the subpattern regular expression contains \w (to match an alphanumeric character), \W (non-alphanumeric character), \s (whitespace character), or \S (non whitespace character). The matched-pattern variable, $&, $` (pre-match), $' (post-match), and $+ (last match) are also tainted if use locale is in effect and the regular expression contains \w, \W, \s, or \S.

  • Substitution operator (s///):

    Has the same behavior as the match operator. Also, the left operand of =~ becomes tainted when use locale in effect if modified as a result of a substitution based on a regular expression match involving \w, \W, \s, or \S; or of case-mapping with \l, \L,\u or \U.

  • Case-mapping functions (lc(), lcfirst(), uc(), ucfirst()):

    Results are tainted if use locale is in effect.

There is no substitute for manual verification of the code for all these cases, unfortunately, as any of them can untaint data. Fortunately I did most of this manual verification during the run up to 1.0.6, and only missed (I hope) LINKTOOLTIPINFO, which I never use so didn't test. Unfortunately this once again points to how essential it is to manually test some of these weirder and less used options.

I think it's sufficient to fix the cases in the LINKTOOLTIPINFO flow where case conversion causes filename taints by using a Sandbox::untaintUnchecked. But I suspect there are other places in the code where these taint errors are lurking.

-- CrawfordCurrie - 18 Sep 2009

ItemTemplate edit

Summary Enabling LINKTOOLTIPINFO causes taint error
ReportedBy KennethLavrsen
Codebase
SVN Range Foswiki-1.0.6, Sun, 21 Jun 2009, build 4272
AppliesTo Engine
Component
Priority Urgent
CurrentState Closed
WaitingFor
Checkins Foswikirev:4974 Foswikirev:4975
TargetRelease patch
ReleasedIn 1.0.7
Topic revision: r6 - 20 Sep 2009, KennethLavrsen
 
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. see CopyrightStatement. Creative Commons License