I just released Test::Taint 0.01 to CPAN. I stole most of it from Tom Phoenix' Taint module. I was going to base it on Dan Sugalski's Taint module, but I felt a pure Perl solution made more sense.
I was concerned about duplicating code, but the more I thought about it, it seems that Test::Taint really obviates both Taint distributions. It seems to me that the only time you would want to taint data would be in testing, which of course this covers. Thoughts?
Here's an example:
use Test::Taint tests=>4; taint_checking_ok(); # We have to have taint checking on my $id = "deadbeef"; # Dummy session ID taint( $id ); # Simulate it coming in from the web tainted_ok( $id ); $id = validate_id( $id ); # Your routine to check the $id untainted_ok( $id ); # Did it come back clean? ok( defined $id );
Tainting outside test suites
Adrian on 2004-02-04T11:52:00
You do sometimes want to taint stuff outside of a test suite.
For example, if you're pulling info from an web service or a database you (as the developer) might know that some fields can be trusted and some cannot.
Taint the untrusted ones at the interface layer between your application and the data source, and then you can feel safe that any errors in your handling of potentially dangerous data will be caught by Perl.
Make some sort of vague sense?
