So the question is: is there a way to detaint arbitary data in Perl without using hash keys or regexes or XS?
Something hit me. This:
#!/usr/bin/perl -sTl
use warnings;
use strict;
use Scalar::Util 'tainted';
no strict 'refs';
for my $name (keys %{'::'}) {
printf "%s:%d\n", $name, tainted($name)
if $name =~ /^[a-z]\w+$/i
&& $$name;
}
Execute that like
./taint.plx -dakdjhasd and you get
$name with
dakdjhasd in it, untainted.
This is not the same thing, but what it does do is take some untrusted data that you normally might expect to be tainted, since it's just data on the command line, and makes it trusted. But this is not arbitrary data, and it is not tainted in the first place (and therefore not untainted). Interesting though. Then I thought:
#!/usr/bin/perl -Tl
use warnings;
use strict;
use Scalar::Util 'tainted';
no strict 'refs';
my $foo = $ENV{HOME};
printf "%s:%d\n", $foo, tainted($foo);
${'::' . $foo} = 'la la la';
my $bar;
for my $name (keys %{'::'}) {
if ($name eq $foo) {
$bar = $name;
last;
}
}
printf "%s:%d\n", $bar, tainted($bar);
W00t. Data is untainted!
Now, I know, this is still basically using hash keys, since the symbol table is a hash. But I don't care. Also, it wouldn't necessarily work with arbitrary data, given symbol table limitations.
Just something passing through my head.
