 |
|
Item14910: Remove Taint::Runtime
Priority: Normal
Current State: Closed
Released In: 2.1.7
Target Release: patch
Current State: Closed
Released In: 2.1.7
Target Release: patch
Insecure dependency in chdir while running with -T switch
See below.
FuncTests::test_moveTopic
*** Insecure dependency in chdir while running with -T switch at /usr/share/perl5/vendor_perl/File/Copy/Recursive.pm line 413.
at /home/tim/foswiki/core/test/unit/FoswikiTestCase.pm line 45.
#09;FoswikiTestCase::__ANON__("Insecure dependency in chdir while running with -T switch at "...) called at /usr/share/perl5/vendor_perl/File/Copy/Recursive.pm line 413
#09;File::Copy::Recursive::pathempty("Name1") called at /usr/share/perl5/vendor_perl/File/Copy/Recursive.pm line 475
#09;File::Copy::Recursive::pathrmdir("Name1") called at /usr/share/perl5/vendor_perl/File/Copy/Recursive.pm line 405
#09;File::Copy::Recursive::pathempty("ATTACHMENTS") called at /usr/share/perl5/vendor_perl/File/Copy/Recursive.pm line 475
#09;File::Copy::Recursive::pathrmdir("ATTACHMENTS") called at /usr/share/perl5/vendor_perl/File/Copy/Recursive.pm line 405
#09;File::Copy::Recursive::pathempty("/home/tim/foswiki/core/data/TemporaryFuncTestWebFunc/SourceTo"...) called at /usr/share/perl5/vendor_perl/File/Copy/Recursive.pm line 475
#09;File::Copy::Recursive::pathrmdir("/home/tim/foswiki/core/data/TemporaryFuncTestWebFunc/SourceTo"...) called at /usr/share/perl5/vendor_perl/File/Copy/Recursive.pm line 115
#09;File::Copy::Recursive::__ANON__(0, "/home/tim/foswiki/core/data/TemporaryFuncTestWebFunc/SourceTo"..., "/home/tim/foswiki/core/data/TemporaryFuncTestWebFunc/TargetTo"...) called at /usr/share/perl5/vendor_perl/File/Copy/Recursive.pm line 339
#09;File::Copy::Recursive::dirmove("/home/tim/foswiki/core/data/TemporaryFuncTestWebFunc/SourceTo"..., "/home/tim/foswiki/core/data/TemporaryFuncTestWebFunc/TargetTo"...) called at /home/tim/foswiki/core/lib/Foswiki/Store/PlainFile.pm line 1420
#09;Foswiki::Store::PlainFile::_moveFile("/home/tim/foswiki/core/data/TemporaryFuncTestWebFunc/SourceTo"..., "/home/tim/foswiki/core/data/TemporaryFuncTestWebFunc/TargetTo"...) called at /home/tim/foswiki/core/lib/Foswiki/Store/PlainFile.pm line 293
#09;Foswiki::Store::PlainFile::moveTopic(Foswiki::Store::PlainFile=HASH(0x55cb6b54add0), Foswiki::Meta=HASH(0x55cb6b5a8b50), Foswiki::Meta=HASH(0x55cb6b536bd8), "BaseUserMapping_666") called at /home/tim/foswiki/core/lib/Foswiki/Meta.pm line 2293
#09;Foswiki::Meta::__ANON__() called at /usr/share/perl5/vendor_perl/Error.pm line 465
#09;eval {...} called at /usr/share/perl5/vendor_perl/Error.pm line 454
#09;Error::subs::try(CODE(0x55cb6b17a338), HASH(0x55cb6b40cbe0)) called at /home/tim/foswiki/core/lib/Foswiki/Meta.pm line 2310
#09;Foswiki::Meta::move(Foswiki::Meta=HASH(0x55cb6b5a8b50), Foswiki::Meta=HASH(0x55cb6b536bd8)) called at /home/tim/foswiki/core/lib/Foswiki/Func.pm line 2179
#09;Foswiki::Func::moveTopic("TemporaryFuncTestWebFunc", "SourceTopic", "TemporaryFuncTestWebFunc", "TargetTopic") called at /home/tim/foswiki/core/test/unit/FuncTests.pm line 1220
#09;FuncTests::test_moveTopic(FuncTests=HASH(0x55cb6ae90900)) called at /home/tim/foswiki/core/lib/Unit/TestRunner.pm line 575
#09;Unit::TestRunner::__ANON__() called at /usr/share/perl5/vendor_perl/Error.pm line 465
#09;eval {...} called at /usr/share/perl5/vendor_perl/Error.pm line 454
#09;Error::subs::try(CODE(0x55cb6b11af48), HASH(0x55cb6b50e6f8)) called at /home/tim/foswiki/core/lib/Unit/TestRunner.pm line 602
#09;Unit::TestRunner::runOne(Unit::TestRunner=HASH(0x55cb58f08a38), FuncTests=HASH(0x55cb6ae90900), "FuncTests", undef) called at /home/tim/foswiki/core/lib/Unit/TestRunner.pm line 163
#09;Unit::TestRunner::start(Unit::TestRunner=HASH(0x55cb58f08a38), "FoswikiSuite.pm") called at ../bin/TestRunner.pl line 143.
FuncTests::test_checkAccessPermission
-- TimothyLegge - 28 May 2020
The tainted string is created within File::Copy::Recursive, line 375
my $starting_point = Cwd::cwd();This string is tainted. And we can't do anything about it. My advice would be to disable taintedness in the unit tests. Either once and forever, or via
export FOSWIKI_NOTAINT=1before running the tests. -- MichaelDaum - 28 May 2020 We do not run Foswiki in taint mode anyway. So the tests don't need it either. CPAN modules fail under it anyway. Without taint mode compiling locale files is fine as well. So I am going to remove Taint::Runtime and all of the fun code working around it. -- MichaelDaum - 13 Oct 2020
ItemTemplate edit
| Summary | Remove Taint::Runtime |
| ReportedBy | TimothyLegge |
| Codebase | |
| SVN Range | |
| AppliesTo | Extension |
| Component | UnitTestContrib, core |
| Priority | Normal |
| CurrentState | Closed |
| WaitingFor | |
| Checkins | distro:f7883707e061 distro:d3aae895c07e |
| TargetRelease | patch |
| ReleasedIn | 2.1.7 |
| CheckinsOnBranches | Release02x01 master |
| trunkCheckins | |
| masterCheckins | distro:d3aae895c07e |
| ItemBranchCheckins | |
| Release02x01Checkins | distro:f7883707e061 |
| Release02x00Checkins | |
| Release01x01Checkins |
Edit | Attach | Print version | History: r5 < r4 < r3 < r2 | Backlinks | View wiki text | Edit wiki text | More topic actions
Topic revision: r5 - 28 Mar 2022, MichaelDaum
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. 
Legal Imprint Privacy Policy
Legal Imprint Privacy Policy