Created
November 9, 2012 14:56
-
-
Save Woody2143/4046144 to your computer and use it in GitHub Desktop.
Untainting data in Moose::Util::TypeConstraints
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [user@host dev]$ ./test.pl 20121112 | |
| 20121112 is tainted! | |
| $VAR1 = bless( { | |
| 'date' => '20121112', | |
| }, 'Index' ); | |
| date is NOT tainted! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package Index; | |
| use Moose; | |
| use namespace::autoclean; | |
| use Index::Types; | |
| use POSIX qw(strftime); | |
| has 'date' => ( | |
| is => 'rw', | |
| isa => 'Index::Types::Date', | |
| default => sub {strftime '%Y%m%d', gmtime;}, | |
| coerce => 1, | |
| ); | |
| _PACKAGE__->meta->make_immutable(); | |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!perl -T | |
| use Modern::Perl; | |
| use lib 'lib'; | |
| use Index; | |
| use Data::Dumper; | |
| use Scalar::Util qw(tainted); | |
| use Try::Tiny; | |
| my $date = $ARGV[0]; | |
| say "$date is tainted!" if tainted($date); | |
| my $index; | |
| try { | |
| $index = Index->new( date => $date ); | |
| say Dumper($index); | |
| say "date made it through moose tainted!" if tainted($index->date); | |
| } catch { | |
| $_ =~ m/__START__(.*)__END__/; | |
| if (defined $1) { | |
| say $1; | |
| } else { | |
| say "SYSTEM ERROR! $_"; | |
| } | |
| }; | |
| say "date is NOT tainted!" unless tainted($index->date); | |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package Index::Types; | |
| use Moose::Util::TypeConstraints; | |
| use Scalar::Util qw(tainted); | |
| subtype 'Index::Types::Date' | |
| => as 'Str' | |
| => where { ( m/^[0-9]{8}$/ && !tainted($_) ) } | |
| => message { "__START__This date ($_) is not a valid date!__END__"}; | |
| coerce 'Index::Types::Date', | |
| from 'Str', | |
| via { | |
| $_ =~ s/[^0-9]//g; # Strip anything that isn't a digit. | |
| $_ =~ m/^([0-9]{8})$/ or die "__START__The date is not a valid!__END__"; | |
| return $1; | |
| }; | |
| 1; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment