Propagating environment to taint tests
Eric Wilhelm
scratchcomputing at gmail.com
Mon Oct 1 00:29:39 BST 2007
# from Michael G Schwern
# on Sunday 30 September 2007 15:09:
>This behavior is pushed down into TAP::Parser, it's not just a
> Test::Harness compatibility thing. I feel it is of a different
> nature then of propagating the harness' @INC down to the tests
> because otherwise the taint tests would be unlikely to run. Consider
> someone who has installed modules via fink. fink puts /sw/lib/perl5
> into PERL5LIB.
Note though that we're making tests run under taint when actual code in
that environment wouldn't find the module (or (eek!) would find a
different one.)
Was this by any chance a workaround for something MakeMaker was doing?
(I notice that the Makefile's PERL5LIB contains "lib".)
I can support the DWIM as far as making taint tests work, but we should
probably think about making it switchable (i.e. the ability to disable
the DWIM and maybe warn when a PERL5LIB-resident module gets loaded
under taint (though the latter my be difficult to determine without
attaching instrumentation to e.g. the test's CORE::GLOBAL::require().))
--Eric
--
perl -e 'srand; print join(" ",sort({rand() < 0.5}
qw(sometimes it is important to be consistent)));'
---------------------------------------------------
http://scratchcomputing.com
---------------------------------------------------
More information about the tapx-dev
mailing list