Tainting of constants in unpruned branches

Question

Perl's apparent behavior is to taint constants in branches remaining after branch pruning based on a tainted condition. Is this documented?

This outputs 1:

bash$ T="" perl -Tle '

use constant T=>$ENV{T};
use Scalar::Util qw/tainted/;
exit if T;
print tainted(0)'

It seems like the constant 0 is tainted because everything after the exit (in the original problem it was a return) is in a branch that remains after branch pruning has occurred based on a tainted condition. This happens to be a very nifty feature of Perl's taint mode, but I cannot find documentation for it anywhere. When $ENV{T} is not set or when the condition is on a dynamic access to $ENV{T}, constants are not tainted.

By the way, the best answer I know at this time to the associated implied actual software development problem from which this question arises, of how do I turn off a section of taint-mode perl source at development time without tainting my constants, is, set your constant to a constant instead of a tainted environment variable, like so:

use constant DEBUG_MODE => ( $ENV{DEV_DEBUG} ? 1 : 0 );

This may be fixed after 5.22 https://rt.perl.org/Public/Bug/Display.html?id=122669 — Never Sleep Again, Oct 29 '15 at 15:31

score 0 · Answer 1 · answered Jun 23 '17 at 17:15

the best answer I know at this time to the associated implied actual software development problem from which this question arises, of how do I turn off a section of taint-mode perl source at development time without tainting my constants, is, set your constant to a constant instead of a tainted environment variable, like so:

use constant DEBUG_MODE => ( $ENV{DEV_DEBUG} ? 1 : 0 );

Tainting of constants in unpruned branches

1 Answers1