Stack Overflow
Stack Overflow

Questions tagged [taint]

Taint checking is a security-related software analysis technique.

Taint checking asumes that any variable that can be modified by an external user poses a potential security risk. A taint checking tool compiles a list of all variables which are potentially influenced by outside input. If any of these variables is used to execute dangerous commands (such as direct commands to a SQL database or the host computer operating system), the taint checker warns that the program is using a potentially dangerous tainted variable.

70 questions
5
votes
1 answer

Insecure dependency with Inline::Python

What could explain this compile-time error message when running Inline::Python in -T mode? Insecure dependency in open while running with -T switch at /usr/local/lib/perl/5.14.2/Inline/Python.pm line 193. Line 193 is where Inline::Python opens…
scozy
  • 2,511
  • 17
  • 34
4
votes
3 answers

How does Rails taint active record columns by default?

Question about Rails magic: I was playing with IRB and the tainted? method, then I just did the following: >> User.first.attributes.collect { |column, value| [column, value.tainted?] } => [["phone", true], ["state", false], ["persistence_token",…
jrichardlai
  • 3,317
  • 4
  • 21
  • 24
4
votes
1 answer

Tainting of constants in unpruned branches

Perl's apparent behavior is to taint constants in branches remaining after branch pruning based on a tainted condition. Is this documented? This outputs 1: bash$ T="" perl -Tle ' use constant T=>$ENV{T}; use Scalar::Util qw/tainted/; exit if…
Never Sleep Again
  • 1,331
  • 1
  • 9
  • 10
4
votes
2 answers

Perl's taint mode in PHP

Just wondering... is there a PHP equivalent to Perl's Taint Mode? I don't think there is, but thought I'd ask.
Stephen Sorensen
  • 11,455
  • 13
  • 33
  • 46
4
votes
1 answer

Why does Perl not want to require certain files when running under -T?

I recently noticed that on my system it is not possible to require 'lib/file.pl' when running under -T, but require './lib/file.pl' works. $ perl -wT -e 'require "lib/file.pl";' Can't locate lib/file.pl in @INC (@INC contains:…
simbabque
  • 53,749
  • 8
  • 73
  • 136
3
votes
1 answer

Ballerina, Using Json Response from REST-API

My professor wants me to write a little tutorial on how to deploy Ballerina services. So I'm trying to learn it. I'm using Version 1.2 and I'm a bit overwhelmed by the concept of taint checking and the variable types... I'm trying to write a minimal…
Jan-Ole Hübner
  • 114
  • 10
3
votes
1 answer

Insecure $ENV{ENV} while running with -T switch

When I try the last example from perlfaq5: How-do-I-count-the-number-of-lines-in-a-file? I get an error-message. What should I do to get the script working? #!/usr/local/bin/perl -T use warnings; use 5.012; $ENV{PATH} = undef; my $filename =…
sid_com
  • 24,137
  • 26
  • 96
  • 187
3
votes
1 answer

Javascript taint analysis using WALA

I am developing a Firefox OS application analysis tool that classifies given application to malicious or non malicious based on code analysis. My initial work is to perform static taint analysis of JavaScript files. Is it possible to do it using…
Shahanas
  • 71
  • 7
3
votes
0 answers

Html2Canvas with leaflet map - not render canvas

First of all thanks for your help. I'm using html2canvas to get an image of my app web and share it in social networks. In the app there is a leaflet map with a canvas layer but the result image is incomplete. I put option L_PREFER_CANVAS = true; to…
CMM
  • 311
  • 3
  • 9
3
votes
1 answer

printk won't work any more after seeing some kernel taint message

All I'm developing a module in Fedora14 with linux kernel 2.6.35. The OS is running in virtual box actually. What I observed is that after I made some changes to my code and hit a taint kernel warning, the printk won't work any more, even if I…
Hanks
  • 349
  • 1
  • 2
  • 15
3
votes
1 answer

Static taint analysis for Java programs

I am not sure if this is the right place to ask, any help would be appreciated. I want to build a static taint analysis tool for Java. My understanding is that tool will scan all the java files starting from the main entry point. And for each line…
Junaid
  • 1,668
  • 7
  • 30
  • 51
3
votes
2 answers

Canvas 'tainted' after drawing SVG

Similar questions have been asked, and the REASON for the problem is well understood, what I'm asking for is alternatives or work-arounds: What I'd like to do is get a data-URL out of a canvas that has an SVG document drawn onto it. I've tried all…
trjh2k2
  • 41
  • 3
3
votes
1 answer

Increase security by creating un-eval-uatable ("unparsable cruft") JSON?

we are looking at using the unparseable curft approach to our json as an extra level of security. In looking at the approaches, I've come across google's while(1); and facebook's for(;;); and then another mention of {}&& I've seen comments…
Jason
  • 7,612
  • 14
  • 77
  • 127
2
votes
1 answer

Insecure dependency in open while running with -T switch [PERL]

I have a function like this: open my $pipe, "-|", '/usr/bin/externalcmd | /usr/bin/awk \'{print $2" "$4}\'' || die "can't fork command: $!"; while (<$pipe>) { my ($if, $ip) = split; my $file = "/some/file/$if"; open (FILE,…
Lucky
  • 627
  • 5
  • 15
2
votes
2 answers

How to reserve certain worker nodes for a namespace

I would like to reserve some worker nodes for a namespace. I see the notes of stackflow and medium How to assign a namespace to certain nodes? https://medium.com/@alejandro.ramirez.ch/reserving-a-kubernetes-node-for-specific-nodes-e75dc8297076 I…
Honord
  • 101
  • 1
  • 8
1
2
3 4 5