[Bioperl-l] Bio::Root::Root.pm and taint

rich dobbo at thevillas.eclipse.co.uk
Tue Apr 13 19:20:02 EDT 2004


modfying the current untaining code from line 385
resolves for me

FROM:

  if ($name !~ /^([\w:]+)$/) {
	$self->throw("$name is an illegal perl package name");
    
TO:

  if ($name !~ /^([\w:]+)$/) {
	$self->throw("$name is an illegal perl package name");
    }
    else{
	$name=$1;
    }

r


Quoting Jason Stajich <jason at cgt.duhs.duke.edu>:

> presumably you'd get the same thing with SeqIO
> or any of the other
> bits using the dyanamic module loading system.
> 
> hmm - I guess the _load_module routine needs to
> be untainted...
> not something I've worked on in the past - but
> perhaps someone else can
> take a look.
> 
> 
> -j
> 
> On Tue, 13 Apr 2004, rich wrote:
> 
> >
> > Hi, I am having an issue getting a cgi script
> to run in
> > taint mode.
> >
> > The error log shows the message below.
> >
> > User defined input is taken from a form and
> written to a
> > temp file. This is then read with
> Bio::PopGen::IO::csv.
> > Looking at the comments within Root.pm it
> looks as
> > though this had had attention previously
> >
> > cheers
> > Rich
> >
> >
> >
> > MSG: Failed to load module
> Bio::PopGen::IO::csv.
> > Insecure dependency in require while running
> with -T swi
> > tch at
> >
> /usr/local/lib/perl5/site_perl/5.6.1/Bio/Root/Root.pm
> > line 394.
> >
> > STACK Bio::Root::Root::_load_module
> >
> /usr/local/lib/perl5/site_perl/5.6.1/Bio/Root/Root.pm:397
> > STACK (eval)
> >
> /usr/local/lib/perl5/site_perl/5.6.1/Bio/PopGen/IO.pm:267
> > STACK Bio::PopGen::IO::_load_format_module
> >
> /usr/local/lib/perl5/site_perl/5.6.1/Bio/PopGen/IO.pm:266
> > STACK Bio::PopGen::IO::new
> >
> /usr/local/lib/perl5/site_perl/5.6.1/Bio/PopGen/IO.pm:120
> > STACK toplevel
> /usr/apache_ssl/cgi-bin/popgen_format.cgi:106
> >
> _______________________________________________
> > Bioperl-l mailing list
> > Bioperl-l at portal.open-bio.org
> >
> http://portal.open-bio.org/mailman/listinfo/bioperl-l
> >
> 
> --
> Jason Stajich
> Duke University
> jason at cgt.mc.duke.edu
> _______________________________________________
> Bioperl-l mailing list
> Bioperl-l at portal.open-bio.org
> http://portal.open-bio.org/mailman/listinfo/bioperl-l
> 


More information about the Bioperl-l mailing list