[Bioperl-l] Bio::Root::Root.pm and taint

Jason Stajich jason at cgt.duhs.duke.edu
Tue Apr 13 20:28:15 EDT 2004


done - thank you Rich!

On Wed, 14 Apr 2004, rich wrote:

>
> modfying the current untaining code from line 385
> resolves for me
>
> FROM:
>
>   if ($name !~ /^([\w:]+)$/) {
> 	$self->throw("$name is an illegal perl package name");
>
> TO:
>
>   if ($name !~ /^([\w:]+)$/) {
> 	$self->throw("$name is an illegal perl package name");
>     }
>     else{
> 	$name=$1;
>     }
>
> r
>
>
> Quoting Jason Stajich <jason at cgt.duhs.duke.edu>:
>
> > presumably you'd get the same thing with SeqIO
> > or any of the other
> > bits using the dyanamic module loading system.
> >
> > hmm - I guess the _load_module routine needs to
> > be untainted...
> > not something I've worked on in the past - but
> > perhaps someone else can
> > take a look.
> >
> >
> > -j
> >
> > On Tue, 13 Apr 2004, rich wrote:
> >
> > >
> > > Hi, I am having an issue getting a cgi script
> > to run in
> > > taint mode.
> > >
> > > The error log shows the message below.
> > >
> > > User defined input is taken from a form and
> > written to a
> > > temp file. This is then read with
> > Bio::PopGen::IO::csv.
> > > Looking at the comments within Root.pm it
> > looks as
> > > though this had had attention previously
> > >
> > > cheers
> > > Rich
> > >
> > >
> > >
> > > MSG: Failed to load module
> > Bio::PopGen::IO::csv.
> > > Insecure dependency in require while running
> > with -T swi
> > > tch at
> > >
> > /usr/local/lib/perl5/site_perl/5.6.1/Bio/Root/Root.pm
> > > line 394.
> > >
> > > STACK Bio::Root::Root::_load_module
> > >
> > /usr/local/lib/perl5/site_perl/5.6.1/Bio/Root/Root.pm:397
> > > STACK (eval)
> > >
> > /usr/local/lib/perl5/site_perl/5.6.1/Bio/PopGen/IO.pm:267
> > > STACK Bio::PopGen::IO::_load_format_module
> > >
> > /usr/local/lib/perl5/site_perl/5.6.1/Bio/PopGen/IO.pm:266
> > > STACK Bio::PopGen::IO::new
> > >
> > /usr/local/lib/perl5/site_perl/5.6.1/Bio/PopGen/IO.pm:120
> > > STACK toplevel
> > /usr/apache_ssl/cgi-bin/popgen_format.cgi:106
> > >
> > _______________________________________________
> > > Bioperl-l mailing list
> > > Bioperl-l at portal.open-bio.org
> > >
> > http://portal.open-bio.org/mailman/listinfo/bioperl-l
> > >
> >
> > --
> > Jason Stajich
> > Duke University
> > jason at cgt.mc.duke.edu
> > _______________________________________________
> > Bioperl-l mailing list
> > Bioperl-l at portal.open-bio.org
> > http://portal.open-bio.org/mailman/listinfo/bioperl-l
> >
> _______________________________________________
> Bioperl-l mailing list
> Bioperl-l at portal.open-bio.org
> http://portal.open-bio.org/mailman/listinfo/bioperl-l
>

--
Jason Stajich
Duke University
jason at cgt.mc.duke.edu


More information about the Bioperl-l mailing list