diff options
| author |   Frédéric Buclin <LpSolit@gmail.com> | 2014-10-06 14:35:25 +0000 |
|---|---|---|
| committer |   David Lawrence <dkl@mozilla.com> | 2014-10-06 14:35:25 +0000 |
| commit | 63640672ad5fd22be896995ffe7faf72c42734dc (patch) | |
| tree | 12d6bbd3607246e43c603763edb0df6ae6fd1375 | |
| parent | Bug 1075578: [SECURITY] Improper filtering of CGI arguments (diff) | |
| download | bugzilla-63640672ad5fd22be896995ffe7faf72c42734dc.tar.gz bugzilla-63640672ad5fd22be896995ffe7faf72c42734dc.tar.bz2 bugzilla-63640672ad5fd22be896995ffe7faf72c42734dc.zip | |
Bug 1074980: Forbid the { foo => $cgi->param() } syntax to prevent data override
r=dkl,a=sgreen
| -rw-r--r-- | t/002goodperl.t | 33 |
1 files changed, 32 insertions, 1 deletions
diff --git a/t/002goodperl.t b/t/002goodperl.t index e691b39dd..2cbee8ef5 100644 --- a/t/002goodperl.t +++ b/t/002goodperl.t @@ -16,7 +16,7 @@ use lib 't'; use Support::Files; -use Test::More tests => (scalar(@Support::Files::testitems) * 3); +use Test::More tests => (scalar(@Support::Files::testitems) * 4); my @testitems = @Support::Files::testitems; # get the files to test. @@ -110,4 +110,35 @@ foreach my $file (@testitems) { close(FILE); } + +# Forbird the { foo => $cgi->param() } syntax, for security reasons. +foreach my $file (@testitems) { + $file =~ s/\s.*$//; # nuke everything after the first space (#comment) + next unless $file; # skip null entries + if (!open(FILE, $file)) { + ok(0, "could not open $file --WARNING"); + next; + } + my $lineno = 0; + my @unsafe_args; + + while (my $file_line = <FILE>) { + $lineno++; + $file_line =~ s/^\s*(.+)\s*$/$1/; # Remove leading and trailing whitespaces. + if ($file_line =~ /^[^#]+=> \$cgi\->param/) { + push(@unsafe_args, "$file_line on line $lineno"); + } + } + + if (@unsafe_args) { + ok(0, "$file incorrectly passes a CGI argument to a hash --ERROR\n" . + join("\n", @unsafe_args)); + } + else { + ok(1, "$file has no vulnerable hash syntax"); + } + + close(FILE); +} + exit 0; |