You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@spamassassin.apache.org on 2019/06/21 09:00:23 UTC
[Bug 7726] New: [review] Enable taint for all tests
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7726
Bug ID: 7726
Summary: [review] Enable taint for all tests
Product: Spamassassin
Version: 3.4.2
Hardware: All
OS: All
Status: NEW
Severity: major
Priority: P2
Component: Regression Tests
Assignee: dev@spamassassin.apache.org
Reporter: hege@hege.li
Target Milestone: Undefined
Created attachment 5662
--> https://bz.apache.org/SpamAssassin/attachment.cgi?id=5662&action=edit
Enable taint for all tests (patch)
As was already seen with Bug 7725, tests that use Mail::SpamAssassin object
directly instead of sarun(), must have taint enabled to catch any tainting
bugs.
Doesn't make sense to enable selectively, people will just forget later for new
tests.
Following changes made and tested, work fine here for multiple Perl versions:
- New simple untaint_var untaint_system untaint_cmd functions in SATest.pm
- system($foo) -> untaint_system($foo)
- `$foo` -> untaint_cmd($foo)
- Add -T to all t/* #!shebangs
See attached patch, lots of files but trivial changes. I vote +1 commit to
3.4.3 to have a chance to catch any other taint bugs there.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7726] [review] Enable taint for all tests
Posted by bu...@spamassassin.apache.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7726
--- Comment #4 from Henrik Krohns <ap...@hege.li> ---
With latest committed fixes, I've quite successfully tested these using only
distro provided perl/modules.
CentOS 7
Ubuntu 16.04.6
Ubuntu 18.04.2
FreeBSD 11.2
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7726] [review] Enable taint for all tests
Posted by bu...@spamassassin.apache.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7726
Kevin A. McGrail <km...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |kmcgrail@apache.org
--- Comment #1 from Kevin A. McGrail <km...@apache.org> ---
+1 and this should be xrefed to another ticket about prove -t failing on a
test.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7726] [review] Enable taint for all tests
Posted by bu...@spamassassin.apache.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7726
--- Comment #2 from Kevin A. McGrail <km...@apache.org> ---
Re: xref, I see you beat me to it :-)
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7726] [review] Enable taint for all tests
Posted by bu...@spamassassin.apache.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7726
Kevin A. McGrail <km...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
--- Comment #5 from Kevin A. McGrail <km...@apache.org> ---
+1 marking resolved
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7726] [review] Enable taint for all tests
Posted by bu...@spamassassin.apache.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7726
Henrik Krohns <he...@hege.li> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|Undefined |3.4.3
CC| |hege@hege.li
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7726] [review] Enable taint for all tests
Posted by bu...@spamassassin.apache.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7726
--- Comment #3 from Henrik Krohns <ap...@hege.li> ---
3.4 and trunk, Committed revision 1861877.
Go run some tests. :-)
--
You are receiving this mail because:
You are the assignee for the bug.