You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by jm...@apache.org on 2007/01/12 18:21:26 UTC
svn commit: r495649 - in /spamassassin/trunk:
lib/Mail/SpamAssassin/Message.pm lib/Mail/SpamAssassin/Util.pm
t/data/taintcheckplugin.pm t/tainted_msg.t
Author: jm
Date: Fri Jan 12 09:21:25 2007
New Revision: 495649
URL: http://svn.apache.org/viewvc?view=rev&rev=495649
Log:
bug 5283: Message::get_pristine_header() should produce tainted output, since it's a section of the raw, tainted, input message. Add taint_var() API to Util.pm to support this. also, t/tainted_msg.t was being skipped on too many platforms unnecessarily
Modified:
spamassassin/trunk/lib/Mail/SpamAssassin/Message.pm
spamassassin/trunk/lib/Mail/SpamAssassin/Util.pm
spamassassin/trunk/t/data/taintcheckplugin.pm
spamassassin/trunk/t/tainted_msg.t
Modified: spamassassin/trunk/lib/Mail/SpamAssassin/Message.pm
URL: http://svn.apache.org/viewvc/spamassassin/trunk/lib/Mail/SpamAssassin/Message.pm?view=diff&rev=495649&r1=495648&r2=495649
==============================================================================
--- spamassassin/trunk/lib/Mail/SpamAssassin/Message.pm (original)
+++ spamassassin/trunk/lib/Mail/SpamAssassin/Message.pm Fri Jan 12 09:21:25 2007
@@ -361,7 +361,14 @@
return $self->{pristine_headers} unless $hdr;
my(@ret) = $self->{pristine_headers} =~ /^\Q$hdr\E:[ \t]+(.*?\n(?![ \t]))/smgi;
if (@ret) {
- return wantarray ? @ret : $ret[-1];
+ # ensure the response retains taintedness (bug 5283)
+ if (wantarray) {
+ return map {
+ Mail::SpamAssassin::Util::taint_var($_);
+ } @ret;
+ } else {
+ return Mail::SpamAssassin::Util::taint_var($ret[-1]);
+ }
}
else {
return $self->get_header($hdr);
Modified: spamassassin/trunk/lib/Mail/SpamAssassin/Util.pm
URL: http://svn.apache.org/viewvc/spamassassin/trunk/lib/Mail/SpamAssassin/Util.pm?view=diff&rev=495649&r1=495648&r2=495649
==============================================================================
--- spamassassin/trunk/lib/Mail/SpamAssassin/Util.pm (original)
+++ spamassassin/trunk/lib/Mail/SpamAssassin/Util.pm Fri Jan 12 09:21:25 2007
@@ -284,6 +284,19 @@
###########################################################################
+sub taint_var {
+ my ($v) = @_;
+ return $v unless defined $v; # can't taint "undef"
+
+ # $^X is apparently "always tainted". We can use this to render
+ # a string tainted as follows:
+ $v .= $^X; $v =~ s/${^X}$//;
+
+ return $v;
+}
+
+###########################################################################
+
# timezone mappings: in case of conflicts, use RFC 2822, then most
# common and least conflicting mapping
my %TZ = (
Modified: spamassassin/trunk/t/data/taintcheckplugin.pm
URL: http://svn.apache.org/viewvc/spamassassin/trunk/t/data/taintcheckplugin.pm?view=diff&rev=495649&r1=495648&r2=495649
==============================================================================
--- spamassassin/trunk/t/data/taintcheckplugin.pm (original)
+++ spamassassin/trunk/t/data/taintcheckplugin.pm Fri Jan 12 09:21:25 2007
@@ -43,10 +43,8 @@
# print "tainted get_all_metadata found\n"
# if (is_tainted($m->get_all_metadata()));
- # TODO!
- # print "tainted get_pristine_header found\n"
- # if (is_tainted($m->get_pristine_header("Subject")));
-
+ print "tainted get_pristine_header found\n"
+ if (is_tainted($m->get_pristine_header("Subject")));
print "tainted get_pristine found\n"
if (is_tainted($m->get_pristine()));
print "tainted get_pristine_body found\n"
Modified: spamassassin/trunk/t/tainted_msg.t
URL: http://svn.apache.org/viewvc/spamassassin/trunk/t/tainted_msg.t?view=diff&rev=495649&r1=495648&r2=495649
==============================================================================
--- spamassassin/trunk/t/tainted_msg.t (original)
+++ spamassassin/trunk/t/tainted_msg.t Fri Jan 12 09:21:25 2007
@@ -11,13 +11,13 @@
}
}
+$NO_SPAMD_REQUIRED=1;
use lib '.'; use lib 't';
use SATest; sa_t_init("tainted_msg");
-use Mail::SpamAssassin::Util;
-use constant AM_TAINTED => Mail::SpamAssassin::Util::am_running_in_taint_mode();
+use constant AM_TAINTED => (!defined($ENV{'TEST_PERL_TAINT'}) or $ENV{'TEST_PERL_TAINT'} ne 'no');
-use Test; BEGIN { plan tests => AM_TAINTED ? 8 : 0 };
+use Test; BEGIN { plan tests => AM_TAINTED ? 9 : 0 };
exit unless AM_TAINTED;
@@ -28,6 +28,7 @@
q{ tainted get_header found } => '',
q{ tainted get_pristine found } => '',
q{ tainted get_pristine_body found } => '',
+ q{ tainted get_pristine_header found } => '',
q{ tainted get_body found } => '',
q{ tainted get_visible_rendered_body_text_array found } => '',
q{ tainted get_decoded_body_text_array found } => '',
@@ -39,6 +40,8 @@
tstlocalrules ("
loadplugin myTestPlugin ../../data/taintcheckplugin.pm
");
+
+$ENV{'PATH'} = '/bin:/usr/bin';
ok (sarun ("-L -t < data/spam/gtube.eml", \&patterns_run_cb));
ok_all_patterns();