You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by jm...@apache.org on 2007/01/12 18:21:26 UTC

svn commit: r495649 - in /spamassassin/trunk: lib/Mail/SpamAssassin/Message.pm lib/Mail/SpamAssassin/Util.pm t/data/taintcheckplugin.pm t/tainted_msg.t

Author: jm
Date: Fri Jan 12 09:21:25 2007
New Revision: 495649

URL: http://svn.apache.org/viewvc?view=rev&rev=495649
Log:
bug 5283: Message::get_pristine_header() should produce tainted output, since it's a section of the raw, tainted, input message.  Add taint_var() API to Util.pm to support this.   also, t/tainted_msg.t was being skipped on too many platforms unnecessarily

Modified:
    spamassassin/trunk/lib/Mail/SpamAssassin/Message.pm
    spamassassin/trunk/lib/Mail/SpamAssassin/Util.pm
    spamassassin/trunk/t/data/taintcheckplugin.pm
    spamassassin/trunk/t/tainted_msg.t

Modified: spamassassin/trunk/lib/Mail/SpamAssassin/Message.pm
URL: http://svn.apache.org/viewvc/spamassassin/trunk/lib/Mail/SpamAssassin/Message.pm?view=diff&rev=495649&r1=495648&r2=495649
==============================================================================
--- spamassassin/trunk/lib/Mail/SpamAssassin/Message.pm (original)
+++ spamassassin/trunk/lib/Mail/SpamAssassin/Message.pm Fri Jan 12 09:21:25 2007
@@ -361,7 +361,14 @@
   return $self->{pristine_headers} unless $hdr;
   my(@ret) = $self->{pristine_headers} =~ /^\Q$hdr\E:[ \t]+(.*?\n(?![ \t]))/smgi;
   if (@ret) {
-    return wantarray ? @ret : $ret[-1];
+    # ensure the response retains taintedness (bug 5283)
+    if (wantarray) {
+      return map {
+                Mail::SpamAssassin::Util::taint_var($_);
+              } @ret;
+    } else {
+      return Mail::SpamAssassin::Util::taint_var($ret[-1]);
+    }
   }
   else {
     return $self->get_header($hdr);

Modified: spamassassin/trunk/lib/Mail/SpamAssassin/Util.pm
URL: http://svn.apache.org/viewvc/spamassassin/trunk/lib/Mail/SpamAssassin/Util.pm?view=diff&rev=495649&r1=495648&r2=495649
==============================================================================
--- spamassassin/trunk/lib/Mail/SpamAssassin/Util.pm (original)
+++ spamassassin/trunk/lib/Mail/SpamAssassin/Util.pm Fri Jan 12 09:21:25 2007
@@ -284,6 +284,19 @@
 
 ###########################################################################
 
+sub taint_var {
+  my ($v) = @_;
+  return $v unless defined $v;      # can't taint "undef"
+
+  # $^X is apparently "always tainted".  We can use this to render
+  # a string tainted as follows:
+  $v .= $^X; $v =~ s/${^X}$//;
+
+  return $v;
+}
+
+###########################################################################
+
 # timezone mappings: in case of conflicts, use RFC 2822, then most
 # common and least conflicting mapping
 my %TZ = (

Modified: spamassassin/trunk/t/data/taintcheckplugin.pm
URL: http://svn.apache.org/viewvc/spamassassin/trunk/t/data/taintcheckplugin.pm?view=diff&rev=495649&r1=495648&r2=495649
==============================================================================
--- spamassassin/trunk/t/data/taintcheckplugin.pm (original)
+++ spamassassin/trunk/t/data/taintcheckplugin.pm Fri Jan 12 09:21:25 2007
@@ -43,10 +43,8 @@
   # print "tainted get_all_metadata found\n"
   # if (is_tainted($m->get_all_metadata()));
 
-  # TODO!
-  # print "tainted get_pristine_header found\n"
-  # if (is_tainted($m->get_pristine_header("Subject")));
-
+  print "tainted get_pristine_header found\n"
+    if (is_tainted($m->get_pristine_header("Subject")));
   print "tainted get_pristine found\n"
     if (is_tainted($m->get_pristine()));
   print "tainted get_pristine_body found\n"

Modified: spamassassin/trunk/t/tainted_msg.t
URL: http://svn.apache.org/viewvc/spamassassin/trunk/t/tainted_msg.t?view=diff&rev=495649&r1=495648&r2=495649
==============================================================================
--- spamassassin/trunk/t/tainted_msg.t (original)
+++ spamassassin/trunk/t/tainted_msg.t Fri Jan 12 09:21:25 2007
@@ -11,13 +11,13 @@
   }
 }
 
+$NO_SPAMD_REQUIRED=1;
 use lib '.'; use lib 't';
 use SATest; sa_t_init("tainted_msg");
 
-use Mail::SpamAssassin::Util;
-use constant AM_TAINTED => Mail::SpamAssassin::Util::am_running_in_taint_mode();
+use constant AM_TAINTED => (!defined($ENV{'TEST_PERL_TAINT'}) or $ENV{'TEST_PERL_TAINT'} ne 'no');
 
-use Test; BEGIN { plan tests => AM_TAINTED ? 8 : 0 };
+use Test; BEGIN { plan tests => AM_TAINTED ? 9 : 0 };
 
 exit unless AM_TAINTED;
 
@@ -28,6 +28,7 @@
   q{ tainted get_header found } => '',
   q{ tainted get_pristine found } => '',
   q{ tainted get_pristine_body found } => '',
+  q{ tainted get_pristine_header found } => '',
   q{ tainted get_body found } => '',
   q{ tainted get_visible_rendered_body_text_array found } => '',
   q{ tainted get_decoded_body_text_array found } => '',
@@ -39,6 +40,8 @@
 tstlocalrules ("
     loadplugin myTestPlugin ../../data/taintcheckplugin.pm
 ");
+
+$ENV{'PATH'} = '/bin:/usr/bin';
 
 ok (sarun ("-L -t < data/spam/gtube.eml", \&patterns_run_cb));
 ok_all_patterns();