Skip Menu |
 

This queue is for tickets about the Test-Harness CPAN distribution.

Report information
The Basics
Id: 32543
Status: resolved
Priority: 0/
Queue: Test-Harness

People
Owner: andy [...] hexten.net
Requestors: tco2 [...] cornell.edu
Cc:
AdminCc:

Bug Information
Severity: Normal
Broken in: 3.07
Fixed in: (no value)



Subject: t/compat/inc-propagation.t logic error testing taint mode?
t/compat/inc-propagation.t implies that it tests the propagation of @INC from the harness to the test for both taint mode as well as non-taint mode. However the file inc_check_taint.t.tmp (which does indeed run in taint mode) that is generated to do the test has for the @INC path, the basic paths, plus PERL5LIB ... yet ... PERL5LIB is not supposed to be included in taint mode. (perlrun) (Compare the output of perl -V and perl -T -V) So it seems the taint test is not realistic. It only ends up differing from the non taint test by the exclusion of the '.' path It should also exclude PERL5LIB generate paths While I have been able to explicitly test all the above by adding print statements to the inc_check_taint.t.tmp code via the inc-propagation.t code that generates that file, I do not understand the Test::Harness code that invokes the test well enough to figure out why @INC is included in PERL5LIB in this case so I can not at this time suggest a fix. (sorry) All this work was done on a fresh install of perl 5.8.8 plus Bundle::CPAN 1.857 on solaris 9 'prove' was the version from Test::Harness 3.0.7
Subject: Re: [rt.cpan.org #32543] t/compat/inc-propagation.t logic error testing taint mode?
Date: Tue, 22 Jan 2008 18:50:47 -0800
To: bug-Test-Harness [...] rt.cpan.org
From: Eric Wilhelm <scratchcomputing [...] gmail.com>
Download (untitled) / with headers
text/plain 439b
# from tco2@cornell.edu via RT # on Tuesday 22 January 2008 14:45: Show quoted text
>However the file  inc_check_taint.t.tmp   (which does indeed run in > taint mode) that is generated to do the test has for the @INC path, > the basic paths, plus PERL5LIB
Show quoted text
> ... yet ... PERL5LIB is not supposed > to be included in taint mode.  (perlrun)
IIRC, this is by-design. The harness passes the PERL5LIB contents as -I switches (in PERL5OPT iirc.) --Eric
Download (untitled) / with headers
text/plain 261b
On Tue Jan 22 21:51:09 2008, scratchcomputing@gmail.com wrote: Show quoted text
> IIRC, this is by-design. The harness passes the PERL5LIB contents as -I > switches (in PERL5OPT iirc.)
Yup, I think that's correct. I'm going to close this one. Thanks for the report though.
Subject: Re: [rt.cpan.org #32543] t/compat/inc-propagation.t logic error testing taint mode?
Date: Wed, 23 Jan 2008 14:24:20 -0500
To: bug-Test-Harness [...] rt.cpan.org
From: Todd Olson <tco2 [...] cornell.edu>
Download (untitled) / with headers
text/plain 1.6k
Hi Eric, Andy Show quoted text
> > IIRC, this is by-design. The harness passes the PERL5LIB contents as -I
>> switches (in PERL5OPT iirc.)
> >Yup, I think that's correct. I'm going to close this one. Thanks for the report though.
Could we not close this just yet? First, thank you for the quick reply and explaining that this is intended behavior. Unfortunately I spent a couple of days on this ... ... which I might have been able to avoid if it was in the pod. What do you think about adding a note on this in two places 1) Test::Harness ... adding to the pod somewhere something like... Taint mode Test::Harness will (mostly) honor -T or -t in the #! line on your test files. So if you begin a test with: #!perl -T the test will be run with taint mode on. However @INC will include any PERL5LIB paths, which is different than running your test file directly (in that case the -T or -t prevents PERL5LIB from being included in @INC, see perl -TV) This is mostly copied from Test::Harness v2.56 which ships with the Perl 5.8.8 distribution. 2) prove ... adding somewhere in the pod notes section ... Taint mode prove will run your tests in taint mode (mostly) either with the -T or -t command line argument or if you have put -T or -t on the #! line in the test file. However @INC will include any PERL5LIB paths, which is different than running your test file directly (in that case the -T or -t prevents PERL5LIB from being included in @INC, see perl -TV) Regards, Todd
On Wed Jan 23 14:25:01 2008, tco2@cornell.edu wrote: Show quoted text
> Hi Eric, Andy >
> > > IIRC, this is by-design. The harness passes the PERL5LIB contents
> as -I
> >> switches (in PERL5OPT iirc.)
> > > >Yup, I think that's correct. I'm going to close this one. Thanks for
> the report though. > > Could we not close this just yet? > > First, thank you for the quick reply and explaining that this is > intended behavior. > > Unfortunately I spent a couple of days on this ... > ... which I might have been able to avoid if it was in the pod. > > > What do you think about adding a note on this in two places > > > 1) Test::Harness ... adding to the pod somewhere something like... > > Taint mode > Test::Harness will (mostly) honor -T or -t in the #! line on > your test files. So if you begin a test with: > > #!perl -T > > the test will be run with taint mode on. > However @INC will include any PERL5LIB paths, which is > different > than running your test file directly (in that case the -T or > -t > prevents PERL5LIB from being included in @INC, see perl -TV) > > > This is mostly copied from Test::Harness v2.56 which ships with > the Perl 5.8.8 distribution. > > > 2) prove ... adding somewhere in the pod notes section ... > > Taint mode > prove will run your tests in taint mode (mostly) either with > the -T or -t command line argument or if you have put -T or > -t > on the #! line in the test file. > However @INC will include any PERL5LIB paths, which is > different > than running your test file directly (in that case the -T or > -t > prevents PERL5LIB from being included in @INC, see perl -TV) > > > Regards, > Todd
Hi Todd, I've just committed a change that adds documentation about taint mode / PERL5LIB to prove and Test::Harness. That'll make it into the next release. I think really we need a single unified POD that covers details such as this. When I get a moment I'll get a start on that.


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.