Skip Menu |
 

This queue is for tickets about the Test-Harness CPAN distribution.

Report information
The Basics
Id: 68562
Status: open
Priority: 0/
Queue: Test-Harness

People
Owner: Nobody in particular
Requestors: david [...] cantrell.org.uk
Cc:
AdminCc:

Bug Information
Severity: Critical
Broken in: 3.23
Fixed in: (no value)



Subject: Test::Harness doesn't like -T
Download (untitled) / with headers
text/plain 614b
I like to sometimes test stuff with Tainting turned on. Taking, as an example, Tie::Hash::Vivify, it passes all its tests thus: $ for i in t/*.t; do PERL5OPT=-T /path/to/bin/perl -Mblib $i;done but when I try to 'make test' with PERL5OPT=-T then Test::Harness dies horribly: $ PERL5OPT=-T make test PERL_DL_NONLAZY=1 /home/david/cpantesting/perl-5.14.0/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t Can't load TAP::Formatter::Console at /home/david/cpantesting/perl-5.14.0/lib/5.14.0/Test/Harness.pm line 256 make: *** [test_dynamic] Error 255
Subject: Re: [rt.cpan.org #68562] Test::Harness doesn't like -T
Date: Tue, 31 May 2011 15:11:57 -0700
To: bug-Test-Harness [...] rt.cpan.org
From: Michael G Schwern <schwern [...] pobox.com>
Download (untitled) / with headers
text/plain 1.6k
On 2011.5.31 2:58 AM, David Cantrell via RT wrote: Show quoted text
> I like to sometimes test stuff with Tainting turned on. Taking, as an > example, Tie::Hash::Vivify, it passes all its tests thus: > > $ for i in t/*.t; do PERL5OPT=-T /path/to/bin/perl -Mblib $i;done > > but when I try to 'make test' with PERL5OPT=-T then Test::Harness dies > horribly: > > $ PERL5OPT=-T make test > PERL_DL_NONLAZY=1 /home/david/cpantesting/perl-5.14.0/bin/perl > "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', > 'blib/arch')" t/*.t > Can't load TAP::Formatter::Console at > /home/david/cpantesting/perl-5.14.0/lib/5.14.0/Test/Harness.pm line 256 > make: *** [test_dynamic] Error 255
I don't think Test::Harness will pass along its tainting flag, so even if TH could run under taint mode the above approach wouldn't work. And MakeMaker would also have to run in taint mode... I'm kinda surprised it got that far. The normal way to turn on tainting in a test is to put the -T line in the #! line in the .t file. Otherwise if you want to run a one off, prove has a -T flag to turn on tainting in the tests. Finally, for full control, you can pass in the -T switch to TAP::Harness->new with the "switches" option. There also used to be HARNESS_PERL_SWITCHES to control the switches passed along, but that appears to have disappeared from the docs. Its still in the code... I don't know if that was deliberate. It sure was useful. That's what you'd set to cover 'make test'. Unless you really want Test::Harness itself to operate in taint mode, can we call this not-a-bug? -- Life is like a sewer - what you get out of it depends on what you put into it. - Tom Lehrer
Download (untitled) / with headers
text/plain 1.3k
On Tue May 31 18:12:15 2011, schwern@pobox.com wrote: Show quoted text
> And MakeMaker > would also have to run in taint mode... I'm kinda surprised it got > that far.
I didn't try that. But when I do ... $ ../perl-5.14.0/bin/perl -T Makefile.PL Checking if your kit is complete... Insecure dependency in chdir while running with -T switch at /home/david/cpantesting/perl-5.14.0/lib/5.14.0/File/Find.pm line 708. $ echo $? 255 and no Makefile is created. But I think this is reasonable. Blindly running a Makefile.PL like what almost everyone does is far more dangerous than the remote possibility that some Makefile.PL somewhere might do bad stuff if and only if some env var or whatever is polluted and so gets caught by -T! Show quoted text
> The normal way to turn on tainting in a test is to put the -T line in > the #! > line in the .t file. Otherwise if you want to run a one off, prove > has a -T > flag to turn on tainting in the tests... > There also used to be HARNESS_PERL_SWITCHES to control the switches > passed > along, but that appears to have disappeared from the docs. Its still > in the > code... I don't know if that was deliberate. It sure was useful. > That's what > you'd set to cover 'make test'. > > Unless you really want Test::Harness itself to operate in taint mode, > can we > call this not-a-bug?
I think I agree.
Subject: Re: [rt.cpan.org #68562] Test::Harness doesn't like -T
Date: Wed, 01 Jun 2011 12:59:34 -0700
To: bug-Test-Harness [...] rt.cpan.org
From: Michael G Schwern <schwern [...] pobox.com>
Download (untitled) / with headers
text/plain 769b
On 2011.6.1 6:01 AM, David Cantrell via RT wrote: Show quoted text
>> And MakeMaker >> would also have to run in taint mode... I'm kinda surprised it got >> that far.
> > I didn't try that. But when I do ... > > $ ../perl-5.14.0/bin/perl -T Makefile.PL > Checking if your kit is complete... > Insecure dependency in chdir while running with -T switch at > /home/david/cpantesting/perl-5.14.0/lib/5.14.0/File/Find.pm line 708. > $ echo $? > 255
I was referring to that running "PERL5OPT=-T make test" is running bits of MakeMaker in taint mode. -- 101. I am not allowed to mount a bayonet on a crew-served weapon. -- The 213 Things Skippy Is No Longer Allowed To Do In The U.S. Army http://skippyslist.com/list/


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.