Strange problem with regular expressions and tainted values

Discussion in 'Ruby' started by Hadmut Danisch, Oct 27, 2005.

  1. Hi,

    I have a ruby program which fetches some web pages, and for security
    reasons I have set $SAFE to 1 or 2. Since then I am hunting a strange
    problem with tainted values.

    Within the program, I have a (definitely untainted) variable url
    containing the URL to get. At a later point the interpreter complains
    about using a tainted variable which was derived with a regular
    expression. I have inserted some debugging code and it boils down to



    puts "UUU #{url} #{url.tainted?}"

    case url
    when /(.)/
    puts "AAA #{$1} #{$1.tainted?}"
    end


    which prints

    UUU http://www.ruby-lang.org false
    AAA h true



    But when I put this code snippet into a separate file

    #!/usr/bin/ruby

    $SAFE=2

    url="http://www.ruby-lang.org"
    puts "UUU #{url} #{url.tainted?}"

    case url
    when /(.)/
    puts "AAA #{$1} #{$1.tainted?}"
    end


    it prints

    UUU http://www.danisch.de false
    AAA h false


    Why would the regular expression give a tainted result in the first
    case, but not in the separate example, which appears to be the very same
    code? Any side effect?

    Hadmut
    Hadmut Danisch, Oct 27, 2005
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. John W. Long

    tainted symbols?

    John W. Long, Feb 20, 2004, in forum: Ruby
    Replies:
    6
    Views:
    285
    Carlos
    Feb 22, 2004
  2. rr_79

    Disabling tainted feature in Perl

    rr_79, Jan 3, 2007, in forum: Perl Misc
    Replies:
    1
    Views:
    105
    Brian McCauley
    Jan 3, 2007
  3. Azol
    Replies:
    23
    Views:
    585
  4. PerlFAQ Server
    Replies:
    0
    Views:
    129
    PerlFAQ Server
    Jan 14, 2011
  5. Noman Shapiro
    Replies:
    0
    Views:
    232
    Noman Shapiro
    Jul 17, 2013
Loading...

Share This Page