-istainted $scalar

A predicate to check if a scalar is tainted


$scalar - the scalar to check


True or false and this operator is only usable in a comparison context.


# makes user input safe for use within a regex pattern # we use inline because all function return values are considered # tainted if an arg is tainted. inline allows us to abstract our # operation on the argument and untaint the value. inline quote_regex { untaint($1); $1 = "\\Q $+ $1 $+ \\E"; } println("before: " . iff(-istainted @ARGV[0], "tainted!", "not tainted")); quote_regex(@ARGV[0]); println("after: " . iff(-istainted @ARGV[0], "tainted!", "not tainted")); println(@ARGV[0]);

$ java -Dsleep.taint=true -jar sleep.jar untaint.sl ".*?" before: tainted! after: not tainted \Q.*?\E

See Also