A predicate to check if a scalar is tainted
$scalar - the scalar to check
True or false and this operator is only usable in a comparison context.
# makes user input safe for use within a regex pattern # we use inline because all function return values are considered # tainted if an arg is tainted. inline allows us to abstract our # operation on the argument and untaint the value. inline quote_regex { untaint($1); $1 = "\\Q $+ $1 $+ \\E"; } println("before: " . iff(-istainted @ARGV[0], "tainted!", "not tainted")); quote_regex(@ARGV[0]); println("after: " . iff(-istainted @ARGV[0], "tainted!", "not tainted")); println(@ARGV[0]);
$ java -Dsleep.taint=true -jar sleep.jar untaint.sl ".*?" before: tainted! after: not tainted \Q.*?\E