From: Frédéric Buclin <LpSolit@gmail.com>
Date: Mon, 6 Oct 2014 14:35:25 +0000 (+0000)
Subject: Bug 1074980: Forbid the { foo => $cgi->param() } syntax to prevent data override
X-Git-Tag: bugzilla-4.4.6~3
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=63640672ad5fd22be896995ffe7faf72c42734dc;p=thirdparty%2Fbugzilla.git

Bug 1074980: Forbid the { foo => $cgi->param() } syntax to prevent data override
r=dkl,a=sgreen
---

diff --git a/t/002goodperl.t b/t/002goodperl.t
index e691b39ddf..2cbee8ef58 100644
--- a/t/002goodperl.t
+++ b/t/002goodperl.t
@@ -16,7 +16,7 @@ use lib 't';
 
 use Support::Files;
 
-use Test::More tests => (scalar(@Support::Files::testitems) * 3);
+use Test::More tests => (scalar(@Support::Files::testitems) * 4);
 
 my @testitems = @Support::Files::testitems; # get the files to test.
 
@@ -110,4 +110,35 @@ foreach my $file (@testitems) {
     
     close(FILE);
 }
+
+# Forbird the { foo => $cgi->param() } syntax, for security reasons.
+foreach my $file (@testitems) {
+    $file =~ s/\s.*$//; # nuke everything after the first space (#comment)
+    next unless $file; # skip null entries
+    if (!open(FILE, $file)) {
+        ok(0, "could not open $file --WARNING");
+        next;
+    }
+    my $lineno = 0;
+    my @unsafe_args;
+
+    while (my $file_line = <FILE>) {
+        $lineno++;
+        $file_line =~ s/^\s*(.+)\s*$/$1/; # Remove leading and trailing whitespaces.
+        if ($file_line =~ /^[^#]+=> \$cgi\->param/) {
+            push(@unsafe_args, "$file_line on line $lineno");
+        }
+    }
+
+    if (@unsafe_args) {
+        ok(0, "$file incorrectly passes a CGI argument to a hash --ERROR\n" .
+              join("\n", @unsafe_args));
+    }
+    else {
+        ok(1, "$file has no vulnerable hash syntax");
+    }
+
+    close(FILE);
+}
+
 exit 0;