在污点模式下运行perl CGI脚本时,我收到表单错误…
Insecure dependency in some_function while running with -T switch at (eval some_line) line some_other_line. Compilation Failed in require at my-script.cgi line 39. BEGIN Failed--compilation aborted at my-script.cgi line 39.
my-script.cgi第39行是perl模块的use语句,它本身不使用eval或some_function,但可能使用另一个库. some_line和some_other_line行号在my-script.cgi或my-script.cgi第39行中使用的库中似乎没有意义.
我已经尝试设置一个新的芯片信号处理程序,它应该打印一个堆栈跟踪,即
$SIG{ __DIE__ } = sub { require Carp; Carp::confess(@_); };
解决方法
Carp::Always适用于污点检查引发的异常.示例输出:
$perl -MCarp::Always -T blah.pl
Insecure dependency in sprintf while running with -T switch at blah.pl line 6
main::foo() called at blah.pl line 8
main::bar() called at blah.pl line 10