On Thu, Jun 8, 2017 at 7:05 AM, sebb <seb...@gmail.com> wrote: > On 8 June 2017 at 11:49, John D. Ament <john.d.am...@gmail.com> wrote: >> The whole path seems a bit weird to me. I'm not 100% sure why it even >> detects it as a possibly tainted value since the podling's information >> should have been read externally rather than from the request. > > If it cannot be insecure, then just unconditionally taint. > For example, __FILE__ should be safe to untaint without needing to check.
Agree with Sebb's advice, but content read externally should be untrusted and verified clean before untainting. In this case, this is content from a podlings.xml file, which any committer could put something there. That being said, I'm not sure it is worth it to invest in a custom error when the content doesn't match, the security error raised should be sufficient. - Sam Ruby
