On Feb 6, 3:01 am, Ben Finney <[EMAIL PROTECTED]>
wrote:
> "Gabriel Genellina" <[EMAIL PROTECTED]> writes:
> > And tainted() returns False by default?
> > Sorry but in general, this won't work :(
>
> I'm inclined to agree that the default should be to flag an object as
> tainted unless known ot
"Gabriel Genellina" <[EMAIL PROTECTED]> writes:
> I'm not convinced at all of the usefulness of tainting.
> How do you "untaint" a string? By checking some conditions?
In perl? I don't think you can untaint a string, but you can make a
new untainted string by extracting a regexp match from the ta
En Mon, 05 Feb 2007 23:01:51 -0300, Ben Finney
<[EMAIL PROTECTED]> escribió:
> "Gabriel Genellina" <[EMAIL PROTECTED]> writes:
>
>> I suppose you don't intend to publish the SafeString class - but if
>> anyone can get a SafeString instance in any way or another, he can
>> convert *anything* into
"Gabriel Genellina" <[EMAIL PROTECTED]> writes:
> I suppose you don't intend to publish the SafeString class - but if
> anyone can get a SafeString instance in any way or another, he can
> convert *anything* into a SafeString trivially.
The point (in Perl) of detecting taint isn't to prevent a pr
En Mon, 05 Feb 2007 19:13:04 -0300, Johann C. Rocholl
<[EMAIL PROTECTED]> escribió:
> The following is my first attempt at adding a taint feature to Python
> to prevent os.system() from being called with untrusted input. What do
> you think of it?
A simple reload(os) will drop all your wrapped
