From 6c0e0d5efaa90dd22468127d6e7d5bf87bdff6c1 Mon Sep 17 00:00:00 2001 From: Galen Charlton Date: Mon, 24 Sep 2018 13:56:09 -0400 Subject: [PATCH] LP#1789442: turn of Perl taint-checking on 14-OpenILS-Utils.t This works around a bug in DateTime::TimeZone 1.63 that causes one of the new tests to spuriously fail on Ubuntu 14.04 LTS. As the comment indicates, taint checking is not typically enabled when running Evergreen, but we may want to consider changing that should tuits arise. Signed-off-by: Galen Charlton Signed-off-by: Kathy Lussier --- Open-ILS/src/perlmods/t/14-OpenILS-Utils.t | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/Open-ILS/src/perlmods/t/14-OpenILS-Utils.t b/Open-ILS/src/perlmods/t/14-OpenILS-Utils.t index a341f3e815..636d2ab93c 100644 --- a/Open-ILS/src/perlmods/t/14-OpenILS-Utils.t +++ b/Open-ILS/src/perlmods/t/14-OpenILS-Utils.t @@ -1,4 +1,18 @@ -#!perl -T +#!perl + +# FIXME: unlike the rest of the test cases here, we're /not/ enabling +# taint checks. The version of DateTime::TimeZone that ships with +# Ubuntu 14.04 LTS (Trusty) has a bug where attempting to get the +# local time zone can fail (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737265). +# +# It's arguable whether taint checking should be enabled at all in +# the test suite. On the one hand, it is recommended practice for +# all code that accepts external input; on the other hand, a typical +# Evergreen installation doesn't run anything setuid/setgid that +# would automatically trigger taint-checking. Ideally we would +# eat our Wheaties, but we may be looking at consuming an entire +# truckload to verify that everything would continue to work if +# we turn it on across the board. use Test::More tests => 43; use Test::Warn; -- 2.43.2