...
All three lines provide different contexts for their unsanitized data, so each line requires a different type of sanitization. Applying one sanitization method to the wrong line is likely to leave the data improperly sanitizied sanitized and subject to a potential injection attack.
...
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
IDS01-PL | Medium | Probable | Medium | P8 | L2 |
Bibliography
| [Birzneiks 1998] | Birznieks, Gunther, "CGI/Perl Taint Mode FAQ, Version 1.0," June 3, 1998 |
|---|---|
| [CPAN] | Bunce, Tim, DBI |
| [CPAN] | Stosberg, Mark, CGI |
| [Lester 2006] | Lester, Andy. , "Perl's taint mode to the rescue," O'Reilly OULamp.com, November 17, 2006 |
| [Schwartz 2000] | Schwartz, Randal L, "Taint checking made simple," Unix Review Column 33 (Aug 2000), Stonehenge, the Perl Review |
| [Stack 2010] | StackOverflow "Is Perl's taint mode useful?" Feb 9, 2010. |
| [Wall 2011] | perlsec |
...