Perl 通常 Taint 是什么意思

Question

我读了很多关于 Taint在 Perl 变量、模式等中，例如来自 docs :

$AUTOLOAD can now be tainted

If you call a subroutine by a tainted name, and if it defers to an AUTOLOAD function, then $AUTOLOAD will be (correctly) tainted.

虽然谷歌对 taint 这个词的定义是:

Definitions of taint

verb

1. contaminate or pollute (something).
   "the air was tainted by fumes from the cars"
   synonyms: contaminate, pollute, adulterate, infect, blight, spoil, soil, ruin, destroy, befoul

noun

1. a trace of a bad or undesirable quality or substance.
   "the taint of corruption that adhered to the regime"
   synonyms: trace, touch, suggestion, hint, tinge, stain, blot, blemish, stigma, black mark, discredit, dishonor, disgrace, shame

那么 Taint 是什么意思？在 Perl 中一般是什么意思？

Answer 1

简而言之:任何来自外部并因此不受程序控制的数据都会被标记为被污染。 system 或 exec 等敏感操作拒绝处理这些受污染的数据，即您需要通过验证其内容来清除数据。正确使用可以防止命令注入(inject)和类似问题。