How do I create an event handler in my Perl code to intercept all File/Directory/system-based calls, so that I can untaint input in a just-in-time fashion.
I have lots of IO access in my script, and I find adding manual code for untainting cumbersome.
Can this be done without need to install a third-party CPAN module?
You could try taking an aspect-oriented approach but it does require installing a CPAN module, Aspect.
To capture calls to a particular method / function, you define a pointcut (taken from the Aspect POD):
$pointcut = call qr/^Person::[gs]et_/; # defines a collection of events
Then define the code to take before the call:
$before = before {
print "g/set will soon be called";
} $pointcut;
Although I'm not sure if the Aspect module allows you to trap calls to the CORE::* namespace.