sipwise
/
system-tests
mirror of https://github.com/sipwise/system-tests.git
1
0
Fork 0
Code Issues Releases Wiki Activity

TT#50954 Disable perlcritic's InputOutput::ProhibitExplicitStdin policy

Browse Source 
This policy is giving bad advice. The <> operator is security unsafe, as
it interprets filenames as if passed to the two-form open function,
which means it can do code injection via crafted filenames.

While reading from <STDIN> directly might not always be correct, its
consequences are far milder than the damage inflicted by the diamond
operator.

Change-Id: I0fdf097be3b5e2a3a483f2e5d80f4fdb1f17911b
changes/31/26731/2
Guillem Jover 7 years ago committed by Richard Fuchs
parent 2f1c30c0aa
commit 23dedd4b0c
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File

3
t/tap-tests-docker/perlcriticrc
Unescape View File

@ -68,6 +68,9 @@ severity = 4
# XXX: Perhaps. Enable per project.
[-InputOutput::RequireBriefOpen]
# Wrong. This recommends using the unsafe <>/<ARGV> operator.
[-InputOutput::ProhibitExplicitStdin]
# Depends on existing APIs, might break too much code. Enable per project.
[-Modules::ProhibitAutomaticExportation]

Write Preview
Loading…
Cancel
Save