App-Project-Doctor

 view release on metacpan or  search on metacpan

t/edge_cases.t  view on Meta::CPAN

};

subtest 'Context::slurp -- missing file croaks with documented error' => sub {
	throws_ok { _ctx()->slurp('no_such_file.pm') }
		qr/File not found/,
		'slurp of absent file croaks "File not found"';
};

# abs_path must reject paths with ".." components to prevent
# reading/checking files outside the distribution root.
subtest 'Context -- path traversal via abs_path is blocked' => sub {
	my $ctx = _ctx();
	throws_ok { $ctx->abs_path('../outside.txt') }
		qr/path traversal/i,
		'abs_path with leading ".." rejected';
	throws_ok { $ctx->abs_path('lib/../../outside.txt') }
		qr/path traversal/i,
		'abs_path with embedded ".." rejected';
};

subtest 'Context -- path traversal via has_file is blocked' => sub {
	my $ctx = _ctx();
	throws_ok { $ctx->has_file('../sibling') }
		qr/path traversal/i,
		'has_file with ".." component rejected';
};

subtest 'Context -- path traversal via slurp is blocked' => sub {
	my $ctx = _ctx();
	throws_ok { $ctx->slurp('../secret.txt') }
		qr/path traversal/i,
		'slurp with ".." component rejected';
};

subtest 'Context::perl_files -- non-existent dirs skipped silently' => sub {
	# An empty root with no lib/ or t/ must return an empty arrayref, not die.
	my $dir = tempdir(CLEANUP => 1);
	my $ctx = $Context->new(root => $dir);

t/edge_cases.t  view on Meta::CPAN

# ===========================================================================

subtest 'Doctor::run -- no root marker found croaks' => sub {
	# A directory without Makefile.PL / Build.PL / dist.ini / cpanfile.
	my $dir = tempdir(CLEANUP => 1);
	throws_ok { $Doctor->new(path => $dir)->run }
		qr/Cannot detect a distribution root/,
		'run croaks when no root marker is present';
};

subtest 'Doctor -- check name injection blocked before eval' => sub {
	# Before the fix: eval "require App::Project::Doctor::Check::Tests;
	# ++$main::INJECT_SENTINEL; 1" would execute the increment.
	# After the fix: names not matching /\A[A-Za-z][A-Za-z0-9]*\z/ are
	# rejected with a carp and skipped before the eval runs.
	local $INJECT_SENTINEL = 0;

	my $dir = _distro('Makefile.PL' => '');
	my $doctor = $Doctor->new(
		path   => $dir,
		checks => ['Tests; ++$main::INJECT_SENTINEL; 1'],



( run in 0.901 second using v1.01-cache-2.11-cpan-bbe5e583499 )