Data-TOON
view release on metacpan or search on metacpan
t/05_security.t view on Meta::CPAN
# Test 9: Circular reference in encoding (DoS risk)
{
my $data = { a => 1 };
$data->{self} = $data; # Circular reference
my $encoder = Data::TOON::Encoder->new(max_depth => 10); # Low limit to catch circular ref
my $encoded = eval { $encoder->encode($data) };
like($@ // '', qr/circular|reference|depth/i, 'encode detects circular references or depth limit');
}
# Test 10: NaN and Infinity are strings, not numbers
{
my $toon_text = <<'TOON';
value1: NaN
value2: Infinity
TOON
my $data = Data::TOON->decode($toon_text);
is($data->{value1}, 'NaN', 'NaN decoded as string');
is($data->{value2}, 'Infinity', 'Infinity decoded as string');
}
# Test 11: Shell injection-like patterns (data escaping)
{
my $toon_text = 'cmd: "rm -rf /; echo pwned"';
my $data = Data::TOON->decode($toon_text);
is($data->{cmd}, "rm -rf /; echo pwned", 'dangerous string preserved literally');
}
( run in 0.523 second using v1.01-cache-2.11-cpan-39bf76dae61 )