view release on metacpan or  search on metacpan

lib/Acme/SafetyGoggles.pm  view on Meta::CPAN

	      ^\d+(?:,\d+)?d0\s*\n
	      (?:<.*\n)*
	      <\s*use\s+\S+.*\n
	    }{}x;

  if ($diff) {
    print DIAG "A::SG::asg: source code is unsafe\n";
    $state = "unsafe";
    carp "File $file has been source filtered!\n", $diff, "===\n";
  } else {
    print DIAG "A::SG::asg: source code is safe\n";
    $state = "safe";
  }
};

=head1 NAME

Acme::SafetyGoggles - Protects programmer's eyes from source filtering

=head1 VERSION

Version 0.06

=cut

=head1 SYNOPSIS

    $ perl -MAcme::SafetyGoggles possibly_dangerous_script.pl

=head1 DESCRIPTION

Is some module you imported using source filtering? If the
answer is yes, or if the answer is "I don't know", then
you can't trust the code in front of your own eyes! 

That's why you should always use patent-pending 
C<Acme::SafetyGoggles> in your untrusted Perl code. 
C<Acme::SafetyGoggles> compares your original source file
with the code that is actually going to be run, and
alerts you to any differences. 

=head1 SUBROUTINES/METHODS

=head2 state

=head2 Acme::SafetyGoggles->state

Returns this module's assessment of whether the source code
of the current program has been modified. Return value is
either C<"safe"> or C<"unsafe">.

=head2 diff

=head2 Acme::SafetyGoggles->diff

If source code modification has been detected, returns the
result of the C<Text::Diff::diff> call between the pure and
the modified source. This output will remind you of the
output of the Unix C<diff> command.

=head1 BUGS AND LIMITATIONS

C<Acme::SafetyGoggles> can only (maybe) protect you from
source filtering. It is not designed or warranted to 
protect you from improper use of any other potentially
dangerous or evil Perl construction.

C<Acme::SafetyGoggles> does not operate on code specified by
perl's C<-e> command line option.

C<Acme::SafetyGoggles> may yield a false positive if the input
turns source code filtering on and off with calls to
C<use XXX::SourceFilter> ... C<no XXX::SourceFilter>, or
in other files where the source filter has a limited scope.

    trustable_code();
    use The::Source::Filter;
    some_code_you_cant_trust();
    no The::Source::Filter;
    more_trustable_code();


    trustable_code();
    {
        use The::Source::Filter;
        some_code_you_cant_trust();
    }
    more_trustable_code();

=cut

# How would we handle this case?  Match a section of $original beginning
# after a  "use Some::Filter;"  statement and before a  "no Some::Filter;"
# statement?

=pod

This module really only works on source filters that already use
the L<Filter::Simple> mechanism. Even then, there are probably
still a lot of ways to source filter the code so that it won't be
detected by this module. 

=cut

# If we could intercept the source code in the Filter::Util::Call,
# package, we could detect even more source code manipulation.  
# Filter::Util::Call has some XS, though. So is this possible? Feasible?

=pod

Please report any other bugs or feature requests to 
C<bug-acme-safetygoggles at rt.cpan.org>, or through the web interface 
at L<http://rt.cpan.org/NoAuth/ReportBug.html?Queue=Acme-SafetyGoggles>.  
I will be notified, and then you'll automatically be given a commit bit
for this distribution on PAUSE. Um, I mean that you'll
automatically be notified of progress on your bug as I make changes.

=head1 AUTHOR

Marty O'Brien, C<< <mob at cpan.org> >>