diff options
author | Carlos Lima <carlos@multi> | 2012-12-07 01:08:23 +0800 |
---|---|---|
committer | Jesse Luehrs <doy@tozt.net> | 2013-01-03 21:33:06 -0600 |
commit | bcc7f413d40988759ea3ee73f9beb52b299cf1bb (patch) | |
tree | d564006d4f45e315224ada54dd8c4d0b13f53060 /t/bug-rt-78272.t | |
parent | f4e53d90c9bf2c9d26e8155b5f9221cdb8fcb9a7 (diff) | |
download | package-stash-bcc7f413d40988759ea3ee73f9beb52b299cf1bb.tar.gz package-stash-bcc7f413d40988759ea3ee73f9beb52b299cf1bb.zip |
Fixes bug RT-78272
https://rt.cpan.org/Public/Bug/Display.html?id=78272
Just copied UNIVERSAL::require's solution to the same problem.
I didn't just use it as to not add any non-test dependency.
Diffstat (limited to 't/bug-rt-78272.t')
-rw-r--r-- | t/bug-rt-78272.t | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/t/bug-rt-78272.t b/t/bug-rt-78272.t new file mode 100644 index 0000000..670782b --- /dev/null +++ b/t/bug-rt-78272.t @@ -0,0 +1,33 @@ +use strict; +use warnings; +use Test::More tests => 1; +use Test::Exception; + +subtest 'Bug RT-78272: Arbitrary code execution from $ENV' => sub { + + # https://rt.cpan.org/Public/Bug/Display.html?id=78272 + my $e = $ENV{PACKAGE_STASH_IMPLEMENTATION} = "PP; exit 1"; + throws_ok { + require Package::Stash; + } + qr/^Could not load Package::Stash::$e/, + 'Arbitrary code in $ENV throws exception'; + + throws_ok { + delete $INC{'Package/Stash.pm'}; + require Package::Stash; + } + qr/^Could not load Package::Stash::$e/, + 'Sanity check: forcing package reload throws the exception again'; + + lives_ok { + $ENV{PACKAGE_STASH_IMPLEMENTATION} = "PP"; + delete $INC{'Package/Stash.pm'}; + require Package::Stash; + new_ok( + 'Package::Stash' => ['Foo'], + 'Loaded and able to create instances' + ); + } + 'Valid $ENV value loads correctly'; +}; |