line |
stmt |
bran |
cond |
sub |
pod |
time |
code |
1
|
|
|
|
|
|
|
package Perl::Critic::Policy::HTTPCookies; |
2
|
|
|
|
|
|
|
$Perl::Critic::Policy::HTTPCookies::VERSION = '0.52'; |
3
|
2
|
|
|
2
|
|
293743
|
use strict; |
|
2
|
|
|
|
|
6
|
|
|
2
|
|
|
|
|
95
|
|
4
|
2
|
|
|
2
|
|
15
|
use warnings; |
|
2
|
|
|
|
|
4
|
|
|
2
|
|
|
|
|
103
|
|
5
|
|
|
|
|
|
|
|
6
|
2
|
|
|
2
|
|
777
|
use parent 'Perl::Critic::Policy'; |
|
2
|
|
|
|
|
454
|
|
|
2
|
|
|
|
|
17
|
|
7
|
|
|
|
|
|
|
|
8
|
2
|
|
|
2
|
|
277071
|
use Perl::Critic::Utils qw( :classification :severities ); |
|
2
|
|
|
|
|
6
|
|
|
2
|
|
|
|
|
151
|
|
9
|
2
|
|
|
2
|
|
700
|
use Readonly (); |
|
2
|
|
|
|
|
4
|
|
|
2
|
|
|
|
|
39
|
|
10
|
2
|
|
|
2
|
|
9
|
use Scalar::Util 'blessed'; |
|
2
|
|
|
|
|
3
|
|
|
2
|
|
|
|
|
1080
|
|
11
|
|
|
|
|
|
|
|
12
|
|
|
|
|
|
|
Readonly::Scalar my $DESC => 'Use of HTTP::Cookies'; |
13
|
|
|
|
|
|
|
Readonly::Scalar my $EXPL => 'HTTP::Cookies does not respect Public Suffix'; |
14
|
|
|
|
|
|
|
|
15
|
|
|
|
24
|
0
|
|
sub supported_parameters {} |
16
|
13
|
|
|
13
|
1
|
173
|
sub default_severity { $SEVERITY_MEDIUM } |
17
|
0
|
|
|
0
|
1
|
0
|
sub default_themes { qw( http lwp ) } |
18
|
|
|
|
|
|
|
# TODO: Review "applies_to" |
19
|
24
|
|
|
24
|
1
|
123160
|
sub applies_to { 'PPI::Token::Word' } |
20
|
|
|
|
|
|
|
|
21
|
|
|
|
|
|
|
sub violates { |
22
|
73
|
|
|
73
|
1
|
4119
|
my ($self, $elem) = @_; |
23
|
|
|
|
|
|
|
|
24
|
|
|
|
|
|
|
# HTTP::Cookies->new |
25
|
73
|
100
|
|
|
|
156
|
if ( _is_constructor($elem, 'HTTP::Cookies') ) { |
|
|
100
|
|
|
|
|
|
26
|
3
|
|
|
|
|
417
|
return $self->violation( $DESC, $EXPL, $elem ); |
27
|
|
|
|
|
|
|
} |
28
|
|
|
|
|
|
|
|
29
|
|
|
|
|
|
|
# LWP::UserAgent->new with default cookie jar |
30
|
|
|
|
|
|
|
elsif ( _is_constructor($elem, 'LWP::UserAgent') ) { |
31
|
19
|
|
|
|
|
2976
|
my $args_elem = $elem->snext_sibling->snext_sibling->snext_sibling; |
32
|
19
|
100
|
100
|
|
|
831
|
if ( blessed $args_elem && $args_elem->isa('PPI::Structure::List') ) { |
33
|
16
|
|
|
|
|
208
|
foreach my $expression ($args_elem->schildren) { |
34
|
|
|
|
|
|
|
# $expression isa PPI::Statement::Expression |
35
|
16
|
|
|
|
|
219
|
foreach my $token ($expression->schildren) { |
36
|
|
|
|
|
|
|
# TODO: Check the token's type, not just its content |
37
|
44
|
100
|
|
|
|
317
|
if ($token =~ /cookie_jar/) { |
38
|
16
|
|
|
|
|
147
|
my $possible_operator = $token->snext_sibling; |
39
|
16
|
50
|
66
|
|
|
421
|
if ( |
|
|
|
66
|
|
|
|
|
40
|
|
|
|
|
|
|
blessed $possible_operator |
41
|
|
|
|
|
|
|
&& $possible_operator->isa('PPI::Token::Operator') |
42
|
|
|
|
|
|
|
&& $possible_operator =~ /^(?:=>|,)$/ |
43
|
|
|
|
|
|
|
) { |
44
|
15
|
|
|
|
|
169
|
my $possible_hashref = $possible_operator->snext_sibling; |
45
|
15
|
100
|
66
|
|
|
401
|
if ( |
|
|
|
66
|
|
|
|
|
46
|
|
|
|
|
|
|
blessed $possible_hashref |
47
|
|
|
|
|
|
|
&& $possible_hashref->isa('PPI::Structure') |
48
|
|
|
|
|
|
|
&& $possible_hashref->braces eq '{}' |
49
|
|
|
|
|
|
|
) { |
50
|
10
|
|
|
|
|
219
|
return $self->violation( $DESC, $EXPL, $elem ); |
51
|
|
|
|
|
|
|
} |
52
|
|
|
|
|
|
|
} |
53
|
|
|
|
|
|
|
} |
54
|
|
|
|
|
|
|
} |
55
|
|
|
|
|
|
|
} |
56
|
|
|
|
|
|
|
} |
57
|
|
|
|
|
|
|
} |
58
|
|
|
|
|
|
|
|
59
|
60
|
|
|
|
|
704
|
return; |
60
|
|
|
|
|
|
|
} |
61
|
|
|
|
|
|
|
|
62
|
|
|
|
|
|
|
sub _is_constructor { |
63
|
143
|
|
|
143
|
|
1439
|
my ($elem, $class_name) = @_; |
64
|
|
|
|
|
|
|
return ( |
65
|
143
|
|
66
|
|
|
303
|
$elem eq $class_name |
66
|
|
|
|
|
|
|
&& is_class_name($elem) |
67
|
|
|
|
|
|
|
&& $elem->snext_sibling eq '->' |
68
|
|
|
|
|
|
|
&& $elem->snext_sibling->snext_sibling eq 'new' |
69
|
|
|
|
|
|
|
); |
70
|
|
|
|
|
|
|
} |
71
|
|
|
|
|
|
|
|
72
|
|
|
|
|
|
|
1; |
73
|
|
|
|
|
|
|
__END__ |
74
|
|
|
|
|
|
|
|
75
|
|
|
|
|
|
|
=head1 NAME |
76
|
|
|
|
|
|
|
|
77
|
|
|
|
|
|
|
Perl::Critic::Policy::HTTPCookies - Avoid using HTTP::Cookies |
78
|
|
|
|
|
|
|
|
79
|
|
|
|
|
|
|
=head1 VERSION |
80
|
|
|
|
|
|
|
|
81
|
|
|
|
|
|
|
version 0.52 |
82
|
|
|
|
|
|
|
|
83
|
|
|
|
|
|
|
=head1 DESCRIPTION |
84
|
|
|
|
|
|
|
|
85
|
|
|
|
|
|
|
This module provides L<< Perl::Critic >> policies to detect the use of |
86
|
|
|
|
|
|
|
L<< HTTP::Cookies >>. |
87
|
|
|
|
|
|
|
|
88
|
|
|
|
|
|
|
HTTP::Cookies takes a very lenient approach to setting cookies that does |
89
|
|
|
|
|
|
|
not work well with today's Internet: |
90
|
|
|
|
|
|
|
L<< https://github.com/libwww-perl/http-cookies/pull/7 >> |
91
|
|
|
|
|
|
|
|
92
|
|
|
|
|
|
|
Consider using L<< HTTP::CookieJar >> or L<< HTTP::CookieJar::LWP >> |
93
|
|
|
|
|
|
|
instead. |
94
|
|
|
|
|
|
|
|
95
|
|
|
|
|
|
|
=head1 BUG REPORTS |
96
|
|
|
|
|
|
|
|
97
|
|
|
|
|
|
|
Please submit bug reports to L<< |
98
|
|
|
|
|
|
|
https://rt.cpan.org/Public/Dist/Display.html?Name=Perl-Critic-Policy-HTTPCookies |
99
|
|
|
|
|
|
|
>>. |
100
|
|
|
|
|
|
|
|
101
|
|
|
|
|
|
|
If you would like to send patches, please send a git pull request to L<< |
102
|
|
|
|
|
|
|
mailto:bug-Perl-Critic-Policy-HTTPCookies@rt.cpan.org >>. |
103
|
|
|
|
|
|
|
|
104
|
|
|
|
|
|
|
=head1 AUTHOR |
105
|
|
|
|
|
|
|
|
106
|
|
|
|
|
|
|
Tom Hukins |