1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
|
package re;
$VERSION = 0.02;
=head1 NAME
re - Perl pragma to alter regular expression behaviour
=head1 SYNOPSIS
use re 'taint';
($x) = ($^X =~ /^(.*)$/s); # $x is tainted here
$pat = '(?{ $foo = 1 })';
use re 'eval';
/foo${pat}bar/; # won't fail (when not under -T switch)
{
no re 'taint'; # the default
($x) = ($^X =~ /^(.*)$/s); # $x is not tainted here
no re 'eval'; # the default
/foo${pat}bar/; # disallowed (with or without -T switch)
}
use re 'debug'; # NOT lexically scoped (as others are)
/^(.*)$/s; # output debugging info during
# compile and run time
(We use $^X in these examples because it's tainted by default.)
=head1 DESCRIPTION
When C<use re 'taint'> is in effect, and a tainted string is the target
of a regex, the regex memories (or values returned by the m// operator
in list context) are tainted. This feature is useful when regex operations
on tainted data aren't meant to extract safe substrings, but to perform
other transformations.
When C<use re 'eval'> is in effect, a regex is allowed to contain
C<(?{ ... })> zero-width assertions even if regular expression contains
variable interpolation. That is normally disallowed, since it is a
potential security risk. Note that this pragma is ignored when the regular
expression is obtained from tainted data, i.e. evaluation is always
disallowed with tainted regular expresssions. See L<perlre/(?{ code })>.
For the purpose of this pragma, interpolation of precompiled regular
expressions (i.e., the result of C<qr//>) is I<not> considered variable
interpolation. Thus:
/foo${pat}bar/
I<is> allowed if $pat is a precompiled regular expression, even
if $pat contains C<(?{ ... })> assertions.
When C<use re 'debug'> is in effect, perl emits debugging messages when
compiling and using regular expressions. The output is the same as that
obtained by running a C<-DDEBUGGING>-enabled perl interpreter with the
B<-Dr> switch. It may be quite voluminous depending on the complexity
of the match.
See L<perldebug/"Debugging regular expressions"> for additional info.
The directive C<use re 'debug'> is I<not lexically scoped>, as the
other directives are. It has both compile-time and run-time effects.
See L<perlmodlib/Pragmatic Modules>.
=cut
my %bitmask = (
taint => 0x00100000,
eval => 0x00200000,
);
sub bits {
my $on = shift;
my $bits = 0;
unless(@_) {
require Carp;
Carp::carp("Useless use of \"re\" pragma");
}
foreach my $s (@_){
if ($s eq 'debug') {
require DynaLoader;
@ISA = ('DynaLoader');
bootstrap re;
install() if $on;
uninstall() unless $on;
next;
}
$bits |= $bitmask{$s} || 0;
}
$bits;
}
sub import {
shift;
$^H |= bits(1,@_);
}
sub unimport {
shift;
$^H &= ~ bits(0,@_);
}
1;
|
