mirror of
https://github.com/postgres/postgres.git
synced 2025-08-30 06:01:21 +03:00
d2c1512ac4
In Catalog.pm, mark eval of a string instead of a block as allowed. Disallow perlcritic completely in Gen_dummy_probes.pl, as it's generated code. Protect a couple of lines in plperl code from perltidy, so that the annotation for perlcritic stays on the same line as the construct it would otherwise object to.
30 lines
1.0 KiB
Perl
30 lines
1.0 KiB
Perl
# src/pl/plperl/plc_trusted.pl
|
|
|
|
#<<< protect next line from perltidy so perlcritic annotation works
|
|
package PostgreSQL::InServer::safe; ## no critic (RequireFilenameMatchesPackage)
|
|
#>>>
|
|
|
|
# Load widely useful pragmas into plperl to make them available.
|
|
#
|
|
# SECURITY RISKS:
|
|
#
|
|
# Since these modules are free to compile unsafe opcodes they must
|
|
# be trusted to now allow any code containing unsafe opcodes to be abused.
|
|
# That's much harder than it sounds.
|
|
#
|
|
# Be aware that perl provides a wide variety of ways to subvert
|
|
# pre-compiled code. For some examples, see this presentation:
|
|
# http://www.slideshare.net/cdman83/barely-legal-xxx-perl-presentation
|
|
#
|
|
# If in ANY doubt about a module, or ANY of the modules down the chain of
|
|
# dependencies it loads, then DO NOT add it to this list.
|
|
#
|
|
# To check if any of these modules use "unsafe" opcodes you can compile
|
|
# plperl with the PLPERL_ENABLE_OPMASK_EARLY macro defined. See plperl.c
|
|
|
|
require strict;
|
|
require Carp;
|
|
require Carp::Heavy;
|
|
require warnings;
|
|
require feature if $] >= 5.010000;
|