[Bug 42921] New: Add Perl::Critic as a dependency
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42921 Bug ID: 42921 Summary: Add Perl::Critic as a dependency Initiative type: --- Sponsorship --- status: Product: Koha Version: Main Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 - low Component: Architecture, internals, and plumbing Assignee: koha-bugs@lists.koha-community.org Reporter: dcook@prosentient.com.au QA Contact: testopia@bugs.koha-community.org Target Milestone: --- Currently, libperl-critic-perl (ie Perl::Critic) is a dev dependency for Koha which is installed in koha-testing-docker by the "install-packages" Perl script drawing on "package-config.yaml". However, I think that we should add it as a core dependency of Koha, because I would like to start using Perl::Critic for analyzing Koha Plugins and potentially other inputs into Koha. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42921 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |dependency -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42921 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |Needs Signoff -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42921 --- Comment #1 from David Cook <dcook@prosentient.com.au> --- Created attachment 201032 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=201032&action=edit Bug 42921: Add dependency to cpanfile and debian/control Patch from commit fe124f1 -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42921 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|koha-bugs@lists.koha-commun |dcook@prosentient.com.au |ity.org | -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42921 Jonathan Druart <jonathan.druart@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jonathan.druart@gmail.com --- Comment #2 from Jonathan Druart <jonathan.druart@gmail.com> --- Can you explain the use case a bit more please? -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42921 Jonathan Druart <jonathan.druart@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mtj@kohaaloha.com -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42921 --- Comment #3 from David Cook <dcook@prosentient.com.au> --- (In reply to Jonathan Druart from comment #2)
Can you explain the use case a bit more please?
Yeah, sure. For bug 34347 I was thinking about using Perl::Critic with a custom policy to analyze Koha Plugins prior to or during install for instance. For bug 30233 I have used it for inspecting user input. Overall, I'd say the utility is for security purposes. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42921 --- Comment #4 from Jonathan Druart <jonathan.druart@gmail.com> --- I feel like it might give a wrong sentiment of "security" because Koha will "check" the quality of the plugin and allow its installations. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42921 --- Comment #5 from David Cook <dcook@prosentient.com.au> --- (In reply to Jonathan Druart from comment #4)
I feel like it might give a wrong sentiment of "security" because Koha will "check" the quality of the plugin and allow its installations.
We already have unrestricted file upload: bug 34347. https://cheatsheetseries.owasp.org/cheatsheets/File_Upload_Cheat_Sheet.html Personally, I disable web upload of plugins on Koha instances that I manage, so it's not an issue for my paid clients, but I'd like to improve things for the rest of the Koha community. Using Perl::Critic is going to be a lot better than a regex trying to search for powerful/dangerous commands in the Perl. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42921 Martin Renvoize (ashimema) <martin.renvoize@openfifth.co.uk> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |34347 CC| |martin.renvoize@openfifth.c | |o.uk -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42921 Martin Renvoize (ashimema) <martin.renvoize@openfifth.co.uk> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |30233 -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42921 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks|30233 | -- You are receiving this mail because: You are watching all bug changes.
participants (1)
-
bugzilla-daemon@bugs.koha-community.org