Security: disable the perl checker by default.
This commit is contained in:
parent
e677e0655e
commit
c18065ea52
@ -123,20 +123,18 @@ error output for a syntax checker may have changed. In this case, make sure you
|
|||||||
have the latest version of the syntax checker installed. If it still fails then
|
have the latest version of the syntax checker installed. If it still fails then
|
||||||
create an issue - or better yet, create a pull request.
|
create an issue - or better yet, create a pull request.
|
||||||
|
|
||||||
__Q. Recently some of my syntax checker options have stopped working...__
|
__Q. The `perl` checker has stopped working...__
|
||||||
|
|
||||||
A. The options are still there, they have just been renamed. Recently,
|
A. The `perl` checker runs `perl -c` against your file, which in turn
|
||||||
almost all syntax checkers were refactored to use the new `makeprgBuild()`
|
__executes__ any `BEGIN`, `UNITCHECK`, and `CHECK` blocks, and any `use`
|
||||||
function. This made a lot of the old explicit options redundant - as they are
|
statements in your file (cf. [perlrun][10]). This is probably fine if you
|
||||||
now implied. The new implied options usually have slightly different names to
|
wrote the file yourself, but it's a security hazard if you're checking third
|
||||||
the old options.
|
party files. Since there is currently no way to disable this behaviour while
|
||||||
|
still producing useful results, the checker is now disabled by default. To
|
||||||
e.g. Previously there was `g:syntastic_phpcs_conf`, now you must use
|
(re-)enable it, set `g:syntastic_enable_perl_checker` to 1 in your vimrc:
|
||||||
`g:syntastic_php_phpcs_args`. This completely overrides the arguments of
|
```vim
|
||||||
the checker, including any defaults, so you may need to look up the default
|
let g:syntastic_enable_perl_checker = 1
|
||||||
arguments of the checker and add these in.
|
```
|
||||||
|
|
||||||
See `:help syntastic-checker-options` for more information.
|
|
||||||
|
|
||||||
__Q. I run a checker and the location list is not updated...__
|
__Q. I run a checker and the location list is not updated...__
|
||||||
|
|
||||||
@ -245,3 +243,4 @@ a look at [jedi-vim][7], [python-mode][8], or [YouCompleteMe][9].
|
|||||||
[7]: https://github.com/davidhalter/jedi-vim
|
[7]: https://github.com/davidhalter/jedi-vim
|
||||||
[8]: https://github.com/klen/python-mode
|
[8]: https://github.com/klen/python-mode
|
||||||
[9]: https://github.com/Valloric/YouCompleteMe
|
[9]: https://github.com/Valloric/YouCompleteMe
|
||||||
|
[10]: http://perldoc.perl.org/perlrun.html#*-c*
|
||||||
|
@ -54,7 +54,7 @@ let s:defaultCheckers = {
|
|||||||
\ 'objc': ['gcc'],
|
\ 'objc': ['gcc'],
|
||||||
\ 'objcpp': ['gcc'],
|
\ 'objcpp': ['gcc'],
|
||||||
\ 'ocaml': ['camlp4o'],
|
\ 'ocaml': ['camlp4o'],
|
||||||
\ 'perl': ['perl', 'perlcritic'],
|
\ 'perl': ['perlcritic'],
|
||||||
\ 'php': ['php', 'phpcs', 'phpmd'],
|
\ 'php': ['php', 'phpcs', 'phpmd'],
|
||||||
\ 'po': ['msgfmt'],
|
\ 'po': ['msgfmt'],
|
||||||
\ 'pod': ['podchecker'],
|
\ 'pod': ['podchecker'],
|
||||||
|
@ -11,6 +11,22 @@
|
|||||||
"
|
"
|
||||||
"============================================================================
|
"============================================================================
|
||||||
"
|
"
|
||||||
|
" Security:
|
||||||
|
"
|
||||||
|
" This checker runs 'perl -c' against your file, which in turn executes
|
||||||
|
" any BEGIN, UNITCHECK, and CHECK blocks, and any use statements in
|
||||||
|
" your file. This is probably fine if you wrote the file yourself,
|
||||||
|
" but it can be a problem if you're trying to check third party files.
|
||||||
|
" If you are 100% willing to let Vim run the code in your file, set
|
||||||
|
" g:syntastic_enable_perl_checker to 1 in your vimrc to enable this
|
||||||
|
" checker:
|
||||||
|
"
|
||||||
|
" let g:syntastic_enable_perl_checker = 1
|
||||||
|
"
|
||||||
|
" References:
|
||||||
|
"
|
||||||
|
" - http://perldoc.perl.org/perlrun.html#*-c*
|
||||||
|
"
|
||||||
" Checker options:
|
" Checker options:
|
||||||
"
|
"
|
||||||
" - g:syntastic_perl_interpreter (string; default: 'perl')
|
" - g:syntastic_perl_interpreter (string; default: 'perl')
|
||||||
@ -26,10 +42,6 @@ if exists('g:loaded_syntastic_perl_perl_checker')
|
|||||||
endif
|
endif
|
||||||
let g:loaded_syntastic_perl_perl_checker = 1
|
let g:loaded_syntastic_perl_perl_checker = 1
|
||||||
|
|
||||||
if !exists('g:syntastic_perl_interpreter')
|
|
||||||
let g:syntastic_perl_interpreter = 'perl'
|
|
||||||
endif
|
|
||||||
|
|
||||||
if !exists('g:syntastic_perl_lib_path')
|
if !exists('g:syntastic_perl_lib_path')
|
||||||
let g:syntastic_perl_lib_path = []
|
let g:syntastic_perl_lib_path = []
|
||||||
endif
|
endif
|
||||||
@ -38,6 +50,10 @@ let s:save_cpo = &cpo
|
|||||||
set cpo&vim
|
set cpo&vim
|
||||||
|
|
||||||
function! SyntaxCheckers_perl_perl_IsAvailable() dict
|
function! SyntaxCheckers_perl_perl_IsAvailable() dict
|
||||||
|
if !exists('g:syntastic_perl_interpreter')
|
||||||
|
let g:syntastic_perl_interpreter = self.getExec()
|
||||||
|
endif
|
||||||
|
|
||||||
" don't call executable() here, to allow things like
|
" don't call executable() here, to allow things like
|
||||||
" let g:syntastic_perl_interpreter='/usr/bin/env perl'
|
" let g:syntastic_perl_interpreter='/usr/bin/env perl'
|
||||||
silent! call system(syntastic#util#shexpand(g:syntastic_perl_interpreter) . ' -e ' . syntastic#util#shescape('exit(0)'))
|
silent! call system(syntastic#util#shexpand(g:syntastic_perl_interpreter) . ' -e ' . syntastic#util#shescape('exit(0)'))
|
||||||
@ -45,6 +61,11 @@ function! SyntaxCheckers_perl_perl_IsAvailable() dict
|
|||||||
endfunction
|
endfunction
|
||||||
|
|
||||||
function! SyntaxCheckers_perl_perl_GetLocList() dict
|
function! SyntaxCheckers_perl_perl_GetLocList() dict
|
||||||
|
if !exists('g:syntastic_enable_perl_checker') || !g:syntastic_enable_perl_checker
|
||||||
|
call syntastic#log#error('checker perl/perl: checks disabled for security reasons; set g:syntastic_enable_perl_checker to 1 to override')
|
||||||
|
return []
|
||||||
|
endif
|
||||||
|
|
||||||
let exe = expand(g:syntastic_perl_interpreter)
|
let exe = expand(g:syntastic_perl_interpreter)
|
||||||
if type(g:syntastic_perl_lib_path) == type('')
|
if type(g:syntastic_perl_lib_path) == type('')
|
||||||
call syntastic#log#deprecationWarn('variable g:syntastic_perl_lib_path should be a list')
|
call syntastic#log#deprecationWarn('variable g:syntastic_perl_lib_path should be a list')
|
||||||
|
Loading…
x
Reference in New Issue
Block a user