| Store | Cart

[Komodo-discuss] Perl syntax checking fun (Was: Komodo 3.5.1 beta now available via ftp)

From: Trent Mick <tre...@ActiveState.com>
Wed, 30 Nov 2005 19:14:23 -0800
[Dave wrote]
> > Just FYI, the previous bug I reported where the syntax checker doesn't> > have "." in it's path still exists in this version.

Dave,
Which bug was this? Here are the only bugs from you that I can find in
our bug database:
    http://tinyurl.com/crj3o

[Ken Beal wrote]
> ...> However, breaking the very functional syntax checking seems like a> regression that shouldn't have been marked "GOWO".> > I just installed 3.5.1 and it's essentially unusable in this state.  Why was> it released?

The issue is a little complicated. I'll try to clarify. (If you just
want the solution, skip to the bottom.)

    $ ls /tmp/perl_syntax_check
    Foo.pm bar.pl

    $ cat /tmp/perl_syntax_check/Foo.pm
    sub foo {
        print "Hello from Foo::foo.";
    }
    1;

    $ cat /tmp/perl_syntax_check/bar.pl
    use Foo;
    foo();

Since the days of yore Komodo has had background Perl syntax checking:

    $ perl -c /tmp/perl_syntax_check/foo.pl
    # `--- It's actually a little more complicated, but close enough. :)

Warnings are good too:

    $ perl -cw /tmp/perl_syntax_check/foo.pl

In the fall of 2002, Dave (a different Dave) suggested running in the
script's directory
(http://bugs.activestate.com/Komodo/show_bug.cgi?id=20864). 
Good idea.  That helps importing local Perl modules.

    $ (cd /tmp/perl_syntax_check; perl -cw foo.pl)

Then, back on a typical ActiveState Friday night in May last year, some
of the Komodo guys were having a beer with some of the Perl guys.

"Hey," say the Perl guys, "why don't you add taint mode to Komodo's
Perl syntax checking. And make it configurable."

"Good idea," says David the Komodo guy (yet another Dave [1]) and does
it:

    $ (cd /tmp/perl_syntax_check; perl -${pref} foo.pl)
    # Where the default ${pref} is "-cwT", i.e. just add taint
    # mode checking to what was there before.

One problem though: taint mode removes "." (the current directory) from
Perl include path (@INC) -- breaking Dave's situation (Dave #2) that has
worked since 2002 -- so we need to add that back in:

    $ (cd /tmp/perl_syntax_check; perl -I. -cwT foo.pl)

All is well and good. Komodo 3.1 is released. *Then*, a couple of months
ago someone (let's call him Dave, Dave #4) comes up with a situation
where all is not good
(http://bugs.activestate.com/show_bug.cgi?id=40285). He happens to have
his own Config.pm next to a file that he is editing in Komodo.
Something like this:

    perl_syntax_check/
        womba.pl
        lib/
            Wizzle.pm
            Config.pm

So, while Dave is editing "Wizzle.pm":

    $ (cd /tmp/perl_syntax_check/lib; perl -I. -cwT Wizzle.pm)

"Config.pm" is the name of an important internal Perl module. Any code
in Wizzle.pm that tries to use Perl's Config module (for example any
"use lib ..." statement) will get *Dave's* Config.pm instead of
*Perl's* Config.pm. Havoc ensues.

So what is going on here?

By default "." is on Perl's @INC. At the *end* of @INC. Taint mode
removes that. We added it back with "-I.". Back to the *front* of the
list.

And that is the problem. Because "." is now at the front of @INC,
modules in the current directory can shadow important modules in the
Perl lib and site-lib directories. Lesson: adding "." to the front of
@INC for Perl execution is bad.


The Solution
------------

The short answer: turn off taint mode checking if you rely on being able
to import Perl modules in the same directory as your Perl script. (You
can do this in the "Perl" preferences panel.)

If you rely on being able to import Perl modules in the same directory
as your Perl script (as does my trivial example above) and you do not:

    use lib ".";  # or the equivalent

then you obviously do not use taint mode when running your code. Then,
Komodo shouldn't either.

I will be changing the default Perl background syntax checking settings
in Komodo to NOT use taint mode [2]. It is well and good for Komodo to
encourage Perl programmers to use taint mode checking for there code.
However, taint mode *can* have undesired effects (i.e. why taint mode is
not on by default in Perl) so one should have to explicitly turn it on
and be a consenting adult.

Cheers,
Trent


[1] I'm not kidding about all the Dave's.
[2] Komodo 3.5.1 has already shipped, so for the time being you will
    have to manually change that setting in your user preferences if you
    are affected by this.

-- 
Trent Mick
Tre...@ActiveState.com

Recent Messages in this Thread
Robert Nov 27, 2005 03:51 pm
Jeff Griffiths Nov 28, 2005 07:03 pm
Trent Mick Dec 01, 2005 03:14 am
Eric Promislow Dec 01, 2005 06:14 pm
Messages in this thread