From f5fc746d00a8b8e0aaac1904ce97ad7eb52e1b24 Mon Sep 17 00:00:00 2001 From: w0rp Date: Sat, 2 Dec 2017 12:26:30 +0000 Subject: [PATCH] Fix #1186 - Use -w by default for Perl, which does not execute code --- ale_linters/perl/perl.vim | 9 ++--- doc/ale-perl.txt | 6 ++- .../test_perl_command_callback.vader | 37 +++++++++++++++++++ 3 files changed, 45 insertions(+), 7 deletions(-) create mode 100644 test/command_callback/test_perl_command_callback.vader diff --git a/ale_linters/perl/perl.vim b/ale_linters/perl/perl.vim index 33288061..6421d4ff 100644 --- a/ale_linters/perl/perl.vim +++ b/ale_linters/perl/perl.vim @@ -1,18 +1,15 @@ " Author: Vincent Lequertier " Description: This file adds support for checking perl syntax -let g:ale_perl_perl_executable = -\ get(g:, 'ale_perl_perl_executable', 'perl') - -let g:ale_perl_perl_options = -\ get(g:, 'ale_perl_perl_options', '-c -Mwarnings -Ilib') +call ale#Set('perl_perl_executable', 'perl') +call ale#Set('perl_perl_options', '-w -Mwarnings -Ilib') function! ale_linters#perl#perl#GetExecutable(buffer) abort return ale#Var(a:buffer, 'perl_perl_executable') endfunction function! ale_linters#perl#perl#GetCommand(buffer) abort - return ale_linters#perl#perl#GetExecutable(a:buffer) + return ale#Escape(ale_linters#perl#perl#GetExecutable(a:buffer)) \ . ' ' . ale#Var(a:buffer, 'perl_perl_options') \ . ' %t' endfunction diff --git a/doc/ale-perl.txt b/doc/ale-perl.txt index 7611d30f..7142d241 100644 --- a/doc/ale-perl.txt +++ b/doc/ale-perl.txt @@ -16,11 +16,15 @@ g:ale_perl_perl_executable *g:ale_perl_perl_executable* g:ale_perl_perl_options *g:ale_perl_perl_options* *b:ale_perl_perl_options* Type: |String| - Default: `'-c -Mwarnings -Ilib'` + Default: `'-w -Mwarnings -Ilib'` This variable can be changed to alter the command-line arguments to the perl invocation. + Perl code is checked with `-w` by default, because `-c` can execute + malicious code. You can use the `-c` option at your own risk. See + |g:ale_pattern_options| for changing the option only for specific files. + =============================================================================== perlcritic *ale-perl-perlcritic* diff --git a/test/command_callback/test_perl_command_callback.vader b/test/command_callback/test_perl_command_callback.vader new file mode 100644 index 00000000..e82f2279 --- /dev/null +++ b/test/command_callback/test_perl_command_callback.vader @@ -0,0 +1,37 @@ +Before: + Save g:ale_perl_perl_executable + Save g:ale_perl_perl_options + + unlet! g:ale_perl_perl_executable + unlet! g:ale_perl_perl_options + + runtime ale_linters/perl/perl.vim + +After: + Restore + + unlet! b:ale_perl_perl_executable + unlet! b:ale_perl_perl_options + + call ale#linter#Reset() + +Execute(The default Perl command callback should be correct): + AssertEqual + \ 'perl', + \ ale_linters#perl#perl#GetExecutable(bufnr('')) + + AssertEqual + \ ale#Escape('perl') . ' -w -Mwarnings -Ilib %t', + \ ale_linters#perl#perl#GetCommand(bufnr('')) + +Execute(Overriding the executable and command should work): + let b:ale_perl_perl_executable = 'foobar' + let b:ale_perl_perl_options = '-c' + + AssertEqual + \ 'foobar', + \ ale_linters#perl#perl#GetExecutable(bufnr('')) + + AssertEqual + \ ale#Escape('foobar') . ' -c %t', + \ ale_linters#perl#perl#GetCommand(bufnr(''))