Do not add relative paths to Perl include search path

guillaumeaubert / App-GitHooks

Plugin-based system to run specific actions and checks when git hooks are triggered.

https://metacpan.org/pod/App::GitHooks

Other

6 stars 3 forks source link

Do not add relative paths to Perl include search path #25

Closed ppisar closed 9 years ago

ppisar commented 9 years ago

bin/githooks uses `lib' module to include ./lib path. Allowing relative paths is a security issue as the attacker can prepare ./lib with malicious module there and then githooks script will execute the attackers code.

Please remove the `use lib' line.

The line is not needed for testing the script before installing it into the system as standard perl tools (./Build test) includes ./blib/{arch,lib} automatically.

guillaumeaubert commented 9 years ago

The use case was to be able to do a git clone and then run ./bin/githooks without installing App::GitHooks, for testing local changes in the repository. But running perl -I lib ./bin/githooks will work fine for that purpose, so I've removed the corresponding line.

guillaumeaubert commented 9 years ago

Released in version 1.7.3. Thank you for reporting this issue!