Re: Module::Metadata

IMHO, it's important to be able to extract the metadata without running the module, for several reasons: security, speed, interoperablity. The last requires some explanitaion: if a module is only designed to work from Win32, it should be possible to detect that from the given metadata easily, without having to code around it.

This is, of course, in direct conflict with having modules be able to determine their own metadata dynamicly. I'm inclined to sacrifice that completly, but most people don't seem to see it that way.

Warning: Unless otherwise stated, code is untested. Do not use without understanding. Code is posted in the hopes it is useful, but without warranty. All copyrights are relinquished into the public domain unless otherwise stated. I am not an angel. I am capable of error, and err on a fairly regular basis. If I made a mistake, please let me know (such as by replying to this node).

Comment on Re: Module::Metadata

Replies are listed 'Best First'.
Re: Re: Module::Metadata by BrentDax (Hermit) on Jan 08, 2003 at 00:48 UTC
Because it's in one `use` call, it's relatively easy to extract--just pull out everything between `use Module::Metadata` and the next semicolon, rework it into something a bit safer, and `eval` it. Or even better, `reval` it. That's the approach the module's `extract_metadata` function takes--it constructs a very restrictive `Safe` container, massages the code into a call to `Module::Metadata->new`, and evalutes it in the `Safe` container. `$safe->permit_only(qw(:base_core :base_mem)); $safe->deny(qw(repeat range));` [download] The actual code is a bit more complicated than this, because it handles nesting and (basic) quoting correctly in case a future metadata field accepts a coderef or something, but that's the gist of it. It also responds to `use Module::Metadata 1.0` (version numbering) correctly by calling `Module::Metadata->VERSION`. By the way, thanks for mentioning interoperability. I should add in a field for operating systems. =cut --Brent Dax There is no sig.	[reply] [d/l] [select]

Replies are listed 'Best First'.

Re: Re: Module::Metadata
by BrentDax (Hermit) on Jan 08, 2003 at 00:48 UTC

use

use Module::Metadata

eval

reval

extract_metadata

Safe

Module::Metadata->new

Safe

        $safe->permit_only(qw(:base_core :base_mem));
        $safe->deny(qw(repeat range));
[download]

The actual code is a bit more complicated than this, because it handles nesting and (basic) quoting correctly in case a future metadata field accepts a coderef or something, but that's the gist of it. It also responds to use Module::Metadata 1.0 (version numbering) correctly by calling Module::Metadata->VERSION.

By the way, thanks for mentioning interoperability. I should add in a field for operating systems.

=cut
--Brent Dax
There is no sig.

[reply]
[d/l]
[select]