Update: Bleh, all of these still fall prey to the
BEGIN { ... } issue.. Anyone can still inject code that will be executed as the rest is compiled. I don't see any way around this.. You might just try
s/BEGIN\s*{/BEGIN { die "No BEGIN block allowed"; }/g, but I'm not confident that that would catch all occurrences of BEGIN blocks (or END for that matter!), and it could easily hit something legitimate in the code body itself. Your best/only option may in fact be to try and use a
Safe compartment.
The original message: Actually I just thought of a better way to do this:
sub test_code {
my $code = shift;
$code = 'die "OK\n"; ' . $code;
eval $code;
$@ eq "OK\n";
}