File Coverage

blib/lib/Alien/Build/Plugin/Fetch/HostAllowList.pm

Criterion	Covered	Total	%
statement	30	30	100.0
branch	5	8	62.5
condition	2	3	66.6
subroutine	7	7	100.0
pod	1	1	100.0
total	45	49	91.8

line	stmt	bran	cond	sub	pod	time	code
1							package Alien::Build::Plugin::Fetch::HostAllowList;
2
3	1			1		74586	use strict;
	1					2
	1					25
4	1			1		5	use warnings;
	1					2
	1					50
5	1			1		17	use 5.008004;
	1					3
6	1			1		5	use Alien::Build::Plugin 2.64;
	1					14
	1					4
7	1			1		84	use URI;
	1					1
	1					312
8
9							# ABSTRACT: Require that Alien::Build based aliens only fetch from an allow list of hosts
10							our $VERSION = '0.02'; # VERSION
11
12
13							has '+allow_hosts' => sub { [
14							defined $ENV{ALIEN_BUILD_HOST_ALLOW}
15							? split /,/, $ENV{ALIEN_BUILD_HOST_ALLOW}
16							: ()
17							] };
18
19							sub init
20							{
21	1			1	1	97	my($self, $meta) = @_;
22
23	1					2	my %allowed = map { $_ => 1 } @{ $self->allow_hosts };
	2					11
	1					3
24
25							$meta->around_hook( fetch => sub {
26	3			3		10303	my $orig = shift;
27	3					6	my $build = shift;
28	3		66			9	my $url = $_[0] \|\| $build->meta_prop->{start_url};
29
30							# If URL doesn't have a : then it doesn't have a scheme or
31							# protocol and we assume that it is a file or directory.
32	3	50				22	if($url =~ /:/)
33							{
34	3					12	my $url = URI->new($url);
35	3	50				6739	if($url->scheme ne 'file')
36							{
37	3					116	my $host = eval { $url->host };
	3					10
38	3	50				100	die "unable to determine host from $url: $@" if $@;
39	3	100				21	die "The host $host is not in the allow list" unless $allowed{$host};
40							}
41							}
42
43	2					7	$orig->($build, @_);
44	1					8	});
45							}
46
47
48							1;
49
50							__END__