File Coverage

blib/lib/Alien/Build/Plugin/Fetch/HostAllowList.pm

Criterion	Covered	Total	%
statement	30	30	100.0
branch	5	8	62.5
condition	2	3	66.6
subroutine	7	7	100.0
pod	1	1	100.0
total	45	49	91.8

line	stmt	bran	cond	sub	pod	time	code
1							package Alien::Build::Plugin::Fetch::HostAllowList;
2
3	1			1		57594	use strict;
	1					2
	1					25
4	1			1		5	use warnings;
	1					3
	1					17
5	1			1		13	use 5.008004;
	1					2
6	1			1		6	use Alien::Build::Plugin;
	1					2
	1					7
7	1			1		82	use URI;
	1					2
	1					314
8
9							# ABSTRACT: Require that Alien::Build based aliens only fetch from an allow list of hosts
10							our $VERSION = '0.01'; # VERSION
11
12
13							has '+allow_hosts' => sub { [
14							defined $ENV{ALIEN_BUILD_HOST_ALLOW}
15							? split /,/, $ENV{ALIEN_BUILD_HOST_ALLOW}
16							: ()
17							] };
18
19							sub init
20							{
21	1			1	1	95	my($self, $meta) = @_;
22
23	1					2	my %allowed = map { $_ => 1 } @{ $self->allow_hosts };
	2					11
	1					2
24
25							$meta->around_hook( fetch => sub {
26	3			3		9002	my $orig = shift;
27	3					5	my $build = shift;
28	3		66			12	my $url = $_[0] \|\| $build->meta_prop->{start_url};
29
30							# If URL doesn't have a : then it doesn't have a scheme or
31							# protocol and we assume that it is a file or directory.
32	3	50				23	if($url =~ /:/)
33							{
34	3					16	my $url = URI->new($url);
35	3	50				7862	if($url->scheme ne 'file')
36							{
37	3					115	my $host = eval { $url->host };
	3					10
38	3	50				104	die "unable to determine host from $url: $@" if $@;
39	3	100				20	die "The host $host is not in the allow list" unless $allowed{$host};
40							}
41							}
42
43	2					7	$orig->($build, @_);
44	1					6	});
45							}
46
47
48							1;
49
50							__END__