|
New here? β I want to ask a question of the Perl Monks. Where do I start?
If you're new here, please read PerlMonks FAQ
Quests
poll ideas quest 2025
Starts at: Jan 01, 2025 at 00:00 Ends at: Dec 31, 2025 at 23:59 Current Status: Active 3 replies by pollsters
Note that links may be used in choices but not in the title. |
Years ago, a few people decided during the Perl Toolchain Summit (PTS) that it would be a good idea to join forces, ideas and knowledge and start a group to monitor vulnerabilities in the complete perl ecosystem form core to the smallest CPAN release. The goal was to follow legislation and CVE reports, and help authors in taking actions on not being vulnerable anymore.
That group has grown stable over the past years and is now known as CPANSec
The group has several focus areas, and one of them is channeling CVE vulnerability issues.
In that specific goal, a milestone has been reached:
CPANSec has just been authorized as a CVE Numbering Authority (CNA) for Perl and modules on CPAN π£ππ₯³π
The CPAN Security Group was authorized by the CVE Program as a CVE Numbering Authority (CNA) on Feb 25, 2025. A CNA assigns and manages CVE identifiers for projects in their scope.
Our scope is vulnerabilities in Perl and CPAN Modules (including End-of-Life Perl versions) found at perl.org, cpan.org or metacpan.org, excluding distributions of Perl or CPAN Modules maintained by third-party redistributors.
CVE is an international, community-based effort to identify, define and catalog publicly disclosed software vulnerabilities. To learn more about the CVE program, visit www.cve.org.
Vulnerabilities should be reported according to the security policy of the affected project.
For more details, see our guide on how to Report a Security Issue in Perl and the CPAN ecosystem.
To request a CVE identifier, or to update a CVE we have issued, please send an email to cve-request@security.metacpan.org.
Subscribe to the cve-announce mailing list to be notified of new CVEs published by us.
For questions, disputes or other CNA related queries please use cna@security.metacpan.org. Disputes are handled according to the CNA rules.
Hi!
I'm searching for a sane tracking software, for developing medical devices. Let me explain:
At work, we are currently using a really old version of Jira, with add-ons for tracking requirements and product tests. It's so f*ed up that all attempts to update it fail. Updating was never easy, but the last available installer/updater package actively destroys configuration and database, rendering the installation unusable. The fine print: You need to be at the latest version to be able to migrate to the cloud Jira. We can't get to that version. Tech support is not helpful.
Now, we running one project in a cloud Jira setup, paid for by our customer. I always thought the user interface of the old server installation was bad, but the cloud user interface is a mine field. Ideally, you run it on a separate computer, with mouse and keyboard disconnected. Only connect them if you really want to interact with it. Because almost any key and any click anywhere on the user interface triggers some action, even in empty spaces. The screen is littered with junk that you don't need, stuff that you need is well hidden. And as if all of that was not worse enough, we completely give up control of the data we enter into the system. Atlassian as a long history of mishandling or deleting user data, and we legally have to keep that data. I don't see any sane way of doing that.
So, guess what? I want to get rid of Jira. I don't want to even have to think about migrating existing data from our existing Jira instances to cloud Jira, and I don't want to use cloud Jira. And as much as I would like to, I don't want to write my own system. I want an existing software, running on a local webserver. I would prefer open source software, so we could tweak things if we really need to. I don't think we need much tech support, so a "community support for free, pay for professional support" model (as for Proxmox or Virtualbox) would be ok. We could pay a license fee, but we are a small company. We mostly do small projects, so license fees that costs in the order of an entire project are simply impossible.
What do we need?
The classic Bugzilla ticks almost all checkboxes, except that it can't do requirement tracking and test tracking. And it's name is burned because an unloved and unmaintained installation lingered around since well before I was hired. That's clearly not the fault of Bugzilla, but some people are just strange.
Before Jira, we (the software developers) starting using Redmine just for tracking issues, with the intention to make the entire company using it. Jira won because Redmine wasn't even invited to the race. Redmine has no requirement and test tracking, but at least it has interfaces to third party tools.
A final note: Jira (with pluins) integrates the bugtracker on the one hand and requirement / tests tracking on the other hand into a single software. We are used to it, but we don't need that integration. Some bug tickets may refer to requirements or tests, but that's all. There is no tracking, not even counting. Nobody checks how many bugs a requirement "attracted". It is convienient to just type FOO-123 and it will be converted to a link to a requirement, just like typing FOO-456 will be converted to a link to an issue. But honestly, copying https://reqs.example.com/req-tracker/req/FOO-123 from the browser's address line into a issue ticket would hurt nobody.
So, how do you track issues, requirements, tests? Do you know a software that might fit our needs?
Alexander
Here is my Dancer2 config.ymlDocumentRoot /var/webapps/sandbox/public <FilesMatch "\.(?:cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory "/var/webapps/sandbox/public"> Options +Indexes +FollowSymLinks +MultiViews +ExecCGI AddHandler cgi-script .cgi AllowOverride None Require all granted SSLOptions +StdEnvVars </Directory> RewriteEngine On RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^(.*)$ /dispatch.cgi1γγ« [QSA,L] # ScriptAlias / /var/webapps/sandbox/public/dispatch.cgi/ <Location /> # Set up your Dancer2 application SetHandler cgi-script AddHandler application/x-httpd-perl .cgi PerlSetEnv Dancer2_APP /var/webapps/sandbox/bin/app.pl PerlSetEnv DANCER2_CONFDIR /var/webapps/sandbox PerlSetEnv DANCER_CONFDIR /var/webapps/sandbox PerlSetEnv DANCER2_ENV development </Location>
Here is a code snippet:# Your application's name appname: "sandbox" # We want to keep session data around so engines: session: YAML: session_dir: /tmp/dancer-sessionstore engines: template: template_toolkit: start_tag: '<%' end_tag: '%>' template: "template_toolkit" session: YAML # The default layout to use for your application (located in # views/layouts/main.tt) layout: "main" # when the charset is set to UTF-8 Dancer2 will handle for you # all the magic of encoding and decoding. You should not care # about unicode within your app when this setting is set (recommended) +. charset: "UTF-8" # template engine # simple: default and very basic template engine # template_toolkit: TT # template: "simple" plugins: Database: driver: 'mysql' database: 'vlabs' host:'something' port: 3306 username: 'rouser' password: 'xxxxxxxxxx' connection_check_threshold: 10
And the log snippet:debug "displaying login page"; template 'login.tt', { path => param('requested_path') }; debug "showed login page";
There is a main.tt and a login.tt in the correct places. I get no output in my browser. The page is empty even when I look at the page source. (I do see the favicon.ico.) I am stumped, monks. Any ideas? TIA[sandbox:12160] debug @2025εΉ΄04ζ05ζ₯ 15:07:00> displaying login page in / +var/webapps/sandbox/public/../lib/sandbox.pm l. 45 [sandbox:12160] debug @2025εΉ΄04ζ05ζ₯ 15:07:00> showed login page in /var/ +webapps/sandbox/public/../lib/sandbox.pm l. 47
In my code I frequently have to write conditions like this:
if (defined $string and $string ne "") { ..... }
What I really want is to check if the string is not entirely empty. I would like to be able to do something like if ($string) but this would exclude "0".
So I hope that there is a shorter and nicer way to do this. For now I have been using a utility strempty subroutine which runs that check but I doubt it's idiomatic.
In my own code I try to have it so that empty strings are simply undef, where applicable, but sometimes it can't be helped and external modules don't follow this rule hence why I have to write these conditions.
if ($STRING =~ m/[^\x00-\xFF]{1}/) { ... }
OR MAYBE:
if (length($STRING) > ($STRING =~ tr|\x00-\xFF|\x00-\xFF|)) { ... }
I can't think of anything better. Maybe this, but I bet it's slow:
sub isUnicode { my $L = defined $_[0] ? length($_[0]) : 0; for (my $i = 0; $i < $L; $i++) { ord(substr($_[0], $i, 1)) < 256 or return 1; } return 0; }
Hello Monks,
I've recently learned about the DEFINE predicate and I'm testing it with a simple script that I wrote to practice Perl and regular expressions. The script simply checks for IPv4 or IPv6 addresses (I know there is a CPAN module for that, this is for me to practice), and I re-wrote the regular expression like so:
my $re = qr{ (?> \b ((?&IPV6) | (?&IPV4)) \b ) (?(DEFINE) (?<IPV6> ( ((?&H16) :){6} (?&LS32)) | ( :: ((?&H16) :){5} (?&LS32)) | (( (?&H16))? :: ((?&H16) :){4} (?&LS32)) | ((((?&H16) :){0,1} (?&H16))? :: ((?&H16) :){3} (?&LS32)) | ((((?&H16) :){0,2} (?&H16))? :: ((?&H16) :){2} (?&LS32)) | ((((?&H16) :){0,3} (?&H16))? :: ((?&H16) :){1} (?&LS32)) | ((((?&H16) :){0,4} (?&H16))? :: (?&LS32)) | ((((?&H16) :){0,5} (?&H16))? :: (?&H16) ) | ((((?&H16) :){0,6} (?&H16))? :: ) ) (?<LS32> ((?&H16) : (?&H16)) | (?&IPV4) ) (?<H16> (?&HEX_DIGIT){1,4} ) (?<HEX_DIGIT> [a-fA-F0-9] ) (?<IPV4> ((?&DEC_OCTET)\.){3}(?&DEC_OCTET) ) (?<DEC_OCTET> 25[0-5]|2[0-4]\d|1\d\d|\d\d|\d ) (?<IP_VFUTURE> v(?&HEX_DIGIT)+\.((?&UNRESERVED) | (?&SUB_DELIMS) | : )+ ) (?<UNRESERVED>[a-zA-Z0-9\-\._~] ) (?<SUB_DELIMS>[!\$&'\(\)\*\+,;=] ) ) }x;
It works, but it only seems to capture the first occurrence of an IP address on each line. For example:
if ("This is the same address in IPv6: 0:0:0:0:0:0:0:1 and 127.0.0.1" +=~ /$re/g ) { say $&; say 1γγ«; say 2γγ«; }
I was expecting to capture both IP addresses, but only the first is ever captured. Can anyone shed some light on how could I make this work in this way?
Thank you!
Hello erudite Monks and Nuns,
I found a CPAN module recently that really makes me happy. As a habitual serial installer of anything from the CPAN that looks interesting, I sometimes forget what I have installed before I can start to write some code using it. Enter Module::List; which showed up as "recent" on MetaCPAN with the release of version 0.004. There is also a close relative, let's call it a talented nephew, Module::List::WithPath, which is based on Module::List and adds the ability to discover the filesystem path location of each module found. At the time of this writing, module Module::List::WithPath is at version 0.003002.
But we're ahead of ourselves. What Module::List does is a lookup on the prefix given as an argument to the sole subroutine in the module, list_modules, returning differing information depending on the options given (as an anonymous hash) -- for example, all the installed module names with that prefix (I won't describe every bit of the functionality or API since that's all right there on MetaCPAN for the reader to peruse). I'll make the observation that the API is a bit unusual: instead of providing a separate subroutine (either exported or not) for each kind of data sought, the module provides options (as just described above). The most interesting option (imho) is the first listed in the POD, list_modules. The return data is a hash reference with keys corresponding to module names found in the abstract namespace (regardless of where the modules were found on the filesystem). The values of the hash elements are in each case the empty string. In the case of the talented nephew, Module::List::WithPath, the element values are, instead, the filesystem locations of the modules found. Very nifty.
I just find these modules really neat and they fill a gap that I've been feeling for a long time. Quirks (arguably) of implementation aside, the modules have enabled me to write simple short scripts to query my Perl installation and discover what has lain there, waiting but forgotten.
Apr 03, 2025 at 23:54 UTCA just machine to make big decisions
Programmed by fellows (and gals) with compassion and vision
We'll be clean when their work is done
We'll be eternally free yes, and eternally young
Donald Fagen β> I.G.Y.
(Slightly modified for inclusiveness)
| Log In? | ||
|---|---|---|
| Domain Nodelet? | ||
| Chatterbox? | ||
|
How do I use this? β’ Last hour β’ Other CB clients | ||
| Other Users? | ||
|
Others browsing the Monastery: (4) As of 2025εΉ΄04ζ08ζ₯ 03:58 GMT | ||
| Sections? | ||
| Information? | ||
| Find Nodes? | ||
| Leftovers? | ||
| Voting Booth? | ||
|
No recent polls found | ||
| Notices? | ||
|