From f17ddf12391d7c4d9a6afa6cde502c9bca8868cc Mon Sep 17 00:00:00 2001 From: Marius Gavrilescu Date: Wed, 1 Jun 2016 00:33:04 +0100 Subject: [PATCH] Initial commit --- Changes | 4 ++ MANIFEST | 12 +++++ Makefile.PL | 20 ++++++++ README | 35 ++++++++++++++ lib/Acme/Evil.pm | 47 +++++++++++++++++++ lib/evil.pm | 115 ++++++++++++++++++++++++++++++++++++++++++++++ t/strict-die.t | 8 ++++ t/strict-safe.t | 4 ++ t/t1/Direct.pm | 3 ++ t/t1/Evil.pm | 3 ++ t/t1/Indirect.pm | 3 ++ t/t1/Unrelated.pm | 3 ++ 12 files changed, 257 insertions(+) create mode 100644 Changes create mode 100644 MANIFEST create mode 100644 Makefile.PL create mode 100644 README create mode 100644 lib/Acme/Evil.pm create mode 100644 lib/evil.pm create mode 100644 t/strict-die.t create mode 100644 t/strict-safe.t create mode 100644 t/t1/Direct.pm create mode 100644 t/t1/Evil.pm create mode 100644 t/t1/Indirect.pm create mode 100644 t/t1/Unrelated.pm diff --git a/Changes b/Changes new file mode 100644 index 0000000..ec5e4d2 --- /dev/null +++ b/Changes @@ -0,0 +1,4 @@ +Revision history for Perl extension Acme::Evil. + +0.001 2016-06-01T00:33+01:00 + - Initial release diff --git a/MANIFEST b/MANIFEST new file mode 100644 index 0000000..228f413 --- /dev/null +++ b/MANIFEST @@ -0,0 +1,12 @@ +Changes +lib/Acme/Evil.pm +lib/evil.pm +Makefile.PL +MANIFEST +README +t/strict-die.t +t/strict-safe.t +t/t1/Direct.pm +t/t1/Evil.pm +t/t1/Indirect.pm +t/t1/Unrelated.pm diff --git a/Makefile.PL b/Makefile.PL new file mode 100644 index 0000000..de6774f --- /dev/null +++ b/Makefile.PL @@ -0,0 +1,20 @@ +use 5.008009; +use ExtUtils::MakeMaker; + +WriteMakefile( + NAME => 'Acme::Evil', + VERSION_FROM => 'lib/evil.pm', + ABSTRACT => 'RFC 3514 (evil bit) implementation for Perl modules', + AUTHOR => 'Marius Gavrilescu ', + MIN_PERL_VERSION => '5.8.9', + LICENSE => 'perl', + SIGN => 1, + PREREQ_PM => {}, + META_ADD => { + dynamic_config => 0, + resources => { + repository => 'https://git.ieval.ro/?p=acme-evil.git', + }, + } + +); diff --git a/README b/README new file mode 100644 index 0000000..7fb83db --- /dev/null +++ b/README @@ -0,0 +1,35 @@ +Acme-Evil version 0.001 +======================= + +RFC3514 introduces a new flag called the "evil bit" in all IP packets. +The intention is to simplify the work of firewalls. Software that +sends IP packets with malicious intent must set the evil bit to true, +and firewalls can simply drop such packets. + +The evil pragma is a Perl implementation of the same concept. With +this pragma malicious modules can declare their evil intent while +critical modules can request that they will only use / run alongside +non-evil code. + +INSTALLATION + +To install this module type the following: + + perl Makefile.PL + make + make test + make install + +DEPENDENCIES + +This module requires no other modules and libraries. + +COPYRIGHT AND LICENCE + +Copyright (C) 2016 by Marius Gavrilescu + +This library is free software; you can redistribute it and/or modify +it under the same terms as Perl itself, either Perl version 5.22.2 or, +at your option, any later version of Perl 5 you may have available. + + diff --git a/lib/Acme/Evil.pm b/lib/Acme/Evil.pm new file mode 100644 index 0000000..70b3a56 --- /dev/null +++ b/lib/Acme/Evil.pm @@ -0,0 +1,47 @@ +package Acme::Evil; + +use 5.008009; +use strict; +use warnings; + +our $VERSION = '0.001'; + +1; +__END__ + +=encoding utf-8 + +=head1 NAME + +Acme::Evil - Empty module + +=head1 SYNOPSIS + + use Acme::Evil; # does nothing + +=head1 DESCRIPTION + +This is an empty module needed for the dist permissions to work +properly. + +See the documentation of the L pragma for useful informaton +about this dist. + +=head1 SEE ALSO + +L + +=head1 AUTHOR + +Marius Gavrilescu, Emarius@ieval.roE + +=head1 COPYRIGHT AND LICENSE + +Copyright (C) 2016 by Marius Gavrilescu + +This library is free software; you can redistribute it and/or modify +it under the same terms as Perl itself, either Perl version 5.22.2 or, +at your option, any later version of Perl 5 you may have available. + + +=cut diff --git a/lib/evil.pm b/lib/evil.pm new file mode 100644 index 0000000..db7968d --- /dev/null +++ b/lib/evil.pm @@ -0,0 +1,115 @@ +#!/usr/bin/perl +package evil; + +use 5.008009; +use strict; +use warnings; + +use Carp; + +our $VERSION = 0.001; + +our %tainted; +our $strict; + +sub import { + $tainted{caller()} = 1; + croak "Cannot load evil module when \"no evil ':strict'\" is in effect" if $strict; +} + +sub unimport { + my $strict_arg = grep /^:strict$/, @_; + carp 'no evil; interpreted as no evil ":strict". This will change in a future version of Acme::Evil' unless $strict_arg; + $strict = 1; # To be changed when other modes are implemented + if ($strict && %tainted) { + croak "Evil module already loaded. Cannot enforce \"no evil ':strict'\""; + } +} + +1; +__END__ + +=encoding utf-8 + +=head1 NAME + +evil - RFC 3514 (evil bit) implementation for Perl modules + +=head1 SYNOPSIS + + # in A.pm + package A; + use evil; + ... + + # in B.pm + package B; + no evil ':strict'; + use A; # + ... + + +=head1 DESCRIPTION + +L introduces a new flag +called the "evil bit" in all IP packets. The intention is to simplify +the work of firewalls. Software that sends IP packets with malicious +intent must set the evil bit to true, and firewalls can simply drop +such packets. + +The evil pragma is a Perl implementation of the same concept. With +this pragma malicious modules can declare their evil intent while +critical modules can request that they will only use / run alongside +non-evil code. + +The pragma can be used in the following ways: + +=over + +=item use B; + +Marks the current package as evil. All malicious modules MUST use this +directive to ensure the full functionality of this module. + +=item no B ':strict'; + +The calling module function properly if malignant code is loaded +anywhere in the program. Throws an exception if an evil module is +loaded, whether at the moment of calling this pragma or in the future. + +=item no B ':intermediate'; (TODO) + +Not yet implemented. The calling module cannot function properly if it +is using evil code, whether directly or indirectly. Throws an +exception if an evil module is loaded by the calling module or by one +of the children modules (or by one of their children modules, etc). + +=item no B ':lax'; (TODO) + +Not yet implemented. The calling module cannot function properly if it +is using evil code direcly. Throws an exception if the calling module +loads an evil module. + +=item no B; + +This would normally be equivalent to C but +since that mode is not yet implemented this call does the same as +C while also emitting a warning saying that this +behaviour will change in a future version. + +=back + +=head1 AUTHOR + +Marius Gavrilescu, Emarius@ieval.roE + +=head1 COPYRIGHT AND LICENSE + +Copyright (C) 2016 by Marius Gavrilescu + +This library is free software; you can redistribute it and/or modify +it under the same terms as Perl itself, either Perl version 5.22.2 or, +at your option, any later version of Perl 5 you may have available. + + +=cut diff --git a/t/strict-die.t b/t/strict-die.t new file mode 100644 index 0000000..4d7aa28 --- /dev/null +++ b/t/strict-die.t @@ -0,0 +1,8 @@ +#!/usr/bin/perl +use Test::More tests => 4; + +require_ok 't::t1::Evil'; +require_ok 't::t1::Direct'; +require_ok 't::t1::Indirect'; +ok !eval { require t::t1::Unrelated }, 'Unrelated dies'; + diff --git a/t/strict-safe.t b/t/strict-safe.t new file mode 100644 index 0000000..4c3b826 --- /dev/null +++ b/t/strict-safe.t @@ -0,0 +1,4 @@ +#!/usr/bin/perl +use Test::More tests => 1; + +require_ok 't::t1::Unrelated'; diff --git a/t/t1/Direct.pm b/t/t1/Direct.pm new file mode 100644 index 0000000..b6e41ed --- /dev/null +++ b/t/t1/Direct.pm @@ -0,0 +1,3 @@ +package t::t1::Direct; +use t::t1::Evil; +1; diff --git a/t/t1/Evil.pm b/t/t1/Evil.pm new file mode 100644 index 0000000..ed9e20e --- /dev/null +++ b/t/t1/Evil.pm @@ -0,0 +1,3 @@ +package t::t1::Evil; +use evil; +1; diff --git a/t/t1/Indirect.pm b/t/t1/Indirect.pm new file mode 100644 index 0000000..8b1a20b --- /dev/null +++ b/t/t1/Indirect.pm @@ -0,0 +1,3 @@ +package t::t1::Indirect; +use t::t1::Direct; +1; diff --git a/t/t1/Unrelated.pm b/t/t1/Unrelated.pm new file mode 100644 index 0000000..78d2ca5 --- /dev/null +++ b/t/t1/Unrelated.pm @@ -0,0 +1,3 @@ +package t::t1::Unrelated; +no evil ':strict'; +1; -- 2.39.2