Beefy Boxes and Bandwidth Generously Provided by pair Networks DiBona
XP is just a number
 
PerlMonks  

Perl module search engine

by jacques (Priest)
on Jun 13, 2008 at 22:21 UTC ( #692023=sourcecode: print w/ replies, xml ) Need Help??

Category: Perl stuff
Author/Contact Info jacques
Description: This is a quick -n- dirty script for searching your local Perl modules and printing the results to a webpage. You can easily change it around for your needs. NOTE that the search is case insensitive and you can do partial searches, such as 'file::' to see all the modules in that particular namespace. See HTML::Perlinfo::Modules for more details and options.

NOTE: Do not use the code presented on this thread, as there is a security risk described below. In particular, Your Mother 's code example should not be implemented. HTML::Perlinfo::Modules will be updated with a security patch soon.

UPDATE: 7/11/08 -- See the latest version at Perl modules search engine, part II.

# copy & paste to a file called searchmods.cgi

use warnings;
use strict;
use CGI qw(header param); 
use HTML::Perlinfo::Modules;

print header;
my $qry = param('qry') || "";

if ($qry) {


my $m = HTML::Perlinfo::Modules->new();
my $module = $m->print_modules( show_only => qr/$qry/i );

($module) ? print $module: print 'No such modules found!';

}

print <<EOD;
Module search:
<form action="searchmods.cgi" method="post">
<input type="text" name="qry" value="$qry">
<input type=submit name=submit value=submit>
</form>
EOD

Comment on Perl module search engine
Download Code
Re: Perl module search engine
by Your Mother (Canon) on Jun 14, 2008 at 21:52 UTC

    Here is a mildly improved version. HTML::Perlinfo::Modules is something I wouldn't recommend though. In addition to outputting broken non-version specific HTML, it could be replaced with just a bit of custom of code. Mixing display and system info trawling feels dirty, but in a bad way.

    use strict; use warnings; use CGI ":standard"; use HTML::Perlinfo::Modules; print header(), start_html(-title => "Perl Module Search", -head => style({type => 'text/css'}, join('',<DATA>) ), ), h1("Search your Perl modules"); print div({-style => "float:left; width: 20%;"}, h3("Search..."), start_form(-method => "get", -enctype => "application/x-www-form-urlencoded", -onsubmit => "return this._x ? false : ( this._x = +true )"), textfield("query"), br(), checkbox("regex"), submit(), end_form(), ); if ( my $query = param("query") ) { my $module = HTML::Perlinfo::Modules ->new ->print_modules( show_only => param("regex") ? qr/$query/i : qr/\Q$query\ +E/, full_page => 0 ); print div({-style => "float:left; width: 75%; margin-left: 2%"}, $module || h2("No modules found"), ); } print end_html(); __DATA__ body { font: 11px/13px helvetica-neue, helvetica, sans-serif; color: #001; } a:link {color: #000099; text-decoration: none;} a:hover {text-decoration: underline;} table {border-collapse: collapse; width: 100%;} .center {text-align: center;} .center table { margin-left: auto; margin-right: auto; text-align: lef +t;} .center th { text-align: center !important; } td, th { border: 1px solid #001; } .modules table {border: 0;} .modules td { border:0;} .modules th { border:0;} .p {text-align: left;} .e {background-color: #ccf; font-weight: bold; } .h {background-color: #99c; font-weight: bold; } .v {background-color: #ccc; } i {color: #666666; background-color: #ccc;}
      In addition to outputting broken non-version specific HTML, it could be replaced with just a bit of custom of code.

      The HTML doesn't validate, but that's something on my to-do list. Nevertheless, HTML::Perlinfo::Modules is not intended to make your website prettier. Its intent is to show you information about your Perl modules. I've tested the appearance of the HTML on a few browsers and have never encountered an issue.

      Via the full_page option, HTML::Perlinfo::Modules does allow you to insert your own HTML, which you do in your example. You could also set CSS attributes, along with the title of the page, in the constructor. For example:

      $modules = HTML::Perlinfo::Modules->new( bg_image => 'http://i104.photobucket.com/albums/m176/ +perlinfo/camel.gif', bg_repeat => 'yes-repeat' );
      If you wanted to offer some code to improve the module, it would be more than welcomed.
Re: Perl module search engine
by alexm (Chaplain) on Jun 15, 2008 at 14:24 UTC
    Allowing any regular expression is very dangerous, e.g.:
    my $re = qr|(?{system 'cat /etc/passwd'})|; "any string" =~ $re;
    Update: thanks to moritz for explaining that this example isn't actually a problem. However, checking (and laundering) tainted data is always a good idea, specially when dealing with web apps.
      That's not a problem if the regex comes from the outside world:
      $ perl -wle ' "any string" =~ m/$ARGV[0]/' "(?{system 'cat /etc/passwd +'})" Eval-group not allowed at runtime, use re 'eval' in regex m/(?{system +'cat /etc/passwd'})/ at -e line 1.

      The real problem are denial-of-service attacks with endlessly backtracking regexes.

        ...endlessly backtracking regexes.

        Could you please provide an example? I would like to investigate it and see if there's a problem. Thanks.

        I always envisioned HTML::Perlinfo::Modules as something Perl developers might use, not the general public (which is why I wasn't too concerned that the HTML was absolutely perfect). You know, something you could install in your local intranet to see what's on your system.

Back to Code Catacombs

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: sourcecode [id://692023]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others browsing the Monastery: (11)
As of 2014-04-16 10:46 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    April first is:







    Results (424 votes), past polls