- CONFIGURATION AND ENVIRONMENT
- BUGS AND LIMITATIONS
- BUG REPORTING
- TEST AND QUALITY
- DEPENDENCIES AND REQUIREMENTS
- SEE ALSO
- LICENSE AND COPYRIGHT
Perl::Critic::Policy::RegularExpressions::RequireDefault - Always use the
/aa modifier with regular expressions.
This documentation describes version 2.01
This policy has no affiliation
This policy aims to help enforce Perl's protective measures against security vulnerabilities related to Unicode, such as:
Character and String Transformation Vulnerabilities
/aa modifiers standing for ASCII-restrict or ASCII-safe, provides protection for applications that do not need to be exposed to all of Unicode and possible security issues with Unicode.
/a causes the sequences
\w, and the Posix character classes to match only in the ASCII range. Meaning:
\dmeans the digits
my $ascii_letters =~ m/[A-Z]*/i; # not ok my $ascii_letters =~ m/[A-Z]*/a; # ok my $ascii_letters =~ m/[A-Z]*/aa; # ok
\smeans the five characters
[ \f\n\r\t], and starting in Perl v5.18, also the vertical tab
my $characters =~ m/[ \f\n\r\t]*/; # not ok my $characters =~ m/[ \f\n\r\t]*/a; # ok my $characters =~ m/[ \f\n\r\t]*/aa; # ok
\wmeans the 63 characters
[A-Za-z0-9_]and all the Posix classes such as
[[:print:]]match only the appropriate ASCII-range characters
my $letters =~ m/[A-Za-z0-9_]*/; # not ok my $letters =~ m/[A-Za-z0-9_]*/a; # ok my $letters =~ m/[A-Za-z0-9_]*/aa; # ok
The policy also supports the pragma:
use re '/a';
use re '/aa';
Which mean it will not evaluate the regular expressions any further:
use re '/a'; my $letters =~ m/[A-Za-z0-9_]*/; # ok
Do note that the
/aa modifiers require Perl 5.14, so by using the recommended modifiers you indirectly introduce a requirement for Perl 5.14.
This policy is inspired by Perl::Critic::Policy::RegularExpressions::RequireExtendedFormatting and many implementation details was lifted from this particular distribution.
The policy has a single configuration parameter:
strict. The default is disabled (
The policy, if enabled, allow for both
'aa', if strict however is enabled,
'a' will trigger a violation and
'aa' will not.
[RegularExpressions::RequireDefault] strict = 1
Do note that the policy also evaluates if the pragmas are enabled, meaning:
use re 'a'; will trigger a violation and
use re 'a'; will not if the policy is configured for strict evaluation.
This distribution holds no known incompatibilities at this time, please see "DEPENDENCIES AND REQUIREMENTS" for details on version requirements.
The pragma handling does not take into consideration of a pragma is disabled.
The pragma handling does not take lexical scope into consideration properly and only detects the definition once
This distribution holds no other known limitations or bugs at this time, please refer to the the issue listing on GitHub for more up to date information.
Please report bugs via GitHub.
This distribution aims to adhere to the Perl::Critic::Policy standards and Perl best practices and recommendations.
This distribution requires:
Perl 5.6.0 syntactically for the actual implementation
Perl 5.14 for developing the distribution, which relies on Dist::Zilla. The features on which this policy relies, where introduced in Perl 5.14, but this does not make for an actual requirement for the policy only the recommendations it imposes.
Carp, in core since Perl 5.
Perl::Critic::Utils, part of Perl::Critic
Please see the listing in the file: cpanfile, included with the distribution for a complete listing and description for configuration, test and development.
Ideas and suggestions for improvements and new features are listed in GitHub and are marked as
Please see the issue listing on GitHub
| Perl folk: Looking for a PR challenge task? Check for \d in regexes | that really should be [0-9] or should have the /a regex modifier. | Perl is multinational by default! #TPCiSLC
Jonas B. (jonasbn) <firstname.lastname@example.org>
Perl::Critic::Policy::RegularExpressions::RequireDefault is (C) by jonasbn 2018-2019
Perl::Critic::Policy::RegularExpressions::RequireDefault is released under the Artistic License 2.0
Please see the LICENSE file included with the distribution of this module