NAME

Perl::Critic::Policy::RegularExpressions::RequireDefault - Always use the /a or /aa modifier with regular expressions.

VERSION

This documentation describes version 2.00

AFFILIATION

This policy has no affiliation

DESCRIPTION

This policy aims to help enforce Perl's protective measures against security vulnerabilities related to Unicode, such as:

Visual Spoofing
Character and String Transformation Vulnerabilities

The /a and /aa modifiers standing for ASCII-restrict or ASCII-safe, provides protection for applications that do not need to be exposed to all of Unicode and possible security issues with Unicode.

/a causes the sequences \d, \s, \w, and the Posix character classes to match only in the ASCII range. Meaning:

\d means the digits 0 to 9

    my $ascii_letters =~ m/[A-Z]*/i;  # not ok
    my $ascii_letters =~ m/[A-Z]*/a;  # ok
    my $ascii_letters =~ m/[A-Z]*/aa; # ok

\s means the five characters [ \f\n\r\t], and starting in Perl v5.18, also the vertical tab

    my $characters =~ m/[ \f\n\r\t]*/;   # not ok
    my $characters =~ m/[ \f\n\r\t]*/a;  # ok
    my $characters =~ m/[ \f\n\r\t]*/aa; # ok

\w means the 63 characters [A-Za-z0-9_] and all the Posix classes such as [[:print:]] match only the appropriate ASCII-range characters

    my $letters =~ m/[A-Za-z0-9_]*/;   # not ok
    my $letters =~ m/[A-Za-z0-9_]*/a;  # ok
    my $letters =~ m/[A-Za-z0-9_]*/aa; # ok

The policy also supports the pragma:

    use re 'a';

and:

    use re 'aa';

Which mean it will not evaluate the regular expressions any further:

    use re 'a';
    my $letters =~ m/[A-Za-z0-9_]*/;   # ok

Do note that the /a and /aa modifiers require Perl 5.14, so by using the recommended modifiers you indirectly introduct a requirement for Perl 5.14.

This policy is inspired by Perl::Critic::Policy::RegularExpressions::RequireExtendedFormatting and many implementation details was lifted from this particular distribution.

CONFIGURATION AND ENVIRONMENT

The policy has a single configuration parameter: strict. The default is disabled (0).

The policy, if enabled, allow for both 'a' and 'aa', if strict however is enabled, 'a' will trigger a violation and 'aa' will not.

Example configuration:

    [RegularExpressions::RequireDefault]
    strict = 1

Do note that the policy also evaluates if the pragmas are enabled, meaning: use re 'a'; will trigger a violation and use re 'a'; will not if the policy is configured for strict evaluation.

INCOMPATIBILITIES

This distribution holds no known incompatibilities at this time, please see "DEPENDENCIES AND REQUIREMENTS" for details on version requirements.

BUGS AND LIMITATIONS

The pragma handling does not take into consideration of a pragma is disabled.
The pragma handling does not take lexical scope into consideration properly and only detects the definition once

This distribution holds no other known limitations or bugs at this time, please refer to the the issue listing on GitHub for more up to date information.

BUG REPORTING

Please report bugs via GitHub.

TEST AND QUALITY

This distribution aims to adhere to the Perl::Critic::Policy standards and Perl best practices and recommendations.

DEPENDENCIES AND REQUIREMENTS

This distribution requires:

Perl 5.14, released 2011-05-14
Carp, in core since Perl 5.
Readonly
Perl::Critic::Policy
Perl::Critic::Utils

Please see the listing in the file: cpanfile, included with the distribution for a complete listing and description for configuration, test and development.

TODO

Ideas and suggestions for improvements and new features are listed in GitHub and are marked as enhancement.

Please see the issue listing on GitHub

MOTIVATION

The motivation for this Perl::Critic policy came from a tweet by @joel

    | Perl folk: Looking for a PR challenge task? Check for \d in regexes
    | that really should be [0-9] or should have the /a regex modifier.
    | Perl is multinational by default! #TPCiSLC

AUTHOR

jonasbn <jonasbn@cpan.org>

ACKNOWLEDGEMENTS

Joelle Maslak (@joel) / JMASLAK for the initial idea, see link to original tweet under "MOTIVATION"
Dan Book (@Grinnz) / DBOOK for information on Pragma and requirement for Perl 5.14, when using the modifiers handled and mentioned by this policy

LICENSE AND COPYRIGHT

Perl::Critic::Policy::RegularExpressions::RequireDefault is (C) by jonasbn 2018-2019

Perl::Critic::Policy::RegularExpressions::RequireDefault is released under the Artistic License 2.0

Please see the LICENSE file included with the distribution of this module

To install Perl::Critic::Policy::RegularExpressions::RequireDefault, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Perl::Critic::Policy::RegularExpressions::RequireDefault

CPAN shell

perl -MCPAN -e shell
install Perl::Critic::Policy::RegularExpressions::RequireDefault

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)