table of contents
| Perl::Critic::Policy::ValuesAndExpressions::ProhibitComplexVersion(3pm) | User Contributed Perl Documentation | Perl::Critic::Policy::ValuesAndExpressions::ProhibitComplexVersion(3pm) | 
NAME¶
Perl::Critic::Policy::ValuesAndExpressions::ProhibitComplexVersion - Prohibit version values from outside the module.
AFFILIATION¶
This Policy is part of the core Perl::Critic distribution.
DESCRIPTION¶
One tempting way to keep a group of related modules at the same version number is to have all of them import the version number from a designated module. For example, module "Foo::Master" could be the version master for the "Foo" package, and all other modules could use its $VERSION by
use Foo::Master; our $VERSION = $Foo::Master::VERSION;
This turns out not to be a good idea, because all sorts of unintended things can happen - anything from unintended version number changes to denial-of-service attacks (since "Foo::Master" is executed by the 'use').
This policy examines statements that assign to $VERSION, and declares a violation under two circumstances: first, if that statement uses a fully-qualified symbol that did not originate in a package declared in the file; second if there is a "use" statement on the same line that makes the assignment.
By default, an exception is made for "use version;" because of its recommendation by Perl Best Practices. See the "forbid_use_version" configuration variable if you do not want an exception made for "use version;".
CONFIGURATION¶
The construction
    use version; our $VERSION = qv('1.2.3');
is exempt from this policy by default, because it is recommended by Perl Best Practices. Should you wish to identify "use version;" as a violation, add the following to your perlcriticrc file:
    [ValuesAndExpressions::ProhibitComplexVersion]
    forbid_use_version = 1
CAVEATS¶
This code assumes that the hallmark of a violation is a 'use' on the same line as the $VERSION assignment, because that is the way to have it seen by ExtUtils::MakeMaker->parse_version(). Other ways to get a version value from outside the module can be imagined, and this policy is currently oblivious to them.
AUTHOR¶
Thomas R. Wyant, III wyant at cpan dot org
COPYRIGHT¶
Copyright (c) 2009-2023 Tom Wyant
This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself. The full text of this license can be found in the LICENSE file included with this module.
| 2024-10-28 | perl v5.40.0 |