Author: spadkins
Date: Tue Aug 10 08:40:26 2010
New Revision: 14318
Modified:
p5ee/trunk/App-Options/CHANGES
p5ee/trunk/App-Options/TODO
p5ee/trunk/App-Options/lib/App/Options.pm
Log:
support for secure => 1
Modified: p5ee/trunk/App-Options/CHANGES
==============================================================================
--- p5ee/trunk/App-Options/CHANGES (original)
+++ p5ee/trunk/App-Options/CHANGES Tue Aug 10 08:40:26 2010
@@ -2,6 +2,14 @@
# CHANGE LOG
#############################################################################
+VERSION 1.08
+ x Supports the "secure" option attribute. (Also, all options which end in
"pass" or "password"
+ are assumed to be secure.) The value is a security level: 1=[don't print
the value in a help screen].
+ 2=[ensure that the value can never be supplied on a command line or from
the environment but
+ only from a file that only the user running the program has read/write
access to]
+ Note: secure=>2 and the security_policy_level variable are not yet
implemented.
+ (It is expected that they will be implemented before the end of 2010.)
+
VERSION 1.07
x Automagically add $PREFIX/lib/perl5 to @INC (only if it exists), else
$PREFIX/lib/perl
Also check $PREFIX/share/perl and add it to @INC if it exists.
Modified: p5ee/trunk/App-Options/TODO
==============================================================================
--- p5ee/trunk/App-Options/TODO (original)
+++ p5ee/trunk/App-Options/TODO Tue Aug 10 08:40:26 2010
@@ -2,6 +2,9 @@
## File: $Id$
######################################################################
+TODO
+ o Implement {security_policy_level} variable
+
These items are what will be required to go to the next release to CPAN
o Get the documentation to match the new organization of the code
o [no more critical items]
Modified: p5ee/trunk/App-Options/lib/App/Options.pm
==============================================================================
--- p5ee/trunk/App-Options/lib/App/Options.pm (original)
+++ p5ee/trunk/App-Options/lib/App/Options.pm Tue Aug 10 08:40:26 2010
@@ -14,7 +14,7 @@
use File::Spec;
use Config;
-$VERSION = "1.07";
+$VERSION = "1.08";
=head1 NAME
@@ -22,7 +22,8 @@
=head1 SYNOPSIS
- #!/usr/local/bin/perl
+ #!/usr/bin/perl -w
+ use strict;
use App::Options; # reads option values into %App::options by default
@@ -35,6 +36,7 @@
Get help from the command line (assuming program is named "prog") ...
prog -?
+ prog --help
Option values may be provided on the command line, in environment
variables, and option files. (i.e. $ENV{APP_DBNAME} would set
@@ -134,8 +136,7 @@
See the P5EE web sites for more information on the P5EE project.
- http://www.officevision.com/pub/p5ee
- http://p5ee.perl.org
+ http://www.officevision.com/pub/p5ee/index.html
=head1 API REFERENCE: Methods
@@ -199,12 +200,12 @@
options => [ "option_file", "prefix", "app",
"perlinc", "debug_options", "import", ],
option => {
- option_file => "~/.app/app.conf", # set default
- app => "default=app;type=string", # default & type
- prefix => "type=string;required;env=PREFIX",
+ option_file => { default => "~/.app/app.conf" }, # set
default
+ app => { default => "app", type => "string" }, # default
& type
+ prefix => { type => "string", required => 1; env =>
"PREFIX" },
perlinc => undef, # no default
- debug_options => "type=int",
- import => "type=string",
+ debug_options => { type => "int" },
+ import => { type => "string" },
flush_imports => 1,
},
no_cmd_args => 1,
@@ -255,6 +256,19 @@
env - a list of semicolon-separated environment variable names
to be used to find the value instead of "APP_{VARNAME}".
description - printed next to the option in the "usage" page
+ secure - identifies an option as being "secure" (i.e. a password)
+ and that it should never be printed in plain text in a help
+ message (-?). All options which end in "pass" or "password"
+ are also assumed to be secure. If the value of the "secure"
+ attribute is greater than 1, a heightened security level is
+ enforced: 2=ensure that the value can never be supplied on a
+ command line or from the environment but only from a file that
+ only the user running the program has read/write access to.
+ This value will also never be read from the environment or
+ the command line because these are visible to other users.
+ If the security_policy_level variable is set, any true value
+ for the "secure" attribute will result in the value being set
+ to the "security_policy_level" value.
value_description - printed within angle brackets ("<>") in the
"usage" page as the description of the option value
(i.e. --option_name=<value_description>)
@@ -317,6 +331,10 @@
flush_imports - flush all pending imported option files.
+ security_policy_level - When set to 2, this ensures that all secure
+ options can only be read from files which do not have read/write
+ permission by any other user except the one running the program.
+
=cut
my ($default_option_processor); # a reference to the singleton App::Options
object that parsed the command line
@@ -780,11 +798,10 @@
unshift(@INC,
"$prefix/share/perl/site_perl/$perlversion"); # site_perl goes first!
unshift(@INC, "$prefix/share/perl/$perlversion");
}
- unshift(@INC, "$prefix/share/perl/$perlversion");
}
}
if ($debug_options >= 2) {
- print STDERR "9. Standard Directories Added to \...@inc\n ",
+ print STDERR "9. Standard Directories Added to \...@inc
(libdir_found=$libdir_found)\n ",
join("\n ", @INC), "\n";
}
}
@@ -936,18 +953,22 @@
push(@vars, (sort keys %$values));
}
my ($var, $value, $type, $desc, $option);
- my ($var_str, $value_str, $type_str, $desc_str, $val_desc);
+ my ($var_str, $value_str, $type_str, $desc_str, $val_desc, $secure);
$option = $init_args->{option} || {};
foreach $var (@vars) {
next if ($option_seen{$var});
$option_seen{$var} = 1;
next if ($var eq "?" || $var eq "help");
- $value = $values->{$var};
- $type = $option->{$var}{type} || "";
- $desc = $option->{$var}{description} || "";
+ $value = $values->{$var};
+ $type = $option->{$var}{type} || "";
+ $desc = $option->{$var}{description} || "";
+ $secure = $option->{$var}{secure};
+ if (! defined $secure) {
+ $secure = ($var =~ /pass(word)?$/) ? 1 : 0;
+ }
$val_desc = $option->{$var}{value_description} || "";
$var_str = ($type eq "boolean") ? $var : ($val_desc ?
"$var=<$val_desc>" : "$var=<value>");
- $value_str = (defined $value) ? $value : "undef";
+ $value_str = $secure ? "********" : ((defined $value) ? $value :
"undef");
$type_str = ($type) ? " ($type)" : "";
$desc_str = ($desc) ? " $desc" : "";
printf STDERR " --%-32s [%s]$type_str$desc_str\n", $var_str,
$value_str;
@@ -1808,9 +1829,9 @@
We call this program "listcust".
- #!/usr/local/bin/perl
- use App::Options;
+ #!/usr/bin/perl -e
use strict;
+ use App::Options;
use DBI;
my $dsn = "dbi:$App::options{dbdriver}:database=$App::options{dbname}";
my $dbh = DBI->connect($dsn, $App::options{dbuser}, $App::options{dbpass});
@@ -1954,6 +1975,8 @@
description => "database password",
env => "", # disable env for password (insecure)
required => 1,
+ secure => 1, # FYI. This is inferred by the fact that
"dbpass"
+ # ends in "pass", so it is not necessary.
},
first_name => {
description => "portion of customer's first name",
