/ 
UR-0.47
River stage one • 2 direct dependents • 3 total dependents
⭐ Starred 3 GitHub stars
/ UR::Context::Process
Security Advisories (11)
CVE-2018-14041 (2018-07-13)

In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy.

CVE-2018-14042 (2018-07-13)

In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.

CVE-2020-11022 (2020-04-29)

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

CVE-2020-11023 (2020-04-29)

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

CVE-2019-11358 (2019-04-20)

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.

CVE-2015-9251 (2018-01-18)

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

CVE-2011-4969 (2013-03-08)

Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.

CVE-2012-6708 (2018-01-18)

jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.

CVE-2020-7656 (2020-05-19)

jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >", which results in the enclosed script logic to be executed.

CVE-2019-5428

Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.

CVE-2014-6071 (2018-01-16)

jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.

NAME

UR::Context::Process - Implements a generic interface to the current application.

SYNOPSIS

$name = UR::Context::Process->base_name;

$name = UR::Context::Process->prog_name;
UR::Context::Process->prog_name($name);

$name = UR::Context::Process->pkg_name;
UR::Context::Process->pkg_name($name);

$name = UR::Context::Process->title;
UR::Context::Process->title($name);

$version = UR::Context::Process->version;
UR::Context::Process->version($version);

$author = UR::Context::Process->author;
UR::Context::Process->author($author);

$author_email = UR::Context::Process->author_email;
UR::Context::Process->author_email($author_email);

$support_email = UR::Context::Process->support_email;
UR::Context::Process->support_email($support_email);

$login = UR::Context::Process->real_user_name;

DESCRIPTION

This module provides methods to set and retrieve various names associated with the program and the program version number.

METHODS

These methods provide the accessor and set methods for various names associated with an application.

get_current
$ctx = UR::Context::Process->get_current();

This is the context which represents the current process.

Also available as UR::Context->get_process();

has_changes()
$bool = UR::Context::Process->has_changes();

Returns true if the current process has changes which might be committed back to the underlying context.

_create_for_current_process
$ctx = UR::Context::Process->_create_for_current_process(@PARAMS)

This is only used internally by UR. It materializes a new object to represent a real process somewhere.

TODO: Remove the exception from create(), and allow other processes to be created explicitly w/ the appropriate characteristics.

base_name
$name = UR::Context::Process->base_name;

This is basename($0, '.pl')).

prog_name
$name = UR::Context::Process->prog_name;
UR::Context::Process->prog_name($name);

This method is used to access and set the name of the program name.

This name is used in the output of the version and usage subroutines (see "version" and "usage"). If given an argument, this method sets the program name and returns the new name or undef if unsuccessful.

It defaults to basename if unspecified.

pkg_name
$name = UR::Context::Process->pkg_name;
UR::Context::Process->pkg_name($name);

This method is used to access and set the GNU-standard package name for the package to which this program belongs. This is does NOT refer-to a Perl package. It allows a set of specific programs to be grouped together under a common name, which is used in standard message output, and is used in the output of the version subroutine (see "version" output.

If given an argument, this method sets the package name and returns the the new name or undef if unsuccessful. Without an argument, the current package name is returned.

It defaults to prog_name when unspecified, which in turn defaults to base_name, which in turn defaults to basename($0).

title
$name = UR::Context::Process->title;
UR::Context::Process->title($name);

This gets and sets the "friendly name" for an application. It is often mixed-case, with spaces, and is used in autogenerated documentation, and sometimes as a header in generic GUI components. Without an argument, it returns the current title. If an argument is specified, this method sets the application title and returns the new title or undef if unsuccessful.

It defaults to pkg_name when otherwise unspecified, which in turn defaults to prog_name when unspecified, which in turn defaults to base_name when unspecified, which defaults to basename($0) when unspecified.

version
$version = UR::Context::Process->version;
UR::Context::Process->version($version);

This method is used to access and set the package version. This version is used in the output of the print_version method (see "print_version" in App::Getopt). If given an argument, this method sets the package version and returns the version or undef if unsuccessful. Without an argument, the current package version is returned.

This message defaults to $main::VERSION if not set. Note that $main::VERSION may be undef.

author
$author = UR::Context::Process->author;
UR::Context::Process->author($author);

This method is used to access and set the package author. If given an argument, this method sets the package author and returns the author or undef if unsuccessful. Without an argument, the current author is returned.

author_email
$author_email = UR::Context::Process->author_email;
UR::Context::Process->author_email($author_email);

This method is used to access and set the package author's email address. This information is used in the output of the usage method (see "usage" in App::Getopt). If given an argument, this method sets the package author's email address and returns email address or undef if unsuccessful. Without an argument, the current email address is returned.

support_email
$support_email = UR::Context::Process->support_email;
UR::Context::Process->support_email($support_email);

This method is used to access and set the email address to which the user should go for support. This information is used in the output of the usage method (see "usage" in App::Getopt). If given an argument, this method sets the support email address and returns that email address or undef if unsuccessful. Without an argument, the current email address is returned.

real_user_name
$login = UR::Context::Process->real_user_name;

This method is used to get the login name of the effective user id of the running script.

fork $pid = UR::Context::Process->fork;

Safe fork() wrapper.

Handles properly disconnecting database handles if necessary so that data sources in children are still valid. Also ensures that the active UR::Context::process has the child's PID recorded within.

effective_user_name
$login = UR::Context::Process->effective_user_name;

This method is used to get the login name of the effective user id of the running script.

original_program_path
$path = UR::Context::Process->original_program_path;

This method is used to (try to) get the original program path of the running script. This will not change even if the current working directory is changed. (In truth it will find the path at the time UR::Context::Process was used. So, a chdir before that happens will cause incorrect results; in that case, undef will be returned.

SEE ALSO

UR::Context