Security Advisories (1)

CVE-2025-40909 (2025-05-30)

Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone that handle for the new thread, which is visible from any third (or more) thread already running. This may lead to unintended operations such as loading code or accessing files from unexpected locations, which a local attacker may be able to exploit. The bug was introduced in commit 11a11ecf4bea72b17d250cfb43c897be1341861e and released in Perl version 5.13.6

NAME

Test2::Manual::Testing::Todo - Tutorial for marking tests as TODO.

DESCRIPTION

This tutorial covers the process of marking tests as TODO. It also describes how TODO works under the hood.

THE TOOL

use Test2::Tools::Basic qw/todo/;

TODO BLOCK

This form is low-magic. All tests inside the block are marked as todo, tests outside the block are not todo. You do not need to do any variable management. The flaw with this form is that it adds a couple levels to the stack, which can break some high-magic tests.

Overall this is the preferred form unless you have a special case that requires the variable form.

todo "Reason for the todo" => sub {
    ok(0, "fail but todo");
    ...
};

TODO VARIABLE

This form maintains the todo scope for the life of the variable. This is useful for tests that are sensitive to scope changes. This closely emulates the Test::More style which localized the $TODO package variable. Once the variable is destroyed (set it to undef, scope end, etc) the TODO state ends.

my $todo = todo "Reason for the todo";
ok(0, "fail but todo");
...
$todo = undef;

MANUAL TODO EVENTS

use Test2::API qw/context/;

sub todo_ok {
    my ($bool, $name, $todo) = @_;

    my $ctx = context();
    $ctx->send_event('Ok', pass => $bool, effective_pass => 1, todo => $todo);
    $ctx->release;

    return $bool;
}

The Test2::Event::Ok event has a todo field which should have the todo reason. The event also has the pass and effective_pass fields. The pass field is the actual pass/fail value. The effective_pass is used to determine if the event is an actual failure (should always be set tot true with todo).

HOW THE TODO TOOLS WORK UNDER THE HOOD

The Test2::Todo library gets the current Test2::Hub instance and adds a filter. The filter that is added will set the todo and effective pass fields on any Test2::Event::Ok events that pass through the hub. The filter also converts Test2::Event::Diag events into Test2::Event::Note events.

SOURCE

The source code repository for Test2-Manual can be found at https://github.com/Test-More/test-more/.

MAINTAINERS

Chad Granum <exodist@cpan.org>

AUTHORS

Chad Granum <exodist@cpan.org>

COPYRIGHT

This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

See http://dev.perl.org/licenses/

To install less, copy and paste the appropriate command in to your terminal.

cpanm

cpanm less

CPAN shell

perl -MCPAN -e shell
install less

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	Go to GitHub issues (only if GitHub is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)