/ 
perl-5.41.3
⭐ Starred 2013
/ DebugWrap
Security Advisories (1)
CVE-2025-40909 (2025-05-30)

Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone that handle for the new thread, which is visible from any third (or more) thread already running. This may lead to unintended operations such as loading code or accessing files from unexpected locations, which a local attacker may be able to exploit. The bug was introduced in commit 11a11ecf4bea72b17d250cfb43c897be1341861e and released in Perl version 5.13.6

NAME

DebugWrap - wrapper to execute code under the debugger and examine the results.

SYNOPSIS

my $wrapper = DebugWrap->new(
    {
        cmds =>
        [
            # list of commands supplied to the debugger
        ],
        prog => 'filename_of_code_to_debug.pl',
        # and some optional arguments
    }
);

my $wrapper = DebugWrap->new(
    {
        cmds =>
        [
            # list of commands supplied to the debugger
        ],
        prog => \<<'EOS',
# perl code to debug
EOS
        # and some optional arguments
    }
);

# test the output from the program being debugged
$wrapper->output_like(qr/.../, "describe the test");
$wrapper->output_unlike(qr/.../, "describe the test");
my $output = $wrapper->get_output; # for more sophisticated checks

# test the output from the debugger
$wrapper->contents_like(qr/.../, "describe the test");
$wrapper->contents_unlike(qr/.../, "describe the test");
my $contents = $wrapper->get_contents; # for more sophisticated checks

DESCRIPTION

DebugWrap is a simple class used when testing the Perl debugger that executes a set of debugger commands against a program under the debugger and provides some simple methods to examine the results.

It is not installed to your system.

Creating a DebugWrap object

The constructor new() accepts a hash of arguments, with the following possible members:

cmds

An array of commands to execute, one command per element. Required.

prog

Either the name of a perl program to test under the debugger, or a reference to a scalar containing the text of the program to test. Required.

stderr

If this is a true value capture standard error, which is the default. Optional.

include_t

Add lib/perl5db/t to the perl search path, as with -I

switches

An arrayref of switches to supply to perl. This should include the -d switch needed to invoke the debugger. If switches is not supplied then -d only is supplied. The -I for include_t is added after these switches.

Other methods

The other methods intended for test usage are:

$wrapper->get_contents

Fetch the debugger output from the debugger run. This does not include the output from the program under test.

$wrapper->contents_like($re, $test_name)

Test that the debugger output matches the given regular expression object (as with qr//).

Equivalent to:

like($wrapper->get_contents, $re, $test_name);
$wrapper->contents_unlike($re, $test_name)

Test that the debugger output does not match the given regular expression object (as with qr//).

Equivalent to:

unlike($wrapper->get_contents, $re, $test_name);
$wrapper->get_output

Fetch the program output from the debugger run. This does not include the output from the debugger itself, it does include the output generated by valgrind or ASAN, assuming you haven't disabled capturing stderr.

$wrapper->output_like($re, $test_name);

Test that the program output matches the given regular expression object (as with qr//).

Equivalent to:

like($wrapper->get_output, $re, $test_name);
$wrapper->output_unlike($re, $test_name);

Test that the program output does not match the given regular expression object (as with qr//).

Equivalent to:

unlike($wrapper->get_output, $re, $test_name);