Security Advisories (3)

CVE-2017-0373 (2017-05-10)

The gen_class_pod implementation in lib/Config/Model/Utils/GenClassPod.pm in Config-Model (aka libconfig-model-perl) before 2.102 has a dangerous "use lib" line, which allows remote attackers to have an unspecified impact via a crafted Debian package file.

CPANSA-Config-Model-2017-01 (2017-05-10)

YAML or YAML::XS can be loaded automatically making it possible to run arbitrary code loading a specially crafted YAML file.

CVE-2017-0374 (2017-05-10)

Loads models from a local directory, making it possible to substitute the model.

NAME

Config::Model::Backend::ShellVar - Read and write config as a SHELLVAR data structure

VERSION

version 2.026_2

SYNOPSIS

use Config::Model;
use Log::Log4perl qw(:easy);
Log::Log4perl->easy_init($WARN);

my $model = Config::Model->new;
$model->create_config_class (
   name    => "MyClass",
   element => [ 
       [qw/foo bar/] => {qw/type leaf value_type string/}
   ],

  read_config  => [
       { 
           backend => 'ShellVar',
           config_dir => '/tmp',
           file  => 'foo.conf',
           auto_create => 1,
       }
   ],
);

my $inst = $model->instance(root_class_name => 'MyClass' );
my $root = $inst->config_root ;

$root->load('foo=FOO1 bar=BAR1' );

$inst->write_back ;

File foo.conf now contains:

## This file was written by Config::Model
## You may modify the content of this file. Configuration 
## modifications will be preserved. Modifications in
## comments may be mangled.
##
foo="FOO1"

bar="BAR1"

DESCRIPTION

This module is used directly by Config::Model to read or write the content of a configuration tree written with SHELLVAR syntax in Config::Model configuration tree.

Note that undefined values are skipped for list element. I.e. if a list element contains ('a',undef,'b'), the data structure will contain 'a','b'.

CONSTRUCTOR

new ( node => $node_obj, name => 'shellvar' ) ;

Inherited from Config::Model::Backend::Any. The constructor will be called by Config::Model::AutoRead.

read ( io_handle => ... )

Of all parameters passed to this read call-back, only io_handle is used. This parameter must be IO::File object already opened for read.

It can also be undef. In this case, read() will return 0.

When a file is read, read() will return 1.

write ( io_handle => ... )

Of all parameters passed to this write call-back, only io_handle is used. This parameter must be IO::File object already opened for write.

write() will return 1.

AUTHOR

Dominique Dumont, (ddumont at cpan dot org)

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)