briefly check if the downloaded cpanm or perlbrew seems to be a valid perl program,

gugod · gugod · commit 651569b9be26 · 2013-05-26T15:23:41.000+02:00
and die with some reasonable message if not.

Since we download them from github and github has been in maintainence
frequently enough to make this a sensible issue, this commit perform a super
dummy check on the downloaded content to see if they begin with "#!/" and
decided whether they are valid or not.

Of course this is far from accurate, but let's see if it is helpful.
diff --git a/lib/App/perlbrew.pm b/lib/App/perlbrew.pm
@@ -1370,6 +1370,20 @@ sub do_install_program_from_url {
 
     my $body = http_get($url) or die "\nERROR: Failed to retrieve $program_name executable.\n\n";
 
+    unless ($body =~ m{\A#!/}s) {
+        my $x = joinpath($ENV{TMPDIR} || "/tmp", "${program_name}.downloaded.$$");
+        my $message = "\nERROR: The downloaded $program_name program seem to be invalid. Please check if the following URL can be reached correctly\n\n\t$url\n\n...and try again latter.";
+
+        unless (-f $x) {
+            open my $OUT, ">", $x;
+            print $OUT $body;
+            close($OUT);
+            $message .= "\n\nThe previously downloaded file is saved at $x for manual inspection.\n\n";
+        }
+
+        die $message;
+    }
+
     if ($body_filter && ref($body_filter) eq "CODE") {
         $body = $body_filter->($body);
     }
@@ -1823,7 +1837,7 @@ sub run_command_install_patchperl {
 
 sub run_command_install_cpanm {
     my ($self) = @_;
-    $self->do_install_program_from_url('https://github.com/miyagawa/cpanminus/raw/master/cpanm' => 'cpanm');
+    $self->do_install_program_from_url('https://raw.github.com/miyagawa/cpanminus/master/cpanm' => 'cpanm');
 }
 
 sub run_command_self_upgrade {
diff --git a/t/command-install-cpanm.t b/t/command-install-cpanm.t
@@ -15,7 +15,7 @@ $App::perlbrew::PERLBREW_HOME = my $perlbrew_home = tempdir( CLEANUP => 1 );
     sub App::perlbrew::http_get {
         my ($url) = @_;
         like $url, qr/cpanm$/, "GET cpanm url: $url";
-        return "The content of cpanm";
+        return "#!/usr/bin/env perl\n# The content of cpanm";
     }
 }
 
diff --git a/t/command-install-patchperl.t b/t/command-install-patchperl.t
@@ -15,7 +15,7 @@ $App::perlbrew::PERLBREW_HOME = my $perlbrew_home = tempdir( CLEANUP => 1 );
     sub App::perlbrew::http_get {
         my ($url) = @_;
         like $url, qr/patchperl$/, "GET patchperl url: $url";
-        return "The content of patchperl";
+        return "#!/usr/bin/env perl\n# The content of patchperl";
     }
 }
 
diff --git a/t/failure-command-install-cpanm.t b/t/failure-command-install-cpanm.t
@@ -0,0 +1,40 @@
+#!/usr/bin/env perl
+use strict;
+use warnings;
+use Test::Spec;
+use Path::Class;
+use IO::All;
+use File::Temp qw( tempdir );
+
+use App::perlbrew;
+$App::perlbrew::PERLBREW_ROOT = my $perlbrew_root = tempdir( CLEANUP => 1 );
+$App::perlbrew::PERLBREW_HOME = my $perlbrew_home = tempdir( CLEANUP => 1 );
+
+{
+    no warnings 'redefine';
+    sub App::perlbrew::http_get {
+        my ($url) = @_;
+        like $url, qr/cpanm$/, "GET cpanm url: $url";
+        return "404 not found.";
+    }
+}
+
+describe "App::perlbrew->install_cpanm" => sub {
+    it "should no produced 'cpanm' in the bin dir, if the downloaded content seems to be invalid." => sub {
+        my $error;
+        my $error_produced = 0;
+        eval {
+            my $app = App::perlbrew->new("install-cpanm", "-q");
+            $app->run();
+        } or do {
+            $error = $@;
+            $error_produced = 1;
+        };
+
+        my $cpanm = file($perlbrew_root, "bin", "cpanm")->absolute;
+        ok $error_produced, "generated an error: $error";
+        ok !(-f $cpanm), "cpanm is not produced. $cpanm";
+    };
+};
+
+runtests unless caller;
diff --git a/t/failure-command-install-patchperl.t b/t/failure-command-install-patchperl.t
@@ -0,0 +1,41 @@
+#!/usr/bin/env perl
+use strict;
+use warnings;
+use Test::Spec;
+use Path::Class;
+use IO::All;
+use File::Temp qw( tempdir );
+
+use App::perlbrew;
+$App::perlbrew::PERLBREW_ROOT = my $perlbrew_root = tempdir( CLEANUP => 1 );
+$App::perlbrew::PERLBREW_HOME = my $perlbrew_home = tempdir( CLEANUP => 1 );
+
+{
+    no warnings 'redefine';
+    sub App::perlbrew::http_get {
+        my ($url) = @_;
+        like $url, qr/patchperl$/, "GET patchperl url: $url";
+        return "Some invalid piece of text";
+    }
+}
+
+describe "App::perlbrew->install_patchperl" => sub {
+    it "should not produce 'patchperl' in the bin dir, if the downloaded content does not seem to be valid." => sub {
+        my $patchperl = file($perlbrew_root, "bin", "patchperl")->absolute;
+
+        my $error;
+        my $produced_error = 0;
+        eval {
+            my $app = App::perlbrew->new("install-patchperl", "-q");
+            $app->run();
+        } or do {
+            $error = $@;
+            $produced_error = 1;
+        };
+
+        ok $produced_error, "generated an error: $error";
+        ok !(-f $patchperl), "patchperl is *not* installed: $patchperl";
+    };
+};
+
+runtests unless caller;

Original file line number	Diff line number	Diff line change
`@@ -15,7 +15,7 @@ $App::perlbrew::PERLBREW_HOME = my $perlbrew_home = tempdir( CLEANUP => 1 );`
`15`	`15`	`sub App::perlbrew::http_get {`
`16`	`16`	`my ($url) = @_;`
`17`	`17`	`like $url, qr/cpanm$/, "GET cpanm url: $url";`
`18`		`- return "The content of cpanm";`
	`18`	`+ return "#!/usr/bin/env perl\n# The content of cpanm";`
`19`	`19`	`}`
`20`	`20`	`}`
`21`	`21`