Group :: Development/Perl
RPM: perl-LWPx-ParanoidAgent
Main Changelog Spec Patches Sources Download Gear Bugs and FR Repocop
Current version: 1.12-alt1
Build date: 19 october 2016, 09:20 ( 393.4 weeks ago )
Size: 60.81 Kb
Home page: http://www.annocpan.org/dist/LWPx-ParanoidAgent
License: Artistic
Summary: subclass of LWP::UserAgent that protects you from harm
Description:
List of contributors List of rpms provided by this srpm:
ACL:
Build date: 19 october 2016, 09:20 ( 393.4 weeks ago )
Size: 60.81 Kb
Home page: http://www.annocpan.org/dist/LWPx-ParanoidAgent
License: Artistic
Summary: subclass of LWP::UserAgent that protects you from harm
Description:
The "LWPx::ParanoidAgent" is a class subclassing "LWP::UserAgent",
but paranoid against attackers. It's to be used when you're fetching
a remote resource on behalf of a possibly malicious user.
This class can do whatever "LWP::UserAgent" can (callbacks, uploads from
files, etc), except proxy support is explicitly removed, because in
that case you should do your paranoia at your proxy.
Also, the schemes are limited to http and https, which are mapped to
"LWPx::Protocol::http_paranoid" and
"LWPx::Protocol::https_paranoid", respectively, which are forked
versions of the same ones without the "_paranoid". Subclassing them
didn't look possible, as they were essentially just one huge function.
This class protects you from connecting to internal IP ranges (unless you
whitelist them), hostnames/IPs that you blacklist, remote webserver
tarpitting your process (the timeout parameter is changed to be a global
timeout over the entire process), and all combinations of redirects and
DNS tricks to otherwise tarpit and/or connect to internal resources.
Current maintainer: Vitaly Lipatov but paranoid against attackers. It's to be used when you're fetching
a remote resource on behalf of a possibly malicious user.
This class can do whatever "LWP::UserAgent" can (callbacks, uploads from
files, etc), except proxy support is explicitly removed, because in
that case you should do your paranoia at your proxy.
Also, the schemes are limited to http and https, which are mapped to
"LWPx::Protocol::http_paranoid" and
"LWPx::Protocol::https_paranoid", respectively, which are forked
versions of the same ones without the "_paranoid". Subclassing them
didn't look possible, as they were essentially just one huge function.
This class protects you from connecting to internal IP ranges (unless you
whitelist them), hostnames/IPs that you blacklist, remote webserver
tarpitting your process (the timeout parameter is changed to be a global
timeout over the entire process), and all combinations of redirects and
DNS tricks to otherwise tarpit and/or connect to internal resources.
List of contributors List of rpms provided by this srpm:
- perl-LWPx-ParanoidAgent