Perl::Critic::Policy::ValuesAndExpressions::ProhibitComplexVersion − Prohibit version values from outside the module.
This Policy is part of the core Perl::Critic distribution.
One tempting way to keep a group of related modules at the same version number is to have all of them import the version number from a designated module. For example, module "Foo::Master" could be the version master for the "Foo" package, and all other modules could use its $VERSION by
use Foo::Master; our $VERSION = $Foo::Master::VERSION;
This turns out not to be a good idea, because all sorts of unintended things can happen − anything from unintended version number changes to denial-of-service attacks (since "Foo::Master" is executed by the ’use’).
This policy examines statements that assign to $VERSION, and declares a violation under two circumstances: first, if that statement uses a fully-qualified symbol that did not originate in a package declared in the file; second if there is a "use" statement on the same line that makes the assignment.
By default, an exception is made for "use version;" because of its recommendation by Perl Best Practices. See the "forbid_use_version" configuration variable if you do not want an exception made for "use version;".
use version; our $VERSION = qv('1.2.3');
is exempt from this policy by default, because it is recommended by Perl Best Practices. Should you wish to identify "use version;" as a violation, add the following to your perlcriticrc file:
[ValuesAndExpressions::ProhibitComplexVersion] forbid_use_version = 1
This code assumes that the hallmark of a violation is a ’use’ on the same line as the $VERSION assignment, because that is the way to have it seen by ExtUtils::MakeMaker−>parse_version(). Other ways to get a version value from outside the module can be imagined, and this policy is currently oblivious to them.
Thomas R. Wyant, III wyant at cpan dot org
Copyright (c) 2009−2011 Tom Wyant.
This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself. The full text of this license can be found in the LICENSE file included with this module.