perl_dap_eval/lib.rs
1//! Safe Expression Evaluation Validation for Perl DAP
2//!
3//! This crate provides security validation for expressions evaluated during Perl debugging.
4//! It detects and blocks potentially dangerous operations that could mutate state,
5//! execute arbitrary code, or perform I/O operations during debug evaluation.
6//!
7//! # Features
8//!
9//! - **Operation Detection**: Detects dangerous Perl operations (eval, system, exec, etc.)
10//! - **Mutation Detection**: Detects assignment and increment/decrement operators
11//! - **Shell Execution Detection**: Blocks backticks and qx() for shell execution
12//! - **Context-Aware**: Avoids false positives for sigil-prefixed identifiers ($print, @say)
13//!
14//! # Example
15//!
16//! ```rust
17//! use perl_dap_eval::{SafeEvaluator, ValidationResult};
18//!
19//! let evaluator = SafeEvaluator::new();
20//!
21//! // Safe expressions pass validation
22//! assert!(evaluator.validate("$x + $y").is_ok());
23//!
24//! // Dangerous operations are blocked
25//! let result = evaluator.validate("system('rm -rf /')");
26//! assert!(result.is_err());
27//! ```
28//!
29//! # Security Model
30//!
31//! The safe evaluator blocks the following categories of operations:
32//!
33//! - **Code Execution**: eval, require, do (file)
34//! - **Process Control**: system, exec, fork, exit, kill, etc.
35//! - **I/O Operations**: print, say, open, close, etc.
36//! - **Filesystem**: mkdir, rmdir, unlink, chmod, etc.
37//! - **Network**: socket, connect, bind, etc.
38//! - **Tie Mechanism**: tie/untie (can execute arbitrary code)
39//! - **Mutation**: Assignment operators, ++/--, regex mutation (s///)
40
41mod patterns;
42mod validator;
43
44pub use validator::{SafeEvaluator, ValidationError, ValidationResult};
45
46// Re-export pattern constants for testing/extension
47pub use patterns::DANGEROUS_OPERATIONS;