Problem
The code uses split /(:<|:@|:=)/, $item, 2 with a capturing group and a limit of 2. With a capturing group, the separator is included in the result list, so this returns 3 elements (path, separator, data) instead of the expected 2, causing misparse of test parameters with special prefixes.
Why This Matters
Test parameters like test.pl:<input or test.pl:@[args] will be incorrectly parsed, silently causing tests to receive wrong parameters or fail entirely.
Suggested Fix
Remove the limit and use a non-capturing group: split /(?::<|:@|:=)/, $item — or if the separator needs to be captured, drop the limit: split /(:<|:@|:=)/, $item.
Details
|
|
| Severity |
🟠 High |
| Category |
robustness |
| Location |
lib/App/Yath/Finder.pm:609 |
| Effort |
⚡ Quick fix |
🤖 Created by Kōan from audit session
Problem
The code uses
split /(:<|:@|:=)/, $item, 2with a capturing group and a limit of 2. With a capturing group, the separator is included in the result list, so this returns 3 elements (path, separator, data) instead of the expected 2, causing misparse of test parameters with special prefixes.Why This Matters
Test parameters like
test.pl:<inputortest.pl:@[args]will be incorrectly parsed, silently causing tests to receive wrong parameters or fail entirely.Suggested Fix
Remove the limit and use a non-capturing group:
split /(?::<|:@|:=)/, $item— or if the separator needs to be captured, drop the limit:split /(:<|:@|:=)/, $item.Details
lib/App/Yath/Finder.pm:609🤖 Created by Kōan from audit session