#
# spec file for package perl-LWPx-ParanoidAgent
#
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via https://bugs.opensuse.org/
#


%define cpan_name LWPx-ParanoidAgent
Name:           perl-LWPx-ParanoidAgent
Version:        1.120.0
Release:        0
# 1.12 -> normalize -> 1.120.0
%define cpan_version 1.12
License:        Artistic-1.0 OR GPL-1.0-or-later
Summary:        Subclass of LWP::UserAgent that protects you from harm
URL:            https://metacpan.org/release/%{cpan_name}
Source0:        https://cpan.metacpan.org/authors/id/S/SA/SAXJAZMAN/lwp/%{cpan_name}-%{cpan_version}.tar.gz
Source1:        cpanspec.yml
Source100:      README.md
BuildArch:      noarch
BuildRequires:  perl
BuildRequires:  perl-macros
BuildRequires:  perl(LWP::UserAgent)
BuildRequires:  perl(Net::DNS)
Requires:       perl(LWP::UserAgent)
Requires:       perl(Net::DNS)
Provides:       perl(LWPx::ParanoidAgent) = %{version}
Provides:       perl(LWPx::Protocol::http_paranoid)
Provides:       perl(LWPx::Protocol::http_paranoid::Socket)
Provides:       perl(LWPx::Protocol::http_paranoid::SocketMethods)
Provides:       perl(LWPx::Protocol::https_paranoid)
Provides:       perl(LWPx::Protocol::https_paranoid::Socket)
%undefine       __perllib_provides
%{perl_requires}

%description
The 'LWPx::ParanoidAgent' is a class subclassing 'LWP::UserAgent', but
paranoid against attackers. It's to be used when you're fetching a remote
resource on behalf of a possibly malicious user.

This class can do whatever 'LWP::UserAgent' can (callbacks, uploads from
files, etc), except proxy support is explicitly removed, because in that
case you should do your paranoia at your proxy.

Also, the schemes are limited to http and https, which are mapped to
'LWPx::Protocol::http_paranoid' and 'LWPx::Protocol::https_paranoid',
respectively, which are forked versions of the same ones without the
"_paranoid". Subclassing them didn't look possible, as they were
essentially just one huge function.

This class protects you from connecting to internal IP ranges (unless you
whitelist them), hostnames/IPs that you blacklist, remote webserver
tarpitting your process (the timeout parameter is changed to be a global
timeout over the entire process), and all combinations of redirects and DNS
tricks to otherwise tarpit and/or connect to internal resources.

%prep
%autosetup  -n %{cpan_name}-%{cpan_version}

find . -type f ! -path "*/t/*" ! -name "*.pl" ! -path "*/bin/*" ! -path "*/script/*" ! -path "*/scripts/*" ! -name "configure" -print0 | xargs -0 chmod 644

%build
perl Makefile.PL INSTALLDIRS=vendor
%make_build

%check
make test

%install
%perl_make_install
%perl_process_packlist
%perl_gen_filelist

%files -f %{name}.files
%doc ChangeLog README README.md rebuild.sh

%changelog