perl -c executes code

[derobert]

An unfortunately little-known fact about perl -c is that it actually executes code. From looking at the code, it appears that's how syntastic is doing Perl syntax checking.

For example, try perl -c on this:

#!/usr/bin/perl
BEGIN { print "you're owned\n" }
print "but this is OK\n";

perl -c will print that you're owned.

Editing a text file in vim isn't supposed to run it; it should be safe. Unfortunately, an automated perl -c on :wq makes it dangerous.

(I haven't looked at any of the other syntax checkers, I don't know how many of them may have similar issues.)

[lcd047]

Good point. As far as I can tell there are three ways to handle this:

1. remove the perl checker
2. make passive mode default
3. run the perl checker only if a variable is set in vimrc.

Out of these, 1. and 2. don't seem reasonable, and 3. doesn't really offer any protection. Comments?

[derobert]

Your assessment of the (non)-options seems about right. Definitely not
an easy thing to solve :-(

There is PPI, which can parse most perl without
executing anything—but, at a quick glance, I'm not sure how to use it
for a syntax check. E.g., it happily parsed print "a" "b" "c";.

There is also the Safe module, but its not
really that safe, at least not without extreme caution and help from the OS.

Maybe some way to mark certain paths (e.g., ~/home/src/myrepo) as
"safe". Not exactly a good solution, either.

Not the first editor with this problem; see e.g.,
http://www.perlmonks.org/?node_id=842303

[lcd047]

Ok, the perl checker now runs only if g:syntastic_enable_perl_checker is set to 1: c18065e.

PPI seems indeed to parse whatever you throw at it without making any attempt to make sense of the results. This is probably fine for refactoring and the like, but it's less than useful for checking syntax. I haven't looked at Safe.

[Numkil]

I agree that it should be off by default but the command you provided for enabling again (which I kinda want because I tend to have to make small scripts for work/school which are entirely my code) does not seem to do anything for me. There's no way I can get any syntax checking for perl even if I do an explicit :SyntasticCheck.

Probably not necessary but here is the piece of config regarding syntastic that I use
Numkil/VimConf@c5cf80a

[lcd047]

You also need to (re-)add perl to g:syntastic_perl_checkers.

Edit: Why would you people omit the single most important config option to syntastic, is beyond me. Perhaps it should have a better name?

[Numkil]

Oh well tbh I hadn't need to use it before & I was kinda nobraining on the 1 line you mentioned earlier. Probably should have read a bit more before asking, Sorry.

[lcd047]

You should pretty much always add g:syntastic_<filetype>_checkers for the filetypes you use. The defaults are just some barebones settings to get syntastic to do something on the first few runs, they seldom make sense afterwards. Sadly, there simply aren't any more functional defaults that would be reasonable for everybody.