LWPx::ParanoidAgent is a class subclassing LWP::UserAgent, but

paranoid against attackers. It's to be used when you're fetching
a remote resource on behalf of a possibly malicious user.

WWW: http://search.cpan.org/dist/LWPx-ParanoidAgent/

www/Makefile

@@ -727,6 +727,7 @@
     SUBDIR += p5-Kwiki-VimMode
     SUBDIR += p5-Kwiki-plugins
     SUBDIR += p5-LWP-Authen-Wsse
+    SUBDIR += p5-LWPx-ParanoidAgent
     SUBDIR += p5-MasonX-Interp-WithCallbacks
     SUBDIR += p5-MasonX-Profiler
     SUBDIR += p5-MasonX-Request-WithApacheSession

www/p5-LWPx-ParanoidAgent/Makefile

@@ -0,0 +1,36 @@
+# New ports collection makefile for:	p5-LWPx-ParanoidAgent
+# Date created:				Tue Dec 19 17:00:41 CST 2006
+# Whom:					Cheng-Lung Sung <clsung@dragon2.net>
+#
+# $FreeBSD$
+#
+
+PORTNAME=	LWPx-ParanoidAgent
+PORTVERSION=	1.03
+CATEGORIES=	www security perl5
+MASTER_SITES=	CPAN
+MASTER_SITE_SUBDIR=	LWPx
+PKGNAMEPREFIX=	p5-
+
+MAINTAINER=	clsung@FreeBSD.org
+COMMENT=	Subclass of LWP::UserAgent that protects you from harm
+
+BUILD_DEPENDS=	${SITE_PERL}/LWP/UserAgent.pm:${PORTSDIR}/www/p5-libwww \
+		${SITE_PERL}/${PERL_ARCH}/Net/DNS.pm:${PORTSDIR}/dns/p5-Net-DNS
+RUN_DEPENDS=	${BUILD_DEPENDS}
+
+PERL_CONFIGURE=	yes
+
+MAN3=		LWPx::ParanoidAgent.3
+
+.include <bsd.port.pre.mk>
+
+.if ${PERL_LEVEL} < 500601
+IGNORE=		requires perl 5.6.x or later. Install lang/perl5.8 then try again
+.endif
+
+.if ${PERL_LEVEL} < 500703
+BUILD_DEPENDS+=	${SITE_PERL}/Time/HiRes.pm:${PORTSDIR}/devel/p5-Time-HiRes
+.endif
+
+.include <bsd.port.post.mk>

www/p5-LWPx-ParanoidAgent/distinfo

@@ -0,0 +1,3 @@
+MD5 (LWPx-ParanoidAgent-1.03.tar.gz) = 7b5e79ccc33968401085f576d5c2fffe
+SHA256 (LWPx-ParanoidAgent-1.03.tar.gz) = abab342ed3f01d0eb906e6cb067e87d7672a2fb2afd871dacb6397f8e601af03
+SIZE (LWPx-ParanoidAgent-1.03.tar.gz) = 13024

www/p5-LWPx-ParanoidAgent/pkg-descr

@@ -0,0 +1,22 @@
+LWPx::ParanoidAgent is a class subclassing LWP::UserAgent, but 
+paranoid against attackers. It's to be used when you're fetching 
+a remote resource on behalf of a possibly malicious user.
+
+This class can do whatever LWP::UserAgent can (callbacks, uploads 
+from files, etc), except proxy support is explicitly removed, because 
+in that case you should do your paranoia at your proxy.
+
+Also, the schemes are limited to http and https, which are mapped to 
+LWPx::Protocol::http_paranoid and LWPx::Protocol::https_paranoid, 
+respectively, which are forked versions of the same ones without 
+the "_paranoid". Subclassing them didn't look possible, as they were 
+essentially just one huge function.
+
+This class protects you from connecting to internal IP ranges 
+(unless you whitelist them), hostnames/IPs that you blacklist, remote 
+webserver tarpitting your process (the timeout parameter is changed to 
+be a global timeout over the entire process), and all combinations of 
+redirects and DNS tricks to otherwise tarpit and/or connect to internal 
+resources.
+
+WWW: http://search.cpan.org/dist/LWPx-ParanoidAgent/

www/p5-LWPx-ParanoidAgent/pkg-plist

@@ -0,0 +1,8 @@
+%%SITE_PERL%%/LWPx/ParanoidAgent.pm
+%%SITE_PERL%%/LWPx/Protocol/http_paranoid.pm
+%%SITE_PERL%%/LWPx/Protocol/https_paranoid.pm
+%%SITE_PERL%%/%%PERL_ARCH%%/auto/LWPx/ParanoidAgent/.packlist
+@dirrmtry %%SITE_PERL%%/%%PERL_ARCH%%/auto/LWPx/ParanoidAgent
+@dirrmtry %%SITE_PERL%%/%%PERL_ARCH%%/auto/LWPx
+@dirrmtry %%SITE_PERL%%/LWPx/Protocol
+@dirrmtry %%SITE_PERL%%/LWPx