From 75dbfe1dc03748957f07eca5ac583bedc6fdba76 Mon Sep 17 00:00:00 2001
From: Dylan William Hardison <dylan@hardison.net>
Date: Tue, 9 Oct 2018 17:01:07 -0400
Subject: Bug 623384 - Use Module::Runtime instead of eval { require } or eval
 "use"

---
 Bugzilla/BugUrl.pm            |  8 ++++----
 Bugzilla/Config.pm            |  3 ++-
 Bugzilla/DB.pm                |  3 ++-
 Bugzilla/DB/Schema.pm         | 11 ++++++++---
 Bugzilla/WebService/Server.pm | 12 ++++++++++--
 colchange.cgi                 |  3 ++-
 editparams.cgi                |  3 ++-
 extensions/BzAPI/Extension.pm |  4 ++--
 8 files changed, 32 insertions(+), 15 deletions(-)

diff --git a/Bugzilla/BugUrl.pm b/Bugzilla/BugUrl.pm
index 4724ae71a..a824d286d 100644
--- a/Bugzilla/BugUrl.pm
+++ b/Bugzilla/BugUrl.pm
@@ -16,6 +16,7 @@ use base qw(Bugzilla::Object);
 use Bugzilla::Util;
 use Bugzilla::Error;
 use Bugzilla::Constants;
+use Module::Runtime qw(require_module);
 
 use URI::QueryParam;
 
@@ -113,7 +114,7 @@ sub _do_list_select {
     my $objects = $class->SUPER::_do_list_select(@_);
 
     foreach my $object (@$objects) {
-        eval "use " . $object->class; die $@ if $@;
+        require_module($object->class);
         bless $object, $object->class;
     }
 
@@ -133,8 +134,7 @@ sub class_for {
 
     my $uri = URI->new($value);
     foreach my $subclass ($class->SUB_CLASSES) {
-        eval "use $subclass";
-        die $@ if $@;
+        require_module($subclass);
         return wantarray ? ($subclass, $uri) : $subclass
             if $subclass->should_handle($uri);
     }
@@ -145,7 +145,7 @@ sub class_for {
 
 sub _check_class {
     my ($class, $subclass) = @_;
-    eval "use $subclass"; die $@ if $@;
+    require_module($subclass);
     return $subclass;
 }
 
diff --git a/Bugzilla/Config.pm b/Bugzilla/Config.pm
index 85779fa6b..1016d51e4 100644
--- a/Bugzilla/Config.pm
+++ b/Bugzilla/Config.pm
@@ -16,6 +16,7 @@ use Bugzilla::Constants;
 use Bugzilla::Hook;
 use Data::Dumper;
 use File::Temp;
+use Module::Runtime qw(require_module);
 
 # Don't export localvars by default - people should have to explicitly
 # ask for it, as a (probably futile) attempt to stop code using it
@@ -35,7 +36,7 @@ sub _load_params {
     my %hook_panels;
     foreach my $panel (keys %$panels) {
         my $module = $panels->{$panel};
-        eval("require $module") || die $@;
+        require_module($module);
         my @new_param_list = $module->get_param_list();
         $hook_panels{lc($panel)} = { params => \@new_param_list };
     }
diff --git a/Bugzilla/DB.pm b/Bugzilla/DB.pm
index 142c241bf..87110aaaa 100644
--- a/Bugzilla/DB.pm
+++ b/Bugzilla/DB.pm
@@ -34,6 +34,7 @@ use List::Util qw(max);
 use Scalar::Util qw(weaken);
 use Storable qw(dclone);
 use English qw(-no_match_vars);
+use Module::Runtime qw(require_module);
 
 has [qw(dsn user pass attrs)] => (
     is       => 'ro',
@@ -174,7 +175,7 @@ sub _connect {
     my $pkg_module = DB_MODULE->{lc($driver)}->{db};
 
     # do the actual import
-    eval ("require $pkg_module")
+    eval { require_module($pkg_module) }
         || die ("'$driver' is not a valid choice for \$db_driver in "
                 . " localconfig: " . $@);
 
diff --git a/Bugzilla/DB/Schema.pm b/Bugzilla/DB/Schema.pm
index 67ee9071c..e1c19fa51 100644
--- a/Bugzilla/DB/Schema.pm
+++ b/Bugzilla/DB/Schema.pm
@@ -28,6 +28,8 @@ use Carp qw(confess);
 use Digest::MD5 qw(md5_hex);
 use Hash::Util qw(lock_value unlock_hash lock_keys unlock_keys);
 use List::MoreUtils qw(firstidx natatime);
+use Try::Tiny;
+use Module::Runtime qw(require_module);
 use Safe;
 # Historical, needed for SCHEMA_VERSION = '1.00'
 use Storable qw(dclone freeze thaw);
@@ -1876,9 +1878,12 @@ sub new {
     if ($driver) {
         (my $subclass = $driver) =~ s/^(\S)/\U$1/;
         $class .= '::' . $subclass;
-        eval "require $class;";
-        die "The $class class could not be found ($subclass " .
-            "not supported?): $@" if ($@);
+        try {
+            require_module($class);
+        }
+        catch {
+            die "The $class class could not be found ($subclass not supported?): $_";
+        };
     }
     die "$class is an abstract base class. Instantiate a subclass instead."
       if ($class eq __PACKAGE__);
diff --git a/Bugzilla/WebService/Server.pm b/Bugzilla/WebService/Server.pm
index a76c4c48c..e02788911 100644
--- a/Bugzilla/WebService/Server.pm
+++ b/Bugzilla/WebService/Server.pm
@@ -11,12 +11,15 @@ use 5.10.1;
 use strict;
 use warnings;
 
+use Bugzilla::Logging;
 use Bugzilla::Error;
 use Bugzilla::Util qw(datetime_from);
 
 use Digest::MD5 qw(md5_base64);
 use Scalar::Util qw(blessed);
 use Storable qw(freeze);
+use Module::Runtime qw(require_module);
+use Try::Tiny;
 
 sub handle_login {
     my ($self, $class, $method, $full_method) = @_;
@@ -30,8 +33,13 @@ sub handle_login {
         Bugzilla->request_cache->{dont_persist_session} = 1;
     }
 
-    eval "require $class";
-    ThrowCodeError('unknown_method', {method => $full_method}) if $@;
+    try {
+        require_module($class);
+    }
+    catch {
+        ThrowCodeError('unknown_method', {method => $full_method});
+        FATAL($_);
+    };
     return if ($class->login_exempt($method)
                and !defined Bugzilla->input_params->{Bugzilla_login});
     Bugzilla->login();
diff --git a/colchange.cgi b/colchange.cgi
index 46d25ecdf..bc18c3851 100755
--- a/colchange.cgi
+++ b/colchange.cgi
@@ -20,6 +20,7 @@ use Bugzilla::Search::Saved;
 use Bugzilla::Error;
 use Bugzilla::User;
 use Bugzilla::Token;
+use Module::Runtime qw(require_module);
 
 use Storable qw(dclone);
 
@@ -58,7 +59,7 @@ foreach my $param (keys %{ COLUMN_PARAMS() }) {
 }
 
 foreach my $class (keys %{ COLUMN_CLASSES() }) {
-    eval("use $class; 1;") || die $@;
+    require_module($class);
     my $column = COLUMN_CLASSES->{$class};
     delete $columns->{$column} if !$class->any_exist;
 }
diff --git a/editparams.cgi b/editparams.cgi
index 495d53937..2dd9ff08d 100755
--- a/editparams.cgi
+++ b/editparams.cgi
@@ -23,6 +23,7 @@ use Bugzilla::Token;
 use Bugzilla::User;
 use Bugzilla::User::Setting;
 use Bugzilla::Status;
+use Module::Runtime qw(require_module);
 
 my $user = Bugzilla->login(LOGIN_REQUIRED);
 my $cgi = Bugzilla->cgi;
@@ -48,7 +49,7 @@ my $param_panels = Bugzilla::Config::param_panels();
 my $override = Bugzilla->localconfig->{param_override};
 foreach my $panel (keys %$param_panels) {
     my $module = $param_panels->{$panel};
-    eval("require $module") || die $@;
+    require_module($module);
     my @module_param_list = $module->get_param_list();
     my $item = {
         name       => lc($panel),
diff --git a/extensions/BzAPI/Extension.pm b/extensions/BzAPI/Extension.pm
index bb9805134..d812a01c4 100644
--- a/extensions/BzAPI/Extension.pm
+++ b/extensions/BzAPI/Extension.pm
@@ -21,6 +21,7 @@ use Bugzilla::Util qw(trick_taint datetime_from);
 use Bugzilla::Constants;
 use Bugzilla::Install::Filesystem;
 use Bugzilla::WebService::Constants;
+use Module::Runtime qw(require_module);
 
 use File::Basename;
 
@@ -270,8 +271,7 @@ sub _preload_handlers {
         foreach my $module (_resource_modules()) {
             my $resource_class = "Bugzilla::Extension::BzAPI::Resources::$module";
             trick_taint($resource_class);
-            eval("require $resource_class");
-            warn $@ if $@;
+            eval { require_module($resource_class) };
             next if ($@ || !$resource_class->can('rest_handlers'));
             my $handlers = $resource_class->rest_handlers;
             next if (ref $handlers ne 'ARRAY' || scalar @$handlers % 2 != 0);
-- 
cgit v1.2.3-24-g4f1b