public
Last active

This is a list of Perl::Critic policies that CERT recommends (https://www.securecoding.cert.org/confluence/display/perl/CERT+Perl+Secure+Coding+Standard)

  • Download Gist
cert-perl-critic-policies.txt
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45
BuiltinFunctions::ProhibitBooleanGrep
BuiltinFunctions::ProhibitStringyEval
BuiltinFunctions::ProhibitStringySplit
BuiltinFunctions::ProhibitUniversalCan
BuiltinFunctions::ProhibitUniversalIsa
ClassHierarchies::ProhibitExplicitISA
ControlStructures::ProhibitMutatingListFunctions
ControlStructures::ProhibitUnreachableCode
ErrorHandling::RequireCarping
InputOutput::ProhibitBarewordFileHandles
InputOutput::RequireCheckedClose
InputOutput::RequireCheckedOpen
InputOutput::RequireCheckedSyscalls
InputOutput::ProhibitInteractiveTest
InputOutput::ProhibitOneArgSelect
InputOutput::ProhibitTwoArgOpen
Miscellanea::ProhibitFormats
Modules::ProhibitEvilModules
Modules::RequireEndWithOne
Objects::ProhibitIndirectSyntax
Policy::TestingAndDebugging::RequireUseStrict
Policy::TestingAndDebugging::RequireUseWarnings
RegularExpressions::ProhibitCaptureWithoutTest
Subroutines::ProhibitBuiltinHomonyms
Subroutines::ProhibitExplicitReturnUndef
Subroutines::ProhibitReturnSort
Subroutines::ProhibitSubroutinePrototypes
Subroutines::ProhibitUnusedPrivateSubroutines
Subroutines::ProtectPrivateSubs
Subroutines::RequireFinalReturn
TestingAndDebugging::ProhibitNoStrict
TestingAndDebugging::ProhibitProlongedStrictureOverride
TestingAndDebugging::RequireUseStrict
TestingAndDebugging:;ProhibitNoWarnings
ValuesAndExpressions::ProhibitCommaSeparatedStatements
ValuesAndExpressions::ProhibitLeadingZeros
ValuesAndExpressions::ProhibitMagicNumbers
ValuesAndExpressions::ProhibitMismatchedOperators
ValuesAndExpressions::ProhibitMixedBooleanOperators
Variables::ProhibitPerl4PackageNames
Variables::ProhibitUnusedVariables
Variables::ProtectPrivateVars
Variables::RequireInitializationForLocalVars
Variables::RequireLexicalLoopIterators
Variables::RequireLocalizedPunctuationVars

Variables::ProhibitUnreachableCode is a mistake from the CERT site. It should be ControlStructures::ProhibitUnreachableCode

Also the following policies are missing:

BuiltinFunctions::ProhibitBooleanGrep
InputOutput::ProhibitTwoArgOpen
InputOutput::RequireCheckedClose
InputOutput::RequireCheckedOpen
InputOutput::RequireCheckedSyscalls

as referenced from:

https://www.securecoding.cert.org/confluence/display/perl/EXP06-PL.+Do+not+use+an+array+in+an+implicit+scalar+context

https://www.securecoding.cert.org/confluence/pages/viewpage.action?pageId=76775519

https://www.securecoding.cert.org/confluence/display/perl/EXP32-PL.+Do+not+ignore+function+return+values

TestingAndDebugging:;ProhibitNoWarnings should be TestingAndDebugging::ProhibitNoWarnings
Policy::TestingAndDebugging::RequireUseStrict and Policy::TestingAndDebugging::RequireUseWarnings are not found; these probably should be TestingAndDebugging::RequireUseStrict (already in the list) and TestingAndDebugging::RequireUseWarnings

Please sign in to comment on this gist.

Something went wrong with that request. Please try again.