Skip to content

Embed URL

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
This is a list of Perl::Critic policies that CERT recommends (https://www.securecoding.cert.org/confluence/display/perl/CERT+Perl+Secure+Coding+Standard)
BuiltinFunctions::ProhibitBooleanGrep
BuiltinFunctions::ProhibitStringyEval
BuiltinFunctions::ProhibitStringySplit
BuiltinFunctions::ProhibitUniversalCan
BuiltinFunctions::ProhibitUniversalIsa
ClassHierarchies::ProhibitExplicitISA
ControlStructures::ProhibitMutatingListFunctions
ControlStructures::ProhibitUnreachableCode
ErrorHandling::RequireCarping
InputOutput::ProhibitBarewordFileHandles
InputOutput::RequireCheckedClose
InputOutput::RequireCheckedOpen
InputOutput::RequireCheckedSyscalls
InputOutput::ProhibitInteractiveTest
InputOutput::ProhibitOneArgSelect
InputOutput::ProhibitTwoArgOpen
Miscellanea::ProhibitFormats
Modules::ProhibitEvilModules
Modules::RequireEndWithOne
Objects::ProhibitIndirectSyntax
Policy::TestingAndDebugging::RequireUseStrict
Policy::TestingAndDebugging::RequireUseWarnings
RegularExpressions::ProhibitCaptureWithoutTest
Subroutines::ProhibitBuiltinHomonyms
Subroutines::ProhibitExplicitReturnUndef
Subroutines::ProhibitReturnSort
Subroutines::ProhibitSubroutinePrototypes
Subroutines::ProhibitUnusedPrivateSubroutines
Subroutines::ProtectPrivateSubs
Subroutines::RequireFinalReturn
TestingAndDebugging::ProhibitNoStrict
TestingAndDebugging::ProhibitProlongedStrictureOverride
TestingAndDebugging::RequireUseStrict
TestingAndDebugging:;ProhibitNoWarnings
ValuesAndExpressions::ProhibitCommaSeparatedStatements
ValuesAndExpressions::ProhibitLeadingZeros
ValuesAndExpressions::ProhibitMagicNumbers
ValuesAndExpressions::ProhibitMismatchedOperators
ValuesAndExpressions::ProhibitMixedBooleanOperators
Variables::ProhibitPerl4PackageNames
Variables::ProhibitUnusedVariables
Variables::ProtectPrivateVars
Variables::RequireInitializationForLocalVars
Variables::RequireLexicalLoopIterators
Variables::RequireLocalizedPunctuationVars
@kimmel

Variables::ProhibitUnreachableCode is a mistake from the CERT site. It should be ControlStructures::ProhibitUnreachableCode

Also the following policies are missing:

BuiltinFunctions::ProhibitBooleanGrep
InputOutput::ProhibitTwoArgOpen
InputOutput::RequireCheckedClose
InputOutput::RequireCheckedOpen
InputOutput::RequireCheckedSyscalls

as referenced from:

https://www.securecoding.cert.org/confluence/display/perl/EXP06-PL.+Do+not+use+an+array+in+an+implicit+scalar+context

https://www.securecoding.cert.org/confluence/pages/viewpage.action?pageId=76775519

https://www.securecoding.cert.org/confluence/display/perl/EXP32-PL.+Do+not+ignore+function+return+values

@briandfoy
Owner

Updated

@gdarcy

TestingAndDebugging:;ProhibitNoWarnings should be TestingAndDebugging::ProhibitNoWarnings
Policy::TestingAndDebugging::RequireUseStrict and Policy::TestingAndDebugging::RequireUseWarnings are not found; these probably should be TestingAndDebugging::RequireUseStrict (already in the list) and TestingAndDebugging::RequireUseWarnings

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.