[{"data":1,"prerenderedAt":846},["ShallowReactive",2],{"global-navigation":3,"page-\u002Fsei-cert-perl-coding-standard\u002Ffront-matter\u002Fintroduction\u002Frisk-assessment":28,"surround-\u002Fsei-cert-perl-coding-standard\u002Ffront-matter\u002Fintroduction\u002Frisk-assessment":459,"sidebar-sei-cert-perl-coding-standard":468},[4,8],{"title":5,"path":6,"_path":6,"fromAppConfig":7},"Home","\u002F",true,{"title":9,"path":10,"children":11,"_path":27,"fromAppConfig":7},"Coding Standards","\u002Fcoding-standards\u002F",[12,15,18,21,24],{"title":13,"path":14},"Android Coding Standard","\u002Fandroid-secure-coding-standard\u002F",{"title":16,"path":17},"C Coding Standard","\u002Fsei-cert-c-coding-standard\u002F",{"title":19,"path":20},"C++ Coding Standard","\u002Fsei-cert-cpp-coding-standard\u002F",{"title":22,"path":23},"Java Coding Standard","\u002Fsei-cert-oracle-coding-standard-for-java\u002F",{"title":25,"path":26},"Perl Coding Standard","\u002Fsei-cert-perl-coding-standard\u002F","\u002Fcoding-standards",{"id":29,"title":30,"body":31,"description":41,"extension":453,"meta":454,"navigation":7,"path":455,"seo":456,"stem":457,"__hash__":458},"content\u002F7.sei-cert-perl-coding-standard\u002F2.front-matter\u002F3.introduction\u002F07.risk-assessment.md","Risk Assessment",{"type":32,"value":33,"toc":446},"minimark",[34,38,42,47,61,135,189,257,272,371,374,381,384,387,391,394,397,408,411,415,424,428],[35,36,30],"h1",{"id":37},"risk-assessment",[39,40,41],"p",{},"Each guideline in the CERT Perl Secure Coding Standard contains a Risk Assessment section that attempts to provide software developers with an indication of the potential consequences of not addressing a particular vulnerability in their code (along with some indication of expected remediation costs). This information may be used to prioritize the repair of vulnerability classes by a development team. It is generally assumed that new code will be developed to be compliant with all applicable guidelines.",[43,44,46],"h2",{"id":45},"priority-and-levels","Priority and Levels",[39,48,49,50,54,55,60],{},"Each rule and recommendation has an assigned ",[51,52,53],"strong",{},"Priority"," . Priorities are assigned using a metric based on Failure Mode, Effects, and Criticality Analysis (FMECA) [ ",[56,57,59],"a",{"href":58},"\u002Fsei-cert-perl-coding-standard\u002Fback-matter\u002Faa-bibliography#AA.Bibliography-IEC608122006","IEC 60812"," ]. Three values are assigned for each rule on a scale of 1 to 3 for the following:",[62,63,64],"ul",{},[65,66,67,70,71],"li",{},[51,68,69],{},"Severity"," —How serious are the consequences of the rule being ignored?",[72,73,74,87],"table",{},[75,76,77],"thead",{},[78,79,80,83,85],"tr",{},[81,82],"th",{},[81,84],{},[81,86],{},[88,89,90,102,113,124],"tbody",{},[78,91,92,96,99],{},[93,94,95],"td",{},"Value",[93,97,98],{},"Meaning",[93,100,101],{},"Examples of Vulnerability",[78,103,104,107,110],{},[93,105,106],{},"1",[93,108,109],{},"low",[93,111,112],{},"denial-of-service attack, abnormal termination",[78,114,115,118,121],{},[93,116,117],{},"2",[93,119,120],{},"medium",[93,122,123],{},"data integrity violation, unintentional information disclosure",[78,125,126,129,132],{},[93,127,128],{},"3",[93,130,131],{},"high",[93,133,134],{},"run arbitrary code",[62,136,137],{},[65,138,139,142,143,149,150],{},[51,140,141],{},"Likelihood"," —How likely is it that a ",[56,144,148],{"href":145,"rel":146},"https:\u002F\u002Fwww.securecoding.cert.org\u002Fconfluence\u002Fdisplay\u002Fseccode\u002FBB.+Definitions",[147],"nofollow","flaw"," introduced by ignoring the rule can lead to an exploitable vulnerability?",[72,151,152,160],{},[75,153,154],{},[78,155,156,158],{},[81,157],{},[81,159],{},[88,161,162,168,175,182],{},[78,163,164,166],{},[93,165,95],{},[93,167,98],{},[78,169,170,172],{},[93,171,106],{},[93,173,174],{},"unlikely",[78,176,177,179],{},[93,178,117],{},[93,180,181],{},"probable",[78,183,184,186],{},[93,185,128],{},[93,187,188],{},"likely",[62,190,191],{},[65,192,193,196,197],{},[51,194,195],{},"Remediation Cost"," —How expensive is it to comply with the rule?",[72,198,199,211],{},[75,200,201],{},[78,202,203,205,207,209],{},[81,204],{},[81,206],{},[81,208],{},[81,210],{},[88,212,213,225,236,247],{},[78,214,215,217,219,222],{},[93,216,95],{},[93,218,98],{},[93,220,221],{},"Detection",[93,223,224],{},"Correction",[78,226,227,229,231,234],{},[93,228,106],{},[93,230,131],{},[93,232,233],{},"manual",[93,235,233],{},[78,237,238,240,242,245],{},[93,239,117],{},[93,241,120],{},[93,243,244],{},"automatic",[93,246,233],{},[78,248,249,251,253,255],{},[93,250,128],{},[93,252,109],{},[93,254,244],{},[93,256,244],{},[39,258,259,260,263,264,267,268,271],{},"The three values are then multiplied together for each rule. This product provides a measure that can be used in prioritizing the application of the rules. These products range from 1 to 27, although only the following 10 distinct values are possible: 1, 2, 3, 4, 6, 8, 9, 12, 18, and 27. Rules and recommendations with a priority in the range 1–4 are ",[51,261,262],{},"Level 3"," rules, 6–9 are ",[51,265,266],{},"Level 2"," , and 12–27 are ",[51,269,270],{},"Level 1"," .",[62,273,274],{},[65,275,276,279,280,283],{},[51,277,278],{},"Priorities"," and ",[51,281,282],{},"Levels",[72,284,285,295],{},[75,286,287],{},[78,288,289,291,293],{},[81,290],{},[81,292],{},[81,294],{},[88,296,297,307,329,350],{},[78,298,299,302,304],{},[93,300,301],{},"Level",[93,303,278],{},[93,305,306],{},"Possible Interpretation",[78,308,309,314,326],{},[93,310,311],{},[51,312,313],{},"L1",[93,315,316,319,320,319,323],{},[51,317,318],{},"12"," , ",[51,321,322],{},"18",[51,324,325],{},"27",[93,327,328],{},"High severity, likely, inexpensive to repair",[78,330,331,336,347],{},[93,332,333],{},[51,334,335],{},"L2",[93,337,338,319,341,319,344],{},[51,339,340],{},"6",[51,342,343],{},"8",[51,345,346],{},"9",[93,348,349],{},"Medium severity, probable, medium cost to repair",[78,351,352,357,368],{},[93,353,354],{},[51,355,356],{},"L3",[93,358,359,319,361,319,363,319,365],{},[51,360,106],{},[51,362,117],{},[51,364,128],{},[51,366,367],{},"4",[93,369,370],{},"Low severity, unlikely, expensive to repair",[39,372,373],{},"As a result, it is possible to claim Level 1, Level 2, or complete compliance (Level 3) with a standard by implementing all rules in a level, as shown in the following illustration:",[39,375,376],{},[377,378],"img",{"alt":379,"src":380},"","attachments\u002F88890522\u002F88892210.jpg",[39,382,383],{},"Recommendations are not compulsory and are provided for information purposes only.",[39,385,386],{},"The metric is designed primarily for remediation projects. It is assumed that new development efforts will conform with the entire standard.",[43,388,390],{"id":389},"automated-detection","Automated Detection",[39,392,393],{},"Where applicable, guidelines provide information on analyzer tools that can automatically diagnose violations of secure coding guidelines. Most automated analyses for the Perl programming language are neither sound nor complete, so the inclusion of a tool in this section typically means that this tool can diagnose some violations of this particular rule. Currently, there is no conformance test suite available that can be used to access the false-positive and false-negative rates of analyzers when checking conformance for a particular guideline against source code (although CERT has announced it will coordinate the development of a freely available, open source–licensed conformance test).",[39,395,396],{},"Because of the lack of an existing conformance test, the information in these sections may be",[62,398,399,402,405],{},[65,400,401],{},"provided by the vendors",[65,403,404],{},"determined by CERT by informally evaluating the analyzer",[65,406,407],{},"determined by CERT by reviewing the vendor documentation",[39,409,410],{},"Additionally, because tools and the CERT Perl Secure Coding Standard wiki both evolve continuously, this information can become dated and obsolete. Where possible, we try to reference the exact version of the tool for which the results were obtained.",[43,412,414],{"id":413},"related-vulnerabilities","Related Vulnerabilities",[39,416,417,418,423],{},"The risk analysis section also contains a link to search for related vulnerabilities on the CERT website. Whenever possible, CERT Vulnerability Notes are tagged with a keyword corresponding to the unique ID of the coding guideline. This search provides you with an up-to-date list of real-world vulnerabilities that have been determined to be at least partially caused by a violation of this specific guideline. These vulnerabilities are labeled as such only when the ",[56,419,422],{"href":420,"rel":421},"http:\u002F\u002Fwww.cert.org\u002Fvuls\u002F",[147],"vulnerability analysis team"," at the CERT\u002FCC is able to evaluate the source code and precisely determine the cause of the vulnerability. Because many vulnerability notes refer to vulnerabilities in closed-source software systems, it is not always possible to provide this additional analysis. Consequently, the related vulnerabilities field tends to be somewhat sparsely populated.",[43,425,427],{"id":426},"attachments","Attachments:",[429,430,434],"div",{"className":431,"align":433},[432],"greybox","left",[39,435,436,439,440,445],{},[377,437],{"alt":379,"src":438},"images\u002Ficons\u002Fbullet_blue.gif"," ",[56,441,444],{"href":442,"target":443},"\u002Fattachments\u002F88890522\u002F88892210.jpg","_blank","levelsandpriorities.jpg"," (image\u002Fjpeg)",{"title":379,"searchDepth":447,"depth":447,"links":448},2,[449,450,451,452],{"id":45,"depth":447,"text":46},{"id":389,"depth":447,"text":390},{"id":413,"depth":447,"text":414},{"id":426,"depth":447,"text":427},"md",{},"\u002Fsei-cert-perl-coding-standard\u002Ffront-matter\u002Fintroduction\u002Frisk-assessment",{"title":30,"description":41},"7.sei-cert-perl-coding-standard\u002F2.front-matter\u002F3.introduction\u002F07.risk-assessment","A5S2Of7ZAraJfGAbgaaZY2WEUKGh3lCDFfbM3PMWzX8",[460,464],{"title":461,"path":462,"stem":463,"children":-1},"System Qualities","\u002Fsei-cert-perl-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fsystem-qualities","7.sei-cert-perl-coding-standard\u002F2.front-matter\u002F3.introduction\u002F06.system-qualities",{"title":465,"path":466,"stem":467,"children":-1},"Source Code Validation","\u002Fsei-cert-perl-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fsource-code-validation","7.sei-cert-perl-coding-standard\u002F2.front-matter\u002F3.introduction\u002F08.source-code-validation",[469],{"title":470,"path":471,"stem":472,"children":473},"SEI CERT Perl Coding Standard","\u002Fsei-cert-perl-coding-standard","7.sei-cert-perl-coding-standard\u002F1.index",[474,475,522,654,802],{"title":470,"path":471,"stem":472},{"title":476,"path":477,"stem":478,"children":479},"Front Matter","\u002Fsei-cert-perl-coding-standard\u002Ffront-matter","7.sei-cert-perl-coding-standard\u002F2.front-matter\u002F1.index",[480,481,485],{"title":476,"path":477,"stem":478},{"title":482,"path":483,"stem":484},"Deprecations","\u002Fsei-cert-perl-coding-standard\u002Ffront-matter\u002Fdeprecations","7.sei-cert-perl-coding-standard\u002F2.front-matter\u002F2.deprecations",{"title":486,"path":487,"stem":488,"children":489},"Introduction","\u002Fsei-cert-perl-coding-standard\u002Ffront-matter\u002Fintroduction","7.sei-cert-perl-coding-standard\u002F2.front-matter\u002F3.introduction\u002F01.index",[490,491,495,499,503,507,511,512,513,514,518],{"title":486,"path":487,"stem":488},{"title":492,"path":493,"stem":494},"Scope","\u002Fsei-cert-perl-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fscope","7.sei-cert-perl-coding-standard\u002F2.front-matter\u002F3.introduction\u002F01.scope",{"title":496,"path":497,"stem":498},"Tool Selection and Validation","\u002Fsei-cert-perl-coding-standard\u002Ffront-matter\u002Fintroduction\u002Ftool-selection-and-validation","7.sei-cert-perl-coding-standard\u002F2.front-matter\u002F3.introduction\u002F02.tool-selection-and-validation",{"title":500,"path":501,"stem":502},"Rules versus Recommendations","\u002Fsei-cert-perl-coding-standard\u002Ffront-matter\u002Fintroduction\u002Frules-versus-recommendations","7.sei-cert-perl-coding-standard\u002F2.front-matter\u002F3.introduction\u002F03.rules-versus-recommendations",{"title":504,"path":505,"stem":506},"Development Process","\u002Fsei-cert-perl-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fdevelopment-process","7.sei-cert-perl-coding-standard\u002F2.front-matter\u002F3.introduction\u002F04.development-process",{"title":508,"path":509,"stem":510},"Usage","\u002Fsei-cert-perl-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fusage","7.sei-cert-perl-coding-standard\u002F2.front-matter\u002F3.introduction\u002F05.usage",{"title":461,"path":462,"stem":463},{"title":30,"path":455,"stem":457},{"title":465,"path":466,"stem":467},{"title":515,"path":516,"stem":517},"Automatically Generated Code","\u002Fsei-cert-perl-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fautomatically-generated-code","7.sei-cert-perl-coding-standard\u002F2.front-matter\u002F3.introduction\u002F09.automatically-generated-code",{"title":519,"path":520,"stem":521},"Acknowledgements","\u002Fsei-cert-perl-coding-standard\u002Ffront-matter\u002Fintroduction\u002Facknowledgements","7.sei-cert-perl-coding-standard\u002F2.front-matter\u002F3.introduction\u002F11.acknowledgements",{"title":523,"path":524,"stem":525,"children":526},"Rules","\u002Fsei-cert-perl-coding-standard\u002Frules","7.sei-cert-perl-coding-standard\u002F3.rules\u002F1.index",[527,528,546,572,582,612,616,630,640],{"title":523,"path":524,"stem":525},{"title":529,"path":530,"stem":531,"children":532},"Declarations and Initialization (DCL)","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Fdeclarations-and-initialization-dcl","7.sei-cert-perl-coding-standard\u002F3.rules\u002F2.declarations-and-initialization-dcl\u002F1.index",[533,534,538,542],{"title":529,"path":530,"stem":531},{"title":535,"path":536,"stem":537},"DCL30-PL. Do not import deprecated modules","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Fdeclarations-and-initialization-dcl\u002Fdcl30-pl","7.sei-cert-perl-coding-standard\u002F3.rules\u002F2.declarations-and-initialization-dcl\u002F2.dcl30-pl",{"title":539,"path":540,"stem":541},"DCL31-PL. Do not overload reserved keywords or subroutines","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Fdeclarations-and-initialization-dcl\u002Fdcl31-pl","7.sei-cert-perl-coding-standard\u002F3.rules\u002F2.declarations-and-initialization-dcl\u002F3.dcl31-pl",{"title":543,"path":544,"stem":545},"DCL33-PL. Declare identifiers before using them","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Fdeclarations-and-initialization-dcl\u002Fdcl33-pl","7.sei-cert-perl-coding-standard\u002F3.rules\u002F2.declarations-and-initialization-dcl\u002F4.dcl33-pl",{"title":547,"path":548,"stem":549,"children":550},"Expressions (EXP)","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Fexpressions-exp","7.sei-cert-perl-coding-standard\u002F3.rules\u002F3.expressions-exp\u002F1.index",[551,552,556,560,564,568],{"title":547,"path":548,"stem":549},{"title":553,"path":554,"stem":555},"EXP30-PL. Do not use deprecated or obsolete functions or modules","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Fexpressions-exp\u002Fexp30-pl","7.sei-cert-perl-coding-standard\u002F3.rules\u002F3.expressions-exp\u002F2.exp30-pl",{"title":557,"path":558,"stem":559},"EXP31-PL. Do not suppress or ignore exceptions","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Fexpressions-exp\u002Fexp31-pl","7.sei-cert-perl-coding-standard\u002F3.rules\u002F3.expressions-exp\u002F3.exp31-pl",{"title":561,"path":562,"stem":563},"EXP32-PL. Do not ignore function return values","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Fexpressions-exp\u002Fexp32-pl","7.sei-cert-perl-coding-standard\u002F3.rules\u002F3.expressions-exp\u002F4.exp32-pl",{"title":565,"path":566,"stem":567},"EXP33-PL. Do not invoke a function in a context for which it is not defined","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Fexpressions-exp\u002Fexp33-pl","7.sei-cert-perl-coding-standard\u002F3.rules\u002F3.expressions-exp\u002F5.exp33-pl",{"title":569,"path":570,"stem":571},"EXP35-PL. Use the correct operator type for comparing values","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Fexpressions-exp\u002Fexp35-pl","7.sei-cert-perl-coding-standard\u002F3.rules\u002F3.expressions-exp\u002F6.exp35-pl",{"title":573,"path":574,"stem":575,"children":576},"File Input and Output (FIO)","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Ffile-input-and-output-fio","7.sei-cert-perl-coding-standard\u002F3.rules\u002F4.file-input-and-output-fio\u002F1.index",[577,578],{"title":573,"path":574,"stem":575},{"title":579,"path":580,"stem":581},"FIO30-PL. Use compatible character encodings when performing network or file I\u002FO","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Ffile-input-and-output-fio\u002Ffio30-pl","7.sei-cert-perl-coding-standard\u002F3.rules\u002F4.file-input-and-output-fio\u002F2.fio30-pl",{"title":583,"path":584,"stem":585,"children":586},"Input Validation and Data Sanitization (IDS)","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Finput-validation-and-data-sanitization-ids","7.sei-cert-perl-coding-standard\u002F3.rules\u002F5.input-validation-and-data-sanitization-ids\u002F1.index",[587,588,592,596,600,604,608],{"title":583,"path":584,"stem":585},{"title":589,"path":590,"stem":591},"IDS30-PL. Exclude user input from format strings","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Finput-validation-and-data-sanitization-ids\u002Fids30-pl","7.sei-cert-perl-coding-standard\u002F3.rules\u002F5.input-validation-and-data-sanitization-ids\u002F2.ids30-pl",{"title":593,"path":594,"stem":595},"IDS31-PL. Do not use the two-argument form of open()","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Finput-validation-and-data-sanitization-ids\u002Fids31-pl","7.sei-cert-perl-coding-standard\u002F3.rules\u002F5.input-validation-and-data-sanitization-ids\u002F3.ids31-pl",{"title":597,"path":598,"stem":599},"IDS32-PL. Validate any integer that is used as an array index","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Finput-validation-and-data-sanitization-ids\u002Fids32-pl","7.sei-cert-perl-coding-standard\u002F3.rules\u002F5.input-validation-and-data-sanitization-ids\u002F4.ids32-pl",{"title":601,"path":602,"stem":603},"IDS33-PL. Sanitize untrusted data passed across a trust boundary","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Finput-validation-and-data-sanitization-ids\u002Fids33-pl","7.sei-cert-perl-coding-standard\u002F3.rules\u002F5.input-validation-and-data-sanitization-ids\u002F5.ids33-pl",{"title":605,"path":606,"stem":607},"IDS34-PL. Do not pass untrusted, unsanitized data to a command interpreter","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Finput-validation-and-data-sanitization-ids\u002Fids34-pl","7.sei-cert-perl-coding-standard\u002F3.rules\u002F5.input-validation-and-data-sanitization-ids\u002F6.ids34-pl",{"title":609,"path":610,"stem":611},"IDS35-PL. Do not invoke the eval form with a string argument","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Finput-validation-and-data-sanitization-ids\u002Fids35-pl","7.sei-cert-perl-coding-standard\u002F3.rules\u002F5.input-validation-and-data-sanitization-ids\u002F7.ids35-pl",{"title":613,"path":614,"stem":615},"Integers (INT)","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Fintegers-int","7.sei-cert-perl-coding-standard\u002F3.rules\u002F6.integers-int",{"title":617,"path":618,"stem":619,"children":620},"Miscellaneous (MSC)","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Fmiscellaneous-msc","7.sei-cert-perl-coding-standard\u002F3.rules\u002F7.miscellaneous-msc\u002F1.index",[621,622,626],{"title":617,"path":618,"stem":619},{"title":623,"path":624,"stem":625},"MSC31-PL. Do not embed global statements","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fmsc31-pl","7.sei-cert-perl-coding-standard\u002F3.rules\u002F7.miscellaneous-msc\u002F2.msc31-pl",{"title":627,"path":628,"stem":629},"MSC32-PL. Do not provide a module's version value from outside the module","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fmsc32-pl","7.sei-cert-perl-coding-standard\u002F3.rules\u002F7.miscellaneous-msc\u002F3.msc32-pl",{"title":631,"path":632,"stem":633,"children":634},"Object-Oriented Programming (OOP)","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Fobject-oriented-programming-oop","7.sei-cert-perl-coding-standard\u002F3.rules\u002F8.object-oriented-programming-oop\u002F1.index",[635,636],{"title":631,"path":632,"stem":633},{"title":637,"path":638,"stem":639},"OOP32-PL. Prohibit indirect object call syntax","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Fobject-oriented-programming-oop\u002Foop32-pl","7.sei-cert-perl-coding-standard\u002F3.rules\u002F8.object-oriented-programming-oop\u002F2.oop32-pl",{"title":641,"path":642,"stem":643,"children":644},"Strings (STR)","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Fstrings-str","7.sei-cert-perl-coding-standard\u002F3.rules\u002F9.strings-str\u002F1.index",[645,646,650],{"title":641,"path":642,"stem":643},{"title":647,"path":648,"stem":649},"STR30-PL. Capture variables should be read only immediately after a successful regex match","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Fstrings-str\u002Fstr30-pl","7.sei-cert-perl-coding-standard\u002F3.rules\u002F9.strings-str\u002F2.str30-pl",{"title":651,"path":652,"stem":653},"STR31-PL. Do not pass string literals to functions expecting regexes","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Fstrings-str\u002Fstr31-pl","7.sei-cert-perl-coding-standard\u002F3.rules\u002F9.strings-str\u002F3.str31-pl",{"title":655,"path":656,"stem":657,"children":658},"Recommendations","\u002Fsei-cert-perl-coding-standard\u002Frecommendations","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F1.index",[659,660,689,722,735,748,761,786,799],{"title":655,"path":656,"stem":657},{"title":529,"path":661,"stem":662,"children":663},"\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F2.declarations-and-initialization-dcl\u002F1.index",[664,665,669,673,677,681,685],{"title":529,"path":661,"stem":662},{"title":666,"path":667,"stem":668},"DCL00-PL. Do not use subroutine prototypes","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl00-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F2.declarations-and-initialization-dcl\u002F2.dcl00-pl",{"title":670,"path":671,"stem":672},"DCL01-PL. Do not reuse variable names in subscopes","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl01-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F2.declarations-and-initialization-dcl\u002F3.dcl01-pl",{"title":674,"path":675,"stem":676},"DCL02-PL. Any modified punctuation variable should be declared local","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl02-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F2.declarations-and-initialization-dcl\u002F4.dcl02-pl",{"title":678,"path":679,"stem":680},"DCL03-PL. Do not read a foreach iterator variable after the loop has completed","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl03-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F2.declarations-and-initialization-dcl\u002F5.dcl03-pl",{"title":682,"path":683,"stem":684},"DCL04-PL. Always initialize local variables","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl04-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F2.declarations-and-initialization-dcl\u002F6.dcl04-pl",{"title":686,"path":687,"stem":688},"DCL05-PL. Prohibit Perl4 package names","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl05-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F2.declarations-and-initialization-dcl\u002F7.dcl05-pl",{"title":547,"path":690,"stem":691,"children":692},"\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fexpressions-exp","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F3.expressions-exp\u002F1.index",[693,694,698,702,706,710,714,718],{"title":547,"path":690,"stem":691},{"title":695,"path":696,"stem":697},"EXP00-PL. Do not return undef","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fexpressions-exp\u002Fexp00-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F3.expressions-exp\u002F2.exp00-pl",{"title":699,"path":700,"stem":701},"EXP01-PL. Do not depend on the return value of functions that lack a return statement","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fexpressions-exp\u002Fexp01-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F3.expressions-exp\u002F3.exp01-pl",{"title":703,"path":704,"stem":705},"EXP03-PL. Do not diminish the benefits of constants by assuming their values in expressions","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fexpressions-exp\u002Fexp03-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F3.expressions-exp\u002F4.exp03-pl",{"title":707,"path":708,"stem":709},"EXP04-PL. Do not mix the early-precedence logical operators with late-precedence logical operators","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fexpressions-exp\u002Fexp04-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F3.expressions-exp\u002F5.exp04-pl",{"title":711,"path":712,"stem":713},"EXP06-PL. Do not use an array in an implicit scalar context","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fexpressions-exp\u002Fexp06-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F3.expressions-exp\u002F6.exp06-pl",{"title":715,"path":716,"stem":717},"EXP07-PL. Do not modify $_ in list or sorting functions","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fexpressions-exp\u002Fexp07-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F3.expressions-exp\u002F7.exp07-pl",{"title":719,"path":720,"stem":721},"EXP08-PL. Do not use the one-argument form of select()","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fexpressions-exp\u002Fexp08-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F3.expressions-exp\u002F8.exp08-pl",{"title":573,"path":723,"stem":724,"children":725},"\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Ffile-input-and-output-fio","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F4.file-input-and-output-fio\u002F1.index",[726,727,731],{"title":573,"path":723,"stem":724},{"title":728,"path":729,"stem":730},"FIO00-PL. Do not use bareword file handles","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Ffile-input-and-output-fio\u002Ffio00-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F4.file-input-and-output-fio\u002F2.fio00-pl",{"title":732,"path":733,"stem":734},"FIO01-PL. Do not operate on files that can be modified by untrusted users","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Ffile-input-and-output-fio\u002Ffio01-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F4.file-input-and-output-fio\u002F3.fio01-pl",{"title":583,"path":736,"stem":737,"children":738},"\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Finput-validation-and-data-sanitization-ids","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F5.input-validation-and-data-sanitization-ids\u002F1.index",[739,740,744],{"title":583,"path":736,"stem":737},{"title":741,"path":742,"stem":743},"IDS00-PL. Canonicalize path names before validating them","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Finput-validation-and-data-sanitization-ids\u002Fids00-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F5.input-validation-and-data-sanitization-ids\u002F2.ids00-pl",{"title":745,"path":746,"stem":747},"IDS01-PL. Use taint mode while being aware of its limitations","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Finput-validation-and-data-sanitization-ids\u002Fids01-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F5.input-validation-and-data-sanitization-ids\u002F3.ids01-pl",{"title":613,"path":749,"stem":750,"children":751},"\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fintegers-int","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F6.integers-int\u002F1.index",[752,753,757],{"title":613,"path":749,"stem":750},{"title":754,"path":755,"stem":756},"INT00-PL. Do not prepend leading zeroes to integer literals","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fintegers-int\u002Fint00-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F6.integers-int\u002F2.int00-pl",{"title":758,"path":759,"stem":760},"INT01-PL. Use small integers when precise computation is required","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fintegers-int\u002Fint01-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F6.integers-int\u002F3.int01-pl",{"title":617,"path":762,"stem":763,"children":764},"\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F7.miscellaneous-msc\u002F1.index",[765,766,770,774,778,782],{"title":617,"path":762,"stem":763},{"title":767,"path":768,"stem":769},"MSC00-PL. Detect and remove dead code","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc00-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F7.miscellaneous-msc\u002F2.msc00-pl",{"title":771,"path":772,"stem":773},"MSC01-PL. Detect and remove unused variables","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc01-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F7.miscellaneous-msc\u002F3.msc01-pl",{"title":775,"path":776,"stem":777},"MSC02-PL. Run programs with full warnings and strict checking","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc02-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F7.miscellaneous-msc\u002F4.msc02-pl",{"title":779,"path":780,"stem":781},"MSC03-PL. Do not use select() to sleep","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc03-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F7.miscellaneous-msc\u002F5.msc03-pl",{"title":783,"path":784,"stem":785},"MSC04-PL. Do not use comma to separate statements","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc04-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F7.miscellaneous-msc\u002F6.msc04-pl",{"title":631,"path":787,"stem":788,"children":789},"\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fobject-oriented-programming-oop","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F8.object-oriented-programming-oop\u002F1.index",[790,791,795],{"title":631,"path":787,"stem":788},{"title":792,"path":793,"stem":794},"OOP00-PL. Do not signify inheritence at runtime","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fobject-oriented-programming-oop\u002Foop00-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F8.object-oriented-programming-oop\u002F2.oop00-pl",{"title":796,"path":797,"stem":798},"OOP01-PL. Do not access private variables or subroutines in other packages","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fobject-oriented-programming-oop\u002Foop01-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F8.object-oriented-programming-oop\u002F3.oop01-pl",{"title":641,"path":800,"stem":801},"\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fstrings-str","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F9.strings-str",{"title":803,"path":804,"stem":805,"children":806},"Back Matter","\u002Fsei-cert-perl-coding-standard\u002Fback-matter","7.sei-cert-perl-coding-standard\u002F5.back-matter\u002F1.index",[807,808,812,842],{"title":803,"path":804,"stem":805},{"title":809,"path":810,"stem":811},"AA. Bibliography","\u002Fsei-cert-perl-coding-standard\u002Fback-matter\u002Faa-bibliography","7.sei-cert-perl-coding-standard\u002F5.back-matter\u002F2.aa-bibliography",{"title":813,"path":814,"stem":815,"children":816},"BB. Analyzers","\u002Fsei-cert-perl-coding-standard\u002Fback-matter\u002Fbb-analyzers","7.sei-cert-perl-coding-standard\u002F5.back-matter\u002F3.bb-analyzers\u002F1.index",[817,818,822,826,830,834,838],{"title":813,"path":814,"stem":815},{"title":819,"path":820,"stem":821},"Critic","\u002Fsei-cert-perl-coding-standard\u002Fback-matter\u002Fbb-analyzers\u002Fcritic","7.sei-cert-perl-coding-standard\u002F5.back-matter\u002F3.bb-analyzers\u002F2.critic",{"title":823,"path":824,"stem":825},"Critic_V","\u002Fsei-cert-perl-coding-standard\u002Fback-matter\u002Fbb-analyzers\u002Fcritic_v","7.sei-cert-perl-coding-standard\u002F5.back-matter\u002F3.bb-analyzers\u002F3.critic_v",{"title":827,"path":828,"stem":829},"Lint","\u002Fsei-cert-perl-coding-standard\u002Fback-matter\u002Fbb-analyzers\u002Flint","7.sei-cert-perl-coding-standard\u002F5.back-matter\u002F3.bb-analyzers\u002F4.lint",{"title":831,"path":832,"stem":833},"Lint_V","\u002Fsei-cert-perl-coding-standard\u002Fback-matter\u002Fbb-analyzers\u002Flint_v","7.sei-cert-perl-coding-standard\u002F5.back-matter\u002F3.bb-analyzers\u002F5.lint_v",{"title":835,"path":836,"stem":837},"Security Reviewer - Static Reviewer","\u002Fsei-cert-perl-coding-standard\u002Fback-matter\u002Fbb-analyzers\u002Fsecurity-reviewer-static-reviewer","7.sei-cert-perl-coding-standard\u002F5.back-matter\u002F3.bb-analyzers\u002F6.security-reviewer-static-reviewer",{"title":839,"path":840,"stem":841},"Security Reviewer - Static Reviewer_V","\u002Fsei-cert-perl-coding-standard\u002Fback-matter\u002Fbb-analyzers\u002Fsecurity-reviewer-static-reviewer_v","7.sei-cert-perl-coding-standard\u002F5.back-matter\u002F3.bb-analyzers\u002F7.security-reviewer-static-reviewer_v",{"title":843,"path":844,"stem":845},"CC. Risk Assessments","\u002Fsei-cert-perl-coding-standard\u002Fback-matter\u002Fcc-risk-assessments","7.sei-cert-perl-coding-standard\u002F5.back-matter\u002F4.cc-risk-assessments",1775657788980]