[{"data":1,"prerenderedAt":1490},["ShallowReactive",2],{"global-navigation":3,"page-\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Finput-validation-and-data-sanitization-ids\u002Fids00-pl":28,"surround-\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Finput-validation-and-data-sanitization-ids\u002Fids00-pl":1109,"sidebar-sei-cert-perl-coding-standard":1117},[4,8],{"title":5,"path":6,"_path":6,"fromAppConfig":7},"Home","\u002F",true,{"title":9,"path":10,"children":11,"_path":27,"fromAppConfig":7},"Coding Standards","\u002Fcoding-standards\u002F",[12,15,18,21,24],{"title":13,"path":14},"Android Coding Standard","\u002Fandroid-secure-coding-standard\u002F",{"title":16,"path":17},"C Coding Standard","\u002Fsei-cert-c-coding-standard\u002F",{"title":19,"path":20},"C++ Coding Standard","\u002Fsei-cert-cpp-coding-standard\u002F",{"title":22,"path":23},"Java Coding Standard","\u002Fsei-cert-oracle-coding-standard-for-java\u002F",{"title":25,"path":26},"Perl Coding Standard","\u002Fsei-cert-perl-coding-standard\u002F","\u002Fcoding-standards",{"id":29,"title":30,"body":31,"description":1099,"extension":1100,"meta":1101,"navigation":7,"path":1105,"seo":1106,"stem":1107,"__hash__":1108},"content\u002F7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F5.input-validation-and-data-sanitization-ids\u002F2.ids00-pl.md","IDS00-PL. Canonicalize path names before validating them",{"type":32,"value":33,"toc":1085},"minimark",[34,38,56,67,85,88,95,106,115,120,131,234,242,251,396,405,427,434,440,556,560,574,589,640,650,654,666,673,745,749,758,762,827,831,909,913,964,968,1057,1060,1081],[35,36,30],"h1",{"id":37},"ids00-pl-canonicalize-path-names-before-validating-them",[39,40,41,42,46,47,51,52,55],"p",{},"A file path is a string that indicates how to find a file, starting from a particular directory. If a path begins with the root directory or with a root volume (e.g., ",[43,44,45],"code",{},"C:"," in Windows), it is an ",[48,49,50],"em",{},"absolute"," path; otherwise, it is a ",[48,53,54],{},"relative"," path.",[39,57,58,59,62,63,66],{},"Absolute or relative path names may contain file links such as symbolic (soft) links, hard links, shortcuts, shadows, aliases, and junctions. These file links must be fully resolved before any file validation operations are performed. For example, the final target of a symbolic link called ",[43,60,61],{},"trace"," might be the path name ",[43,64,65],{},"\u002Fhome\u002Fsystem\u002Ftrace"," . Path names may also contain special file names that make validation difficult:",[68,69,70,78],"ul",{},[71,72,73,74,77],"li",{},"\" ",[43,75,76],{},"."," \" refers to the directory itself.",[71,79,80,81,84],{},"Inside a directory, the special file name \" ",[43,82,83],{},".."," \" refers to the directory's parent directory.",[39,86,87],{},"In addition to these specific issues, a wide variety of operating system–specific and file system–specific naming conventions make validation difficult.",[39,89,90,91,94],{},"The process of ",[48,92,93],{},"canonicalizing"," file names makes it easier to validate a path name. More than one path name can refer to a single directory or file. Furthermore, the textual representation of a path name may yield little or no information regarding the directory or file to which it refers. Consequently, all path names must be fully resolved or canonicalized before validation. Because the canonical form can vary among operating systems and file systems, it is best to use operating system–specific mechanisms for canonicalization; however, this option is often not available.",[39,96,97,98,101,102,105],{},"For example, validation may be necessary when attempting to restrict user access to files within a particular directory or otherwise make security decisions based on a file name or path name. Frequently, an attacker can circumvent these restrictions by exploiting a directory traversal or path equivalence vulnerability. A ",[48,99,100],{},"directory traversal vulnerability"," allows an I\u002FO operation to escape a specified operating directory. A ",[48,103,104],{},"path equivalence vulnerability"," occurs when an attacker provides a different but equivalent name for a resource to bypass security checks.",[39,107,108,109,114],{},"Canonicalization contains an inherent race window between the time the program obtains the canonical path name and the time it opens the file. While the canonical path name is being validated, the file system may have been modified and the canonical path name may no longer reference the original valid file. Fortunately, this race condition can be easily mitigated. A path name that is a secure path is immune to race windows and other attempts by an untrusted user to confuse the program. See ",[110,111,113],"a",{"href":112},"\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Ffile-input-and-output-fio\u002Ffio01-pl","FIO01-PL. Do not operate on files that can be modified by untrusted users"," for more information on secure paths.",[116,117,119],"h2",{"id":118},"noncompliant-code-example-posix","Noncompliant Code Example (POSIX)",[39,121,122,123,126,127,130],{},"This noncompliant code example allows the user to specify a file inside the ",[43,124,125],{},"\u002Fimg"," directory for the program to work with. Because of its lack of checks, the user can specify files outside the intended directory by entering an argument that contains ",[43,128,129],{},"..\u002F"," sequences and consequently violates the intended security policies of the program.",[132,133,135],"code-block",{"quality":134},"bad",[136,137,142],"pre",{"className":138,"code":139,"language":140,"meta":141,"style":141},"language-perl shiki shiki-themes github-light github-dark monokai","sub work_with_image {\n  my ($image_file) = @_; # untrusted\n  open( my $image, \"\u003C\", \"\u002Fimg\u002F$image_file\") or croak \"Can't open image file\";\n  # ...\n}\n","perl","",[43,143,144,161,175,222,228],{"__ignoreMap":141},[145,146,149,153,157],"span",{"class":147,"line":148},"line",1,[145,150,152],{"class":151},"sq6CD","sub",[145,154,156],{"class":155},"srTi1"," work_with_image",[145,158,160],{"class":159},"sMOD_"," {\n",[145,162,164,168,171],{"class":147,"line":163},2,[145,165,167],{"class":166},"sC2Qs","  my",[145,169,170],{"class":159}," ($image_file) = @_; ",[145,172,174],{"class":173},"s8-w5","# untrusted\n",[145,176,178,182,185,188,191,195,198,201,204,207,210,213,216,219],{"class":147,"line":177},3,[145,179,181],{"class":180},"sTrkL","  open",[145,183,184],{"class":159},"( ",[145,186,187],{"class":166},"my",[145,189,190],{"class":159}," $image, ",[145,192,194],{"class":193},"sstjo","\"\u003C\"",[145,196,197],{"class":159},", ",[145,199,200],{"class":193},"\"\u002Fimg\u002F",[145,202,203],{"class":159},"$image_file",[145,205,206],{"class":193},"\"",[145,208,209],{"class":159},") ",[145,211,212],{"class":166},"or",[145,214,215],{"class":159}," croak ",[145,217,218],{"class":193},"\"Can't open image file\"",[145,220,221],{"class":159},";\n",[145,223,225],{"class":147,"line":224},4,[145,226,227],{"class":173},"  # ...\n",[145,229,231],{"class":147,"line":230},5,[145,232,233],{"class":159},"}\n",[116,235,237,238,241],{"id":236},"noncompliant-code-example-posix-filepathconvert","Noncompliant Code Example (POSIX, ",[43,239,240],{},"File::PathConvert"," )",[39,243,244,245,247,248,250],{},"This noncompliant code example attempts to enforce that the file specified still lives within the ",[43,246,125],{}," directory. However, it is using the ",[43,249,240],{}," module, which has been deprecated.",[132,252,253],{"quality":134},[136,254,256],{"className":138,"code":255,"language":140,"meta":141,"style":141},"use File::PathConvert qw(realpath $resolved);\n\nsub work_with_image {\n  my ($image_file) = @_; # untrusted\n  $image_file = realpath(\"\u002Fimg\u002F$image_file\") || croak \"Resolution stopped at $resolved\";\n  if ($image_file !~ m|\u002Fimg\u002F|) {\n    croak \"Image file not in \u002Fimg\";\n  }\n  open( my $image, \"\u003C\", $image_file) or croak \"Can't open $image_file\";\n  # ...\n}\n",[43,257,258,271,276,284,292,316,340,351,357,386,391],{"__ignoreMap":141},[145,259,260,263,266,269],{"class":147,"line":148},[145,261,262],{"class":166},"use",[145,264,265],{"class":159}," File::PathConvert ",[145,267,268],{"class":193},"qw(realpath $resolved)",[145,270,221],{"class":159},[145,272,273],{"class":147,"line":163},[145,274,275],{"emptyLinePlaceholder":7},"\n",[145,277,278,280,282],{"class":147,"line":177},[145,279,152],{"class":151},[145,281,156],{"class":155},[145,283,160],{"class":159},[145,285,286,288,290],{"class":147,"line":224},[145,287,167],{"class":166},[145,289,170],{"class":159},[145,291,174],{"class":173},[145,293,294,297,299,301,303,306,309,312,314],{"class":147,"line":230},[145,295,296],{"class":159},"  $image_file = realpath(",[145,298,200],{"class":193},[145,300,203],{"class":159},[145,302,206],{"class":193},[145,304,305],{"class":159},") || croak ",[145,307,308],{"class":193},"\"Resolution stopped at ",[145,310,311],{"class":159},"$resolved",[145,313,206],{"class":193},[145,315,221],{"class":159},[145,317,319,322,325,328,331,335,337],{"class":147,"line":318},6,[145,320,321],{"class":166},"  if",[145,323,324],{"class":159}," ($image_file !~ ",[145,326,327],{"class":180},"m",[145,329,330],{"class":193},"|",[145,332,334],{"class":333},"sFxd3","\u002Fimg\u002F",[145,336,330],{"class":193},[145,338,339],{"class":159},") {\n",[145,341,343,346,349],{"class":147,"line":342},7,[145,344,345],{"class":159},"    croak ",[145,347,348],{"class":193},"\"Image file not in \u002Fimg\"",[145,350,221],{"class":159},[145,352,354],{"class":147,"line":353},8,[145,355,356],{"class":159},"  }\n",[145,358,360,362,364,366,368,370,373,375,377,380,382,384],{"class":147,"line":359},9,[145,361,181],{"class":180},[145,363,184],{"class":159},[145,365,187],{"class":166},[145,367,190],{"class":159},[145,369,194],{"class":193},[145,371,372],{"class":159},", $image_file) ",[145,374,212],{"class":166},[145,376,215],{"class":159},[145,378,379],{"class":193},"\"Can't open ",[145,381,203],{"class":159},[145,383,206],{"class":193},[145,385,221],{"class":159},[145,387,389],{"class":147,"line":388},10,[145,390,227],{"class":173},[145,392,394],{"class":147,"line":393},11,[145,395,233],{"class":159},[39,397,398,399,404],{},"According to the CPAN entry for ",[110,400,240],{"href":401,"rel":402},"http:\u002F\u002Fsearch.cpan.org\u002F~rbs\u002FFile-PathConvert\u002FPathConvert.pm",[403],"nofollow"," :",[406,407,408],"blockquote",{},[39,409,410,411,414,415,417,418,420,421,423,424,426],{},"There are several known bugs, and it is not being actively",[412,413],"br",{},"\nmaintained since all functionality is now available in",[412,416],{},"\nmodules (Cwd.pm and File::Spec) bundled in every Perl",[412,419],{},"\ndistribution of recent vintage. This version is provided to",[412,422],{},"\nfix a few bugs and to get the word out about the",[412,425],{},"\ndeprecation.",[116,428,430,431,241],{"id":429},"compliant-solution-posix-cwd","Compliant Solution (POSIX, ",[43,432,433],{},"Cwd",[39,435,436,437,439],{},"This compliant solution obtains the file name from the untrusted user input and canonicalizes it using Perl's ",[43,438,433],{}," module, which is part of the standard Perl distribution.",[132,441,443],{"quality":442},"good",[136,444,446],{"className":138,"code":445,"language":140,"meta":141,"style":141},"use Cwd 'abs_path';\n\nsub work_with_image {\n  my ($image_file) = @_; # untrusted\n  $image_file = abs_path(\"\u002Fimg\u002F$image_file\");\n  if ($image_file !~ m|\u002Fimg\u002F|) {\n    croak \"Image file not in \u002Fimg\";\n  }\n  open( my $image, \"\u003C\", $image_file) or croak \"Can't open $image_file\";\n  # ...\n}\n",[43,447,448,460,464,472,480,494,510,518,522,548,552],{"__ignoreMap":141},[145,449,450,452,455,458],{"class":147,"line":148},[145,451,262],{"class":166},[145,453,454],{"class":159}," Cwd ",[145,456,457],{"class":193},"'abs_path'",[145,459,221],{"class":159},[145,461,462],{"class":147,"line":163},[145,463,275],{"emptyLinePlaceholder":7},[145,465,466,468,470],{"class":147,"line":177},[145,467,152],{"class":151},[145,469,156],{"class":155},[145,471,160],{"class":159},[145,473,474,476,478],{"class":147,"line":224},[145,475,167],{"class":166},[145,477,170],{"class":159},[145,479,174],{"class":173},[145,481,482,485,487,489,491],{"class":147,"line":230},[145,483,484],{"class":159},"  $image_file = abs_path(",[145,486,200],{"class":193},[145,488,203],{"class":159},[145,490,206],{"class":193},[145,492,493],{"class":159},");\n",[145,495,496,498,500,502,504,506,508],{"class":147,"line":318},[145,497,321],{"class":166},[145,499,324],{"class":159},[145,501,327],{"class":180},[145,503,330],{"class":193},[145,505,334],{"class":333},[145,507,330],{"class":193},[145,509,339],{"class":159},[145,511,512,514,516],{"class":147,"line":342},[145,513,345],{"class":159},[145,515,348],{"class":193},[145,517,221],{"class":159},[145,519,520],{"class":147,"line":353},[145,521,356],{"class":159},[145,523,524,526,528,530,532,534,536,538,540,542,544,546],{"class":147,"line":359},[145,525,181],{"class":180},[145,527,184],{"class":159},[145,529,187],{"class":166},[145,531,190],{"class":159},[145,533,194],{"class":193},[145,535,372],{"class":159},[145,537,212],{"class":166},[145,539,215],{"class":159},[145,541,379],{"class":193},[145,543,203],{"class":159},[145,545,206],{"class":193},[145,547,221],{"class":159},[145,549,550],{"class":147,"line":388},[145,551,227],{"class":173},[145,553,554],{"class":147,"line":393},[145,555,233],{"class":159},[116,557,559],{"id":558},"noncompliant-code-example","Noncompliant Code Example",[39,561,562,563,566,567,569,570,573],{},"This noncompliant code example accepts a file path as a command-line argument and uses the ",[43,564,565],{},"is_secure_path()"," subroutine defined in ",[110,568,113],{"href":112}," . This ensures that the file is in a secure directory. The ",[43,571,572],{},"validate_path()"," routine performs string-based validation on the path name. This could include checking for such things as that",[68,575,576,579,586],{},[71,577,578],{},"the file lives in the user's home directory.",[71,580,581,582,585],{},"the file ends with the proper suffix, such as ",[43,583,584],{},".html"," .",[71,587,588],{},"the file does not contain \"weird\" characters such as spaces.",[132,590,591],{"quality":134},[136,592,594],{"className":138,"code":593,"language":140,"meta":141,"style":141},"my $filename = $ENV{\"HOME\"} . $DIR_SEP . $ARGV[0];\n# $DIR_SEP = \u002F on POSIX or \\ on Windows\ncroak \"Not a secure path\" if !is_secure_path( $filename);\ncroak \"Invalid path\" if !validate_path( $filename);\n",[43,595,596,609,614,628],{"__ignoreMap":141},[145,597,598,600,603,606],{"class":147,"line":148},[145,599,187],{"class":166},[145,601,602],{"class":159}," $filename = $ENV{",[145,604,605],{"class":193},"\"HOME\"",[145,607,608],{"class":159},"} . $DIR_SEP . $ARGV[0];\n",[145,610,611],{"class":147,"line":163},[145,612,613],{"class":173},"# $DIR_SEP = \u002F on POSIX or \\ on Windows\n",[145,615,616,619,622,625],{"class":147,"line":177},[145,617,618],{"class":159},"croak ",[145,620,621],{"class":193},"\"Not a secure path\"",[145,623,624],{"class":166}," if",[145,626,627],{"class":159}," !is_secure_path( $filename);\n",[145,629,630,632,635,637],{"class":147,"line":224},[145,631,618],{"class":159},[145,633,634],{"class":193},"\"Invalid path\"",[145,636,624],{"class":166},[145,638,639],{"class":159}," !validate_path( $filename);\n",[39,641,642,643,646,647,649],{},"However, this code neither resolves file links nor eliminates equivalence errors. Consequently, the validation routine may pass on the path name given, whereas the path name might resolve to a file that the validation routine would fail on. For instance, a path name that starts with ",[43,644,645],{},"\u002Fhome\u002Fperson"," might resolve to a file that lives outside ",[43,648,645],{}," , foiling a validation routine that ensures that the file lives in the person's home directory.",[116,651,653],{"id":652},"compliant-solution-posix","Compliant Solution (POSIX)",[39,655,656,657,659,660,662,663,665],{},"This compliant solution uses the ",[43,658,433],{}," module to obtain the file's canonical path before performing any validation. This guarantees that any string-based operations the validation may perform on the path are performed on the canonical path and therefore cannot be foiled by symbolic links or ",[43,661,76],{}," or ",[43,664,83],{}," in the path.",[39,667,668,669,672],{},"Furthermore, canonicalization is performed after the file has been verified to live in a secure path. This prevents attackers from conducting time-of-check, time-of-use (TOCTOU) attacks against the program during the ",[43,670,671],{},"abs_path()"," call, or the validation, or any subsequent operations on the path.",[132,674,675],{"quality":442},[136,676,678],{"className":138,"code":677,"language":140,"meta":141,"style":141},"use Cwd 'abs_path';\n\nmy $DIR_SEP = \"\u002F\";\n\nmy $filename = $ENV{\"HOME\"} . $DIR_SEP . $ARGV[0];\ncroak \"Not a secure path\" if !is_secure_path( $filename);\n$filename = abs_path( $filename);\ncroak \"Invalid path\" if !validate_path( $filename);\n",[43,679,680,690,694,706,710,720,730,735],{"__ignoreMap":141},[145,681,682,684,686,688],{"class":147,"line":148},[145,683,262],{"class":166},[145,685,454],{"class":159},[145,687,457],{"class":193},[145,689,221],{"class":159},[145,691,692],{"class":147,"line":163},[145,693,275],{"emptyLinePlaceholder":7},[145,695,696,698,701,704],{"class":147,"line":177},[145,697,187],{"class":166},[145,699,700],{"class":159}," $DIR_SEP = ",[145,702,703],{"class":193},"\"\u002F\"",[145,705,221],{"class":159},[145,707,708],{"class":147,"line":224},[145,709,275],{"emptyLinePlaceholder":7},[145,711,712,714,716,718],{"class":147,"line":230},[145,713,187],{"class":166},[145,715,602],{"class":159},[145,717,605],{"class":193},[145,719,608],{"class":159},[145,721,722,724,726,728],{"class":147,"line":318},[145,723,618],{"class":159},[145,725,621],{"class":193},[145,727,624],{"class":166},[145,729,627],{"class":159},[145,731,732],{"class":147,"line":342},[145,733,734],{"class":159},"$filename = abs_path( $filename);\n",[145,736,737,739,741,743],{"class":147,"line":353},[145,738,618],{"class":159},[145,740,634],{"class":193},[145,742,624],{"class":166},[145,744,639],{"class":159},[116,746,748],{"id":747},"compliant-solution-windows","Compliant Solution (Windows)",[39,750,751,752,757],{},"Producing canonical file names for Windows operating systems is extremely complex and beyond the scope of this standard. The best advice is to try to avoid making decisions on the basis of a path, directory, or file name [ ",[110,753,756],{"href":754,"rel":755},"https:\u002F\u002Fwww.securecoding.cert.org\u002Fconfluence\u002Fdisplay\u002Fseccode\u002FAA.+Bibliography#AABibliography-Howard02",[403],"Howard 2002"," ]. Alternatively, use operating system–based mechanisms, such as access control lists (ACLs) or other authorization techniques.",[116,759,761],{"id":760},"risk-assessment","Risk Assessment",[763,764,765,784],"table",{},[766,767,768],"thead",{},[769,770,771,774,776,778,780,782],"tr",{},[772,773],"th",{},[772,775],{},[772,777],{},[772,779],{},[772,781],{},[772,783],{},[785,786,787,808],"tbody",{},[769,788,789,793,796,799,802,805],{},[790,791,792],"td",{},"Recommendation",[790,794,795],{},"Severity",[790,797,798],{},"Likelihood",[790,800,801],{},"Remediation Cost",[790,803,804],{},"Priority",[790,806,807],{},"Level",[769,809,810,813,816,819,821,824],{},[790,811,812],{},"IDS00-PL",[790,814,815],{},"medium",[790,817,818],{},"unlikely",[790,820,815],{},[790,822,823],{},"P4",[790,825,826],{},"L3",[116,828,830],{"id":829},"automated-detection","Automated Detection",[763,832,835,846],{"className":833},[834],"wrapped",[836,837,838,842,844],"colgroup",{},[839,840],"col",{"style":841},"width: 33%",[839,843],{"style":841},[839,845],{"style":841},[785,847,848,865,885],{},[769,849,852,857,862],{"className":850},[851],"header",[772,853,854],{},[39,855,856],{},"Tool",[772,858,859],{},[39,860,861],{},"Diagnostic",[772,863,864],{},"Notes",[769,866,869,872,877],{"className":867},[868],"odd",[790,870,871],{},"Taint mode",[790,873,874],{},[39,875,876],{},"Insecure dependency in .*open",[790,878,879],{},[39,880,881,882,884],{},"Detects only files open for writing.",[412,883],{},"\nDoes not detect files open only for reading.",[769,886,889,895,903],{"className":887},[888],"even",[790,890,891],{},[110,892,894],{"href":893},"\u002Fsei-cert-perl-coding-standard\u002Fback-matter\u002Fbb-analyzers\u002Fsecurity-reviewer-static-reviewer","Security Reviewer - Static Reviewer",[790,896,897],{},[39,898,899,900,902],{},"PERL_S91",[412,901],{},"\nPERL_S32",[790,904,905],{},[39,906,907],{},[412,908],{},[116,910,912],{"id":911},"related-guidelines","Related Guidelines",[763,914,915,923],{},[766,916,917],{},[769,918,919,921],{},[772,920],{},[772,922],{},[785,924,925,938,951],{},[769,926,927,932],{},[790,928,929],{},[110,930,931],{"href":17},"SEI CERT C Coding Standard",[790,933,934],{},[110,935,937],{"href":936},"\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Finput-output-fio\u002Ffio02-c","FIO02-C. Canonicalize path names originating from tainted sources",[769,939,940,945],{},[790,941,942],{},[110,943,944],{"href":20},"SEI CERT C++ Coding Standard",[790,946,947],{},[110,948,950],{"href":949},"\u002Fsei-cert-cpp-coding-standard\u002Fthe-void\u002Fvoid-3-recommendations\u002Fvoid-rec-07-input-output-fio\u002Fvoid-fio02-cpp-canonicalize-path-names-originating-from-untrusted-sources","VOID FIO02-CPP. Canonicalize path names originating from untrusted sources",[769,952,953,958],{},[790,954,955],{},[110,956,957],{"href":23},"CERT Oracle Secure Coding Standard for Java",[790,959,960],{},[110,961,963],{"href":962},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmethods-met\u002Fmet02-j","MET02-J. Do not use deprecated or obsolete classes or methods",[116,965,967],{"id":966},"bibliography","Bibliography",[763,969,970,978],{},[766,971,972],{},[769,973,974,976],{},[772,975],{},[772,977],{},[785,979,980,1003,1013,1028,1043],{},[769,981,982,990],{},[790,983,984,985,989],{},"[ ",[110,986,988],{"href":987},"\u002Fsei-cert-perl-coding-standard\u002Fback-matter\u002Faa-bibliography#AA.Bibliography-CPAN","CPAN"," ]",[790,991,992,993,997,998],{},"Slaymaker, Barrie, ",[110,994,240],{"href":995,"rel":996},"http:\u002F\u002Fsearch.cpan.org\u002F%7Erbs\u002FFile-PathConvert\u002FPathConvert.pm",[403]," ; Müller, Steffen, ",[110,999,1002],{"href":1000,"rel":1001},"http:\u002F\u002Fsearch.cpan.org\u002F%7Esmueller\u002FPathTools-3.33\u002Flib\u002FFile\u002FSpec.pm",[403],"File::Spec",[769,1004,1005,1010],{},[790,1006,984,1007,989],{},[110,1008,756],{"href":754,"rel":1009},[403],[790,1011,1012],{},"Chapter 11, \"Canonical Representation Issues\"",[769,1014,1015,1022],{},[790,1016,984,1017,989],{},[110,1018,1021],{"href":1019,"rel":1020},"http:\u002F\u002Fwww.kb.cert.org\u002Fvuls\u002Fid\u002F764027",[403],"VU#764027",[790,1023,1024],{},[110,1025,1027],{"href":1019,"rel":1026},[403],"zml.cgi does not adequately validate user input thereby allowing directory traversal",[769,1029,1030,1037],{},[790,1031,984,1032,989],{},[110,1033,1036],{"href":1034,"rel":1035},"http:\u002F\u002Fwww.kb.cert.org\u002Fvuls\u002Fid\u002F806091",[403],"VU#806091",[790,1038,1039],{},[110,1040,1042],{"href":1034,"rel":1041},[403],"Mike Spice's My Calendar does not adequately validate user input",[769,1044,1045,1051],{},[790,1046,984,1047,989],{},[110,1048,1050],{"href":1049},"\u002Fsei-cert-perl-coding-standard\u002Fback-matter\u002Faa-bibliography#AA.Bibliography-Manpages","Wall 2011",[790,1052,1053],{},[110,1054,433],{"href":1055,"rel":1056},"http:\u002F\u002Fperldoc.perl.org\u002FCwd.html",[403],[1058,1059],"hr",{},[39,1061,1062,1069,1070,1069,1075],{},[110,1063,1065],{"href":1064},"\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Finput-validation-and-data-sanitization-ids\u002F",[1066,1067],"img",{"src":1068},"\u002Fattachments\u002F88890562\u002F88892207.png"," ",[110,1071,1072],{"href":1064},[1066,1073],{"src":1074},"\u002Fattachments\u002F88890562\u002F88892209.png",[110,1076,1078],{"href":1077},"\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Finput-validation-and-data-sanitization-ids\u002Fids01-pl",[1066,1079],{"src":1080},"\u002Fattachments\u002F88890562\u002F88892208.png",[1082,1083,1084],"style",{},"html pre.shiki code .sq6CD, html code.shiki .sq6CD{--shiki-default:#D73A49;--shiki-default-font-style:inherit;--shiki-dark:#F97583;--shiki-dark-font-style:inherit;--shiki-sepia:#66D9EF;--shiki-sepia-font-style:italic}html pre.shiki code .srTi1, html code.shiki .srTi1{--shiki-default:#6F42C1;--shiki-dark:#B392F0;--shiki-sepia:#A6E22E}html pre.shiki code .sMOD_, html code.shiki .sMOD_{--shiki-default:#24292E;--shiki-dark:#E1E4E8;--shiki-sepia:#F8F8F2}html pre.shiki code .sC2Qs, html code.shiki .sC2Qs{--shiki-default:#D73A49;--shiki-dark:#F97583;--shiki-sepia:#F92672}html pre.shiki code .s8-w5, html code.shiki .s8-w5{--shiki-default:#6A737D;--shiki-dark:#6A737D;--shiki-sepia:#88846F}html pre.shiki code .sTrkL, html code.shiki .sTrkL{--shiki-default:#005CC5;--shiki-dark:#79B8FF;--shiki-sepia:#66D9EF}html pre.shiki code .sstjo, html code.shiki .sstjo{--shiki-default:#032F62;--shiki-dark:#9ECBFF;--shiki-sepia:#E6DB74}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html .sepia .shiki span {color: var(--shiki-sepia);background: var(--shiki-sepia-bg);font-style: var(--shiki-sepia-font-style);font-weight: var(--shiki-sepia-font-weight);text-decoration: var(--shiki-sepia-text-decoration);}html.sepia .shiki span {color: var(--shiki-sepia);background: var(--shiki-sepia-bg);font-style: var(--shiki-sepia-font-style);font-weight: var(--shiki-sepia-font-weight);text-decoration: var(--shiki-sepia-text-decoration);}html pre.shiki code .sFxd3, html code.shiki .sFxd3{--shiki-default:#032F62;--shiki-dark:#DBEDFF;--shiki-sepia:#E6DB74}",{"title":141,"searchDepth":163,"depth":163,"links":1086},[1087,1088,1090,1092,1093,1094,1095,1096,1097,1098],{"id":118,"depth":163,"text":119},{"id":236,"depth":163,"text":1089},"Noncompliant Code Example (POSIX, File::PathConvert )",{"id":429,"depth":163,"text":1091},"Compliant Solution (POSIX, Cwd )",{"id":558,"depth":163,"text":559},{"id":652,"depth":163,"text":653},{"id":747,"depth":163,"text":748},{"id":760,"depth":163,"text":761},{"id":829,"depth":163,"text":830},{"id":911,"depth":163,"text":912},{"id":966,"depth":163,"text":967},"A file path is a string that indicates how to find a file, starting from a particular directory. If a path begins with the root directory or with a root volume (e.g., C: in Windows), it is an absolute path; otherwise, it is a relative path.","md",{"tags":1102},[1103,1104],"recommendation","ids","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Finput-validation-and-data-sanitization-ids\u002Fids00-pl",{"title":30,"description":1099},"7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F5.input-validation-and-data-sanitization-ids\u002F2.ids00-pl","mhnq2XCrbK4QZ5ky9jFYnlCGwAth9G1maeKglNvi4Yk",[1110,1114],{"title":1111,"path":1112,"stem":1113,"children":-1},"Input Validation and Data Sanitization (IDS)","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Finput-validation-and-data-sanitization-ids","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F5.input-validation-and-data-sanitization-ids\u002F1.index",{"title":1115,"path":1077,"stem":1116,"children":-1},"IDS01-PL. Use taint mode while being aware of its limitations","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F5.input-validation-and-data-sanitization-ids\u002F3.ids01-pl",[1118],{"title":1119,"path":1120,"stem":1121,"children":1122},"SEI CERT Perl Coding Standard","\u002Fsei-cert-perl-coding-standard","7.sei-cert-perl-coding-standard\u002F1.index",[1123,1124,1179,1310,1448],{"title":1119,"path":1120,"stem":1121},{"title":1125,"path":1126,"stem":1127,"children":1128},"Front Matter","\u002Fsei-cert-perl-coding-standard\u002Ffront-matter","7.sei-cert-perl-coding-standard\u002F2.front-matter\u002F1.index",[1129,1130,1134],{"title":1125,"path":1126,"stem":1127},{"title":1131,"path":1132,"stem":1133},"Deprecations","\u002Fsei-cert-perl-coding-standard\u002Ffront-matter\u002Fdeprecations","7.sei-cert-perl-coding-standard\u002F2.front-matter\u002F2.deprecations",{"title":1135,"path":1136,"stem":1137,"children":1138},"Introduction","\u002Fsei-cert-perl-coding-standard\u002Ffront-matter\u002Fintroduction","7.sei-cert-perl-coding-standard\u002F2.front-matter\u002F3.introduction\u002F01.index",[1139,1140,1144,1148,1152,1156,1160,1164,1167,1171,1175],{"title":1135,"path":1136,"stem":1137},{"title":1141,"path":1142,"stem":1143},"Scope","\u002Fsei-cert-perl-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fscope","7.sei-cert-perl-coding-standard\u002F2.front-matter\u002F3.introduction\u002F01.scope",{"title":1145,"path":1146,"stem":1147},"Tool Selection and Validation","\u002Fsei-cert-perl-coding-standard\u002Ffront-matter\u002Fintroduction\u002Ftool-selection-and-validation","7.sei-cert-perl-coding-standard\u002F2.front-matter\u002F3.introduction\u002F02.tool-selection-and-validation",{"title":1149,"path":1150,"stem":1151},"Rules versus Recommendations","\u002Fsei-cert-perl-coding-standard\u002Ffront-matter\u002Fintroduction\u002Frules-versus-recommendations","7.sei-cert-perl-coding-standard\u002F2.front-matter\u002F3.introduction\u002F03.rules-versus-recommendations",{"title":1153,"path":1154,"stem":1155},"Development Process","\u002Fsei-cert-perl-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fdevelopment-process","7.sei-cert-perl-coding-standard\u002F2.front-matter\u002F3.introduction\u002F04.development-process",{"title":1157,"path":1158,"stem":1159},"Usage","\u002Fsei-cert-perl-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fusage","7.sei-cert-perl-coding-standard\u002F2.front-matter\u002F3.introduction\u002F05.usage",{"title":1161,"path":1162,"stem":1163},"System Qualities","\u002Fsei-cert-perl-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fsystem-qualities","7.sei-cert-perl-coding-standard\u002F2.front-matter\u002F3.introduction\u002F06.system-qualities",{"title":761,"path":1165,"stem":1166},"\u002Fsei-cert-perl-coding-standard\u002Ffront-matter\u002Fintroduction\u002Frisk-assessment","7.sei-cert-perl-coding-standard\u002F2.front-matter\u002F3.introduction\u002F07.risk-assessment",{"title":1168,"path":1169,"stem":1170},"Source Code Validation","\u002Fsei-cert-perl-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fsource-code-validation","7.sei-cert-perl-coding-standard\u002F2.front-matter\u002F3.introduction\u002F08.source-code-validation",{"title":1172,"path":1173,"stem":1174},"Automatically Generated Code","\u002Fsei-cert-perl-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fautomatically-generated-code","7.sei-cert-perl-coding-standard\u002F2.front-matter\u002F3.introduction\u002F09.automatically-generated-code",{"title":1176,"path":1177,"stem":1178},"Acknowledgements","\u002Fsei-cert-perl-coding-standard\u002Ffront-matter\u002Fintroduction\u002Facknowledgements","7.sei-cert-perl-coding-standard\u002F2.front-matter\u002F3.introduction\u002F11.acknowledgements",{"title":1180,"path":1181,"stem":1182,"children":1183},"Rules","\u002Fsei-cert-perl-coding-standard\u002Frules","7.sei-cert-perl-coding-standard\u002F3.rules\u002F1.index",[1184,1185,1203,1229,1239,1268,1272,1286,1296],{"title":1180,"path":1181,"stem":1182},{"title":1186,"path":1187,"stem":1188,"children":1189},"Declarations and Initialization (DCL)","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Fdeclarations-and-initialization-dcl","7.sei-cert-perl-coding-standard\u002F3.rules\u002F2.declarations-and-initialization-dcl\u002F1.index",[1190,1191,1195,1199],{"title":1186,"path":1187,"stem":1188},{"title":1192,"path":1193,"stem":1194},"DCL30-PL. Do not import deprecated modules","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Fdeclarations-and-initialization-dcl\u002Fdcl30-pl","7.sei-cert-perl-coding-standard\u002F3.rules\u002F2.declarations-and-initialization-dcl\u002F2.dcl30-pl",{"title":1196,"path":1197,"stem":1198},"DCL31-PL. Do not overload reserved keywords or subroutines","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Fdeclarations-and-initialization-dcl\u002Fdcl31-pl","7.sei-cert-perl-coding-standard\u002F3.rules\u002F2.declarations-and-initialization-dcl\u002F3.dcl31-pl",{"title":1200,"path":1201,"stem":1202},"DCL33-PL. Declare identifiers before using them","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Fdeclarations-and-initialization-dcl\u002Fdcl33-pl","7.sei-cert-perl-coding-standard\u002F3.rules\u002F2.declarations-and-initialization-dcl\u002F4.dcl33-pl",{"title":1204,"path":1205,"stem":1206,"children":1207},"Expressions (EXP)","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Fexpressions-exp","7.sei-cert-perl-coding-standard\u002F3.rules\u002F3.expressions-exp\u002F1.index",[1208,1209,1213,1217,1221,1225],{"title":1204,"path":1205,"stem":1206},{"title":1210,"path":1211,"stem":1212},"EXP30-PL. Do not use deprecated or obsolete functions or modules","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Fexpressions-exp\u002Fexp30-pl","7.sei-cert-perl-coding-standard\u002F3.rules\u002F3.expressions-exp\u002F2.exp30-pl",{"title":1214,"path":1215,"stem":1216},"EXP31-PL. Do not suppress or ignore exceptions","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Fexpressions-exp\u002Fexp31-pl","7.sei-cert-perl-coding-standard\u002F3.rules\u002F3.expressions-exp\u002F3.exp31-pl",{"title":1218,"path":1219,"stem":1220},"EXP32-PL. Do not ignore function return values","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Fexpressions-exp\u002Fexp32-pl","7.sei-cert-perl-coding-standard\u002F3.rules\u002F3.expressions-exp\u002F4.exp32-pl",{"title":1222,"path":1223,"stem":1224},"EXP33-PL. Do not invoke a function in a context for which it is not defined","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Fexpressions-exp\u002Fexp33-pl","7.sei-cert-perl-coding-standard\u002F3.rules\u002F3.expressions-exp\u002F5.exp33-pl",{"title":1226,"path":1227,"stem":1228},"EXP35-PL. Use the correct operator type for comparing values","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Fexpressions-exp\u002Fexp35-pl","7.sei-cert-perl-coding-standard\u002F3.rules\u002F3.expressions-exp\u002F6.exp35-pl",{"title":1230,"path":1231,"stem":1232,"children":1233},"File Input and Output (FIO)","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Ffile-input-and-output-fio","7.sei-cert-perl-coding-standard\u002F3.rules\u002F4.file-input-and-output-fio\u002F1.index",[1234,1235],{"title":1230,"path":1231,"stem":1232},{"title":1236,"path":1237,"stem":1238},"FIO30-PL. Use compatible character encodings when performing network or file I\u002FO","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Ffile-input-and-output-fio\u002Ffio30-pl","7.sei-cert-perl-coding-standard\u002F3.rules\u002F4.file-input-and-output-fio\u002F2.fio30-pl",{"title":1111,"path":1240,"stem":1241,"children":1242},"\u002Fsei-cert-perl-coding-standard\u002Frules\u002Finput-validation-and-data-sanitization-ids","7.sei-cert-perl-coding-standard\u002F3.rules\u002F5.input-validation-and-data-sanitization-ids\u002F1.index",[1243,1244,1248,1252,1256,1260,1264],{"title":1111,"path":1240,"stem":1241},{"title":1245,"path":1246,"stem":1247},"IDS30-PL. Exclude user input from format strings","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Finput-validation-and-data-sanitization-ids\u002Fids30-pl","7.sei-cert-perl-coding-standard\u002F3.rules\u002F5.input-validation-and-data-sanitization-ids\u002F2.ids30-pl",{"title":1249,"path":1250,"stem":1251},"IDS31-PL. Do not use the two-argument form of open()","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Finput-validation-and-data-sanitization-ids\u002Fids31-pl","7.sei-cert-perl-coding-standard\u002F3.rules\u002F5.input-validation-and-data-sanitization-ids\u002F3.ids31-pl",{"title":1253,"path":1254,"stem":1255},"IDS32-PL. Validate any integer that is used as an array index","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Finput-validation-and-data-sanitization-ids\u002Fids32-pl","7.sei-cert-perl-coding-standard\u002F3.rules\u002F5.input-validation-and-data-sanitization-ids\u002F4.ids32-pl",{"title":1257,"path":1258,"stem":1259},"IDS33-PL. Sanitize untrusted data passed across a trust boundary","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Finput-validation-and-data-sanitization-ids\u002Fids33-pl","7.sei-cert-perl-coding-standard\u002F3.rules\u002F5.input-validation-and-data-sanitization-ids\u002F5.ids33-pl",{"title":1261,"path":1262,"stem":1263},"IDS34-PL. Do not pass untrusted, unsanitized data to a command interpreter","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Finput-validation-and-data-sanitization-ids\u002Fids34-pl","7.sei-cert-perl-coding-standard\u002F3.rules\u002F5.input-validation-and-data-sanitization-ids\u002F6.ids34-pl",{"title":1265,"path":1266,"stem":1267},"IDS35-PL. Do not invoke the eval form with a string argument","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Finput-validation-and-data-sanitization-ids\u002Fids35-pl","7.sei-cert-perl-coding-standard\u002F3.rules\u002F5.input-validation-and-data-sanitization-ids\u002F7.ids35-pl",{"title":1269,"path":1270,"stem":1271},"Integers (INT)","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Fintegers-int","7.sei-cert-perl-coding-standard\u002F3.rules\u002F6.integers-int",{"title":1273,"path":1274,"stem":1275,"children":1276},"Miscellaneous (MSC)","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Fmiscellaneous-msc","7.sei-cert-perl-coding-standard\u002F3.rules\u002F7.miscellaneous-msc\u002F1.index",[1277,1278,1282],{"title":1273,"path":1274,"stem":1275},{"title":1279,"path":1280,"stem":1281},"MSC31-PL. Do not embed global statements","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fmsc31-pl","7.sei-cert-perl-coding-standard\u002F3.rules\u002F7.miscellaneous-msc\u002F2.msc31-pl",{"title":1283,"path":1284,"stem":1285},"MSC32-PL. Do not provide a module's version value from outside the module","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fmsc32-pl","7.sei-cert-perl-coding-standard\u002F3.rules\u002F7.miscellaneous-msc\u002F3.msc32-pl",{"title":1287,"path":1288,"stem":1289,"children":1290},"Object-Oriented Programming (OOP)","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Fobject-oriented-programming-oop","7.sei-cert-perl-coding-standard\u002F3.rules\u002F8.object-oriented-programming-oop\u002F1.index",[1291,1292],{"title":1287,"path":1288,"stem":1289},{"title":1293,"path":1294,"stem":1295},"OOP32-PL. Prohibit indirect object call syntax","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Fobject-oriented-programming-oop\u002Foop32-pl","7.sei-cert-perl-coding-standard\u002F3.rules\u002F8.object-oriented-programming-oop\u002F2.oop32-pl",{"title":1297,"path":1298,"stem":1299,"children":1300},"Strings (STR)","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Fstrings-str","7.sei-cert-perl-coding-standard\u002F3.rules\u002F9.strings-str\u002F1.index",[1301,1302,1306],{"title":1297,"path":1298,"stem":1299},{"title":1303,"path":1304,"stem":1305},"STR30-PL. Capture variables should be read only immediately after a successful regex match","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Fstrings-str\u002Fstr30-pl","7.sei-cert-perl-coding-standard\u002F3.rules\u002F9.strings-str\u002F2.str30-pl",{"title":1307,"path":1308,"stem":1309},"STR31-PL. Do not pass string literals to functions expecting regexes","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Fstrings-str\u002Fstr31-pl","7.sei-cert-perl-coding-standard\u002F3.rules\u002F9.strings-str\u002F3.str31-pl",{"title":1311,"path":1312,"stem":1313,"children":1314},"Recommendations","\u002Fsei-cert-perl-coding-standard\u002Frecommendations","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F1.index",[1315,1316,1345,1378,1389,1394,1407,1432,1445],{"title":1311,"path":1312,"stem":1313},{"title":1186,"path":1317,"stem":1318,"children":1319},"\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F2.declarations-and-initialization-dcl\u002F1.index",[1320,1321,1325,1329,1333,1337,1341],{"title":1186,"path":1317,"stem":1318},{"title":1322,"path":1323,"stem":1324},"DCL00-PL. Do not use subroutine prototypes","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl00-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F2.declarations-and-initialization-dcl\u002F2.dcl00-pl",{"title":1326,"path":1327,"stem":1328},"DCL01-PL. Do not reuse variable names in subscopes","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl01-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F2.declarations-and-initialization-dcl\u002F3.dcl01-pl",{"title":1330,"path":1331,"stem":1332},"DCL02-PL. Any modified punctuation variable should be declared local","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl02-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F2.declarations-and-initialization-dcl\u002F4.dcl02-pl",{"title":1334,"path":1335,"stem":1336},"DCL03-PL. Do not read a foreach iterator variable after the loop has completed","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl03-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F2.declarations-and-initialization-dcl\u002F5.dcl03-pl",{"title":1338,"path":1339,"stem":1340},"DCL04-PL. Always initialize local variables","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl04-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F2.declarations-and-initialization-dcl\u002F6.dcl04-pl",{"title":1342,"path":1343,"stem":1344},"DCL05-PL. Prohibit Perl4 package names","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl05-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F2.declarations-and-initialization-dcl\u002F7.dcl05-pl",{"title":1204,"path":1346,"stem":1347,"children":1348},"\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fexpressions-exp","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F3.expressions-exp\u002F1.index",[1349,1350,1354,1358,1362,1366,1370,1374],{"title":1204,"path":1346,"stem":1347},{"title":1351,"path":1352,"stem":1353},"EXP00-PL. Do not return undef","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fexpressions-exp\u002Fexp00-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F3.expressions-exp\u002F2.exp00-pl",{"title":1355,"path":1356,"stem":1357},"EXP01-PL. Do not depend on the return value of functions that lack a return statement","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fexpressions-exp\u002Fexp01-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F3.expressions-exp\u002F3.exp01-pl",{"title":1359,"path":1360,"stem":1361},"EXP03-PL. Do not diminish the benefits of constants by assuming their values in expressions","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fexpressions-exp\u002Fexp03-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F3.expressions-exp\u002F4.exp03-pl",{"title":1363,"path":1364,"stem":1365},"EXP04-PL. Do not mix the early-precedence logical operators with late-precedence logical operators","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fexpressions-exp\u002Fexp04-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F3.expressions-exp\u002F5.exp04-pl",{"title":1367,"path":1368,"stem":1369},"EXP06-PL. Do not use an array in an implicit scalar context","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fexpressions-exp\u002Fexp06-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F3.expressions-exp\u002F6.exp06-pl",{"title":1371,"path":1372,"stem":1373},"EXP07-PL. Do not modify $_ in list or sorting functions","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fexpressions-exp\u002Fexp07-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F3.expressions-exp\u002F7.exp07-pl",{"title":1375,"path":1376,"stem":1377},"EXP08-PL. Do not use the one-argument form of select()","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fexpressions-exp\u002Fexp08-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F3.expressions-exp\u002F8.exp08-pl",{"title":1230,"path":1379,"stem":1380,"children":1381},"\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Ffile-input-and-output-fio","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F4.file-input-and-output-fio\u002F1.index",[1382,1383,1387],{"title":1230,"path":1379,"stem":1380},{"title":1384,"path":1385,"stem":1386},"FIO00-PL. Do not use bareword file handles","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Ffile-input-and-output-fio\u002Ffio00-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F4.file-input-and-output-fio\u002F2.fio00-pl",{"title":113,"path":112,"stem":1388},"7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F4.file-input-and-output-fio\u002F3.fio01-pl",{"title":1111,"path":1112,"stem":1113,"children":1390},[1391,1392,1393],{"title":1111,"path":1112,"stem":1113},{"title":30,"path":1105,"stem":1107},{"title":1115,"path":1077,"stem":1116},{"title":1269,"path":1395,"stem":1396,"children":1397},"\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fintegers-int","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F6.integers-int\u002F1.index",[1398,1399,1403],{"title":1269,"path":1395,"stem":1396},{"title":1400,"path":1401,"stem":1402},"INT00-PL. Do not prepend leading zeroes to integer literals","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fintegers-int\u002Fint00-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F6.integers-int\u002F2.int00-pl",{"title":1404,"path":1405,"stem":1406},"INT01-PL. Use small integers when precise computation is required","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fintegers-int\u002Fint01-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F6.integers-int\u002F3.int01-pl",{"title":1273,"path":1408,"stem":1409,"children":1410},"\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F7.miscellaneous-msc\u002F1.index",[1411,1412,1416,1420,1424,1428],{"title":1273,"path":1408,"stem":1409},{"title":1413,"path":1414,"stem":1415},"MSC00-PL. Detect and remove dead code","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc00-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F7.miscellaneous-msc\u002F2.msc00-pl",{"title":1417,"path":1418,"stem":1419},"MSC01-PL. Detect and remove unused variables","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc01-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F7.miscellaneous-msc\u002F3.msc01-pl",{"title":1421,"path":1422,"stem":1423},"MSC02-PL. Run programs with full warnings and strict checking","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc02-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F7.miscellaneous-msc\u002F4.msc02-pl",{"title":1425,"path":1426,"stem":1427},"MSC03-PL. Do not use select() to sleep","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc03-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F7.miscellaneous-msc\u002F5.msc03-pl",{"title":1429,"path":1430,"stem":1431},"MSC04-PL. Do not use comma to separate statements","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc04-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F7.miscellaneous-msc\u002F6.msc04-pl",{"title":1287,"path":1433,"stem":1434,"children":1435},"\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fobject-oriented-programming-oop","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F8.object-oriented-programming-oop\u002F1.index",[1436,1437,1441],{"title":1287,"path":1433,"stem":1434},{"title":1438,"path":1439,"stem":1440},"OOP00-PL. Do not signify inheritence at runtime","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fobject-oriented-programming-oop\u002Foop00-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F8.object-oriented-programming-oop\u002F2.oop00-pl",{"title":1442,"path":1443,"stem":1444},"OOP01-PL. Do not access private variables or subroutines in other packages","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fobject-oriented-programming-oop\u002Foop01-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F8.object-oriented-programming-oop\u002F3.oop01-pl",{"title":1297,"path":1446,"stem":1447},"\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fstrings-str","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F9.strings-str",{"title":1449,"path":1450,"stem":1451,"children":1452},"Back Matter","\u002Fsei-cert-perl-coding-standard\u002Fback-matter","7.sei-cert-perl-coding-standard\u002F5.back-matter\u002F1.index",[1453,1454,1458,1486],{"title":1449,"path":1450,"stem":1451},{"title":1455,"path":1456,"stem":1457},"AA. Bibliography","\u002Fsei-cert-perl-coding-standard\u002Fback-matter\u002Faa-bibliography","7.sei-cert-perl-coding-standard\u002F5.back-matter\u002F2.aa-bibliography",{"title":1459,"path":1460,"stem":1461,"children":1462},"BB. Analyzers","\u002Fsei-cert-perl-coding-standard\u002Fback-matter\u002Fbb-analyzers","7.sei-cert-perl-coding-standard\u002F5.back-matter\u002F3.bb-analyzers\u002F1.index",[1463,1464,1468,1472,1476,1480,1482],{"title":1459,"path":1460,"stem":1461},{"title":1465,"path":1466,"stem":1467},"Critic","\u002Fsei-cert-perl-coding-standard\u002Fback-matter\u002Fbb-analyzers\u002Fcritic","7.sei-cert-perl-coding-standard\u002F5.back-matter\u002F3.bb-analyzers\u002F2.critic",{"title":1469,"path":1470,"stem":1471},"Critic_V","\u002Fsei-cert-perl-coding-standard\u002Fback-matter\u002Fbb-analyzers\u002Fcritic_v","7.sei-cert-perl-coding-standard\u002F5.back-matter\u002F3.bb-analyzers\u002F3.critic_v",{"title":1473,"path":1474,"stem":1475},"Lint","\u002Fsei-cert-perl-coding-standard\u002Fback-matter\u002Fbb-analyzers\u002Flint","7.sei-cert-perl-coding-standard\u002F5.back-matter\u002F3.bb-analyzers\u002F4.lint",{"title":1477,"path":1478,"stem":1479},"Lint_V","\u002Fsei-cert-perl-coding-standard\u002Fback-matter\u002Fbb-analyzers\u002Flint_v","7.sei-cert-perl-coding-standard\u002F5.back-matter\u002F3.bb-analyzers\u002F5.lint_v",{"title":894,"path":893,"stem":1481},"7.sei-cert-perl-coding-standard\u002F5.back-matter\u002F3.bb-analyzers\u002F6.security-reviewer-static-reviewer",{"title":1483,"path":1484,"stem":1485},"Security Reviewer - Static Reviewer_V","\u002Fsei-cert-perl-coding-standard\u002Fback-matter\u002Fbb-analyzers\u002Fsecurity-reviewer-static-reviewer_v","7.sei-cert-perl-coding-standard\u002F5.back-matter\u002F3.bb-analyzers\u002F7.security-reviewer-static-reviewer_v",{"title":1487,"path":1488,"stem":1489},"CC. Risk Assessments","\u002Fsei-cert-perl-coding-standard\u002Fback-matter\u002Fcc-risk-assessments","7.sei-cert-perl-coding-standard\u002F5.back-matter\u002F4.cc-risk-assessments",1775657794535]