[{"data":1,"prerenderedAt":1991},["ShallowReactive",2],{"global-navigation":3,"page-\u002Fsei-cert-perl-coding-standard\u002Frules\u002Finput-validation-and-data-sanitization-ids\u002Fids33-pl":28,"surround-\u002Fsei-cert-perl-coding-standard\u002Frules\u002Finput-validation-and-data-sanitization-ids\u002Fids33-pl":1607,"sidebar-sei-cert-perl-coding-standard":1614},[4,8],{"title":5,"path":6,"_path":6,"fromAppConfig":7},"Home","\u002F",true,{"title":9,"path":10,"children":11,"_path":27,"fromAppConfig":7},"Coding Standards","\u002Fcoding-standards\u002F",[12,15,18,21,24],{"title":13,"path":14},"Android Coding Standard","\u002Fandroid-secure-coding-standard\u002F",{"title":16,"path":17},"C Coding Standard","\u002Fsei-cert-c-coding-standard\u002F",{"title":19,"path":20},"C++ Coding Standard","\u002Fsei-cert-cpp-coding-standard\u002F",{"title":22,"path":23},"Java Coding Standard","\u002Fsei-cert-oracle-coding-standard-for-java\u002F",{"title":25,"path":26},"Perl Coding Standard","\u002Fsei-cert-perl-coding-standard\u002F","\u002Fcoding-standards",{"id":29,"title":30,"body":31,"description":41,"extension":1598,"meta":1599,"navigation":7,"path":1603,"seo":1604,"stem":1605,"__hash__":1606},"content\u002F7.sei-cert-perl-coding-standard\u002F3.rules\u002F5.input-validation-and-data-sanitization-ids\u002F5.ids33-pl.md","IDS33-PL. Sanitize untrusted data passed across a trust boundary",{"type":32,"value":33,"toc":1583},"minimark",[34,38,42,45,48,53,75,237,244,250,253,258,261,264,268,271,275,282,334,340,345,349,352,355,405,408,422,445,448,496,522,528,543,546,587,594,599,602,605,998,1002,1005,1087,1094,1100,1104,1107,1183,1187,1253,1257,1318,1322,1373,1377,1510,1513,1534,1538,1579],[35,36,30],"h1",{"id":37},"ids33-pl-sanitize-untrusted-data-passed-across-a-trust-boundary",[39,40,41],"p",{},"Many programs accept untrusted data originating from arbitrary users, network connections, and other untrusted sources and then pass the (modified or unmodified) data across a trust boundary to a different trusted domain. Frequently the data is in the form of a string with some internal syntactic structure, which the subsystem must parse. Such data must be sanitized both because the subsystem may be unprepared to handle the malformed input and because unsanitized input may include an injection attack.",[39,43,44],{},"In particular, programs must sanitize all string data that is passed to command interpreters or parsers so that the resulting string is innocuous in the context in which it is parsed or interpreted.",[39,46,47],{},"Many command interpreters and parsers provide their own sanitization and validation methods. When available, their use is preferred over custom sanitization techniques because custom-developed sanitization can often neglect special cases or hidden complexities in the parser. Another problem with custom sanitization code is that it may not be adequately maintained when new capabilities are added to the command interpreter or parser software.",[49,50,52],"h2",{"id":51},"noncompliant-code-example-xss","Noncompliant Code Example (XSS)",[39,54,55,56,63,64,69,70,74],{},"This noncompliant code example demonstrates an XSS exploit. This code uses the ",[57,58,62],"a",{"href":59,"rel":60},"http:\u002F\u002Fsearch.cpan.org\u002Fdist\u002FCGI\u002F",[61],"nofollow","CGI"," module to display a web form and is adopted from an example from the ",[57,65,68],{"href":66,"rel":67},"http:\u002F\u002Fcpansearch.perl.org\u002Fsrc\u002FMARKSTOS\u002FCGI.pm-3.59\u002Fcgi_docs.html#functionvsoo",[61],"CGI.pm documentation"," . The form queries the user for a name and displays the resulting name on the page when the user clicks ",[71,72,73],"code",{},"Submit"," .",[76,77,79],"code-block",{"quality":78},"bad",[80,81,86],"pre",{"className":82,"code":83,"language":84,"meta":85,"style":85},"language-perl shiki shiki-themes github-light github-dark monokai","use CGI qw(:standard);\n\nprint header;\nprint start_html('A Simple Example'),\n  h1('A Simple Example'),\n  start_form,\n  \"What's your name? \",textfield('name'),\n  submit,\n  end_form,\n  hr;\n\nif (param()) {\n  print \"Your name is: \",em(param('name')),\n    hr;\n}\nprint end_html;\n","perl","",[71,87,88,108,114,124,138,148,154,168,174,180,186,191,200,217,223,229],{"__ignoreMap":85},[89,90,93,97,101,105],"span",{"class":91,"line":92},"line",1,[89,94,96],{"class":95},"sC2Qs","use",[89,98,100],{"class":99},"sMOD_"," CGI ",[89,102,104],{"class":103},"sstjo","qw(:standard)",[89,106,107],{"class":99},";\n",[89,109,111],{"class":91,"line":110},2,[89,112,113],{"emptyLinePlaceholder":7},"\n",[89,115,117,121],{"class":91,"line":116},3,[89,118,120],{"class":119},"sTrkL","print",[89,122,123],{"class":99}," header;\n",[89,125,127,129,132,135],{"class":91,"line":126},4,[89,128,120],{"class":119},[89,130,131],{"class":99}," start_html(",[89,133,134],{"class":103},"'A Simple Example'",[89,136,137],{"class":99},"),\n",[89,139,141,144,146],{"class":91,"line":140},5,[89,142,143],{"class":99},"  h1(",[89,145,134],{"class":103},[89,147,137],{"class":99},[89,149,151],{"class":91,"line":150},6,[89,152,153],{"class":99},"  start_form,\n",[89,155,157,160,163,166],{"class":91,"line":156},7,[89,158,159],{"class":103},"  \"What's your name? \"",[89,161,162],{"class":99},",textfield(",[89,164,165],{"class":103},"'name'",[89,167,137],{"class":99},[89,169,171],{"class":91,"line":170},8,[89,172,173],{"class":99},"  submit,\n",[89,175,177],{"class":91,"line":176},9,[89,178,179],{"class":99},"  end_form,\n",[89,181,183],{"class":91,"line":182},10,[89,184,185],{"class":99},"  hr;\n",[89,187,189],{"class":91,"line":188},11,[89,190,113],{"emptyLinePlaceholder":7},[89,192,194,197],{"class":91,"line":193},12,[89,195,196],{"class":95},"if",[89,198,199],{"class":99}," (param()) {\n",[89,201,203,206,209,212,214],{"class":91,"line":202},13,[89,204,205],{"class":119},"  print",[89,207,208],{"class":103}," \"Your name is: \"",[89,210,211],{"class":99},",em(param(",[89,213,165],{"class":103},[89,215,216],{"class":99},")),\n",[89,218,220],{"class":91,"line":219},14,[89,221,222],{"class":99},"    hr;\n",[89,224,226],{"class":91,"line":225},15,[89,227,228],{"class":99},"}\n",[89,230,232,234],{"class":91,"line":231},16,[89,233,120],{"class":119},[89,235,236],{"class":99}," end_html;\n",[39,238,239,240,243],{},"When fed a benign name, such as ",[71,241,242],{},"Larry"," , this script works well enough:",[39,245,246],{},[247,248],"img",{"alt":85,"src":249},"attachments\u002F88890538\u002F88892216.png",[39,251,252],{},"But this code will happily parse image tags, HTML markup, JavaScript, or any other commands an attacker may wish to send. The following picture demonstrates a remote image being loaded into the page on the request of the attacker:",[39,254,255],{},[247,256],{"alt":85,"src":257},"attachments\u002F88890538\u002F88892213.png",[39,259,260],{},"In this case. the trust boundary exists between the untrusted data and the CGI script, whereas the trusted domain is the web browser—or rather the HTML parsing and rendering engine within the web browser.",[39,262,263],{},"More details about sanitization of this code example can be found in IDS01-PL. Use taint mode while being aware of its limitations .",[49,265,267],{"id":266},"noncompliant-code-example-taint-mode","Noncompliant Code Example (Taint Mode)",[39,269,270],{},"Using taint mode will not detect or prevent XSS. Taint mode does not prevent tainted data from being printed to standard output.",[49,272,274],{"id":273},"compliant-solution-xss","Compliant Solution (XSS)",[39,276,277,278,281],{},"To prevent injection of HTML, JavaScript, or malicious images, any untrusted input must be sanitized. This compliant solution sanitizes the input using the ",[71,279,280],{},"escapeHTML()"," subroutine from the CGI library.",[76,283,285],{"quality":284},"good",[80,286,288],{"className":82,"code":287,"language":84,"meta":85,"style":85},"# rest of code unchanged\n\nif (param()) {\n  print \"Your name is: \", em(escapeHTML(param('name'))),\n    hr;\n}\nprint end_html;\n",[71,289,290,296,300,306,320,324,328],{"__ignoreMap":85},[89,291,292],{"class":91,"line":92},[89,293,295],{"class":294},"s8-w5","# rest of code unchanged\n",[89,297,298],{"class":91,"line":110},[89,299,113],{"emptyLinePlaceholder":7},[89,301,302,304],{"class":91,"line":116},[89,303,196],{"class":95},[89,305,199],{"class":99},[89,307,308,310,312,315,317],{"class":91,"line":126},[89,309,205],{"class":119},[89,311,208],{"class":103},[89,313,314],{"class":99},", em(escapeHTML(param(",[89,316,165],{"class":103},[89,318,319],{"class":99},"))),\n",[89,321,322],{"class":91,"line":140},[89,323,222],{"class":99},[89,325,326],{"class":91,"line":150},[89,327,228],{"class":99},[89,329,330,332],{"class":91,"line":156},[89,331,120],{"class":119},[89,333,236],{"class":99},[39,335,336,337,339],{},"When fed the malicious image tag demonstrated previously, the ",[71,338,280],{}," subroutine sanitizes characters that might be misinterpreted by a web browser, causing the name to appear exactly as it was entered:",[39,341,342],{},[247,343],{"alt":85,"src":344},"attachments\u002F88890538\u002F88892215.png",[35,346,348],{"id":347},"sql-injection","SQL Injection",[39,350,351],{},"A SQL injection vulnerability arises when the original SQL query can be altered to form an altogether different query. Execution of this altered query may result in information leaks or data modification. The primary means of preventing SQL injection are sanitizing and validating untrusted input and parameterizing queries.",[39,353,354],{},"Suppose a database contains user names and passwords used to authenticate users of the system. A SQL command to authenticate a user might take the form:",[80,356,360],{"className":357,"code":358,"language":359,"meta":85,"style":85},"language-java shiki shiki-themes github-light github-dark monokai","SELECT * FROM Users WHERE userid='\u003CUSERID>' AND \n                            password='\u003CPASSWORD>'\n","java",[71,361,362,395],{"__ignoreMap":85},[89,363,364,367,370,374,377,380,383,386,389,392],{"class":91,"line":92},[89,365,366],{"class":99},"SELECT ",[89,368,369],{"class":95},"*",[89,371,373],{"class":372},"sk8M1"," FROM",[89,375,376],{"class":372}," Users",[89,378,379],{"class":372}," WHERE",[89,381,382],{"class":99}," userid",[89,384,385],{"class":95},"=",[89,387,388],{"class":103},"'\u003CUSERID>'",[89,390,391],{"class":372}," AND",[89,393,394],{"class":99}," \n",[89,396,397,400,402],{"class":91,"line":110},[89,398,399],{"class":99},"                            password",[89,401,385],{"class":95},[89,403,404],{"class":103},"'\u003CPASSWORD>'\n",[39,406,407],{},"If it returns any records, the user ID and password are valid.",[39,409,410,411,414,415,418,419,421],{},"However, if an attacker can substitute arbitrary strings for ",[71,412,413],{},"\u003CUSERID>"," and ",[71,416,417],{},"\u003CPASSWORD>"," , he can perform a SQL injection by using the following string for ",[71,420,413],{}," :",[80,423,425],{"className":357,"code":424,"language":359,"meta":85,"style":85},"validuser' OR '1'='1\n",[71,426,427],{"__ignoreMap":85},[89,428,429,432,435,439,442],{"class":91,"line":92},[89,430,431],{"class":99},"validuser",[89,433,434],{"class":103},"' OR '",[89,436,438],{"class":437},"s7F3e","1",[89,440,441],{"class":103},"'='",[89,443,444],{"class":437},"1\n",[39,446,447],{},"When injected into the command, the command becomes",[80,449,451],{"className":357,"code":450,"language":359,"meta":85,"style":85},"SELECT * FROM Users WHERE userid='validuser' OR '1'='1' AND password=\u003CPASSWORD>\n",[71,452,453],{"__ignoreMap":85},[89,454,455,457,459,461,463,465,467,469,472,475,478,480,482,484,487,490,493],{"class":91,"line":92},[89,456,366],{"class":99},[89,458,369],{"class":95},[89,460,373],{"class":372},[89,462,376],{"class":372},[89,464,379],{"class":372},[89,466,382],{"class":99},[89,468,385],{"class":95},[89,470,471],{"class":103},"'validuser'",[89,473,474],{"class":99}," OR ",[89,476,477],{"class":103},"'1'",[89,479,385],{"class":95},[89,481,477],{"class":103},[89,483,391],{"class":372},[89,485,486],{"class":99}," password",[89,488,489],{"class":95},"=\u003C",[89,491,492],{"class":99},"PASSWORD",[89,494,495],{"class":95},">\n",[39,497,498,499,501,502,505,506,508,509,512,513,516,517,519,520,74],{},"If ",[71,500,431],{}," is a valid user name, this ",[71,503,504],{},"SELECT"," statement selects the ",[71,507,431],{}," record in the table. The password is never checked because ",[71,510,511],{},"userid='validuser'"," is true; consequently, the items after the ",[71,514,515],{},"OR"," are not tested. As long as the components after the ",[71,518,515],{}," generate a syntactically correct SQL expression, the attacker is granted the access of ",[71,521,431],{},[39,523,524,525,527],{},"Likewise, an attacker could supply a string for ",[71,526,417],{}," such as:",[80,529,531],{"className":357,"code":530,"language":359,"meta":85,"style":85},"' OR '1'='1\n",[71,532,533],{"__ignoreMap":85},[89,534,535,537,539,541],{"class":91,"line":92},[89,536,434],{"class":103},[89,538,438],{"class":437},[89,540,441],{"class":103},[89,542,444],{"class":437},[39,544,545],{},"This would yield the following command:",[80,547,549],{"className":357,"code":548,"language":359,"meta":85,"style":85},"SELECT * FROM Users WHERE userid='' AND password='' OR '1'='1'\n",[71,550,551],{"__ignoreMap":85},[89,552,553,555,557,559,561,563,565,567,570,572,574,576,578,580,582,584],{"class":91,"line":92},[89,554,366],{"class":99},[89,556,369],{"class":95},[89,558,373],{"class":372},[89,560,376],{"class":372},[89,562,379],{"class":372},[89,564,382],{"class":99},[89,566,385],{"class":95},[89,568,569],{"class":103},"''",[89,571,391],{"class":372},[89,573,486],{"class":99},[89,575,385],{"class":95},[89,577,569],{"class":103},[89,579,474],{"class":99},[89,581,477],{"class":103},[89,583,385],{"class":95},[89,585,586],{"class":103},"'1'\n",[39,588,589,590,593],{},"This time, the ",[71,591,592],{},"'1'='1'"," tautology disables both user ID and password validation, and the attacker is falsely logged in without a correct login ID or password.",[595,596,598],"h3",{"id":597},"noncompliant-code-example-sql-injection","Noncompliant Code Example (SQL Injection)",[39,600,601],{},"This noncompliant code example shows Perl DBI code to authenticate a user to a system. The program connects to a database, prompts the user for a user ID and password, and hashes the password.",[39,603,604],{},"Unfortunately, this code example permits a SQL injection attack because the string passed to prepare accepts unsanitized input arguments. The attack scenario outlined previously would work as described.",[76,606,607],{"quality":78},[80,608,610],{"className":82,"code":609,"language":84,"meta":85,"style":85},"use DBI;\n    \nmy $dbfile = \"users.db\";\nmy $dbh = DBI->connect(\"dbi:SQLite:dbname=$dbfile\",\"\",\"\")\n  or die \"Couldn't connect to database: \" . DBI->errstr;\nsub hash {\n  # hash the password\n}\n  \nprint \"Enter your id: \";\nmy $userid = \u003CSTDIN>;\nchomp $userid;\nprint \"Enter your password: \";\nmy $password = \u003CSTDIN>;\nchomp $password;\nmy $hashed_password = hash( $password);\n\nmy $sth = $dbh->prepare(\"SELECT * FROM Users WHERE userid = '$userid' AND password = '$hashed_password'\")\n  or die \"Couldn't prepare statement: \" . $dbh->errstr;\n$sth->execute()\n  or die \"Couldn't execute statement: \" . $sth->errstr;\n  \nif (my @data = $sth->fetchrow_array()) {\n  my $username = $data[1];\n  my $id = $data[2];\n  print \"Access granted to user: $username ($userid)\\n\";\n}\n  \nif ($sth->rows == 0) {\n  print \"Invalid username \u002F password. Access denied\\n\";\n}\n \n$sth->finish;\n$dbh->disconnect;\n",[71,611,612,619,624,637,675,694,707,712,716,721,730,743,751,760,771,778,785,790,820,837,848,865,870,888,897,905,930,935,940,953,967,972,977,987],{"__ignoreMap":85},[89,613,614,616],{"class":91,"line":92},[89,615,96],{"class":95},[89,617,618],{"class":99}," DBI;\n",[89,620,621],{"class":91,"line":110},[89,622,623],{"class":99},"    \n",[89,625,626,629,632,635],{"class":91,"line":116},[89,627,628],{"class":95},"my",[89,630,631],{"class":99}," $dbfile = ",[89,633,634],{"class":103},"\"users.db\"",[89,636,107],{"class":99},[89,638,639,641,644,647,650,653,656,659,662,665,668,670,672],{"class":91,"line":126},[89,640,628],{"class":95},[89,642,643],{"class":99}," $dbh = DBI",[89,645,646],{"class":95},"->",[89,648,649],{"class":119},"connect",[89,651,652],{"class":99},"(",[89,654,655],{"class":103},"\"dbi:SQLite:dbname=",[89,657,658],{"class":99},"$dbfile",[89,660,661],{"class":103},"\"",[89,663,664],{"class":99},",",[89,666,667],{"class":103},"\"\"",[89,669,664],{"class":99},[89,671,667],{"class":103},[89,673,674],{"class":99},")\n",[89,676,677,680,683,686,689,691],{"class":91,"line":140},[89,678,679],{"class":95},"  or",[89,681,682],{"class":95}," die",[89,684,685],{"class":103}," \"Couldn't connect to database: \"",[89,687,688],{"class":99}," . DBI",[89,690,646],{"class":95},[89,692,693],{"class":99},"errstr;\n",[89,695,696,700,704],{"class":91,"line":150},[89,697,699],{"class":698},"sq6CD","sub",[89,701,703],{"class":702},"srTi1"," hash",[89,705,706],{"class":99}," {\n",[89,708,709],{"class":91,"line":156},[89,710,711],{"class":294},"  # hash the password\n",[89,713,714],{"class":91,"line":170},[89,715,228],{"class":99},[89,717,718],{"class":91,"line":176},[89,719,720],{"class":99},"  \n",[89,722,723,725,728],{"class":91,"line":182},[89,724,120],{"class":119},[89,726,727],{"class":103}," \"Enter your id: \"",[89,729,107],{"class":99},[89,731,732,734,737,740],{"class":91,"line":188},[89,733,628],{"class":95},[89,735,736],{"class":99}," $userid = \u003C",[89,738,739],{"class":119},"STDIN",[89,741,742],{"class":99},">;\n",[89,744,745,748],{"class":91,"line":193},[89,746,747],{"class":119},"chomp",[89,749,750],{"class":99}," $userid;\n",[89,752,753,755,758],{"class":91,"line":202},[89,754,120],{"class":119},[89,756,757],{"class":103}," \"Enter your password: \"",[89,759,107],{"class":99},[89,761,762,764,767,769],{"class":91,"line":219},[89,763,628],{"class":95},[89,765,766],{"class":99}," $password = \u003C",[89,768,739],{"class":119},[89,770,742],{"class":99},[89,772,773,775],{"class":91,"line":225},[89,774,747],{"class":119},[89,776,777],{"class":99}," $password;\n",[89,779,780,782],{"class":91,"line":231},[89,781,628],{"class":95},[89,783,784],{"class":99}," $hashed_password = hash( $password);\n",[89,786,788],{"class":91,"line":787},17,[89,789,113],{"emptyLinePlaceholder":7},[89,791,793,795,798,800,803,806,809,812,815,818],{"class":91,"line":792},18,[89,794,628],{"class":95},[89,796,797],{"class":99}," $sth = $dbh",[89,799,646],{"class":95},[89,801,802],{"class":99},"prepare(",[89,804,805],{"class":103},"\"SELECT * FROM Users WHERE userid = '",[89,807,808],{"class":99},"$userid",[89,810,811],{"class":103},"' AND password = '",[89,813,814],{"class":99},"$hashed_password",[89,816,817],{"class":103},"'\"",[89,819,674],{"class":99},[89,821,823,825,827,830,833,835],{"class":91,"line":822},19,[89,824,679],{"class":95},[89,826,682],{"class":95},[89,828,829],{"class":103}," \"Couldn't prepare statement: \"",[89,831,832],{"class":99}," . $dbh",[89,834,646],{"class":95},[89,836,693],{"class":99},[89,838,840,843,845],{"class":91,"line":839},20,[89,841,842],{"class":99},"$sth",[89,844,646],{"class":95},[89,846,847],{"class":99},"execute()\n",[89,849,851,853,855,858,861,863],{"class":91,"line":850},21,[89,852,679],{"class":95},[89,854,682],{"class":95},[89,856,857],{"class":103}," \"Couldn't execute statement: \"",[89,859,860],{"class":99}," . $sth",[89,862,646],{"class":95},[89,864,693],{"class":99},[89,866,868],{"class":91,"line":867},22,[89,869,720],{"class":99},[89,871,873,875,878,880,883,885],{"class":91,"line":872},23,[89,874,196],{"class":95},[89,876,877],{"class":99}," (",[89,879,628],{"class":95},[89,881,882],{"class":99}," @data = $sth",[89,884,646],{"class":95},[89,886,887],{"class":99},"fetchrow_array()) {\n",[89,889,891,894],{"class":91,"line":890},24,[89,892,893],{"class":95},"  my",[89,895,896],{"class":99}," $username = $data[1];\n",[89,898,900,902],{"class":91,"line":899},25,[89,901,893],{"class":95},[89,903,904],{"class":99}," $id = $data[2];\n",[89,906,908,910,913,916,918,920,923,926,928],{"class":91,"line":907},26,[89,909,205],{"class":119},[89,911,912],{"class":103}," \"Access granted to user: ",[89,914,915],{"class":99},"$username",[89,917,877],{"class":103},[89,919,808],{"class":99},[89,921,922],{"class":103},")",[89,924,925],{"class":437},"\\n",[89,927,661],{"class":103},[89,929,107],{"class":99},[89,931,933],{"class":91,"line":932},27,[89,934,228],{"class":99},[89,936,938],{"class":91,"line":937},28,[89,939,720],{"class":99},[89,941,943,945,948,950],{"class":91,"line":942},29,[89,944,196],{"class":95},[89,946,947],{"class":99}," ($sth",[89,949,646],{"class":95},[89,951,952],{"class":99},"rows == 0) {\n",[89,954,956,958,961,963,965],{"class":91,"line":955},30,[89,957,205],{"class":119},[89,959,960],{"class":103}," \"Invalid username \u002F password. Access denied",[89,962,925],{"class":437},[89,964,661],{"class":103},[89,966,107],{"class":99},[89,968,970],{"class":91,"line":969},31,[89,971,228],{"class":99},[89,973,975],{"class":91,"line":974},32,[89,976,394],{"class":99},[89,978,980,982,984],{"class":91,"line":979},33,[89,981,842],{"class":99},[89,983,646],{"class":95},[89,985,986],{"class":99},"finish;\n",[89,988,990,993,995],{"class":91,"line":989},34,[89,991,992],{"class":99},"$dbh",[89,994,646],{"class":95},[89,996,997],{"class":99},"disconnect;\n",[49,999,1001],{"id":1000},"compliant-solution-taint-mode","Compliant Solution (Taint Mode)",[39,1003,1004],{},"One way to find potential injection points quickly is to use Perl's taint mode.",[76,1006,1007],{"quality":284},[80,1008,1010],{"className":82,"code":1009,"language":84,"meta":85,"style":85},"# ... beginning of code \n\nmy $dbh = DBI->connect(\"dbi:SQLite:dbname=$dbfile\",\"\",\"\")\n  or die \"Couldn't connect to database: \" . DBI->errstr;\n$dbh->{TaintIn} = 1;\n\n# ... rest of ocde\n",[71,1011,1012,1017,1021,1049,1063,1078,1082],{"__ignoreMap":85},[89,1013,1014],{"class":91,"line":92},[89,1015,1016],{"class":294},"# ... beginning of code \n",[89,1018,1019],{"class":91,"line":110},[89,1020,113],{"emptyLinePlaceholder":7},[89,1022,1023,1025,1027,1029,1031,1033,1035,1037,1039,1041,1043,1045,1047],{"class":91,"line":116},[89,1024,628],{"class":95},[89,1026,643],{"class":99},[89,1028,646],{"class":95},[89,1030,649],{"class":119},[89,1032,652],{"class":99},[89,1034,655],{"class":103},[89,1036,658],{"class":99},[89,1038,661],{"class":103},[89,1040,664],{"class":99},[89,1042,667],{"class":103},[89,1044,664],{"class":99},[89,1046,667],{"class":103},[89,1048,674],{"class":99},[89,1050,1051,1053,1055,1057,1059,1061],{"class":91,"line":126},[89,1052,679],{"class":95},[89,1054,682],{"class":95},[89,1056,685],{"class":103},[89,1058,688],{"class":99},[89,1060,646],{"class":95},[89,1062,693],{"class":99},[89,1064,1065,1067,1069,1072,1075],{"class":91,"line":140},[89,1066,992],{"class":99},[89,1068,646],{"class":95},[89,1070,1071],{"class":99},"{",[89,1073,1074],{"class":437},"TaintIn",[89,1076,1077],{"class":99},"} = 1;\n",[89,1079,1080],{"class":91,"line":150},[89,1081,113],{"emptyLinePlaceholder":7},[89,1083,1084],{"class":91,"line":156},[89,1085,1086],{"class":294},"# ... rest of ocde\n",[39,1088,1089,1090,1093],{},"Perl will refuse to permit tainted data from entering the database via the ",[71,1091,1092],{},"prepare()"," method call. It will immediately exit with an error message:",[39,1095,1096,1097,1099],{},"Note that not only must the program be run in taint mode, but the ",[71,1098,1074],{}," attribute must be set on the connection handle, enabling taint checks to be run on the database.",[595,1101,1103],{"id":1102},"compliant-solution-prepared-statement","Compliant Solution (Prepared Statement)",[39,1105,1106],{},"Fortunately, Perl's DBI library provides an API for building SQL commands that sanitize untrusted data. The prepare() method properly escapes input strings, preventing SQL injection when used properly. This is an example of component-based sanitization.",[76,1108,1109],{"quality":284},[80,1110,1112],{"className":82,"code":1111,"language":84,"meta":85,"style":85},"# ... beginning of code \n\nmy $sth = $dbh->prepare(\"SELECT * FROM Users WHERE userid = ? AND password = ?\")\n  or die \"Couldn't prepare statement: \" . $dbh->errstr;\n$sth->execute($userid, $hashed_password)\n  or die \"Couldn't execute statement: \" . $sth->errstr;\n\n# ... rest of code \n",[71,1113,1114,1118,1122,1137,1151,1160,1174,1178],{"__ignoreMap":85},[89,1115,1116],{"class":91,"line":92},[89,1117,1016],{"class":294},[89,1119,1120],{"class":91,"line":110},[89,1121,113],{"emptyLinePlaceholder":7},[89,1123,1124,1126,1128,1130,1132,1135],{"class":91,"line":116},[89,1125,628],{"class":95},[89,1127,797],{"class":99},[89,1129,646],{"class":95},[89,1131,802],{"class":99},[89,1133,1134],{"class":103},"\"SELECT * FROM Users WHERE userid = ? AND password = ?\"",[89,1136,674],{"class":99},[89,1138,1139,1141,1143,1145,1147,1149],{"class":91,"line":126},[89,1140,679],{"class":95},[89,1142,682],{"class":95},[89,1144,829],{"class":103},[89,1146,832],{"class":99},[89,1148,646],{"class":95},[89,1150,693],{"class":99},[89,1152,1153,1155,1157],{"class":91,"line":140},[89,1154,842],{"class":99},[89,1156,646],{"class":95},[89,1158,1159],{"class":99},"execute($userid, $hashed_password)\n",[89,1161,1162,1164,1166,1168,1170,1172],{"class":91,"line":150},[89,1163,679],{"class":95},[89,1165,682],{"class":95},[89,1167,857],{"class":103},[89,1169,860],{"class":99},[89,1171,646],{"class":95},[89,1173,693],{"class":99},[89,1175,1176],{"class":91,"line":156},[89,1177,113],{"emptyLinePlaceholder":7},[89,1179,1180],{"class":91,"line":170},[89,1181,1182],{"class":294},"# ... rest of code\n",[49,1184,1186],{"id":1185},"risk-assessment","Risk Assessment",[1188,1189,1190,1191,1190,1221],"table",{},"\n  ",[1192,1193,1194,1195,1190],"thead",{},"\n    ",[1196,1197,1198,1199,1198,1203,1198,1206,1198,1209,1198,1212,1198,1215,1198,1218,1194],"tr",{},"\n      ",[1200,1201,1202],"th",{},"Rule",[1200,1204,1205],{},"Severity",[1200,1207,1208],{},"Likelihood",[1200,1210,1211],{},"Detectable",[1200,1213,1214],{},"Repairable",[1200,1216,1217],{},"Priority",[1200,1219,1220],{},"Level",[1222,1223,1194,1224,1190],"tbody",{},[1196,1225,1198,1226,1198,1230,1198,1233,1198,1236,1198,1239,1198,1241,1198,1248,1194],{},[1227,1228,1229],"td",{},"IDS33-PL",[1227,1231,1232],{},"High",[1227,1234,1235],{},"Likely",[1227,1237,1238],{},"No",[1227,1240,1238],{},[1227,1242,1244],{"style":1243},"color: #f1c40f;",[1245,1246,1247],"b",{},"P9",[1227,1249,1250],{"style":1243},[1245,1251,1252],{},"L2",[49,1254,1256],{"id":1255},"automated-detection","Automated Detection",[1188,1258,1261,1272],{"className":1259},[1260],"wrapped",[1262,1263,1264,1268,1270],"colgroup",{},[1265,1266],"col",{"style":1267},"width: 33%",[1265,1269],{"style":1267},[1265,1271],{"style":1267},[1222,1273,1274,1291],{},[1196,1275,1278,1283,1288],{"className":1276},[1277],"header",[1200,1279,1280],{},[39,1281,1282],{},"Tool",[1200,1284,1285],{},[39,1286,1287],{},"Diagnostic",[1200,1289,1290],{},"Notes",[1196,1292,1295,1300,1305],{"className":1293},[1294],"odd",[1227,1296,1297],{},[39,1298,1299],{},"Taint mode",[1227,1301,1302],{},[39,1303,1304],{},"Insecure dependency in parameter \\d* of DBI::db=.* method call",[1227,1306,1307],{},[39,1308,1309,1310,1313,1314,1317],{},"Catches SQL injection.",[1311,1312],"br",{},"\nRequires ",[71,1315,1316],{},"       TaintIn      "," attribute.",[49,1319,1321],{"id":1320},"related-guidelines","Related Guidelines",[1188,1323,1324,1332],{},[1192,1325,1326],{},[1196,1327,1328,1330],{},[1200,1329],{},[1200,1331],{},[1222,1333,1334,1347,1360],{},[1196,1335,1336,1341],{},[1227,1337,1338],{},[57,1339,1340],{"href":17},"SEI CERT C Coding Standard",[1227,1342,1343],{},[57,1344,1346],{"href":1345},"\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fcharacters-and-strings-str\u002Fstr02-c","STR02-C. Sanitize data passed to complex subsystems",[1196,1348,1349,1354],{},[1227,1350,1351],{},[57,1352,1353],{"href":20},"SEI CERT C++ Coding Standard",[1227,1355,1356],{},[57,1357,1359],{"href":1358},"\u002Fsei-cert-cpp-coding-standard\u002Fthe-void\u002Fvoid-3-recommendations\u002Fvoid-rec-05-characters-and-strings-str\u002Fvoid-str02-cpp-sanitize-data-passed-to-complex-subsystems","VOID STR02-CPP. Sanitize data passed to complex subsystems",[1196,1361,1362,1367],{},[1227,1363,1364],{},[57,1365,1366],{"href":23},"CERT Oracle Secure Coding Standard for Java",[1227,1368,1369],{},[57,1370,1372],{"href":1371},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-validation-and-data-sanitization-ids\u002Fids00-j","IDS00-J. Prevent SQL injection",[49,1374,1376],{"id":1375},"bibliography","Bibliography",[1188,1378,1379,1387],{},[1192,1380,1381],{},[1196,1382,1383,1385],{},[1200,1384],{},[1200,1386],{},[1222,1388,1389,1408,1423,1439,1451,1465,1480,1495],{},[1196,1390,1391,1400],{},[1227,1392,1393,1394,1399],{},"[ ",[57,1395,1398],{"href":1396,"rel":1397},"http:\u002F\u002Fgunther.web66.com\u002FFAQS\u002Ftaintmode.html",[61],"Birznieks 1998"," ]",[1227,1401,1402,1403,1407],{},"Birznieks, Gunther, ",[57,1404,1406],{"href":1396,"rel":1405},[61],"CGI\u002FPerl Taint Mode FAQ,"," Version 1.0, June 3, 1998",[1196,1409,1410,1416],{},[1227,1411,1393,1412,1399],{},[57,1413,1415],{"href":66,"rel":1414},[61],"CGI 2005",[1227,1417,1418,1419],{},"CGI.pm: A Perl5 CGI Library, ",[57,1420,1422],{"href":66,"rel":1421},[61],"Function-Oriented vs Object-Oriented Use",[1196,1424,1425,1431],{},[1227,1426,1393,1427,1399],{},[57,1428,1430],{"href":1429},"\u002Fsei-cert-perl-coding-standard\u002Fback-matter\u002Faa-bibliography#AA.Bibliography-CPAN","CPAN",[1227,1432,1433,1434],{},"Bunce, Tim, ",[57,1435,1438],{"href":1436,"rel":1437},"http:\u002F\u002Fsearch.cpan.org\u002F%7Etimb\u002FDBI-1.622\u002FDBI.pm#available_drivers",[61],"DBI",[1196,1440,1441,1445],{},[1227,1442,1393,1443,1399],{},[57,1444,1430],{"href":1429},[1227,1446,1447,1448],{},"Stosberg, Mark, ",[57,1449,62],{"href":59,"rel":1450},[61],[1196,1452,1453,1456],{},[1227,1454,1455],{},"[Lester 2006]",[1227,1457,1458,1459,1464],{},"Lester, Andy, \" ",[57,1460,1463],{"href":1461,"rel":1462},"http:\u002F\u002Fwww.oreillynet.com\u002Fonlamp\u002Fblog\u002F2006\u002F11\u002Fperls_taint_mode_to_the_rescue.html",[61],"Perl's taint mode to the rescue"," ,\" O'Reilly OULamp.com, November 17, 2006",[1196,1466,1467,1474],{},[1227,1468,1393,1469,1399],{},[57,1470,1473],{"href":1471,"rel":1472},"http:\u002F\u002Fwww.kb.cert.org\u002Fvuls\u002Fid\u002F246409",[61],"VU#246409",[1227,1475,1476],{},[57,1477,1479],{"href":1471,"rel":1478},[61],"Input validation error in quikstore.cgi allows attackers to execute commands",[1196,1481,1482,1489],{},[1227,1483,1393,1484,1399],{},[57,1485,1488],{"href":1486,"rel":1487},"http:\u002F\u002Fwww.kb.cert.org\u002Fvuls\u002Fid\u002F282403",[61],"VU#282403",[1227,1490,1491],{},[57,1492,1494],{"href":1486,"rel":1493},[61],"AdCycle does not adequately validate user input thereby allowing for SQL injection",[1196,1496,1497,1503],{},[1227,1498,1393,1499,1399],{},[57,1500,1502],{"href":1501},"\u002Fsei-cert-perl-coding-standard\u002Fback-matter\u002Faa-bibliography#AA.Bibliography-Manpages","Wall 2011",[1227,1504,1505],{},[57,1506,1509],{"href":1507,"rel":1508},"http:\u002F\u002Fperldoc.perl.org\u002Fperlsec.html",[61],"perlsec",[1511,1512],"hr",{},[39,1514,1515,1521,1522,1521,1528],{},[57,1516,1518],{"href":1517},"\u002Fsei-cert-perl-coding-standard\u002Frules\u002Finput-validation-and-data-sanitization-ids\u002Fids32-pl",[247,1519],{"src":1520},"\u002Fattachments\u002F88890562\u002F88892207.png"," ",[57,1523,1525],{"href":1524},"\u002Fsei-cert-perl-coding-standard\u002Frules\u002Finput-validation-and-data-sanitization-ids\u002F",[247,1526],{"src":1527},"\u002Fattachments\u002F88890562\u002F88892209.png",[57,1529,1531],{"href":1530},"\u002Fsei-cert-perl-coding-standard\u002Frules\u002Finput-validation-and-data-sanitization-ids\u002Fids34-pl",[247,1532],{"src":1533},"\u002Fattachments\u002F88890562\u002F88892208.png",[49,1535,1537],{"id":1536},"attachments","Attachments:",[1539,1540,1544],"div",{"className":1541,"align":1543},[1542],"greybox","left",[39,1545,1546,1521,1549,1554,1555,1557,1521,1559,1554,1563,1565,1521,1567,1554,1571,1573,1521,1575,1554],{},[247,1547],{"alt":85,"src":1548},"images\u002Ficons\u002Fbullet_blue.gif",[57,1550,1553],{"href":1551,"target":1552},"\u002Fattachments\u002F88890538\u002F88892216.png","_blank","xss.benign.png"," (image\u002Fpng)",[1311,1556],{},[247,1558],{"alt":85,"src":1548},[57,1560,1562],{"href":1561,"target":1552},"\u002Fattachments\u002F88890538\u002F88892214.png","xss.evil.png",[1311,1564],{},[247,1566],{"alt":85,"src":1548},[57,1568,1570],{"href":1569,"target":1552},"\u002Fattachments\u002F88890538\u002F88892215.png","xss.fixed.png",[1311,1572],{},[247,1574],{"alt":85,"src":1548},[57,1576,1578],{"href":1577,"target":1552},"\u002Fattachments\u002F88890538\u002F88892213.png","xss.evil.onion.png",[1580,1581,1582],"style",{},"html pre.shiki code .sC2Qs, html code.shiki .sC2Qs{--shiki-default:#D73A49;--shiki-dark:#F97583;--shiki-sepia:#F92672}html pre.shiki code .sMOD_, html code.shiki .sMOD_{--shiki-default:#24292E;--shiki-dark:#E1E4E8;--shiki-sepia:#F8F8F2}html pre.shiki code .sstjo, html code.shiki .sstjo{--shiki-default:#032F62;--shiki-dark:#9ECBFF;--shiki-sepia:#E6DB74}html pre.shiki code .sTrkL, html code.shiki .sTrkL{--shiki-default:#005CC5;--shiki-dark:#79B8FF;--shiki-sepia:#66D9EF}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html .sepia .shiki span {color: var(--shiki-sepia);background: var(--shiki-sepia-bg);font-style: var(--shiki-sepia-font-style);font-weight: var(--shiki-sepia-font-weight);text-decoration: var(--shiki-sepia-text-decoration);}html.sepia .shiki span {color: var(--shiki-sepia);background: var(--shiki-sepia-bg);font-style: var(--shiki-sepia-font-style);font-weight: var(--shiki-sepia-font-weight);text-decoration: var(--shiki-sepia-text-decoration);}html pre.shiki code .s8-w5, html code.shiki .s8-w5{--shiki-default:#6A737D;--shiki-dark:#6A737D;--shiki-sepia:#88846F}html pre.shiki code .sk8M1, html code.shiki .sk8M1{--shiki-default:#24292E;--shiki-default-font-style:inherit;--shiki-dark:#E1E4E8;--shiki-dark-font-style:inherit;--shiki-sepia:#66D9EF;--shiki-sepia-font-style:italic}html pre.shiki code .s7F3e, html code.shiki .s7F3e{--shiki-default:#005CC5;--shiki-dark:#79B8FF;--shiki-sepia:#AE81FF}html pre.shiki code .sq6CD, html code.shiki .sq6CD{--shiki-default:#D73A49;--shiki-default-font-style:inherit;--shiki-dark:#F97583;--shiki-dark-font-style:inherit;--shiki-sepia:#66D9EF;--shiki-sepia-font-style:italic}html pre.shiki code .srTi1, html code.shiki .srTi1{--shiki-default:#6F42C1;--shiki-dark:#B392F0;--shiki-sepia:#A6E22E}",{"title":85,"searchDepth":110,"depth":110,"links":1584},[1585,1586,1587,1590,1593,1594,1595,1596,1597],{"id":51,"depth":110,"text":52},{"id":266,"depth":110,"text":267},{"id":273,"depth":110,"text":274,"children":1588},[1589],{"id":597,"depth":116,"text":598},{"id":1000,"depth":110,"text":1001,"children":1591},[1592],{"id":1102,"depth":116,"text":1103},{"id":1185,"depth":110,"text":1186},{"id":1255,"depth":110,"text":1256},{"id":1320,"depth":110,"text":1321},{"id":1375,"depth":110,"text":1376},{"id":1536,"depth":110,"text":1537},"md",{"tags":1600},[1601,1602],"ids","rule","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Finput-validation-and-data-sanitization-ids\u002Fids33-pl",{"title":30,"description":41},"7.sei-cert-perl-coding-standard\u002F3.rules\u002F5.input-validation-and-data-sanitization-ids\u002F5.ids33-pl","lj3vgh6FPbMgsAzKdwh80E6ZIgw5UAXHr7ko6vu15B8",[1608,1611],{"title":1609,"path":1517,"stem":1610,"children":-1},"IDS32-PL. Validate any integer that is used as an array index","7.sei-cert-perl-coding-standard\u002F3.rules\u002F5.input-validation-and-data-sanitization-ids\u002F4.ids32-pl",{"title":1612,"path":1530,"stem":1613,"children":-1},"IDS34-PL. Do not pass untrusted, unsanitized data to a command interpreter","7.sei-cert-perl-coding-standard\u002F3.rules\u002F5.input-validation-and-data-sanitization-ids\u002F6.ids34-pl",[1615],{"title":1616,"path":1617,"stem":1618,"children":1619},"SEI CERT Perl Coding Standard","\u002Fsei-cert-perl-coding-standard","7.sei-cert-perl-coding-standard\u002F1.index",[1620,1621,1676,1799,1947],{"title":1616,"path":1617,"stem":1618},{"title":1622,"path":1623,"stem":1624,"children":1625},"Front Matter","\u002Fsei-cert-perl-coding-standard\u002Ffront-matter","7.sei-cert-perl-coding-standard\u002F2.front-matter\u002F1.index",[1626,1627,1631],{"title":1622,"path":1623,"stem":1624},{"title":1628,"path":1629,"stem":1630},"Deprecations","\u002Fsei-cert-perl-coding-standard\u002Ffront-matter\u002Fdeprecations","7.sei-cert-perl-coding-standard\u002F2.front-matter\u002F2.deprecations",{"title":1632,"path":1633,"stem":1634,"children":1635},"Introduction","\u002Fsei-cert-perl-coding-standard\u002Ffront-matter\u002Fintroduction","7.sei-cert-perl-coding-standard\u002F2.front-matter\u002F3.introduction\u002F01.index",[1636,1637,1641,1645,1649,1653,1657,1661,1664,1668,1672],{"title":1632,"path":1633,"stem":1634},{"title":1638,"path":1639,"stem":1640},"Scope","\u002Fsei-cert-perl-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fscope","7.sei-cert-perl-coding-standard\u002F2.front-matter\u002F3.introduction\u002F01.scope",{"title":1642,"path":1643,"stem":1644},"Tool Selection and Validation","\u002Fsei-cert-perl-coding-standard\u002Ffront-matter\u002Fintroduction\u002Ftool-selection-and-validation","7.sei-cert-perl-coding-standard\u002F2.front-matter\u002F3.introduction\u002F02.tool-selection-and-validation",{"title":1646,"path":1647,"stem":1648},"Rules versus Recommendations","\u002Fsei-cert-perl-coding-standard\u002Ffront-matter\u002Fintroduction\u002Frules-versus-recommendations","7.sei-cert-perl-coding-standard\u002F2.front-matter\u002F3.introduction\u002F03.rules-versus-recommendations",{"title":1650,"path":1651,"stem":1652},"Development Process","\u002Fsei-cert-perl-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fdevelopment-process","7.sei-cert-perl-coding-standard\u002F2.front-matter\u002F3.introduction\u002F04.development-process",{"title":1654,"path":1655,"stem":1656},"Usage","\u002Fsei-cert-perl-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fusage","7.sei-cert-perl-coding-standard\u002F2.front-matter\u002F3.introduction\u002F05.usage",{"title":1658,"path":1659,"stem":1660},"System Qualities","\u002Fsei-cert-perl-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fsystem-qualities","7.sei-cert-perl-coding-standard\u002F2.front-matter\u002F3.introduction\u002F06.system-qualities",{"title":1186,"path":1662,"stem":1663},"\u002Fsei-cert-perl-coding-standard\u002Ffront-matter\u002Fintroduction\u002Frisk-assessment","7.sei-cert-perl-coding-standard\u002F2.front-matter\u002F3.introduction\u002F07.risk-assessment",{"title":1665,"path":1666,"stem":1667},"Source Code Validation","\u002Fsei-cert-perl-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fsource-code-validation","7.sei-cert-perl-coding-standard\u002F2.front-matter\u002F3.introduction\u002F08.source-code-validation",{"title":1669,"path":1670,"stem":1671},"Automatically Generated Code","\u002Fsei-cert-perl-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fautomatically-generated-code","7.sei-cert-perl-coding-standard\u002F2.front-matter\u002F3.introduction\u002F09.automatically-generated-code",{"title":1673,"path":1674,"stem":1675},"Acknowledgements","\u002Fsei-cert-perl-coding-standard\u002Ffront-matter\u002Fintroduction\u002Facknowledgements","7.sei-cert-perl-coding-standard\u002F2.front-matter\u002F3.introduction\u002F11.acknowledgements",{"title":1677,"path":1678,"stem":1679,"children":1680},"Rules","\u002Fsei-cert-perl-coding-standard\u002Frules","7.sei-cert-perl-coding-standard\u002F3.rules\u002F1.index",[1681,1682,1700,1726,1736,1757,1761,1775,1785],{"title":1677,"path":1678,"stem":1679},{"title":1683,"path":1684,"stem":1685,"children":1686},"Declarations and Initialization (DCL)","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Fdeclarations-and-initialization-dcl","7.sei-cert-perl-coding-standard\u002F3.rules\u002F2.declarations-and-initialization-dcl\u002F1.index",[1687,1688,1692,1696],{"title":1683,"path":1684,"stem":1685},{"title":1689,"path":1690,"stem":1691},"DCL30-PL. Do not import deprecated modules","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Fdeclarations-and-initialization-dcl\u002Fdcl30-pl","7.sei-cert-perl-coding-standard\u002F3.rules\u002F2.declarations-and-initialization-dcl\u002F2.dcl30-pl",{"title":1693,"path":1694,"stem":1695},"DCL31-PL. Do not overload reserved keywords or subroutines","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Fdeclarations-and-initialization-dcl\u002Fdcl31-pl","7.sei-cert-perl-coding-standard\u002F3.rules\u002F2.declarations-and-initialization-dcl\u002F3.dcl31-pl",{"title":1697,"path":1698,"stem":1699},"DCL33-PL. Declare identifiers before using them","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Fdeclarations-and-initialization-dcl\u002Fdcl33-pl","7.sei-cert-perl-coding-standard\u002F3.rules\u002F2.declarations-and-initialization-dcl\u002F4.dcl33-pl",{"title":1701,"path":1702,"stem":1703,"children":1704},"Expressions (EXP)","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Fexpressions-exp","7.sei-cert-perl-coding-standard\u002F3.rules\u002F3.expressions-exp\u002F1.index",[1705,1706,1710,1714,1718,1722],{"title":1701,"path":1702,"stem":1703},{"title":1707,"path":1708,"stem":1709},"EXP30-PL. Do not use deprecated or obsolete functions or modules","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Fexpressions-exp\u002Fexp30-pl","7.sei-cert-perl-coding-standard\u002F3.rules\u002F3.expressions-exp\u002F2.exp30-pl",{"title":1711,"path":1712,"stem":1713},"EXP31-PL. Do not suppress or ignore exceptions","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Fexpressions-exp\u002Fexp31-pl","7.sei-cert-perl-coding-standard\u002F3.rules\u002F3.expressions-exp\u002F3.exp31-pl",{"title":1715,"path":1716,"stem":1717},"EXP32-PL. Do not ignore function return values","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Fexpressions-exp\u002Fexp32-pl","7.sei-cert-perl-coding-standard\u002F3.rules\u002F3.expressions-exp\u002F4.exp32-pl",{"title":1719,"path":1720,"stem":1721},"EXP33-PL. Do not invoke a function in a context for which it is not defined","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Fexpressions-exp\u002Fexp33-pl","7.sei-cert-perl-coding-standard\u002F3.rules\u002F3.expressions-exp\u002F5.exp33-pl",{"title":1723,"path":1724,"stem":1725},"EXP35-PL. Use the correct operator type for comparing values","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Fexpressions-exp\u002Fexp35-pl","7.sei-cert-perl-coding-standard\u002F3.rules\u002F3.expressions-exp\u002F6.exp35-pl",{"title":1727,"path":1728,"stem":1729,"children":1730},"File Input and Output (FIO)","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Ffile-input-and-output-fio","7.sei-cert-perl-coding-standard\u002F3.rules\u002F4.file-input-and-output-fio\u002F1.index",[1731,1732],{"title":1727,"path":1728,"stem":1729},{"title":1733,"path":1734,"stem":1735},"FIO30-PL. Use compatible character encodings when performing network or file I\u002FO","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Ffile-input-and-output-fio\u002Ffio30-pl","7.sei-cert-perl-coding-standard\u002F3.rules\u002F4.file-input-and-output-fio\u002F2.fio30-pl",{"title":1737,"path":1738,"stem":1739,"children":1740},"Input Validation and Data Sanitization (IDS)","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Finput-validation-and-data-sanitization-ids","7.sei-cert-perl-coding-standard\u002F3.rules\u002F5.input-validation-and-data-sanitization-ids\u002F1.index",[1741,1742,1746,1750,1751,1752,1753],{"title":1737,"path":1738,"stem":1739},{"title":1743,"path":1744,"stem":1745},"IDS30-PL. Exclude user input from format strings","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Finput-validation-and-data-sanitization-ids\u002Fids30-pl","7.sei-cert-perl-coding-standard\u002F3.rules\u002F5.input-validation-and-data-sanitization-ids\u002F2.ids30-pl",{"title":1747,"path":1748,"stem":1749},"IDS31-PL. Do not use the two-argument form of open()","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Finput-validation-and-data-sanitization-ids\u002Fids31-pl","7.sei-cert-perl-coding-standard\u002F3.rules\u002F5.input-validation-and-data-sanitization-ids\u002F3.ids31-pl",{"title":1609,"path":1517,"stem":1610},{"title":30,"path":1603,"stem":1605},{"title":1612,"path":1530,"stem":1613},{"title":1754,"path":1755,"stem":1756},"IDS35-PL. Do not invoke the eval form with a string argument","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Finput-validation-and-data-sanitization-ids\u002Fids35-pl","7.sei-cert-perl-coding-standard\u002F3.rules\u002F5.input-validation-and-data-sanitization-ids\u002F7.ids35-pl",{"title":1758,"path":1759,"stem":1760},"Integers (INT)","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Fintegers-int","7.sei-cert-perl-coding-standard\u002F3.rules\u002F6.integers-int",{"title":1762,"path":1763,"stem":1764,"children":1765},"Miscellaneous (MSC)","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Fmiscellaneous-msc","7.sei-cert-perl-coding-standard\u002F3.rules\u002F7.miscellaneous-msc\u002F1.index",[1766,1767,1771],{"title":1762,"path":1763,"stem":1764},{"title":1768,"path":1769,"stem":1770},"MSC31-PL. Do not embed global statements","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fmsc31-pl","7.sei-cert-perl-coding-standard\u002F3.rules\u002F7.miscellaneous-msc\u002F2.msc31-pl",{"title":1772,"path":1773,"stem":1774},"MSC32-PL. Do not provide a module's version value from outside the module","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fmsc32-pl","7.sei-cert-perl-coding-standard\u002F3.rules\u002F7.miscellaneous-msc\u002F3.msc32-pl",{"title":1776,"path":1777,"stem":1778,"children":1779},"Object-Oriented Programming (OOP)","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Fobject-oriented-programming-oop","7.sei-cert-perl-coding-standard\u002F3.rules\u002F8.object-oriented-programming-oop\u002F1.index",[1780,1781],{"title":1776,"path":1777,"stem":1778},{"title":1782,"path":1783,"stem":1784},"OOP32-PL. Prohibit indirect object call syntax","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Fobject-oriented-programming-oop\u002Foop32-pl","7.sei-cert-perl-coding-standard\u002F3.rules\u002F8.object-oriented-programming-oop\u002F2.oop32-pl",{"title":1786,"path":1787,"stem":1788,"children":1789},"Strings (STR)","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Fstrings-str","7.sei-cert-perl-coding-standard\u002F3.rules\u002F9.strings-str\u002F1.index",[1790,1791,1795],{"title":1786,"path":1787,"stem":1788},{"title":1792,"path":1793,"stem":1794},"STR30-PL. Capture variables should be read only immediately after a successful regex match","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Fstrings-str\u002Fstr30-pl","7.sei-cert-perl-coding-standard\u002F3.rules\u002F9.strings-str\u002F2.str30-pl",{"title":1796,"path":1797,"stem":1798},"STR31-PL. Do not pass string literals to functions expecting regexes","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Fstrings-str\u002Fstr31-pl","7.sei-cert-perl-coding-standard\u002F3.rules\u002F9.strings-str\u002F3.str31-pl",{"title":1800,"path":1801,"stem":1802,"children":1803},"Recommendations","\u002Fsei-cert-perl-coding-standard\u002Frecommendations","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F1.index",[1804,1805,1834,1867,1880,1893,1906,1931,1944],{"title":1800,"path":1801,"stem":1802},{"title":1683,"path":1806,"stem":1807,"children":1808},"\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F2.declarations-and-initialization-dcl\u002F1.index",[1809,1810,1814,1818,1822,1826,1830],{"title":1683,"path":1806,"stem":1807},{"title":1811,"path":1812,"stem":1813},"DCL00-PL. Do not use subroutine prototypes","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl00-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F2.declarations-and-initialization-dcl\u002F2.dcl00-pl",{"title":1815,"path":1816,"stem":1817},"DCL01-PL. Do not reuse variable names in subscopes","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl01-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F2.declarations-and-initialization-dcl\u002F3.dcl01-pl",{"title":1819,"path":1820,"stem":1821},"DCL02-PL. Any modified punctuation variable should be declared local","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl02-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F2.declarations-and-initialization-dcl\u002F4.dcl02-pl",{"title":1823,"path":1824,"stem":1825},"DCL03-PL. Do not read a foreach iterator variable after the loop has completed","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl03-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F2.declarations-and-initialization-dcl\u002F5.dcl03-pl",{"title":1827,"path":1828,"stem":1829},"DCL04-PL. Always initialize local variables","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl04-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F2.declarations-and-initialization-dcl\u002F6.dcl04-pl",{"title":1831,"path":1832,"stem":1833},"DCL05-PL. Prohibit Perl4 package names","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl05-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F2.declarations-and-initialization-dcl\u002F7.dcl05-pl",{"title":1701,"path":1835,"stem":1836,"children":1837},"\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fexpressions-exp","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F3.expressions-exp\u002F1.index",[1838,1839,1843,1847,1851,1855,1859,1863],{"title":1701,"path":1835,"stem":1836},{"title":1840,"path":1841,"stem":1842},"EXP00-PL. Do not return undef","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fexpressions-exp\u002Fexp00-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F3.expressions-exp\u002F2.exp00-pl",{"title":1844,"path":1845,"stem":1846},"EXP01-PL. Do not depend on the return value of functions that lack a return statement","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fexpressions-exp\u002Fexp01-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F3.expressions-exp\u002F3.exp01-pl",{"title":1848,"path":1849,"stem":1850},"EXP03-PL. Do not diminish the benefits of constants by assuming their values in expressions","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fexpressions-exp\u002Fexp03-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F3.expressions-exp\u002F4.exp03-pl",{"title":1852,"path":1853,"stem":1854},"EXP04-PL. Do not mix the early-precedence logical operators with late-precedence logical operators","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fexpressions-exp\u002Fexp04-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F3.expressions-exp\u002F5.exp04-pl",{"title":1856,"path":1857,"stem":1858},"EXP06-PL. Do not use an array in an implicit scalar context","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fexpressions-exp\u002Fexp06-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F3.expressions-exp\u002F6.exp06-pl",{"title":1860,"path":1861,"stem":1862},"EXP07-PL. Do not modify $_ in list or sorting functions","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fexpressions-exp\u002Fexp07-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F3.expressions-exp\u002F7.exp07-pl",{"title":1864,"path":1865,"stem":1866},"EXP08-PL. Do not use the one-argument form of select()","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fexpressions-exp\u002Fexp08-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F3.expressions-exp\u002F8.exp08-pl",{"title":1727,"path":1868,"stem":1869,"children":1870},"\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Ffile-input-and-output-fio","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F4.file-input-and-output-fio\u002F1.index",[1871,1872,1876],{"title":1727,"path":1868,"stem":1869},{"title":1873,"path":1874,"stem":1875},"FIO00-PL. Do not use bareword file handles","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Ffile-input-and-output-fio\u002Ffio00-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F4.file-input-and-output-fio\u002F2.fio00-pl",{"title":1877,"path":1878,"stem":1879},"FIO01-PL. Do not operate on files that can be modified by untrusted users","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Ffile-input-and-output-fio\u002Ffio01-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F4.file-input-and-output-fio\u002F3.fio01-pl",{"title":1737,"path":1881,"stem":1882,"children":1883},"\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Finput-validation-and-data-sanitization-ids","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F5.input-validation-and-data-sanitization-ids\u002F1.index",[1884,1885,1889],{"title":1737,"path":1881,"stem":1882},{"title":1886,"path":1887,"stem":1888},"IDS00-PL. Canonicalize path names before validating them","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Finput-validation-and-data-sanitization-ids\u002Fids00-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F5.input-validation-and-data-sanitization-ids\u002F2.ids00-pl",{"title":1890,"path":1891,"stem":1892},"IDS01-PL. Use taint mode while being aware of its limitations","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Finput-validation-and-data-sanitization-ids\u002Fids01-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F5.input-validation-and-data-sanitization-ids\u002F3.ids01-pl",{"title":1758,"path":1894,"stem":1895,"children":1896},"\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fintegers-int","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F6.integers-int\u002F1.index",[1897,1898,1902],{"title":1758,"path":1894,"stem":1895},{"title":1899,"path":1900,"stem":1901},"INT00-PL. Do not prepend leading zeroes to integer literals","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fintegers-int\u002Fint00-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F6.integers-int\u002F2.int00-pl",{"title":1903,"path":1904,"stem":1905},"INT01-PL. Use small integers when precise computation is required","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fintegers-int\u002Fint01-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F6.integers-int\u002F3.int01-pl",{"title":1762,"path":1907,"stem":1908,"children":1909},"\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F7.miscellaneous-msc\u002F1.index",[1910,1911,1915,1919,1923,1927],{"title":1762,"path":1907,"stem":1908},{"title":1912,"path":1913,"stem":1914},"MSC00-PL. Detect and remove dead code","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc00-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F7.miscellaneous-msc\u002F2.msc00-pl",{"title":1916,"path":1917,"stem":1918},"MSC01-PL. Detect and remove unused variables","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc01-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F7.miscellaneous-msc\u002F3.msc01-pl",{"title":1920,"path":1921,"stem":1922},"MSC02-PL. Run programs with full warnings and strict checking","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc02-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F7.miscellaneous-msc\u002F4.msc02-pl",{"title":1924,"path":1925,"stem":1926},"MSC03-PL. Do not use select() to sleep","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc03-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F7.miscellaneous-msc\u002F5.msc03-pl",{"title":1928,"path":1929,"stem":1930},"MSC04-PL. Do not use comma to separate statements","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc04-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F7.miscellaneous-msc\u002F6.msc04-pl",{"title":1776,"path":1932,"stem":1933,"children":1934},"\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fobject-oriented-programming-oop","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F8.object-oriented-programming-oop\u002F1.index",[1935,1936,1940],{"title":1776,"path":1932,"stem":1933},{"title":1937,"path":1938,"stem":1939},"OOP00-PL. Do not signify inheritence at runtime","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fobject-oriented-programming-oop\u002Foop00-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F8.object-oriented-programming-oop\u002F2.oop00-pl",{"title":1941,"path":1942,"stem":1943},"OOP01-PL. Do not access private variables or subroutines in other packages","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fobject-oriented-programming-oop\u002Foop01-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F8.object-oriented-programming-oop\u002F3.oop01-pl",{"title":1786,"path":1945,"stem":1946},"\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fstrings-str","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F9.strings-str",{"title":1948,"path":1949,"stem":1950,"children":1951},"Back Matter","\u002Fsei-cert-perl-coding-standard\u002Fback-matter","7.sei-cert-perl-coding-standard\u002F5.back-matter\u002F1.index",[1952,1953,1957,1987],{"title":1948,"path":1949,"stem":1950},{"title":1954,"path":1955,"stem":1956},"AA. Bibliography","\u002Fsei-cert-perl-coding-standard\u002Fback-matter\u002Faa-bibliography","7.sei-cert-perl-coding-standard\u002F5.back-matter\u002F2.aa-bibliography",{"title":1958,"path":1959,"stem":1960,"children":1961},"BB. Analyzers","\u002Fsei-cert-perl-coding-standard\u002Fback-matter\u002Fbb-analyzers","7.sei-cert-perl-coding-standard\u002F5.back-matter\u002F3.bb-analyzers\u002F1.index",[1962,1963,1967,1971,1975,1979,1983],{"title":1958,"path":1959,"stem":1960},{"title":1964,"path":1965,"stem":1966},"Critic","\u002Fsei-cert-perl-coding-standard\u002Fback-matter\u002Fbb-analyzers\u002Fcritic","7.sei-cert-perl-coding-standard\u002F5.back-matter\u002F3.bb-analyzers\u002F2.critic",{"title":1968,"path":1969,"stem":1970},"Critic_V","\u002Fsei-cert-perl-coding-standard\u002Fback-matter\u002Fbb-analyzers\u002Fcritic_v","7.sei-cert-perl-coding-standard\u002F5.back-matter\u002F3.bb-analyzers\u002F3.critic_v",{"title":1972,"path":1973,"stem":1974},"Lint","\u002Fsei-cert-perl-coding-standard\u002Fback-matter\u002Fbb-analyzers\u002Flint","7.sei-cert-perl-coding-standard\u002F5.back-matter\u002F3.bb-analyzers\u002F4.lint",{"title":1976,"path":1977,"stem":1978},"Lint_V","\u002Fsei-cert-perl-coding-standard\u002Fback-matter\u002Fbb-analyzers\u002Flint_v","7.sei-cert-perl-coding-standard\u002F5.back-matter\u002F3.bb-analyzers\u002F5.lint_v",{"title":1980,"path":1981,"stem":1982},"Security Reviewer - Static Reviewer","\u002Fsei-cert-perl-coding-standard\u002Fback-matter\u002Fbb-analyzers\u002Fsecurity-reviewer-static-reviewer","7.sei-cert-perl-coding-standard\u002F5.back-matter\u002F3.bb-analyzers\u002F6.security-reviewer-static-reviewer",{"title":1984,"path":1985,"stem":1986},"Security Reviewer - Static Reviewer_V","\u002Fsei-cert-perl-coding-standard\u002Fback-matter\u002Fbb-analyzers\u002Fsecurity-reviewer-static-reviewer_v","7.sei-cert-perl-coding-standard\u002F5.back-matter\u002F3.bb-analyzers\u002F7.security-reviewer-static-reviewer_v",{"title":1988,"path":1989,"stem":1990},"CC. Risk Assessments","\u002Fsei-cert-perl-coding-standard\u002Fback-matter\u002Fcc-risk-assessments","7.sei-cert-perl-coding-standard\u002F5.back-matter\u002F4.cc-risk-assessments",1775657793711]