[{"data":1,"prerenderedAt":1573},["ShallowReactive",2],{"global-navigation":3,"page-\u002Fsei-cert-perl-coding-standard\u002Frules\u002Finput-validation-and-data-sanitization-ids\u002Fids35-pl":28,"surround-\u002Fsei-cert-perl-coding-standard\u002Frules\u002Finput-validation-and-data-sanitization-ids\u002Fids35-pl":1188,"sidebar-sei-cert-perl-coding-standard":1196},[4,8],{"title":5,"path":6,"_path":6,"fromAppConfig":7},"Home","\u002F",true,{"title":9,"path":10,"children":11,"_path":27,"fromAppConfig":7},"Coding Standards","\u002Fcoding-standards\u002F",[12,15,18,21,24],{"title":13,"path":14},"Android Coding Standard","\u002Fandroid-secure-coding-standard\u002F",{"title":16,"path":17},"C Coding Standard","\u002Fsei-cert-c-coding-standard\u002F",{"title":19,"path":20},"C++ Coding Standard","\u002Fsei-cert-cpp-coding-standard\u002F",{"title":22,"path":23},"Java Coding Standard","\u002Fsei-cert-oracle-coding-standard-for-java\u002F",{"title":25,"path":26},"Perl Coding Standard","\u002Fsei-cert-perl-coding-standard\u002F","\u002Fcoding-standards",{"id":29,"title":30,"body":31,"description":1178,"extension":1179,"meta":1180,"navigation":7,"path":1184,"seo":1185,"stem":1186,"__hash__":1187},"content\u002F7.sei-cert-perl-coding-standard\u002F3.rules\u002F5.input-validation-and-data-sanitization-ids\u002F7.ids35-pl.md","IDS35-PL. Do not invoke the eval form with a string argument",{"type":32,"value":33,"toc":1170},"minimark",[34,38,47,66,69,90,102,107,116,222,225,267,270,327,330,376,380,389,444,447,566,569,572,605,614,617,637,687,693,728,735,836,838,849,887,890,902,966,969,975,1042,1046,1082,1086,1141,1144,1166],[35,36,30],"h1",{"id":37},"ids35-pl-do-not-invoke-the-eval-form-with-a-string-argument",[39,40,41,42,46],"p",{},"Perl's ",[43,44,45],"code",{},"eval"," built-in form provides programs with access to Perl's internal parser and evaluator. It may be called with a scalar argument (that is, a string) or with an expression that evaluates to a scalar argument, or it may be called with a block.",[39,48,49,50,52,53,56,57,59,60,62,63,65],{},"The ",[43,51,45],{}," built-in has one important role. It traps any errors that would otherwise be fatal to the program and stores them in the ",[43,54,55],{},"$@"," package variable. This role means that ",[43,58,45],{}," is critical to proper exception handling. If the code being evaluated is itself invalid (perhaps because it contains a syntax error), again, the error does not cause program termination, but is instead trapped by ",[43,61,45],{}," and saved in the ",[43,64,55],{}," variable.",[39,67,68],{},"When invoked with a block, the Perl parser compiles the block argument at the same time that it compiles the rest of the code, before it begins execution. Consequently, syntax errors or other compile-time errors are reported during compilation, before the program has begun executing.",[39,70,71,72,74,75,77,78,80,81,83,84,86,87,89],{},"However, when ",[43,73,45],{}," invoked with a string argument, the argument is parsed and compiled only when the ",[43,76,45],{}," form actually executes, at run-time. Consequently, a syntax error is reported only when the ",[43,79,45],{}," form is actually executed. Furthermore, the argument gets compiled every time that ",[43,82,45],{}," is executed. Consequently, the block form of ",[43,85,45],{}," has better performance and reliability than the string form of ",[43,88,45],{}," .",[39,91,92,93,95,96,98,99,101],{},"But, these issues aside, the string form of ",[43,94,45],{}," also allows it to execute any code. If an attacker can control the value of a scalar argument to ",[43,97,45],{}," , the attacker can cause any arbitrary code to be executed with the privileges of the running program. Therefore, the string form of ",[43,100,45],{}," must not be used.",[103,104,106],"h2",{"id":105},"noncompliant-code-example","Noncompliant Code Example",[39,108,109,110,112,113,115],{},"Perl normally signals a fatal error if division by zero occurs. The ",[43,111,45],{}," built-in can be used to prevent such an error from terminating the program. This noncompliant code example uses the string-based ",[43,114,45],{}," to reduce the severity of a division-by-zero error to a mere warning.",[117,118,120],"code-block",{"quality":119},"bad",[121,122,127],"pre",{"className":123,"code":124,"language":125,"meta":126,"style":126},"language-perl shiki shiki-themes github-light github-dark monokai","my $a = $ARGV[0];\nmy $b = $ARGV[1];\nmy $answer = 0;\neval qq{ \\$answer = $a \u002F $b };\ncarp $@ if $@;\nprint \"The quotient is $answer\\n\";\n","perl","",[43,128,129,142,150,158,189,201],{"__ignoreMap":126},[130,131,134,138],"span",{"class":132,"line":133},"line",1,[130,135,137],{"class":136},"sC2Qs","my",[130,139,141],{"class":140},"sMOD_"," $a = $ARGV[0];\n",[130,143,145,147],{"class":132,"line":144},2,[130,146,137],{"class":136},[130,148,149],{"class":140}," $b = $ARGV[1];\n",[130,151,153,155],{"class":132,"line":152},3,[130,154,137],{"class":136},[130,156,157],{"class":140}," $answer = 0;\n",[130,159,161,163,167,171,174,177,180,183,186],{"class":132,"line":160},4,[130,162,45],{"class":136},[130,164,166],{"class":165},"sstjo"," qq{ ",[130,168,170],{"class":169},"s7F3e","\\$",[130,172,173],{"class":165},"answer = ",[130,175,176],{"class":140},"$a",[130,178,179],{"class":165}," \u002F ",[130,181,182],{"class":140},"$b",[130,184,185],{"class":165}," }",[130,187,188],{"class":140},";\n",[130,190,192,195,198],{"class":132,"line":191},5,[130,193,194],{"class":140},"carp $@ ",[130,196,197],{"class":136},"if",[130,199,200],{"class":140}," $@;\n",[130,202,204,208,211,214,217,220],{"class":132,"line":203},6,[130,205,207],{"class":206},"sTrkL","print",[130,209,210],{"class":165}," \"The quotient is ",[130,212,213],{"class":140},"$answer",[130,215,216],{"class":169},"\\n",[130,218,219],{"class":165},"\"",[130,221,188],{"class":140},[39,223,224],{},"As shown below, when given normal input, this program behaves as expected:",[121,226,230],{"className":227,"code":228,"language":229,"meta":126,"style":126},"language-java shiki shiki-themes github-light github-dark monokai","% .\u002Fdivide.pl 18 3\nThe quotient is 6\n% \n","java",[43,231,232,250,262],{"__ignoreMap":126},[130,233,234,237,239,241,244,247],{"class":132,"line":133},[130,235,236],{"class":136},"%",[130,238,89],{"class":140},[130,240,6],{"class":136},[130,242,243],{"class":140},"divide.pl ",[130,245,246],{"class":169},"18",[130,248,249],{"class":169}," 3\n",[130,251,252,256,259],{"class":132,"line":144},[130,253,255],{"class":254},"sk8M1","The",[130,257,258],{"class":140}," quotient is ",[130,260,261],{"class":169},"6\n",[130,263,264],{"class":132,"line":152},[130,265,266],{"class":136},"%\n",[39,268,269],{},"It also gracefully handles division by zero:",[121,271,273],{"className":227,"code":272,"language":229,"meta":126,"style":126},"% .\u002Fdivide.pl 18 0\nIllegal division by zero at (eval 1) line 1.\nThe quotient is 0\n% \n",[43,274,275,290,314,323],{"__ignoreMap":126},[130,276,277,279,281,283,285,287],{"class":132,"line":133},[130,278,236],{"class":136},[130,280,89],{"class":140},[130,282,6],{"class":136},[130,284,243],{"class":140},[130,286,246],{"class":169},[130,288,289],{"class":169}," 0\n",[130,291,292,295,298,302,305,308,311],{"class":132,"line":144},[130,293,294],{"class":254},"Illegal",[130,296,297],{"class":140}," division by zero ",[130,299,301],{"class":300},"srTi1","at",[130,303,304],{"class":140}," (eval ",[130,306,307],{"class":169},"1",[130,309,310],{"class":140},") line ",[130,312,313],{"class":169},"1.\n",[130,315,316,318,320],{"class":132,"line":152},[130,317,255],{"class":254},[130,319,258],{"class":140},[130,321,322],{"class":169},"0\n",[130,324,325],{"class":132,"line":160},[130,326,266],{"class":136},[39,328,329],{},"But it also allows the caller to invoke arbitrary Perl code:",[121,331,333],{"className":227,"code":332,"language":229,"meta":126,"style":126},"% .\u002Fdivide.pl 18 '6 ; print \"Surprise!\\n\"'\nSurprise!\nThe quotient is 3\n% \n",[43,334,335,355,363,372],{"__ignoreMap":126},[130,336,337,339,341,343,345,347,350,352],{"class":132,"line":133},[130,338,236],{"class":136},[130,340,89],{"class":140},[130,342,6],{"class":136},[130,344,243],{"class":140},[130,346,246],{"class":169},[130,348,349],{"class":165}," '6 ; print \"Surprise!",[130,351,216],{"class":169},[130,353,354],{"class":165},"\"'\n",[130,356,357,360],{"class":132,"line":144},[130,358,359],{"class":140},"Surprise",[130,361,362],{"class":136},"!\n",[130,364,365,367,369],{"class":132,"line":152},[130,366,255],{"class":254},[130,368,258],{"class":140},[130,370,371],{"class":169},"3\n",[130,373,374],{"class":132,"line":160},[130,375,266],{"class":136},[103,377,379],{"id":378},"compliant-solution","Compliant Solution",[39,381,382,383,385,386,388],{},"This compliant solution uses the block-based form of ",[43,384,45],{}," . In addition to foiling any attempts to evaluate untrusted code, this form of ",[43,387,45],{}," parses its argument at compile time rather than run-time. Performance is improved, and any syntax errors with the code are still caught and reported.",[117,390,392],{"quality":391},"good",[121,393,395],{"className":123,"code":394,"language":125,"meta":126,"style":126},"my $a = $ARGV[0];\nmy $b = $ARGV[1];\nmy $answer = 0;\neval { $answer = $a \u002F $b; };\ncarp $@ if $@;\nprint \"The quotient is $answer\\n\";\n",[43,396,397,403,409,415,422,430],{"__ignoreMap":126},[130,398,399,401],{"class":132,"line":133},[130,400,137],{"class":136},[130,402,141],{"class":140},[130,404,405,407],{"class":132,"line":144},[130,406,137],{"class":136},[130,408,149],{"class":140},[130,410,411,413],{"class":132,"line":152},[130,412,137],{"class":136},[130,414,157],{"class":140},[130,416,417,419],{"class":132,"line":160},[130,418,45],{"class":136},[130,420,421],{"class":140}," { $answer = $a \u002F $b; };\n",[130,423,424,426,428],{"class":132,"line":191},[130,425,194],{"class":140},[130,427,197],{"class":136},[130,429,200],{"class":140},[130,431,432,434,436,438,440,442],{"class":132,"line":203},[130,433,207],{"class":206},[130,435,210],{"class":165},[130,437,213],{"class":140},[130,439,216],{"class":169},[130,441,219],{"class":165},[130,443,188],{"class":140},[39,445,446],{},"As shown below, this code behaves as in the previous example, but the division operation causes a warning when given non-numeric (malicious) input and ignores the malicious code.",[121,448,450],{"className":227,"code":449,"language":229,"meta":126,"style":126},"% .\u002Fdivide.pl 18 3\nThe quotient is 6\n% .\u002Fdivide.pl 18 0\nIllegal division by zero at .\u002Fdivide.pl line 12.\nThe quotient is 0\n% .\u002Fdivide.pl 18 '6 ; print \"Surprise!\\n\"'\nArgument \"6 ; print \"Surprise!\\\\n\"\" isn't numeric in division (\u002F) at .\u002Fdivide.pl line 12.\nThe quotient is 3\n% \n",[43,451,452,466,474,488,503,511,529,555,561],{"__ignoreMap":126},[130,453,454,456,458,460,462,464],{"class":132,"line":133},[130,455,236],{"class":136},[130,457,89],{"class":140},[130,459,6],{"class":136},[130,461,243],{"class":140},[130,463,246],{"class":169},[130,465,249],{"class":169},[130,467,468,470,472],{"class":132,"line":144},[130,469,255],{"class":254},[130,471,258],{"class":140},[130,473,261],{"class":169},[130,475,476,478,480,482,484,486],{"class":132,"line":152},[130,477,236],{"class":136},[130,479,89],{"class":140},[130,481,6],{"class":136},[130,483,243],{"class":140},[130,485,246],{"class":169},[130,487,289],{"class":169},[130,489,490,492,495,497,500],{"class":132,"line":160},[130,491,294],{"class":254},[130,493,494],{"class":140}," division by zero at .",[130,496,6],{"class":136},[130,498,499],{"class":140},"divide.pl line ",[130,501,502],{"class":169},"12.\n",[130,504,505,507,509],{"class":132,"line":191},[130,506,255],{"class":254},[130,508,258],{"class":140},[130,510,322],{"class":169},[130,512,513,515,517,519,521,523,525,527],{"class":132,"line":203},[130,514,236],{"class":136},[130,516,89],{"class":140},[130,518,6],{"class":136},[130,520,243],{"class":140},[130,522,246],{"class":169},[130,524,349],{"class":165},[130,526,216],{"class":169},[130,528,354],{"class":165},[130,530,532,535,538,540,543,546,549,552],{"class":132,"line":531},7,[130,533,534],{"class":140},"Argument ",[130,536,537],{"class":165},"\"6 ; print \"",[130,539,359],{"class":140},[130,541,542],{"class":136},"!",[130,544,545],{"class":140},"\\\\n",[130,547,548],{"class":165},"\"\"",[130,550,551],{"class":140}," isn",[130,553,554],{"class":165},"'t numeric in division (\u002F) at .\u002Fdivide.pl line 12.\n",[130,556,558],{"class":132,"line":557},8,[130,559,560],{"class":165},"The quotient is 3\n",[130,562,564],{"class":132,"line":563},9,[130,565,266],{"class":165},[103,567,106],{"id":568},"noncompliant-code-example-1",[39,570,571],{},"This noncompliant code example attempts to load a module that is specified by a variable.",[117,573,574],{"quality":119},[121,575,577],{"className":123,"code":576,"language":125,"meta":126,"style":126},"my $module = \"Foo::Bar\";\n# ...\nrequire $module;\n",[43,578,579,591,597],{"__ignoreMap":126},[130,580,581,583,586,589],{"class":132,"line":133},[130,582,137],{"class":136},[130,584,585],{"class":140}," $module = ",[130,587,588],{"class":165},"\"Foo::Bar\"",[130,590,188],{"class":140},[130,592,593],{"class":132,"line":144},[130,594,596],{"class":595},"s8-w5","# ...\n",[130,598,599,602],{"class":132,"line":152},[130,600,601],{"class":136},"require",[130,603,604],{"class":140}," $module;\n",[39,606,607,608,610,611,89],{},"This code does not behave properly, as ",[43,609,601],{}," does no pathname interpolation when loading a module specified by a variable, and so it attempts to search the filesystem for a file named ",[43,612,613],{},"Foo::Bar",[103,615,106],{"id":616},"noncompliant-code-example-2",[39,618,49,619,626,627,629,630,632,633,636],{},[620,621,625],"a",{"href":622,"rel":623},"http:\u002F\u002Fperldoc.perl.org\u002Ffunctions\u002Frequire.html",[624],"nofollow","perlfunc"," manpage recommends using the string-based form of ",[43,628,45],{}," when importing a module with ",[43,631,601],{}," or ",[43,634,635],{},"use"," , where the name of the module may be stored in a variable. To wit:",[638,639,640,643,651,658,661,676,682],"blockquote",{},[39,641,642],{},"If EXPR is a bareword, the require assumes a \".pm\" extension and replaces \"::\" with \"\u002F\" in the filename for you, to make it easy to load standard modules. ... In other words, if you try this:",[39,644,645],{},[646,647,648],"em",{},[43,649,650],{},"          require          Foo::Bar; # a splendid bareword   ",[39,652,653,654,657],{},"the require function will actually look for the \"Foo\u002FBar.pm\" file in the directories specified in the ",[43,655,656],{},"@INC"," array.",[39,659,660],{},"But if you try this:",[39,662,663,666,667,666,670,666,673],{},[43,664,665],{},"        $class = 'Foo::Bar';      ",">",[43,668,669],{},"              require          $class; # $class is not a bareword      ",[43,671,672],{},"        # or      ",[43,674,675],{},"              require          \"Foo::Bar\"; # not a bareword because of the \"\"      ",[39,677,678,679,681],{},"the require function will look for the \"Foo::Bar\" file in the ",[43,680,656],{}," array and will complain about not finding \"Foo::Bar\" there. In this case you can do:",[39,683,684],{},[43,685,686],{},"              eval          \"require $class\";      ",[39,688,689,690,692],{},"This noncompliant code example uses ",[43,691,45],{}," to load a module specified by a variable.",[117,694,695],{"quality":119},[121,696,698],{"className":123,"code":697,"language":125,"meta":126,"style":126},"my $module = \"Foo::Bar\";\n# ...\neval \"require $module\";\n",[43,699,700,710,714],{"__ignoreMap":126},[130,701,702,704,706,708],{"class":132,"line":133},[130,703,137],{"class":136},[130,705,585],{"class":140},[130,707,588],{"class":165},[130,709,188],{"class":140},[130,711,712],{"class":132,"line":144},[130,713,596],{"class":595},[130,715,716,718,721,724,726],{"class":132,"line":152},[130,717,45],{"class":136},[130,719,720],{"class":165}," \"require ",[130,722,723],{"class":140},"$module",[130,725,219],{"class":165},[130,727,188],{"class":140},[39,729,730,731,734],{},"While this code properly searches the include paths for the file ",[43,732,733],{},"Foo\u002FBar.pm"," , it also suffers from command injection, as shown in the following transcript:",[121,736,738],{"className":227,"code":737,"language":229,"meta":126,"style":126},"% perl -e 'eval \"use $ARGV[0]\";'  'Foo::Bar'\npackage Foo::Bar loaded\n% perl -e 'eval \"use $ARGV[0]\";'  'Foo::Bar ; print \"Surprise!\\n\"'\npackage Foo::Bar loaded\nSurprise!\n% \n",[43,739,740,759,778,822,827,832],{"__ignoreMap":126},[130,741,742,744,747,750,753,756],{"class":132,"line":133},[130,743,236],{"class":136},[130,745,746],{"class":140}," perl ",[130,748,749],{"class":136},"-",[130,751,752],{"class":140},"e ",[130,754,755],{"class":165},"'eval \"use $ARGV[0]\";'",[130,757,758],{"class":165},"  'Foo::Bar'\n",[130,760,761,764,768,772,775],{"class":132,"line":144},[130,762,763],{"class":136},"package",[130,765,767],{"class":766},"st05x"," F",[130,769,771],{"class":770},"s-ngx","oo::",[130,773,774],{"class":766},"B",[130,776,777],{"class":770},"ar loaded\n",[130,779,780,783,785,788,791,794,797,800,803,806,809,812,815,818,820],{"class":132,"line":152},[130,781,782],{"class":770},"% perl ",[130,784,749],{"class":766},[130,786,787],{"class":770},"e 'eval \"use $",[130,789,790],{"class":766},"ARGV",[130,792,793],{"class":770},"[",[130,795,796],{"class":766},"0",[130,798,799],{"class":770},"]\"",[130,801,802],{"class":140},";",[130,804,805],{"class":165},"'  '",[130,807,808],{"class":140},"Foo",[130,810,811],{"class":136},"::",[130,813,814],{"class":140},"Bar ; print ",[130,816,817],{"class":165},"\"Surprise!",[130,819,216],{"class":169},[130,821,354],{"class":165},[130,823,824],{"class":132,"line":160},[130,825,826],{"class":165},"package Foo::Bar loaded\n",[130,828,829],{"class":132,"line":191},[130,830,831],{"class":165},"Surprise!\n",[130,833,834],{"class":132,"line":203},[130,835,266],{"class":165},[39,837,379],{},[39,839,840,841,844,845,848],{},"This compliant solution uses the built-in ",[43,842,843],{},"Module::Load"," package which provides the ability to import modules specified by a variable. The ",[43,846,847],{},"load"," function prevents command injection.",[117,850,851],{"quality":391},[121,852,854],{"className":123,"code":853,"language":125,"meta":126,"style":126},"use Module::Load;\n \nmy $module = \"Foo::Bar\";\n# ...\nload $module;\n",[43,855,856,863,868,878,882],{"__ignoreMap":126},[130,857,858,860],{"class":132,"line":133},[130,859,635],{"class":136},[130,861,862],{"class":140}," Module::Load;\n",[130,864,865],{"class":132,"line":144},[130,866,867],{"class":140}," \n",[130,869,870,872,874,876],{"class":132,"line":152},[130,871,137],{"class":136},[130,873,585],{"class":140},[130,875,588],{"class":165},[130,877,188],{"class":140},[130,879,880],{"class":132,"line":160},[130,881,596],{"class":595},[130,883,884],{"class":132,"line":191},[130,885,886],{"class":140},"load $module;\n",[39,888,889],{},"Exceptions",[39,891,892,896,897,899,900,89],{},[893,894,895],"strong",{},"IDS35-PL-EX0"," : This rule specifically forbids passing a scalar string or expression to ",[43,898,45],{}," . It does not forbid passing a block to ",[43,901,45],{},[121,903,905],{"className":227,"code":904,"language":229,"meta":126,"style":126},"eval  $x ;    # string-based, noncompliant, evaluates value of $x\neval \"$x\";    # string-based, noncompliant, evaluates value of $x\neval '$x';    # string-based, noncompliant, returns value of $x (unevaluated)\neval {$x};    #  block-based,    compliant, returns value of $x (unevaluated)\n",[43,906,907,917,932,952],{"__ignoreMap":126},[130,908,909,912,914],{"class":132,"line":133},[130,910,911],{"class":140},"eval  $x ;    # string",[130,913,749],{"class":136},[130,915,916],{"class":140},"based, noncompliant, evaluates value of $x\n",[130,918,919,922,925,928,930],{"class":132,"line":144},[130,920,921],{"class":140},"eval ",[130,923,924],{"class":165},"\"$x\"",[130,926,927],{"class":140},";    # string",[130,929,749],{"class":136},[130,931,916],{"class":140},[130,933,934,936,939,941,943,946,949],{"class":132,"line":152},[130,935,921],{"class":140},[130,937,938],{"class":165},"'$x'",[130,940,927],{"class":140},[130,942,749],{"class":136},[130,944,945],{"class":140},"based, noncompliant, returns value of ",[130,947,948],{"class":300},"$x",[130,950,951],{"class":140}," (unevaluated)\n",[130,953,954,957,959,962,964],{"class":132,"line":160},[130,955,956],{"class":140},"eval {$x};    #  block",[130,958,749],{"class":136},[130,960,961],{"class":140},"based,    compliant, returns value of ",[130,963,948],{"class":300},[130,965,951],{"class":140},[39,967,968],{},"Risk Assessment",[39,970,971,972,974],{},"Using string-based ",[43,973,45],{}," can lead to arbitrary code execution.",[976,977,978,979,978,1009],"table",{},"\n  ",[980,981,982,983,978],"thead",{},"\n    ",[984,985,986,987,986,991,986,994,986,997,986,1000,986,1003,986,1006,982],"tr",{},"\n      ",[988,989,990],"th",{},"Rule",[988,992,993],{},"Severity",[988,995,996],{},"Likelihood",[988,998,999],{},"Detectable",[988,1001,1002],{},"Repairable",[988,1004,1005],{},"Priority",[988,1007,1008],{},"Level",[1010,1011,982,1012,978],"tbody",{},[984,1013,986,1014,986,1018,986,1021,986,1024,986,1027,986,1030,986,1037,982],{},[1015,1016,1017],"td",{},"IDS35-PL",[1015,1019,1020],{},"high",[1015,1022,1023],{},"likely",[1015,1025,1026],{},"Yes",[1015,1028,1029],{},"No",[1015,1031,1033],{"style":1032},"color: #e74c3c;",[1034,1035,1036],"b",{},"P18",[1015,1038,1039],{"style":1032},[1034,1040,1041],{},"L1",[103,1043,1045],{"id":1044},"automated-detection","Automated Detection",[976,1047,1048,1056],{},[980,1049,1050],{},[984,1051,1052,1054],{},[988,1053],{},[988,1055],{},[1010,1057,1058,1066,1074],{},[984,1059,1060,1063],{},[1015,1061,1062],{},"Tool",[1015,1064,1065],{},"Diagnostic",[984,1067,1068,1071],{},[1015,1069,1070],{},"Perl::Critic",[1015,1072,1073],{},"BuiltinFunctions::ProhibitStringyEval",[984,1075,1076,1079],{},[1015,1077,1078],{},"Taint mode",[1015,1080,1081],{},"Insecure dependency in eval",[103,1083,1085],{"id":1084},"bibliography","Bibliography",[976,1087,1088,1096],{},[980,1089,1090],{},[984,1091,1092,1094],{},[988,1093],{},[988,1095],{},[1010,1097,1098,1111,1127],{},[984,1099,1100,1108],{},[1015,1101,1102,1103,1107],{},"[ ",[620,1104,1106],{"href":1105},"\u002Fsei-cert-perl-coding-standard\u002Fback-matter\u002Faa-bibliography#AA.Bibliography-Conway05","Conway 2005"," ]",[1015,1109,1110],{},"\"String Evaluations,\" p. 161",[984,1112,1113,1120],{},[1015,1114,1102,1115,1107],{},[620,1116,1119],{"href":1117,"rel":1118},"http:\u002F\u002Fwww.kb.cert.org\u002Fvuls\u002Fid\u002F259785",[624],"VU#671444",[1015,1121,1122],{},[620,1123,1126],{"href":1124,"rel":1125},"http:\u002F\u002Fwww.kb.cert.org\u002Fvuls\u002Fid\u002F671444",[624],"Input validation error in quikstore.cgi allows attackers to execute commands",[984,1128,1129,1135],{},[1015,1130,1102,1131,1107],{},[620,1132,1134],{"href":1133},"\u002Fsei-cert-perl-coding-standard\u002Fback-matter\u002Faa-bibliography#AA.Bibliography-Manpages","Wall 2011",[1015,1136,1137],{},[620,1138,625],{"href":1139,"rel":1140},"http:\u002F\u002Fperldoc.perl.org\u002Fperlfunc.html",[624],[1142,1143],"hr",{},[39,1145,1146,1153,1154,1153,1160],{},[620,1147,1149],{"href":1148},"\u002Fsei-cert-perl-coding-standard\u002Frules\u002Finput-validation-and-data-sanitization-ids\u002Fids34-pl",[1150,1151],"img",{"src":1152},"\u002Fattachments\u002F88890562\u002F88892207.png"," ",[620,1155,1157],{"href":1156},"\u002Fsei-cert-perl-coding-standard\u002Frules\u002Finput-validation-and-data-sanitization-ids\u002F",[1150,1158],{"src":1159},"\u002Fattachments\u002F88890562\u002F88892209.png",[620,1161,1163],{"href":1162},"\u002Fsei-cert-perl-coding-standard\u002Frules\u002Fdeclarations-and-initialization-dcl\u002F",[1150,1164],{"src":1165},"\u002Fattachments\u002F88890562\u002F88892208.png",[1167,1168,1169],"style",{},"html pre.shiki code .sC2Qs, html code.shiki .sC2Qs{--shiki-default:#D73A49;--shiki-dark:#F97583;--shiki-sepia:#F92672}html pre.shiki code .sMOD_, html code.shiki .sMOD_{--shiki-default:#24292E;--shiki-dark:#E1E4E8;--shiki-sepia:#F8F8F2}html pre.shiki code .sstjo, html code.shiki .sstjo{--shiki-default:#032F62;--shiki-dark:#9ECBFF;--shiki-sepia:#E6DB74}html pre.shiki code .s7F3e, html code.shiki .s7F3e{--shiki-default:#005CC5;--shiki-dark:#79B8FF;--shiki-sepia:#AE81FF}html pre.shiki code .sTrkL, html code.shiki .sTrkL{--shiki-default:#005CC5;--shiki-dark:#79B8FF;--shiki-sepia:#66D9EF}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html .sepia .shiki span {color: var(--shiki-sepia);background: var(--shiki-sepia-bg);font-style: var(--shiki-sepia-font-style);font-weight: var(--shiki-sepia-font-weight);text-decoration: var(--shiki-sepia-text-decoration);}html.sepia .shiki span {color: var(--shiki-sepia);background: var(--shiki-sepia-bg);font-style: var(--shiki-sepia-font-style);font-weight: var(--shiki-sepia-font-weight);text-decoration: var(--shiki-sepia-text-decoration);}html pre.shiki code .sk8M1, html code.shiki .sk8M1{--shiki-default:#24292E;--shiki-default-font-style:inherit;--shiki-dark:#E1E4E8;--shiki-dark-font-style:inherit;--shiki-sepia:#66D9EF;--shiki-sepia-font-style:italic}html pre.shiki code .srTi1, html code.shiki .srTi1{--shiki-default:#6F42C1;--shiki-dark:#B392F0;--shiki-sepia:#A6E22E}html pre.shiki code .s8-w5, html code.shiki .s8-w5{--shiki-default:#6A737D;--shiki-dark:#6A737D;--shiki-sepia:#88846F}html pre.shiki code .st05x, html code.shiki .st05x{--shiki-default:#B31D28;--shiki-default-font-style:italic;--shiki-dark:#FDAEB7;--shiki-dark-font-style:italic;--shiki-sepia:#F44747;--shiki-sepia-font-style:inherit}html pre.shiki code .s-ngx, html code.shiki .s-ngx{--shiki-default:#24292E;--shiki-dark:#E1E4E8;--shiki-sepia:#F92672}",{"title":126,"searchDepth":144,"depth":144,"links":1171},[1172,1173,1174,1175,1176,1177],{"id":105,"depth":144,"text":106},{"id":378,"depth":144,"text":379},{"id":568,"depth":144,"text":106},{"id":616,"depth":144,"text":106},{"id":1044,"depth":144,"text":1045},{"id":1084,"depth":144,"text":1085},"Perl's eval built-in form provides programs with access to Perl's internal parser and evaluator. It may be called with a scalar argument (that is, a string) or with an expression that evaluates to a scalar argument, or it may be called with a block.","md",{"tags":1181},[1182,1183],"ids","rule","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Finput-validation-and-data-sanitization-ids\u002Fids35-pl",{"title":30,"description":1178},"7.sei-cert-perl-coding-standard\u002F3.rules\u002F5.input-validation-and-data-sanitization-ids\u002F7.ids35-pl","2r2WCOLIU4v-2OQhScxOw5DsT4yWQzHvvv6wwt1EpoQ",[1189,1192],{"title":1190,"path":1148,"stem":1191,"children":-1},"IDS34-PL. Do not pass untrusted, unsanitized data to a command interpreter","7.sei-cert-perl-coding-standard\u002F3.rules\u002F5.input-validation-and-data-sanitization-ids\u002F6.ids34-pl",{"title":1193,"path":1194,"stem":1195,"children":-1},"Integers (INT)","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Fintegers-int","7.sei-cert-perl-coding-standard\u002F3.rules\u002F6.integers-int",[1197],{"title":1198,"path":1199,"stem":1200,"children":1201},"SEI CERT Perl Coding Standard","\u002Fsei-cert-perl-coding-standard","7.sei-cert-perl-coding-standard\u002F1.index",[1202,1203,1258,1381,1529],{"title":1198,"path":1199,"stem":1200},{"title":1204,"path":1205,"stem":1206,"children":1207},"Front Matter","\u002Fsei-cert-perl-coding-standard\u002Ffront-matter","7.sei-cert-perl-coding-standard\u002F2.front-matter\u002F1.index",[1208,1209,1213],{"title":1204,"path":1205,"stem":1206},{"title":1210,"path":1211,"stem":1212},"Deprecations","\u002Fsei-cert-perl-coding-standard\u002Ffront-matter\u002Fdeprecations","7.sei-cert-perl-coding-standard\u002F2.front-matter\u002F2.deprecations",{"title":1214,"path":1215,"stem":1216,"children":1217},"Introduction","\u002Fsei-cert-perl-coding-standard\u002Ffront-matter\u002Fintroduction","7.sei-cert-perl-coding-standard\u002F2.front-matter\u002F3.introduction\u002F01.index",[1218,1219,1223,1227,1231,1235,1239,1243,1246,1250,1254],{"title":1214,"path":1215,"stem":1216},{"title":1220,"path":1221,"stem":1222},"Scope","\u002Fsei-cert-perl-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fscope","7.sei-cert-perl-coding-standard\u002F2.front-matter\u002F3.introduction\u002F01.scope",{"title":1224,"path":1225,"stem":1226},"Tool Selection and Validation","\u002Fsei-cert-perl-coding-standard\u002Ffront-matter\u002Fintroduction\u002Ftool-selection-and-validation","7.sei-cert-perl-coding-standard\u002F2.front-matter\u002F3.introduction\u002F02.tool-selection-and-validation",{"title":1228,"path":1229,"stem":1230},"Rules versus Recommendations","\u002Fsei-cert-perl-coding-standard\u002Ffront-matter\u002Fintroduction\u002Frules-versus-recommendations","7.sei-cert-perl-coding-standard\u002F2.front-matter\u002F3.introduction\u002F03.rules-versus-recommendations",{"title":1232,"path":1233,"stem":1234},"Development Process","\u002Fsei-cert-perl-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fdevelopment-process","7.sei-cert-perl-coding-standard\u002F2.front-matter\u002F3.introduction\u002F04.development-process",{"title":1236,"path":1237,"stem":1238},"Usage","\u002Fsei-cert-perl-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fusage","7.sei-cert-perl-coding-standard\u002F2.front-matter\u002F3.introduction\u002F05.usage",{"title":1240,"path":1241,"stem":1242},"System Qualities","\u002Fsei-cert-perl-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fsystem-qualities","7.sei-cert-perl-coding-standard\u002F2.front-matter\u002F3.introduction\u002F06.system-qualities",{"title":968,"path":1244,"stem":1245},"\u002Fsei-cert-perl-coding-standard\u002Ffront-matter\u002Fintroduction\u002Frisk-assessment","7.sei-cert-perl-coding-standard\u002F2.front-matter\u002F3.introduction\u002F07.risk-assessment",{"title":1247,"path":1248,"stem":1249},"Source Code Validation","\u002Fsei-cert-perl-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fsource-code-validation","7.sei-cert-perl-coding-standard\u002F2.front-matter\u002F3.introduction\u002F08.source-code-validation",{"title":1251,"path":1252,"stem":1253},"Automatically Generated Code","\u002Fsei-cert-perl-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fautomatically-generated-code","7.sei-cert-perl-coding-standard\u002F2.front-matter\u002F3.introduction\u002F09.automatically-generated-code",{"title":1255,"path":1256,"stem":1257},"Acknowledgements","\u002Fsei-cert-perl-coding-standard\u002Ffront-matter\u002Fintroduction\u002Facknowledgements","7.sei-cert-perl-coding-standard\u002F2.front-matter\u002F3.introduction\u002F11.acknowledgements",{"title":1259,"path":1260,"stem":1261,"children":1262},"Rules","\u002Fsei-cert-perl-coding-standard\u002Frules","7.sei-cert-perl-coding-standard\u002F3.rules\u002F1.index",[1263,1264,1282,1308,1318,1342,1343,1357,1367],{"title":1259,"path":1260,"stem":1261},{"title":1265,"path":1266,"stem":1267,"children":1268},"Declarations and Initialization (DCL)","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Fdeclarations-and-initialization-dcl","7.sei-cert-perl-coding-standard\u002F3.rules\u002F2.declarations-and-initialization-dcl\u002F1.index",[1269,1270,1274,1278],{"title":1265,"path":1266,"stem":1267},{"title":1271,"path":1272,"stem":1273},"DCL30-PL. Do not import deprecated modules","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Fdeclarations-and-initialization-dcl\u002Fdcl30-pl","7.sei-cert-perl-coding-standard\u002F3.rules\u002F2.declarations-and-initialization-dcl\u002F2.dcl30-pl",{"title":1275,"path":1276,"stem":1277},"DCL31-PL. Do not overload reserved keywords or subroutines","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Fdeclarations-and-initialization-dcl\u002Fdcl31-pl","7.sei-cert-perl-coding-standard\u002F3.rules\u002F2.declarations-and-initialization-dcl\u002F3.dcl31-pl",{"title":1279,"path":1280,"stem":1281},"DCL33-PL. Declare identifiers before using them","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Fdeclarations-and-initialization-dcl\u002Fdcl33-pl","7.sei-cert-perl-coding-standard\u002F3.rules\u002F2.declarations-and-initialization-dcl\u002F4.dcl33-pl",{"title":1283,"path":1284,"stem":1285,"children":1286},"Expressions (EXP)","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Fexpressions-exp","7.sei-cert-perl-coding-standard\u002F3.rules\u002F3.expressions-exp\u002F1.index",[1287,1288,1292,1296,1300,1304],{"title":1283,"path":1284,"stem":1285},{"title":1289,"path":1290,"stem":1291},"EXP30-PL. Do not use deprecated or obsolete functions or modules","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Fexpressions-exp\u002Fexp30-pl","7.sei-cert-perl-coding-standard\u002F3.rules\u002F3.expressions-exp\u002F2.exp30-pl",{"title":1293,"path":1294,"stem":1295},"EXP31-PL. Do not suppress or ignore exceptions","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Fexpressions-exp\u002Fexp31-pl","7.sei-cert-perl-coding-standard\u002F3.rules\u002F3.expressions-exp\u002F3.exp31-pl",{"title":1297,"path":1298,"stem":1299},"EXP32-PL. Do not ignore function return values","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Fexpressions-exp\u002Fexp32-pl","7.sei-cert-perl-coding-standard\u002F3.rules\u002F3.expressions-exp\u002F4.exp32-pl",{"title":1301,"path":1302,"stem":1303},"EXP33-PL. Do not invoke a function in a context for which it is not defined","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Fexpressions-exp\u002Fexp33-pl","7.sei-cert-perl-coding-standard\u002F3.rules\u002F3.expressions-exp\u002F5.exp33-pl",{"title":1305,"path":1306,"stem":1307},"EXP35-PL. Use the correct operator type for comparing values","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Fexpressions-exp\u002Fexp35-pl","7.sei-cert-perl-coding-standard\u002F3.rules\u002F3.expressions-exp\u002F6.exp35-pl",{"title":1309,"path":1310,"stem":1311,"children":1312},"File Input and Output (FIO)","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Ffile-input-and-output-fio","7.sei-cert-perl-coding-standard\u002F3.rules\u002F4.file-input-and-output-fio\u002F1.index",[1313,1314],{"title":1309,"path":1310,"stem":1311},{"title":1315,"path":1316,"stem":1317},"FIO30-PL. Use compatible character encodings when performing network or file I\u002FO","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Ffile-input-and-output-fio\u002Ffio30-pl","7.sei-cert-perl-coding-standard\u002F3.rules\u002F4.file-input-and-output-fio\u002F2.fio30-pl",{"title":1319,"path":1320,"stem":1321,"children":1322},"Input Validation and Data Sanitization (IDS)","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Finput-validation-and-data-sanitization-ids","7.sei-cert-perl-coding-standard\u002F3.rules\u002F5.input-validation-and-data-sanitization-ids\u002F1.index",[1323,1324,1328,1332,1336,1340,1341],{"title":1319,"path":1320,"stem":1321},{"title":1325,"path":1326,"stem":1327},"IDS30-PL. Exclude user input from format strings","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Finput-validation-and-data-sanitization-ids\u002Fids30-pl","7.sei-cert-perl-coding-standard\u002F3.rules\u002F5.input-validation-and-data-sanitization-ids\u002F2.ids30-pl",{"title":1329,"path":1330,"stem":1331},"IDS31-PL. Do not use the two-argument form of open()","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Finput-validation-and-data-sanitization-ids\u002Fids31-pl","7.sei-cert-perl-coding-standard\u002F3.rules\u002F5.input-validation-and-data-sanitization-ids\u002F3.ids31-pl",{"title":1333,"path":1334,"stem":1335},"IDS32-PL. Validate any integer that is used as an array index","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Finput-validation-and-data-sanitization-ids\u002Fids32-pl","7.sei-cert-perl-coding-standard\u002F3.rules\u002F5.input-validation-and-data-sanitization-ids\u002F4.ids32-pl",{"title":1337,"path":1338,"stem":1339},"IDS33-PL. Sanitize untrusted data passed across a trust boundary","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Finput-validation-and-data-sanitization-ids\u002Fids33-pl","7.sei-cert-perl-coding-standard\u002F3.rules\u002F5.input-validation-and-data-sanitization-ids\u002F5.ids33-pl",{"title":1190,"path":1148,"stem":1191},{"title":30,"path":1184,"stem":1186},{"title":1193,"path":1194,"stem":1195},{"title":1344,"path":1345,"stem":1346,"children":1347},"Miscellaneous (MSC)","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Fmiscellaneous-msc","7.sei-cert-perl-coding-standard\u002F3.rules\u002F7.miscellaneous-msc\u002F1.index",[1348,1349,1353],{"title":1344,"path":1345,"stem":1346},{"title":1350,"path":1351,"stem":1352},"MSC31-PL. Do not embed global statements","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fmsc31-pl","7.sei-cert-perl-coding-standard\u002F3.rules\u002F7.miscellaneous-msc\u002F2.msc31-pl",{"title":1354,"path":1355,"stem":1356},"MSC32-PL. Do not provide a module's version value from outside the module","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fmsc32-pl","7.sei-cert-perl-coding-standard\u002F3.rules\u002F7.miscellaneous-msc\u002F3.msc32-pl",{"title":1358,"path":1359,"stem":1360,"children":1361},"Object-Oriented Programming (OOP)","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Fobject-oriented-programming-oop","7.sei-cert-perl-coding-standard\u002F3.rules\u002F8.object-oriented-programming-oop\u002F1.index",[1362,1363],{"title":1358,"path":1359,"stem":1360},{"title":1364,"path":1365,"stem":1366},"OOP32-PL. Prohibit indirect object call syntax","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Fobject-oriented-programming-oop\u002Foop32-pl","7.sei-cert-perl-coding-standard\u002F3.rules\u002F8.object-oriented-programming-oop\u002F2.oop32-pl",{"title":1368,"path":1369,"stem":1370,"children":1371},"Strings (STR)","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Fstrings-str","7.sei-cert-perl-coding-standard\u002F3.rules\u002F9.strings-str\u002F1.index",[1372,1373,1377],{"title":1368,"path":1369,"stem":1370},{"title":1374,"path":1375,"stem":1376},"STR30-PL. Capture variables should be read only immediately after a successful regex match","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Fstrings-str\u002Fstr30-pl","7.sei-cert-perl-coding-standard\u002F3.rules\u002F9.strings-str\u002F2.str30-pl",{"title":1378,"path":1379,"stem":1380},"STR31-PL. Do not pass string literals to functions expecting regexes","\u002Fsei-cert-perl-coding-standard\u002Frules\u002Fstrings-str\u002Fstr31-pl","7.sei-cert-perl-coding-standard\u002F3.rules\u002F9.strings-str\u002F3.str31-pl",{"title":1382,"path":1383,"stem":1384,"children":1385},"Recommendations","\u002Fsei-cert-perl-coding-standard\u002Frecommendations","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F1.index",[1386,1387,1416,1449,1462,1475,1488,1513,1526],{"title":1382,"path":1383,"stem":1384},{"title":1265,"path":1388,"stem":1389,"children":1390},"\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F2.declarations-and-initialization-dcl\u002F1.index",[1391,1392,1396,1400,1404,1408,1412],{"title":1265,"path":1388,"stem":1389},{"title":1393,"path":1394,"stem":1395},"DCL00-PL. Do not use subroutine prototypes","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl00-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F2.declarations-and-initialization-dcl\u002F2.dcl00-pl",{"title":1397,"path":1398,"stem":1399},"DCL01-PL. Do not reuse variable names in subscopes","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl01-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F2.declarations-and-initialization-dcl\u002F3.dcl01-pl",{"title":1401,"path":1402,"stem":1403},"DCL02-PL. Any modified punctuation variable should be declared local","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl02-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F2.declarations-and-initialization-dcl\u002F4.dcl02-pl",{"title":1405,"path":1406,"stem":1407},"DCL03-PL. Do not read a foreach iterator variable after the loop has completed","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl03-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F2.declarations-and-initialization-dcl\u002F5.dcl03-pl",{"title":1409,"path":1410,"stem":1411},"DCL04-PL. Always initialize local variables","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl04-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F2.declarations-and-initialization-dcl\u002F6.dcl04-pl",{"title":1413,"path":1414,"stem":1415},"DCL05-PL. Prohibit Perl4 package names","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl05-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F2.declarations-and-initialization-dcl\u002F7.dcl05-pl",{"title":1283,"path":1417,"stem":1418,"children":1419},"\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fexpressions-exp","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F3.expressions-exp\u002F1.index",[1420,1421,1425,1429,1433,1437,1441,1445],{"title":1283,"path":1417,"stem":1418},{"title":1422,"path":1423,"stem":1424},"EXP00-PL. Do not return undef","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fexpressions-exp\u002Fexp00-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F3.expressions-exp\u002F2.exp00-pl",{"title":1426,"path":1427,"stem":1428},"EXP01-PL. Do not depend on the return value of functions that lack a return statement","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fexpressions-exp\u002Fexp01-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F3.expressions-exp\u002F3.exp01-pl",{"title":1430,"path":1431,"stem":1432},"EXP03-PL. Do not diminish the benefits of constants by assuming their values in expressions","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fexpressions-exp\u002Fexp03-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F3.expressions-exp\u002F4.exp03-pl",{"title":1434,"path":1435,"stem":1436},"EXP04-PL. Do not mix the early-precedence logical operators with late-precedence logical operators","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fexpressions-exp\u002Fexp04-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F3.expressions-exp\u002F5.exp04-pl",{"title":1438,"path":1439,"stem":1440},"EXP06-PL. Do not use an array in an implicit scalar context","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fexpressions-exp\u002Fexp06-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F3.expressions-exp\u002F6.exp06-pl",{"title":1442,"path":1443,"stem":1444},"EXP07-PL. Do not modify $_ in list or sorting functions","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fexpressions-exp\u002Fexp07-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F3.expressions-exp\u002F7.exp07-pl",{"title":1446,"path":1447,"stem":1448},"EXP08-PL. Do not use the one-argument form of select()","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fexpressions-exp\u002Fexp08-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F3.expressions-exp\u002F8.exp08-pl",{"title":1309,"path":1450,"stem":1451,"children":1452},"\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Ffile-input-and-output-fio","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F4.file-input-and-output-fio\u002F1.index",[1453,1454,1458],{"title":1309,"path":1450,"stem":1451},{"title":1455,"path":1456,"stem":1457},"FIO00-PL. Do not use bareword file handles","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Ffile-input-and-output-fio\u002Ffio00-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F4.file-input-and-output-fio\u002F2.fio00-pl",{"title":1459,"path":1460,"stem":1461},"FIO01-PL. Do not operate on files that can be modified by untrusted users","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Ffile-input-and-output-fio\u002Ffio01-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F4.file-input-and-output-fio\u002F3.fio01-pl",{"title":1319,"path":1463,"stem":1464,"children":1465},"\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Finput-validation-and-data-sanitization-ids","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F5.input-validation-and-data-sanitization-ids\u002F1.index",[1466,1467,1471],{"title":1319,"path":1463,"stem":1464},{"title":1468,"path":1469,"stem":1470},"IDS00-PL. Canonicalize path names before validating them","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Finput-validation-and-data-sanitization-ids\u002Fids00-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F5.input-validation-and-data-sanitization-ids\u002F2.ids00-pl",{"title":1472,"path":1473,"stem":1474},"IDS01-PL. Use taint mode while being aware of its limitations","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Finput-validation-and-data-sanitization-ids\u002Fids01-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F5.input-validation-and-data-sanitization-ids\u002F3.ids01-pl",{"title":1193,"path":1476,"stem":1477,"children":1478},"\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fintegers-int","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F6.integers-int\u002F1.index",[1479,1480,1484],{"title":1193,"path":1476,"stem":1477},{"title":1481,"path":1482,"stem":1483},"INT00-PL. Do not prepend leading zeroes to integer literals","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fintegers-int\u002Fint00-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F6.integers-int\u002F2.int00-pl",{"title":1485,"path":1486,"stem":1487},"INT01-PL. Use small integers when precise computation is required","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fintegers-int\u002Fint01-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F6.integers-int\u002F3.int01-pl",{"title":1344,"path":1489,"stem":1490,"children":1491},"\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F7.miscellaneous-msc\u002F1.index",[1492,1493,1497,1501,1505,1509],{"title":1344,"path":1489,"stem":1490},{"title":1494,"path":1495,"stem":1496},"MSC00-PL. Detect and remove dead code","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc00-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F7.miscellaneous-msc\u002F2.msc00-pl",{"title":1498,"path":1499,"stem":1500},"MSC01-PL. Detect and remove unused variables","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc01-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F7.miscellaneous-msc\u002F3.msc01-pl",{"title":1502,"path":1503,"stem":1504},"MSC02-PL. Run programs with full warnings and strict checking","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc02-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F7.miscellaneous-msc\u002F4.msc02-pl",{"title":1506,"path":1507,"stem":1508},"MSC03-PL. Do not use select() to sleep","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc03-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F7.miscellaneous-msc\u002F5.msc03-pl",{"title":1510,"path":1511,"stem":1512},"MSC04-PL. Do not use comma to separate statements","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc04-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F7.miscellaneous-msc\u002F6.msc04-pl",{"title":1358,"path":1514,"stem":1515,"children":1516},"\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fobject-oriented-programming-oop","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F8.object-oriented-programming-oop\u002F1.index",[1517,1518,1522],{"title":1358,"path":1514,"stem":1515},{"title":1519,"path":1520,"stem":1521},"OOP00-PL. Do not signify inheritence at runtime","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fobject-oriented-programming-oop\u002Foop00-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F8.object-oriented-programming-oop\u002F2.oop00-pl",{"title":1523,"path":1524,"stem":1525},"OOP01-PL. Do not access private variables or subroutines in other packages","\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fobject-oriented-programming-oop\u002Foop01-pl","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F8.object-oriented-programming-oop\u002F3.oop01-pl",{"title":1368,"path":1527,"stem":1528},"\u002Fsei-cert-perl-coding-standard\u002Frecommendations\u002Fstrings-str","7.sei-cert-perl-coding-standard\u002F4.recommendations\u002F9.strings-str",{"title":1530,"path":1531,"stem":1532,"children":1533},"Back Matter","\u002Fsei-cert-perl-coding-standard\u002Fback-matter","7.sei-cert-perl-coding-standard\u002F5.back-matter\u002F1.index",[1534,1535,1539,1569],{"title":1530,"path":1531,"stem":1532},{"title":1536,"path":1537,"stem":1538},"AA. Bibliography","\u002Fsei-cert-perl-coding-standard\u002Fback-matter\u002Faa-bibliography","7.sei-cert-perl-coding-standard\u002F5.back-matter\u002F2.aa-bibliography",{"title":1540,"path":1541,"stem":1542,"children":1543},"BB. Analyzers","\u002Fsei-cert-perl-coding-standard\u002Fback-matter\u002Fbb-analyzers","7.sei-cert-perl-coding-standard\u002F5.back-matter\u002F3.bb-analyzers\u002F1.index",[1544,1545,1549,1553,1557,1561,1565],{"title":1540,"path":1541,"stem":1542},{"title":1546,"path":1547,"stem":1548},"Critic","\u002Fsei-cert-perl-coding-standard\u002Fback-matter\u002Fbb-analyzers\u002Fcritic","7.sei-cert-perl-coding-standard\u002F5.back-matter\u002F3.bb-analyzers\u002F2.critic",{"title":1550,"path":1551,"stem":1552},"Critic_V","\u002Fsei-cert-perl-coding-standard\u002Fback-matter\u002Fbb-analyzers\u002Fcritic_v","7.sei-cert-perl-coding-standard\u002F5.back-matter\u002F3.bb-analyzers\u002F3.critic_v",{"title":1554,"path":1555,"stem":1556},"Lint","\u002Fsei-cert-perl-coding-standard\u002Fback-matter\u002Fbb-analyzers\u002Flint","7.sei-cert-perl-coding-standard\u002F5.back-matter\u002F3.bb-analyzers\u002F4.lint",{"title":1558,"path":1559,"stem":1560},"Lint_V","\u002Fsei-cert-perl-coding-standard\u002Fback-matter\u002Fbb-analyzers\u002Flint_v","7.sei-cert-perl-coding-standard\u002F5.back-matter\u002F3.bb-analyzers\u002F5.lint_v",{"title":1562,"path":1563,"stem":1564},"Security Reviewer - Static Reviewer","\u002Fsei-cert-perl-coding-standard\u002Fback-matter\u002Fbb-analyzers\u002Fsecurity-reviewer-static-reviewer","7.sei-cert-perl-coding-standard\u002F5.back-matter\u002F3.bb-analyzers\u002F6.security-reviewer-static-reviewer",{"title":1566,"path":1567,"stem":1568},"Security Reviewer - Static Reviewer_V","\u002Fsei-cert-perl-coding-standard\u002Fback-matter\u002Fbb-analyzers\u002Fsecurity-reviewer-static-reviewer_v","7.sei-cert-perl-coding-standard\u002F5.back-matter\u002F3.bb-analyzers\u002F7.security-reviewer-static-reviewer_v",{"title":1570,"path":1571,"stem":1572},"CC. Risk Assessments","\u002Fsei-cert-perl-coding-standard\u002Fback-matter\u002Fcc-risk-assessments","7.sei-cert-perl-coding-standard\u002F5.back-matter\u002F4.cc-risk-assessments",1775657790720]