This is a list of Perl::Critic policies that CERT recommends (https://www.securecoding.cert.org/confluence/display/perl/CERT+Perl+Secure+Coding+Standard)

cert-perl-critic-policies.txt

BuiltinFunctions::ProhibitBooleanGrep
BuiltinFunctions::ProhibitStringyEval
BuiltinFunctions::ProhibitStringySplit
BuiltinFunctions::ProhibitUniversalCan
BuiltinFunctions::ProhibitUniversalIsa
ClassHierarchies::ProhibitExplicitISA
ControlStructures::ProhibitMutatingListFunctions
ControlStructures::ProhibitUnreachableCode
ErrorHandling::RequireCarping
InputOutput::ProhibitBarewordFileHandles
InputOutput::RequireCheckedClose
InputOutput::RequireCheckedOpen
InputOutput::RequireCheckedSyscalls
InputOutput::ProhibitInteractiveTest
InputOutput::ProhibitOneArgSelect
InputOutput::ProhibitTwoArgOpen
Miscellanea::ProhibitFormats
Modules::ProhibitEvilModules
Modules::RequireEndWithOne
Objects::ProhibitIndirectSyntax
Policy::TestingAndDebugging::RequireUseStrict
Policy::TestingAndDebugging::RequireUseWarnings
RegularExpressions::ProhibitCaptureWithoutTest
Subroutines::ProhibitBuiltinHomonyms
Subroutines::ProhibitExplicitReturnUndef
Subroutines::ProhibitReturnSort
Subroutines::ProhibitSubroutinePrototypes
Subroutines::ProhibitUnusedPrivateSubroutines
Subroutines::ProtectPrivateSubs
Subroutines::RequireFinalReturn
TestingAndDebugging::ProhibitNoStrict
TestingAndDebugging::ProhibitProlongedStrictureOverride
TestingAndDebugging::RequireUseStrict
TestingAndDebugging::ProhibitNoWarnings
ValuesAndExpressions::ProhibitCommaSeparatedStatements
ValuesAndExpressions::ProhibitLeadingZeros
ValuesAndExpressions::ProhibitMagicNumbers
ValuesAndExpressions::ProhibitMismatchedOperators
ValuesAndExpressions::ProhibitMixedBooleanOperators
Variables::ProhibitPerl4PackageNames
Variables::ProhibitUnusedVariables
Variables::ProtectPrivateVars
Variables::RequireInitializationForLocalVars
Variables::RequireLexicalLoopIterators
Variables::RequireLocalizedPunctuationVars

Variables::ProhibitUnreachableCode is a mistake from the CERT site. It should be ControlStructures::ProhibitUnreachableCode

Also the following policies are missing:

BuiltinFunctions::ProhibitBooleanGrep
InputOutput::ProhibitTwoArgOpen
InputOutput::RequireCheckedClose
InputOutput::RequireCheckedOpen
InputOutput::RequireCheckedSyscalls

as referenced from:

https://www.securecoding.cert.org/confluence/display/perl/EXP06-PL.+Do+not+use+an+array+in+an+implicit+scalar+context

https://www.securecoding.cert.org/confluence/pages/viewpage.action?pageId=76775519

https://www.securecoding.cert.org/confluence/display/perl/EXP32-PL.+Do+not+ignore+function+return+values

Updated

TestingAndDebugging:;ProhibitNoWarnings should be TestingAndDebugging::ProhibitNoWarnings
Policy::TestingAndDebugging::RequireUseStrict and Policy::TestingAndDebugging::RequireUseWarnings are not found; these probably should be TestingAndDebugging::RequireUseStrict (already in the list) and TestingAndDebugging::RequireUseWarnings

Typo line 34: "TestingAndDebugging:;ProhibitNoWarnings"

Fixed, thanks for pinging this.

It took me a minute to see the difference between the colon and semicolon typo. I think that means I need to clean my monitor.

Seems CERT's list has moved since this list was made. They seem to have move some of this to the Back Matter section on Perl::Critic.

Maybe worth updating the URL and expanding a little? 🙂

(With that said, I'd love to refer to this page from the CPANSec website, if that's ok.)

If it's public you can link to it. :)