Last active
June 15, 2017 02:58
-
-
Save briandfoy/4525877 to your computer and use it in GitHub Desktop.
This is a list of Perl::Critic policies that CERT recommends (https://www.securecoding.cert.org/confluence/display/perl/CERT+Perl+Secure+Coding+Standard)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| BuiltinFunctions::ProhibitBooleanGrep | |
| BuiltinFunctions::ProhibitStringyEval | |
| BuiltinFunctions::ProhibitStringySplit | |
| BuiltinFunctions::ProhibitUniversalCan | |
| BuiltinFunctions::ProhibitUniversalIsa | |
| ClassHierarchies::ProhibitExplicitISA | |
| ControlStructures::ProhibitMutatingListFunctions | |
| ControlStructures::ProhibitUnreachableCode | |
| ErrorHandling::RequireCarping | |
| InputOutput::ProhibitBarewordFileHandles | |
| InputOutput::RequireCheckedClose | |
| InputOutput::RequireCheckedOpen | |
| InputOutput::RequireCheckedSyscalls | |
| InputOutput::ProhibitInteractiveTest | |
| InputOutput::ProhibitOneArgSelect | |
| InputOutput::ProhibitTwoArgOpen | |
| Miscellanea::ProhibitFormats | |
| Modules::ProhibitEvilModules | |
| Modules::RequireEndWithOne | |
| Objects::ProhibitIndirectSyntax | |
| Policy::TestingAndDebugging::RequireUseStrict | |
| Policy::TestingAndDebugging::RequireUseWarnings | |
| RegularExpressions::ProhibitCaptureWithoutTest | |
| Subroutines::ProhibitBuiltinHomonyms | |
| Subroutines::ProhibitExplicitReturnUndef | |
| Subroutines::ProhibitReturnSort | |
| Subroutines::ProhibitSubroutinePrototypes | |
| Subroutines::ProhibitUnusedPrivateSubroutines | |
| Subroutines::ProtectPrivateSubs | |
| Subroutines::RequireFinalReturn | |
| TestingAndDebugging::ProhibitNoStrict | |
| TestingAndDebugging::ProhibitProlongedStrictureOverride | |
| TestingAndDebugging::RequireUseStrict | |
| TestingAndDebugging:;ProhibitNoWarnings | |
| ValuesAndExpressions::ProhibitCommaSeparatedStatements | |
| ValuesAndExpressions::ProhibitLeadingZeros | |
| ValuesAndExpressions::ProhibitMagicNumbers | |
| ValuesAndExpressions::ProhibitMismatchedOperators | |
| ValuesAndExpressions::ProhibitMixedBooleanOperators | |
| Variables::ProhibitPerl4PackageNames | |
| Variables::ProhibitUnusedVariables | |
| Variables::ProtectPrivateVars | |
| Variables::RequireInitializationForLocalVars | |
| Variables::RequireLexicalLoopIterators | |
| Variables::RequireLocalizedPunctuationVars |
Updated
TestingAndDebugging:;ProhibitNoWarnings should be TestingAndDebugging::ProhibitNoWarnings
Policy::TestingAndDebugging::RequireUseStrict and Policy::TestingAndDebugging::RequireUseWarnings are not found; these probably should be TestingAndDebugging::RequireUseStrict (already in the list) and TestingAndDebugging::RequireUseWarnings
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Variables::ProhibitUnreachableCode is a mistake from the CERT site. It should be ControlStructures::ProhibitUnreachableCode
Also the following policies are missing:
BuiltinFunctions::ProhibitBooleanGrep
InputOutput::ProhibitTwoArgOpen
InputOutput::RequireCheckedClose
InputOutput::RequireCheckedOpen
InputOutput::RequireCheckedSyscalls
as referenced from:
https://www.securecoding.cert.org/confluence/display/perl/EXP06-PL.+Do+not+use+an+array+in+an+implicit+scalar+context
https://www.securecoding.cert.org/confluence/pages/viewpage.action?pageId=76775519
https://www.securecoding.cert.org/confluence/display/perl/EXP32-PL.+Do+not+ignore+function+return+values