Skip to content

Instantly share code, notes, and snippets.

@briandfoy

briandfoy/perl-cert.json

Last active December 11, 2015 01:48
Show Gist options
  • Save briandfoy/4525886 to your computer and use it in GitHub Desktop.
Save briandfoy/4525886 to your computer and use it in GitHub Desktop.
Download ZIP
A JSON representation of the CERT Perl Secure Coding Standards (https://www.securecoding.cert.org/confluence/display/perl/CERT+Perl+Secure+Coding+Standard)
Raw
perl-cert.json
[
{
"priority" : "P4",
"name" : "Canonicalize path names before validating them",
"rule" : "",
"section" : "1",
"recommedation" : "1",
"level" : "L3",
"url" : "https://www.securecoding.cert.org/confluence/display/perl/IDS00-PL.+Canonicalize+path+names+before+validating+them",
"class" : "IDS00-PL",
"remediation" : "medium",
"severity" : "medium",
"critic" : [],
"likelihood" : "unlikely"
},
{
"priority" : "P8",
"name" : "Use taint mode while being aware of its limitations",
"rule" : "",
"section" : "1",
"recommedation" : "1",
"level" : "L2",
"url" : "https://www.securecoding.cert.org/confluence/display/perl/IDS01-PL.+Use+taint+mode+while+being+aware+of+its+limitations",
"class" : "IDS01-PL",
"remediation" : "medium",
"severity" : "medium",
"critic" : [],
"likelihood" : "probable"
},
{
"priority" : "P18",
"name" : "Exclude user input from format strings",
"rule" : "1",
"section" : "1",
"recommedation" : "",
"level" : "L1",
"url" : "https://www.securecoding.cert.org/confluence/display/perl/IDS30-PL.+Exclude+user+input+from+format+strings",
"class" : "IDS30-PL",
"remediation" : "low",
"severity" : "high",
"critic" : [],
"likelihood" : "probable"
},
{
"priority" : "P27",
"name" : "Do not use the two-argument form of open()",
"rule" : "1",
"section" : "1",
"recommedation" : "",
"level" : "L1",
"url" : "https://www.securecoding.cert.org/confluence/pages/viewpage.action?pageId=76775519",
"class" : "IDS31-PL",
"remediation" : "low",
"severity" : "high",
"critic" : [
"InputOutput::ProhibitTwoArgOpen"
],
"likelihood" : "likely"
},
{
"priority" : "P3",
"name" : "Validate any integer that is used as an array index",
"rule" : "1",
"section" : "1",
"recommedation" : "",
"level" : "L3",
"url" : "https://www.securecoding.cert.org/confluence/display/perl/IDS32-PL.+Validate+any+integer+that+is+used+as+an+array+index",
"class" : "IDS32-PL",
"remediation" : "high",
"severity" : "low",
"critic" : [],
"likelihood" : "likely"
},
{
"priority" : "P9",
"name" : "Sanitize untrusted data passed across a trust boundary",
"rule" : "1",
"section" : "1",
"recommedation" : "",
"level" : "L2",
"url" : "https://www.securecoding.cert.org/confluence/display/perl/IDS33-PL.+Sanitize+untrusted+data+passed+across+a+trust+boundary",
"class" : "IDS33-PL",
"remediation" : "high",
"severity" : "high",
"critic" : [],
"likelihood" : "likely"
},
{
"priority" : "P12",
"name" : "Do not pass untrusted, unsanitized data to a command",
"rule" : "1",
"section" : "1",
"recommedation" : "",
"level" : "L1",
"url" : "https://www.securecoding.cert.org/confluence/display/perl/IDS34-PL.+Do+not+pass+untrusted%2C+unsanitized+data+to+a+command+interpreter",
"class" : "IDS34-PL",
"remediation" : "medium",
"severity" : "high",
"critic" : [],
"likelihood" : "probable"
},
{
"priority" : "P18",
"name" : "Do not invoke the eval form with a string argument",
"rule" : "1",
"section" : "1",
"recommedation" : "",
"level" : "L1",
"url" : "https://www.securecoding.cert.org/confluence/display/perl/IDS35-PL.+Do+not+invoke+the+eval+form+with+a+string+argument",
"class" : "IDS35-PL",
"remediation" : "medium",
"severity" : "high",
"critic" : [
"BuiltinFunctions::ProhibitStringyEval"
],
"likelihood" : "likely"
},
{
"priority" : "P9",
"name" : "Do not use subroutine prototypes",
"rule" : "",
"section" : "2",
"recommedation" : "1",
"level" : "L2",
"url" : "https://www.securecoding.cert.org/confluence/display/perl/DCL00-PL.+Do+not+use+subroutine+prototypes",
"class" : "DCL00-PL",
"remediation" : "low",
"severity" : "low",
"critic" : [
"Subroutines::ProhibitSubroutinePrototypes"
],
"likelihood" : "likely"
},
{
"priority" : "P4",
"name" : "Do not reuse variable names in subscopes",
"rule" : "1",
"section" : "2",
"recommedation" : "1",
"level" : "L3",
"url" : "https://www.securecoding.cert.org/confluence/display/perl/DCL01-PL.+Do+not+reuse+variable+names+in+subscopes",
"class" : "DCL01-PL",
"remediation" : "medium",
"severity" : "low",
"critic" : [],
"likelihood" : "probable"
},
{
"priority" : "P4",
"name" : "Any modified punctuation variable should be declared local",
"rule" : "1",
"section" : "2",
"recommedation" : "1",
"level" : "L3",
"url" : "https://www.securecoding.cert.org/confluence/display/perl/DCL02-PL.+Any+modified+punctuation+variable+should+be+declared+local",
"class" : "DCL02-PL",
"remediation" : "medium",
"severity" : "low",
"critic" : [
"Variables::RequireLocalizedPunctuationVars"
],
"likelihood" : "probable"
},
{
"priority" : "P3",
"name" : "Do not read a foreach iterator variable after the loop has completed",
"rule" : "1",
"section" : "2",
"recommedation" : "1",
"level" : "L3",
"url" : "https://www.securecoding.cert.org/confluence/display/perl/DCL03-PL.+Do+not+read+a+foreach+iterator+variable+after+the+loop+has+completed",
"class" : "DCL03-PL",
"remediation" : "low",
"severity" : "low",
"critic" : [
"Variables::RequireLexicalLoopIterators"
],
"likelihood" : "unlikely"
},
{
"priority" : "P4",
"name" : "Always initialize local variables",
"rule" : "1",
"section" : "2",
"recommedation" : "1",
"level" : "L3",
"url" : "https://www.securecoding.cert.org/confluence/display/perl/DCL04-PL.+Always+initialize+local+variables",
"class" : "DCL04-PL",
"remediation" : "medium",
"severity" : "low",
"critic" : [
"Variables::RequireInitializationForLocalVars"
],
"likelihood" : "probable"
},
{
"priority" : "P6",
"name" : "Prohibit Perl4 package names",
"rule" : "1",
"section" : "2",
"recommedation" : "1",
"level" : "L2",
"url" : "https://www.securecoding.cert.org/confluence/display/perl/DCL05-PL.+Prohibit+Perl4+package+names",
"class" : "DCL05-PL",
"remediation" : "low",
"severity" : "low",
"critic" : [
"Variables::ProhibitPerl4PackageNames"
],
"likelihood" : "improbable"
},
{
"priority" : "P18",
"name" : "Do not import deprecated modules",
"rule" : "1",
"section" : "2",
"recommedation" : "",
"level" : "L1",
"url" : "https://www.securecoding.cert.org/confluence/display/perl/DCL30-PL.+Do+not+import+deprecated+modules",
"class" : "DCL30-PL",
"remediation" : "low",
"severity" : "medium",
"critic" : [
"Modules::ProhibitEvilModules",
"BuiltinFunctions::ProhibitUniversalCan",
"BuiltinFunctions::ProhibitUniversalIsa"
],
"likelihood" : "likely"
},
{
"priority" : "P4",
"name" : "Do not overload reserved keywords or subroutines",
"rule" : "1",
"section" : "2",
"recommedation" : "",
"level" : "L3",
"url" : "https://www.securecoding.cert.org/confluence/display/perl/DCL31-PL.+Do+not+overload+reserved+keywords+or+subroutines",
"class" : "DCL31-PL",
"remediation" : "medium",
"severity" : "low",
"critic" : [
"Subroutines::ProhibitBuiltinHomonyms"
],
"likelihood" : "probable"
},
{
"priority" : "P3",
"name" : "Every module must return a true value",
"rule" : "1",
"section" : "2",
"recommedation" : "",
"level" : "L3",
"url" : "https://www.securecoding.cert.org/confluence/display/perl/DCL32-PL.+Every+module+must+return+a+true+value",
"class" : "DCL32-PL",
"remediation" : "low",
"severity" : "low",
"critic" : [
"Modules::RequireEndWithOne"
],
"likelihood" : "unlikely"
},
{
"priority" : "P2",
"name" : "Declare identifiers before using them",
"rule" : "1",
"section" : "2",
"recommedation" : "",
"level" : "L3",
"url" : "https://www.securecoding.cert.org/confluence/display/perl/DCL33-PL.+Declare+identifiers+before+using+them",
"class" : "DCL33-PL",
"remediation" : "high",
"severity" : "low",
"critic" : [
"Policy::TestingAndDebugging::RequireUseWarnings",
"Policy::TestingAndDebugging::RequireUseStrict"
],
"likelihood" : "probable"
},
{
"priority" : "P3",
"name" : "Do not return undef",
"rule" : "",
"section" : "3",
"recommedation" : "1",
"level" : "L3",
"url" : "https://www.securecoding.cert.org/confluence/display/perl/EXP00-PL.+Do+not+return+undef",
"class" : "EXP00-PL",
"remediation" : "low",
"severity" : "low",
"critic" : [
"Subroutines::ProhibitExplicitReturnUndef"
],
"likelihood" : "unlikely"
},
{
"priority" : "P18",
"name" : "Do not depend on the return value of functions that lack a return statement",
"rule" : "",
"section" : "3",
"recommedation" : "1",
"level" : "L1",
"url" : "https://www.securecoding.cert.org/confluence/display/perl/EXP01-PL.+Do+not+depend+on+the+return+value+of+functions+that+lack+a+return+statement",
"class" : "EXP01-PL",
"remediation" : "low",
"severity" : "medium",
"critic" : [
"Subroutines::RequireFinalReturn"
],
"likelihood" : "likely"
},
{
"priority" : "P2",
"name" : "Do not diminish the benefits of constants by assuming their values in expressions",
"rule" : "",
"section" : "3",
"recommedation" : "1",
"level" : "L3",
"url" : "https://www.securecoding.cert.org/confluence/display/perl/EXP03-PL.+Do+not+diminish+the+benefits+of+constants+by+assuming+their+values+in+expressions",
"class" : "EXP03-PL",
"remediation" : "medium",
"severity" : "low",
"critic" : [
"ValuesAndExpressions::ProhibitMagicNumbers"
],
"likelihood" : "unlikely"
},
{
"priority" : "P3",
"name" : "Do not mix the early-precedence logical operators with late-precedence logical operators",
"rule" : "",
"section" : "3",
"recommedation" : "1",
"level" : "L3",
"url" : "https://www.securecoding.cert.org/confluence/display/perl/EXP04-PL.+Do+not+mix+the+early-precedence+logical+operators+with+late-precedence+logical+operators",
"class" : "EXP04-PL",
"remediation" : "low",
"severity" : "low",
"critic" : [
"ValuesAndExpressions::ProhibitMixedBooleanOperators"
],
"likelihood" : "unlikely"
},
{
"priority" : "P2",
"name" : "Do not use an array in an implicit scalar context",
"rule" : "",
"section" : "3",
"recommedation" : "1",
"level" : "L3",
"url" : "https://www.securecoding.cert.org/confluence/display/perl/EXP06-PL.+Do+not+use+an+array+in+an+implicit+scalar+context",
"class" : "EXP06-PL",
"remediation" : "medium",
"severity" : "low",
"critic" : [
"ProhibitBooleanGrep"
],
"likelihood" : "unlikely"
},
{
"priority" : "P12",
"name" : "Do not use deprecated or obsolete functions or modules",
"rule" : "1",
"section" : "3",
"recommedation" : "",
"level" : "L1",
"url" : "https://www.securecoding.cert.org/confluence/display/perl/EXP30-PL.+Do+not+use+deprecated+or+obsolete+functions+or+modules",
"class" : "EXP30-PL",
"remediation" : "low",
"severity" : "medium",
"critic" : [
"ErrorHandling::RequireCarping",
"InputOutput::ProhibitInteractiveTest",
"Miscellanea::ProhibitFormats"
],
"likelihood" : "probable"
},
{
"priority" : "P4",
"name" : "Do not suppress or ignore exceptions",
"rule" : "1",
"section" : "3",
"recommedation" : "",
"level" : "L3",
"url" : "https://www.securecoding.cert.org/confluence/display/perl/EXP31-PL.+Do+not+suppress+or+ignore+exceptions",
"class" : "EXP31-PL",
"remediation" : "medium",
"severity" : "low",
"critic" : [],
"likelihood" : "probable"
},
{
"priority" : "P12",
"name" : "Do not ignore function return values",
"rule" : "1",
"section" : "3",
"recommedation" : "",
"level" : "L1",
"url" : "https://www.securecoding.cert.org/confluence/display/perl/EXP32-PL.+Do+not+ignore+function+return+values",
"class" : "EXP32-PL",
"remediation" : "low",
"severity" : "medium",
"critic" : [
"InputOutput::RequireCheckedClose",
"InputOutput::RequireCheckedOpen",
"InputOutput::RequireCheckedSyscalls"
],
"likelihood" : "probable"
},
{
"priority" : "P12",
"name" : "Do not invoke a function in a context for which it is not defined",
"rule" : "1",
"section" : "3",
"recommedation" : "",
"level" : "L1",
"url" : "https://www.securecoding.cert.org/confluence/display/perl/EXP33-PL.+Do+not+invoke+a+function+in+a+context+for+which+it+is+not+defined",
"class" : "EXP33-PL",
"remediation" : "low",
"severity" : "medium",
"critic" : [
"Subroutines::ProhibitReturnSort"
],
"likelihood" : "probable"
},
{
"priority" : "P6",
"name" : "Do not modify $_ in list or sorting functions",
"rule" : "1",
"section" : "3",
"recommedation" : "",
"level" : "L2",
"url" : "https://www.securecoding.cert.org/confluence/display/perl/EXP34-PL.+Do+not+modify+%24_+in+list+or+sorting+functions",
"class" : "EXP34-PL",
"remediation" : "low",
"severity" : "medium",
"critic" : [
"ControlStructures::ProhibitMutatingListFunctions"
],
"likelihood" : "unlikely"
},
{
"priority" : "P18",
"name" : "Use the correct operator type for comparing values",
"rule" : "1",
"section" : "3",
"recommedation" : "",
"level" : "L1",
"url" : "https://www.securecoding.cert.org/confluence/display/perl/EXP35-PL.+Use+the+correct+operator+type+for+comparing+values",
"class" : "EXP35-PL",
"remediation" : "low",
"severity" : "medium",
"critic" : [
"ValuesAndExpressions::ProhibitMismatchedOperators"
],
"likelihood" : "likely"
},
{
"priority" : "P9",
"name" : "Do not use the one-argument form of select()",
"rule" : "1",
"section" : "3",
"recommedation" : "",
"level" : "L2",
"url" : "https://www.securecoding.cert.org/confluence/pages/viewpage.action?pageId=78315558",
"class" : "EXP37-PL",
"remediation" : "low",
"severity" : "low",
"critic" : [
"InputOutput::ProhibitOneArgSelect"
],
"likelihood" : "likely"
},
{
"priority" : "P4",
"name" : "Do not prepend leading zeroes to integer literals",
"rule" : "",
"section" : "4",
"recommedation" : "1",
"level" : "L3",
"url" : "https://www.securecoding.cert.org/confluence/display/perl/INT00-PL.+Do+not+prepend+leading+zeroes+to+integer+literals",
"class" : "INT00-PL",
"remediation" : "medium",
"severity" : "low",
"critic" : [
"ValuesAndExpressions::ProhibitLeadingZeros"
],
"likelihood" : "probable"
},
{
"priority" : "P4",
"name" : "Use small integers when precise computation is required",
"rule" : "",
"section" : "4",
"recommedation" : "1",
"level" : "L3",
"url" : "https://www.securecoding.cert.org/confluence/display/perl/INT01-PL.+Use+small+integers+when+precise+computation+is+required",
"class" : "INT01-PL",
"remediation" : "high",
"severity" : "medium",
"critic" : [],
"likelihood" : "probable"
},
{
"priority" : "P8",
"name" : "Capture variables should be read only immediately after a successful regex match",
"rule" : "1",
"section" : "5",
"recommedation" : "",
"level" : "L2",
"url" : "https://www.securecoding.cert.org/confluence/display/perl/STR30-PL.+Capture+variables+should+be+read+only+immediately+after+a+successful+regex+match",
"class" : "STR30-PL",
"remediation" : "medium",
"severity" : "medium",
"critic" : [
"RegularExpressions::ProhibitCaptureWithoutTest"
],
"likelihood" : "probable"
},
{
"priority" : "P9",
"name" : "Do not pass string literals to functions expecting regexes",
"rule" : "1",
"section" : "5",
"recommedation" : "",
"level" : "L2",
"url" : "https://www.securecoding.cert.org/confluence/display/perl/STR31-PL.+Do+not+pass+string+literals+to+functions+expecting+regexes",
"class" : "STR31-PL",
"remediation" : "low",
"severity" : "low",
"critic" : [
"BuiltinFunctions::ProhibitStringySplit"
],
"likelihood" : "likely"
},
{
"priority" : "P3",
"name" : "Do not signify inheritence at runtime",
"rule" : "",
"section" : "6",
"recommedation" : "1",
"level" : "L3",
"url" : "https://www.securecoding.cert.org/confluence/display/perl/OOP00-PL.+Do+not+signify+inheritence+at+runtime",
"class" : "OOP00-PL",
"remediation" : "low",
"severity" : "low",
"critic" : [
"ClassHierarchies::ProhibitExplicitISA"
],
"likelihood" : "unlikely"
},
{
"priority" : "P8",
"name" : "Do not access private variables or subroutines in other packages",
"rule" : "1",
"section" : "6",
"recommedation" : "",
"level" : "L2",
"url" : "https://www.securecoding.cert.org/confluence/display/perl/OOP31-PL.+Do+not+access+private+variables+or+subroutines+in+other+packages",
"class" : "OOP31-PL",
"remediation" : "medium",
"severity" : "medium",
"critic" : [
"Subroutines::ProtectPrivateSubs",
"Variables::ProtectPrivateVars"
],
"likelihood" : "probable"
},
{
"priority" : "P4",
"name" : "Prohibit indirect object call syntax",
"rule" : "1",
"section" : "6",
"recommedation" : "",
"level" : "L3",
"url" : "https://www.securecoding.cert.org/confluence/display/perl/OOP32-PL.+Prohibit+indirect+object+call+syntax",
"class" : "OOP32-PL",
"remediation" : "medium",
"severity" : "low",
"critic" : [
"Objects::ProhibitIndirectSyntax"
],
"likelihood" : "probable"
},
{
"priority" : "P12",
"name" : "Do not use bareword file handles",
"rule" : "",
"section" : "7",
"recommedation" : "1",
"level" : "L1",
"url" : "https://www.securecoding.cert.org/confluence/display/perl/FIO00-PL.+Do+not+use+bareword+file+handles",
"class" : "FIO00-PL",
"remediation" : "low",
"severity" : "medium",
"critic" : [
"InputOutput::ProhibitBarewordFileHandles"
],
"likelihood" : "probable"
},
{
"priority" : "P4",
"name" : "Do not operate on files that can be modified by untrusted users",
"rule" : "",
"section" : "7",
"recommedation" : "1",
"level" : "L3",
"url" : "https://www.securecoding.cert.org/confluence/display/perl/FIO01-PL.+Do+not+operate+on+files+that+can+be+modified+by+untrusted+users",
"class" : "FIO01-PL",
"remediation" : "medium",
"severity" : "medium",
"critic" : [],
"likelihood" : "unlikely"
},
{
"priority" : "P1",
"name" : "Detect and remove dead code",
"rule" : "",
"section" : "50",
"recommedation" : "1",
"level" : "L3",
"url" : "https://www.securecoding.cert.org/confluence/display/perl/MSC00-PL.+Detect+and+remove+dead+code",
"class" : "MSC00-PL",
"remediation" : "high",
"severity" : "low",
"critic" : [
"Subroutines::ProhibitUnusedPrivateSubroutines",
"ControlStructures::ProhibitUnreachableCode"
],
"likelihood" : "unlikely"
},
{
"priority" : "P1",
"name" : "Detect and remove unused variables",
"rule" : "",
"section" : "50",
"recommedation" : "1",
"level" : "L3",
"url" : "https://www.securecoding.cert.org/confluence/display/perl/MSC01-PL.+Detect+and+remove+unused+variables",
"class" : "MSC01-PL",
"remediation" : "high",
"severity" : "low",
"critic" : [
"Variables::ProhibitUnusedVariables"
],
"likelihood" : "unlikely"
},
{
"priority" : "P2",
"name" : "Run programs with full warnings and strict checking",
"rule" : "",
"section" : "50",
"recommedation" : "1",
"level" : "L3",
"url" : "https://www.securecoding.cert.org/confluence/display/perl/MSC02-PL.+Run+programs+with+full+warnings+and+strict+checking",
"class" : "MSC02-PL",
"remediation" : "medium",
"severity" : "low",
"critic" : [
"TestingAndDebugging::ProhibitNoStrict",
"TestingAndDebugging:;ProhibitNoWarnings",
"TestingAndDebugging::ProhibitProlongedStrictureOverride",
"TestingAndDebugging::RequireUseStrict"
],
"likelihood" : "unlikely"
},
{
"priority" : "P4",
"name" : "Do not use comma to separate statements",
"rule" : "1",
"section" : "50",
"recommedation" : "",
"level" : "L3",
"url" : "https://www.securecoding.cert.org/confluence/display/perl/MSC30-PL.+Do+not+use+comma+to+separate+statements",
"class" : "MSC30-PL",
"remediation" : "medium",
"severity" : "low",
"critic" : [
"ValuesAndExpressions::ProhibitCommaSeparatedStatements"
],
"likelihood" : "probable"
}
]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment