Page Information

Title:	SEI CERT Perl Coding Standard
Author:	Admin	Jan 10, 2011
Last Changed by:	Robert Schiela	Jun 11, 2018
Tiny Link: (useful for email)	https://wiki.sei.cmu.edu/confluence/x/wlxMBQ
Export As:	Word · PDF

Incoming Links

SEI CERT Perl Coding Standard (61)
Page: Rec. 03. Expressions (EXP)
Page: DCL03-PL. Do not read a foreach iterator variable after the loop has completed
Page: OOP00-PL. Do not signify inheritence at runtime
Page: DCL01-PL. Do not reuse variable names in subscopes
Page: DCL04-PL. Always initialize local variables
Page: MSC30-PL. Do not use comma to separate statements
Page: FIO00-PL. Do not use bareword file handles
Page: EXP00-PL. Do not return undef
Page: STR31-PL. Do not pass string literals to functions expecting regexes
Page: IDS35-PL. Do not invoke the eval form with a string argument
Page: Rec. 06. Object-Oriented Programming (OOP)
Page: Rule 02. Declarations and Initialization (DCL)
Page: Rec. 50. Miscellaneous (MSC)
Page: MSC00-PL. Detect and remove dead code
Page: 2 Rules
Page: Rec. 05. Strings (STR)
Page: FIO01-PL. Do not operate on files that can be modified by untrusted users
Page: MSC02-PL. Run programs with full warnings and strict checking
Page: EXP06-PL. Do not use an array in an implicit scalar context
Page: 3 Recommendations
Page: IDS33-PL. Sanitize untrusted data passed across a trust boundary
Page: Rule 03. Expressions (EXP)
Page: Rule 06. Object-Oriented Programming (OOP)
Page: EXP04-PL. Do not mix the early-precedence logical operators with late-precedence logical operators
Page: Rec. 02. Declarations and Initialization (DCL)
Page: DCL02-PL. Any modified punctuation variable should be declared local
Page: Rule 01. Input Validation and Data Sanitization (IDS)
Page: EXP30-PL. Do not use deprecated or obsolete functions or modules
Page: EXP31-PL. Do not suppress or ignore exceptions
Page: Rec. 07. File Input and Output (FIO)
Page: EXP33-PL. Do not invoke a function in a context for which it is not defined
Page: IDS00-PL. Canonicalize path names before validating them
Page: DCL31-PL. Do not overload reserved keywords or subroutines
Page: Rule 07. File Input and Output (FIO)
Page: INT00-PL. Do not prepend leading zeroes to integer literals
Page: EXP32-PL. Do not ignore function return values
Page: IDS01-PL. Use taint mode while being aware of its limitations
Page: Rule 50. Miscellaneous (MSC)
Page: DCL00-PL. Do not use subroutine prototypes
Page: DCL05-PL. Prohibit Perl4 package names
Page: EXP03-PL. Do not diminish the benefits of constants by assuming their values in expressions
Page: OOP32-PL. Prohibit indirect object call syntax
Page: IDS32-PL. Validate any integer that is used as an array index
Page: INT01-PL. Use small integers when precise computation is required
Page: AA. Bibliography
Page: EXP35-PL. Use the correct operator type for comparing values
Page: Rec. 01. Input Validation and Data Sanitization (IDS)
Page: EXP34-PL. Do not modify $_ in list or sorting functions
Page: IDS34-PL. Do not pass untrusted, unsanitized data to a command interpreter
Page: EXP01-PL. Do not depend on the return value of functions that lack a return statement
Page: OOP31-PL. Do not access private variables or subroutines in other packages
Page: IDS30-PL. Exclude user input from format strings
Page: Rec. 04. Integers (INT)
Page: DCL30-PL. Do not import deprecated modules
Page: EXP37-PL. Do not use the one-argument form of select()
Page: MSC01-PL. Detect and remove unused variables
Page: Rule 05. Strings (STR)
Page: Rule 04. Integers (INT)
Page: STR30-PL. Capture variables should be read only immediately after a successful regex match
Page: IDS31-PL. Do not use the two-argument form of open()
Page: DCL33-PL. Declare identifiers before using them

CERT Secure Coding (1)
Home page: SEI CERT Coding Standards

SEI CERT Oracle Coding Standard for Java (23)
Page: IDS13-J. Use compatible character encodings on both sides of file or network IO
Page: OBJ54-J. Do not attempt to help the garbage collector by setting local reference variables to null
Page: Rec. 03. Numeric Types and Operations (NUM)
Page: IDS10-J. Don't form strings containing partial characters
Page: Rec. 00. Input Validation and Data Sanitization (IDS)
Page: Rec. 02. Expressions (EXP)
Page: IDS00-J. Prevent SQL injection
Page: FIO11-J. Do not convert between strings and bytes without specifying a valid character encoding
Page: IDS17-J. Prevent XML External Entity Attacks
Page: Rec. 18. Concurrency (CON)
Page: Rec. 06. Methods (MET)
Page: Rec. 05. Object Orientation (OBJ)
Page: IDS02-J. Canonicalize path names before validating them
Page: IDS16-J. Prevent XML Injection
Page: IDS05-J. Use a safe subset of ASCII for file and path names
Page: Rec. 04. Characters and Strings (STR)
Page: Rec. 13. Input Output (FIO)
Page: Rec. 15. Platform Security (SEC)
Page: IDS09-J. Specify an appropriate locale when comparing locale-dependent data
Page: Rec. 49. Miscellaneous (MSC)
Page: Rec. 07. Exceptional Behavior (ERR)
Page: DCL61-J. Do not use raw types
Page: Rec. 01. Declarations and Initialization (DCL)

Hierarchy

Children (4)
Page: 1 Front Matter
Page: 2 Rules
Page: 3 Recommendations
Page: 4 Back Matter

Labels

Global Labels (1)

wikimain

Recent Changes

Time	Editor
Jun 11, 2018 16:47	Robert Schiela	View Changes
Corrected "Create a sign-in account" link.
Nov 06, 2017 11:54	Robert Schiela	View Changes
changed notice section to be single column.
Nov 06, 2017 11:53	Robert Schiela	View Changes
Changed Maintenance notice to use macro.
Oct 25, 2017 09:17	David Svoboda	View Changes
updated maintenance notice
Oct 24, 2017 16:04	David Svoboda
added maint notice

View Page History

Outgoing Links

External Links (2)

https://wiki.sei.cmu.edu/confluence/signup.action

www.cert.org/secure-coding/contact.cfm

SEI CERT Perl Coding Standard (1) Page: Acknowledgements

CERT Secure Coding (2) Page: Understand the Difference Between Rules and Recommendations
Page: Secure Coding Space Homepage Notices

Space shortcuts

Page tree