Skip to main content
assistive.skiplink.to.breadcrumbs
assistive.skiplink.to.header.menu
assistive.skiplink.to.action.menu
assistive.skiplink.to.quick.search
Log in
Confluence
Spaces
Hit enter to search
Help
Online Help
Keyboard Shortcuts
Feed Builder
What’s new
Available Gadgets
About Confluence
Log in
SEI CERT Perl Coding Standard
Pages
Boards
Space shortcuts
Dashboard
Secure Coding Home
Android
C
C++
Java
Perl
Page tree
Browse pages
Configure
Space tools
View Page
A
t
tachments (3)
Page History
Page Information
View in Hierarchy
View Source
Export to PDF
Export to Word
Pages
SEI CERT Perl Coding Standard
Page Information
Title:
SEI CERT Perl Coding Standard
Author:
Admin
Jan 10, 2011
Last Changed by:
Robert Schiela
Jun 11, 2018
Tiny Link:
(useful for email)
https://wiki.sei.cmu.edu/confluence/x/wlxMBQ
Export As:
Word
·
PDF
Incoming Links
SEI CERT Perl Coding Standard (61)
Page:
Rec. 03. Expressions (EXP)
Page:
DCL03-PL. Do not read a foreach iterator variable after the loop has completed
Page:
OOP00-PL. Do not signify inheritence at runtime
Page:
DCL01-PL. Do not reuse variable names in subscopes
Page:
DCL04-PL. Always initialize local variables
Page:
MSC30-PL. Do not use comma to separate statements
Page:
FIO00-PL. Do not use bareword file handles
Page:
EXP00-PL. Do not return undef
Page:
STR31-PL. Do not pass string literals to functions expecting regexes
Page:
IDS35-PL. Do not invoke the eval form with a string argument
Page:
Rec. 06. Object-Oriented Programming (OOP)
Page:
Rule 02. Declarations and Initialization (DCL)
Page:
Rec. 50. Miscellaneous (MSC)
Page:
MSC00-PL. Detect and remove dead code
Page:
2 Rules
Page:
Rec. 05. Strings (STR)
Page:
FIO01-PL. Do not operate on files that can be modified by untrusted users
Page:
MSC02-PL. Run programs with full warnings and strict checking
Page:
EXP06-PL. Do not use an array in an implicit scalar context
Page:
3 Recommendations
Page:
IDS33-PL. Sanitize untrusted data passed across a trust boundary
Page:
Rule 03. Expressions (EXP)
Page:
Rule 06. Object-Oriented Programming (OOP)
Page:
EXP04-PL. Do not mix the early-precedence logical operators with late-precedence logical operators
Page:
Rec. 02. Declarations and Initialization (DCL)
Page:
DCL02-PL. Any modified punctuation variable should be declared local
Page:
Rule 01. Input Validation and Data Sanitization (IDS)
Page:
EXP30-PL. Do not use deprecated or obsolete functions or modules
Page:
EXP31-PL. Do not suppress or ignore exceptions
Page:
Rec. 07. File Input and Output (FIO)
Page:
EXP33-PL. Do not invoke a function in a context for which it is not defined
Page:
IDS00-PL. Canonicalize path names before validating them
Page:
DCL31-PL. Do not overload reserved keywords or subroutines
Page:
Rule 07. File Input and Output (FIO)
Page:
INT00-PL. Do not prepend leading zeroes to integer literals
Page:
EXP32-PL. Do not ignore function return values
Page:
IDS01-PL. Use taint mode while being aware of its limitations
Page:
Rule 50. Miscellaneous (MSC)
Page:
DCL00-PL. Do not use subroutine prototypes
Page:
DCL05-PL. Prohibit Perl4 package names
Page:
EXP03-PL. Do not diminish the benefits of constants by assuming their values in expressions
Page:
OOP32-PL. Prohibit indirect object call syntax
Page:
IDS32-PL. Validate any integer that is used as an array index
Page:
INT01-PL. Use small integers when precise computation is required
Page:
AA. Bibliography
Page:
EXP35-PL. Use the correct operator type for comparing values
Page:
Rec. 01. Input Validation and Data Sanitization (IDS)
Page:
EXP34-PL. Do not modify $_ in list or sorting functions
Page:
IDS34-PL. Do not pass untrusted, unsanitized data to a command interpreter
Page:
EXP01-PL. Do not depend on the return value of functions that lack a return statement
Page:
OOP31-PL. Do not access private variables or subroutines in other packages
Page:
IDS30-PL. Exclude user input from format strings
Page:
Rec. 04. Integers (INT)
Page:
DCL30-PL. Do not import deprecated modules
Page:
EXP37-PL. Do not use the one-argument form of select()
Page:
MSC01-PL. Detect and remove unused variables
Page:
Rule 05. Strings (STR)
Page:
Rule 04. Integers (INT)
Page:
STR30-PL. Capture variables should be read only immediately after a successful regex match
Page:
IDS31-PL. Do not use the two-argument form of open()
Page:
DCL33-PL. Declare identifiers before using them
CERT Secure Coding (1)
Home page:
SEI CERT Coding Standards
SEI CERT Oracle Coding Standard for Java (23)
Page:
IDS13-J. Use compatible character encodings on both sides of file or network IO
Page:
OBJ54-J. Do not attempt to help the garbage collector by setting local reference variables to null
Page:
Rec. 03. Numeric Types and Operations (NUM)
Page:
IDS10-J. Don't form strings containing partial characters
Page:
Rec. 00. Input Validation and Data Sanitization (IDS)
Page:
Rec. 02. Expressions (EXP)
Page:
IDS00-J. Prevent SQL injection
Page:
FIO11-J. Do not convert between strings and bytes without specifying a valid character encoding
Page:
IDS17-J. Prevent XML External Entity Attacks
Page:
Rec. 18. Concurrency (CON)
Page:
Rec. 06. Methods (MET)
Page:
Rec. 05. Object Orientation (OBJ)
Page:
IDS02-J. Canonicalize path names before validating them
Page:
IDS16-J. Prevent XML Injection
Page:
IDS05-J. Use a safe subset of ASCII for file and path names
Page:
Rec. 04. Characters and Strings (STR)
Page:
Rec. 13. Input Output (FIO)
Page:
Rec. 15. Platform Security (SEC)
Page:
IDS09-J. Specify an appropriate locale when comparing locale-dependent data
Page:
Rec. 49. Miscellaneous (MSC)
Page:
Rec. 07. Exceptional Behavior (ERR)
Page:
DCL61-J. Do not use raw types
Page:
Rec. 01. Declarations and Initialization (DCL)
Hierarchy
Children (4)
Page:
1 Front Matter
Page:
2 Rules
Page:
3 Recommendations
Page:
4 Back Matter
Labels
Global Labels (1)
wikimain
Recent Changes
Time
Editor
Jun 11, 2018 16:47
Robert Schiela
View Changes
Corrected "Create a sign-in account" link.
Nov 06, 2017 11:54
Robert Schiela
View Changes
changed notice section to be single column.
Nov 06, 2017 11:53
Robert Schiela
View Changes
Changed Maintenance notice to use macro.
Oct 25, 2017 09:17
David Svoboda
View Changes
updated maintenance notice
Oct 24, 2017 16:04
David Svoboda
added maint notice
View Page History
Outgoing Links
External Links (2)
https://wiki.sei.cmu.edu/confluence/signup.action
www.cert.org/secure-coding/contact.cfm
SEI CERT Perl Coding Standard (1)
Page:
Acknowledgements
CERT Secure Coding (2)
Page:
Understand the Difference Between Rules and Recommendations
Page:
Secure Coding Space Homepage Notices
Overview
Content Tools
{"serverDuration": 604, "requestCorrelationId": "312b3813cb843a2c"}