Good Programming in Perl
We list below some common vulnerabilities, and the ways to address them in CERN projects, using code that may exist only in CERN projects. Whenever we deviate from more “standard” solutions, it's because there is added value in the proposed libraries in terms of ease of use, additional security protections or traceability.
Tools
| Perl::Critic | Free | perl module | The default configuration of Perl::Critic can seem somewhat harsh to most programmers, but we provide a lighter configuration, more targeted towards security. |
|---|---|---|---|
| RATS | Free | stand-alone script | RATS targets various languages and has specific detection rules for each. For perl, it focuses on risky calls of built-in/library functions. |
| LC's lint | Free | script available on AFS | Checks for conformity to Lionel Cons' Perl guide. |
Further Reading
- Perl language reference on security:
http://perldoc.perl.org/perlsec.html - Security Issues in Perl Scripts:
http://www.cgisecurity.com/lib/sips.html
