There's more than one way to do things | |
PerlMonks |
Re: Ideas Wanted for Perl::Critic Security Policiesby radiantmatrix (Parson) |
on Jun 30, 2006 at 19:03 UTC ( [id://558656]=note: print w/replies, xml ) | Need Help?? |
Using the 3-parameter form of open would be a good practice to check for. It would be good to warn about system or exec calls that pass arguments inside the first parameter (i.e. system("$command $arg1 $arg2") instead of system($command, $arg1, $arg2)). If practical, warning about DBI statements that use inline variables where prototypes are better (i.e. $dbh->prepare("update table set my_val = $somevalue") instead of $dbh->prepare("update table set my_val = ?")). I'm guessing that would be a challenge, but it sure would be nifty. Yes, proper untainting would probably solve these issues, but I've seen too many coders untaint such things extremely poorly.
<–radiant.matrix–>
A collection of thoughts and links from the minds of geeks The Code that can be seen is not the true Code I haven't found a problem yet that can't be solved by a well-placed trebuchet
In Section
Meditations
|
|