Skip to main content
assistive.skiplink.to.breadcrumbs
assistive.skiplink.to.header.menu
assistive.skiplink.to.action.menu
assistive.skiplink.to.quick.search

Page History

Versions Compared

Key

This line was added.
This line was removed.
Formatting was changed.

rule

Never call any formatted I/O function with a format string containing user input.

...

Full-disclosure: Christey, Steven M. Format String Vulnerabilities in Perl Programs Fri Dec 02 2005 - 02:56:14 CST
[Seacord 2005]] Chapter 6, Formatted Output
US-CERT Vulnerability Note VU#948385
[Wall 2011] perlfunc
Chapter 6, Formatted Output

...

02. Expressions 01. Input Validation and Data Sanitization EXP30-PL. Do not use deprecated or obsolete functions