SEI CERT Perl Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 26

changes.mady.by.user Carol J. Lallier

Saved on

compared with

New Version 27

changes.mady.by.user Carol J. Lallier

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Tool

Diagnostic

Notes

Taint mode

Insecure dependency in parameter \d* of DBI::db=.* method call

Catches SQL injection.
Requires TaintIn attribute.

Related Guidelines

The Oracle for JavaIDS00J untrusted across a trust boundary C++ STR02CPP to complex subsystems

CERT

C Secure Coding Standard

STR02-

C. Sanitize

data passed

to complex subsystems

CERT C++ Secure Coding Standard

STR02-CCPP. Sanitize data passed to complex subsystems

CERT Oracle Secure Coding Standard for JavaIDS00-J. Sanitize untrusted data passed across a trust boundary

Bibliography

[Birznieks 1998]Birznieks, Gunther, CGI/Perl Taint Mode FAQ, Version 1.0, June 3, 1998
[CPAN]Bunce, Tim. , DBI
[CPAN]Stosberg, Mark. , CGI
[Lester 2006]Lester, Andy. "Perl's taint mode to the rescue," O'Reilly OULamp.com, November 17, 2006
[VU#246409]Input validation error in quikstore.cgi allows attackers to execute commands
[VU#282403]AdCycle does not adequately validate user input thereby allowing for SQL injection
[Wall 2011]perlsec

...