SEI CERT Perl Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 3

changes.mady.by.user David Svoboda

Saved on

compared with

New Version Current

changes.mady.by.user Will Snavely

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Perl provides three logical operators: &&, ||, and !, and they have the same meaning as in C.

Wiki MarkupPerl also provides three alternate alternative logical operators: {{and}}, {{or}}, and {{not}}. They have the same meanings as {{&&}}, {{||}}, and {{\!}}. They have much lower binding precedence, which makes them useful for control flow \[ [Wall 2011|AA. Bibliography#Manpages]\]. They are called the late-precedence logical operators, whereas {{&&}}, {{||}}, and {{!}} are called the early-precedence logical operators.

It is possible to mix the early-precedence logical operators with the late-precedence logical operators, but this mixture of precedence will often lead leads to confusing, counterintuitive behavior. Therefore, every Perl expression should use either the early-precedence operators or the late-precedence ones, never both.

Wiki Markup\[[Conway 2005|AA. Bibliography#Conway 2005]\] recommends avoiding the use of {{not}} and {{and}} entirely, and only using {{or}} in control-flow operations, as a failure modeDamian Conway recommends avoiding the use of not and and entirely and using or only in control-flow operations, as a failure mode [Conway 2005]:

Code Block
langperl

    print $filehandle $data    or croak("Can't write to file: $!");

...

This noncompliant code example checks a file to see if it is suitable for suitability as an output file. It does this by checking to see that the file does not exist.

Code Block
langperl

if (not -f $file) {

This code is perfectly fine. However, it is later amended to also work if the file does exist , but can be overwritten.

Code Block
bgColor#ffcccc
langperl

if (not -f $file || -w $file) {

This code will not behave as expected , because the binding rules are lower for the not operator than for the ! operator. This code will instead behave like the followingInstead, this code behaves as follows:

Code Block
langperl

if (not (-f $file || -w $file)) {

when the maintainer really wanted:

Code Block
langperl

if ((not -f $file) || -w $file) {

...

This compliant solution uses the ! operator in conjunction with the || operator. This code has the desired behavior of determining if a file either does not exist , or does exist but is overwritable.

Code Block
bgColor#ccccff
langperl

if (! -f $file || -w $file) {

...

This compliant solution uses the early-precedence operators consistently. Again, the code works as expected.

Code Block
bgColor#ccccff
langperl

if (not -f $file or -w $file) {

...

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

EXP04-PL

low Low

unlikely Unlikely

low Low

P1 P3

L3

Automated Detection

Tool

Diagnostic

Perl::Critic

ValuesAndExpressions::ProhibitMixedBooleanOperators

Bibliography

...

[CPAN

...

]Elliot Shank,

...

Perl-Critic-1.116 ProhibitMixedBooleanOperators
[Conway 2005]"Low-Precedence Operators," p. 70
[Wall 2011]perlop

 

 

...

Image Added Image Added Image Added|http://search.cpan.org/~elliotjs/Perl-Critic-1.116/]. [ProhibitMixedBooleanOperators|http://search.cpan.org/~elliotjs/Perl-Critic-1.112_001/lib/Perl/Critic/Policy/ValuesAndExpressions/ProhibitMixedBooleanOperators.pm]. \[[Conway 2005|AA. Bibliography#Conway 2005]\], pg 70 \[[Wall 2011|AA. Bibliography#Manpages]\] [perlop|http://perldoc.perl.org/perlop.html]EXP11-C. Do not apply operators expecting one type to data of an incompatible type      03. Expressions (EXP)      EXP13-C. Treat relational and equality operators as if they were nonassociative