SEI CERT Perl Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 31

changes.mady.by.user David Svoboda

Saved on

compared with

New Version Current

changes.mady.by.user Will Snavely

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Tool

Diagnostic

Notes

Taint mode

Insecure dependency in parameter \d* of DBI::db=.* method call

Catches SQL injection.
Requires TaintIn attribute.

Related Guidelines

SEI CERT C Coding Standard

STR02-C. Sanitize data passed to complex subsystems

SEI CERT C++ Secure Coding Standard

VOID STR02-CPP. Sanitize data passed to complex subsystems

CERT Oracle Secure Coding Standard for JavaIDS00-J. Sanitize untrusted data passed across a trust boundaryPrevent SQL injection

Bibliography

[Birznieks 1998]Birznieks, Gunther, CGI/Perl Taint Mode FAQ, Version 1.0, June 3, 1998
[CGI 2005]CGI.pm: A Perl5 CGI Library, Function-Oriented vs Object-Oriented Use
[CPAN]Bunce, Tim, DBI
[CPAN]Stosberg, Mark, CGI
[Lester 2006]Lester, Andy, "Perl's taint mode to the rescue," O'Reilly OULamp.com, November 17, 2006
[VU#246409]Input validation error in quikstore.cgi allows attackers to execute commands
[VU#282403]AdCycle does not adequately validate user input thereby allowing for SQL injection
[Wall 2011]perlsec

 

...

Image Modified Image Modified Image Modified