Static code analysis with Perl and SonarQube

When managing code quality for bigger projects, SonarQube is the de-facto standard for many programming languages. Not for perl, as there has not been any perl integration into SonarQube yet.

We have Perl::Critic, a fantastic linting tool, but what if we could track our Perl::Critic issues in our projects over time? What if we had a webinterface where we could extract statistics about certain issue types? What if we could combine this with code coverage information? All this is about to come...

Come join me on my new open source project "sonar-perl": -- I'm looking forward to it!

C::Blocks Advent Day 1

In the tradition of the Perl Advent Calendar, I have decided to write an Advent Calendar for C::Blocks, which is in pre-Beta. My plan is to release a new treat each day about the C::Blocks library. Today we will begin with the basics: what it is and how it works.

Perl 5 Porters Mailing List Summary: November 21st-30th

Hey everyone,

Following is the p5p (Perl 5 Porters) mailing list summary for the past week and a half.


meta::hack Wrap-up Report

We had a great four days at meta::hack a couple of weeks ago. I've tried to briefly summarize what we accomplished.

Introducing Net::ACME

I’ve recently finished porting cPanel’s implementation of Let’s Encrypt’s ACME (Automatic Certificate Management Envirionment) protocol to a new CPAN module, Net::ACME.

Net::ACME offers a number of attractive features:

- It’s based closely on cPanel’s widely used Let’s Encrypt plugin.

- Memory usage is light: no Moose/Moo/etc.

- It can run in pure Perl, as long as you have an OpenSSL binary. (Otherwise, it needs Crypt::OpenSSL::RSA.)

- Thorough error checking—even Perl calling context!

- Errors are represented as typed, queryable exceptions. (The framework includes its own exception class hierarchy.)

- It’s “global clean”: no careless overwriting of variables like $@, $!, $?, etc.

The object hierarchy also closely mirrors ACME’s own object hierarchy: separate classes exist to represent ACME registrations, authorizations, challenges, and certificates.

The distribution includes example scripts that demonstrate usage of the module and should also give a good feel for the protocol itself.

I hope it’s useful!

Backticks and tests in Perl 6

Perl was created for systems administration, and Perl 6 has all the chops you've come to expect from the brand. Here I needed to use MD5 checksums from my collaborator to verify that I downloaded all their data without errors. Each data "$file" has an accompanying "$file.md5" that looks like this:

$ cat HOT232_1_0770m/prodigal.gff.md5
a36e4adfaa62cc4adb8cea44c4f7825f  HOT232_1_0770m/prodigal.gff

So I need to read the contents of this file, get just the first field, then execute my local "md5" (or "md5sum") program on the file without the ".md5" extension and determine if they are the same. All standard stuff, and I think Perl 6 gives us elegant ways to accomplish all of these, including a dead-simple testing framework. Here's my solution:

Security release - use after free in DBD::mysql when using prepared statements

DBD::mysql is the perl DBI driver for MySQL and the primary way Perl applications and scripts access MySQL and MariaDB databases. The source repository is at

A vulnerability was discovered that can lead to a use after free when using prepared statements. This vulnerability is present in all releases at least back to versions 3.0 of the driver, which were released in 2005.

The CVE identifier for this vulnerability is CVE-2016-1251.

Version 4.041, including the fix for this vulnerability, is available on CPAN at

Users of DBD::mysql with prepared statements are advised to patch their installations as soon as possible.

Many thanks to Pali Rohár for discovering and fixing the vulnerability.

The DBD::mysql maintainers, Patrick Galbraith Michiel Beijen

Shadertoy progress - playlists

The last two weeks, I didn't do much programming with OpenGL and GLSL. I used the weekend to catch up with some of the bug reports on Github and made the application more robust against missing input data or broken shaders. The net result is that it now can also cycle through a set of shaders:

About is a common blogging platform for the Perl community. Written in Perl and offering the modern features you’ve come to expect in blog platforms, the site is hosted by Dave Cross and Aaron Crane, with a design donated by Six Apart, Ltd.