A list of the Perl::Critic policies CERT recommends

By brian d foy on

I spent the morning collating the CERT recommendations and rules for secure Perl coding. Some of their policies recommend particular Perl::Critic policies. Here's that list:

I put all the data in a JSON file.

Jeff said it would be trivial to make a cert theme, and now that I've collected all the data, it's someone else's turn to do that. :)

4 Comments

Author Profile Page Kimmel | January 14, 2013 6:14 PM | Reply

This post reminded me to release the already completed CERT themes, which will probably be folded into the next release of perlcritic. I made a repo with just these changes for people to test with. https://github.com/kimmel/perlcritic

Author Profile Page brian d foy replied to comment from Kimmel | January 14, 2013 6:43 PM | Reply

You said on twitter that I was missing some things. What was missing?

Author Profile Page brian d foy replied to comment from Kimmel | January 14, 2013 10:03 PM | Reply

I updated the gists. Thanks,

Author Profile Page tommy_butler | January 15, 2013 6:06 PM | Reply

Thanks for this. If for no other reason than that I went and read the CERT guidelines and am more aware of best practices. I generally have just blindly followed Perl::Critic's advice (because you're "supposed to" follow it). However I have found some things about it's critiques to be very annoying (stringy eval is something I actually like to use sometimes). Now after having read the CERT docs I have a clearer view of why certain policies are used, and with that clarity came conviction--of their worthiness and legitimacy. This can be attributed in part to the fact that the topics are very well covered.

Thanks again, Brian.

Leave a comment

About brian d foy

user-pic I'm the author of Mastering Perl, and the co-author of Learning Perl (6th Edition), Intermediate Perl, Programming Perl (4th Edition) and Effective Perl Programming (2nd Edition).

More info »