SEI CERT Perl Coding Standard - Guidelines 01. Input Validation and Data Sanitization (IDS)

The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a re...

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but ...

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation...

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes spe...

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index ref...

The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of mem...

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

CWE entries in this view (graph) are fully or partially eliminated by following the guidance presented in the online wiki that reflects that current rules and recommen...