Skip Menu |
 

Preferred bug tracker

Please visit the preferred bug tracker to report your issue.

This queue is for tickets about the Perl-Critic CPAN distribution.

Report information
The Basics
Id: 77085
Status: new
Priority: 0/
Queue: Perl-Critic

People
Owner: Nobody in particular
Requestors: EDAVIS [...] cpan.org
Cc:
AdminCc:

Bug Information
Severity: Wishlist
Broken in: 1.117
Fixed in: (no value)



Subject: Suggested policy: format string vulnerabilities
Download (untitled) / with headers
text/plain 417b
printf("some format string containing $unsafe text %d", $x); This would probably be better written as printf("some format string containing %s text %d", $unsafe, $x); In Perl this isn't quite the serious stack-smashing vulnerability it can be in C, and taint mode helps too. But it's still not a safe way to program. Perlcritic should have a policy catching non-literal format strings used in printf and sprintf.


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.