Skip Menu |

Preferred bug tracker

Please visit the preferred bug tracker to report your issue.

This queue is for tickets about the Perl-Critic CPAN distribution.

Report information
The Basics
Id: 77085
Status: new
Priority: 0/
Queue: Perl-Critic

Owner: Nobody in particular
Requestors: EDAVIS [...]

Bug Information
Severity: Wishlist
Broken in: 1.117
Fixed in: (no value)

Subject: Suggested policy: format string vulnerabilities
Download (untitled) / with headers
text/plain 417b
printf("some format string containing $unsafe text %d", $x); This would probably be better written as printf("some format string containing %s text %d", $unsafe, $x); In Perl this isn't quite the serious stack-smashing vulnerability it can be in C, and taint mode helps too. But it's still not a safe way to program. Perlcritic should have a policy catching non-literal format strings used in printf and sprintf.

This service is sponsored and maintained by Best Practical Solutions and runs on infrastructure.

Please report any issues with to