Preferred bug tracker

Please visit the preferred bug tracker to report your issue.

This queue is for tickets about the Perl-Critic CPAN distribution.

Report information
The Basics
Id:
77085
Status:
new
Priority:
Low/Low
Queue:

People
Owner:
Nobody in particular
Requestors:
EDAVIS [...] cpan.org
Cc:
AdminCc:

BugTracker
Severity:
Wishlist
Broken in:
1.117
Fixed in:
(no value)



Subject: Suggested policy: format string vulnerabilities
printf("some format string containing $unsafe text %d", $x); This would probably be better written as printf("some format string containing %s text %d", $unsafe, $x); In Perl this isn't quite the serious stack-smashing vulnerability it can be in C, and taint mode helps too. But it's still not a safe way to program. Perlcritic should have a policy catching non-literal format strings used in printf and sprintf.


This service runs on Request Tracker, is sponsored by The Perl Foundation, and maintained by Best Practical Solutions.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.