MESSAGE
DATE | 2024-02-15 |
FROM | Joe Schaefer
|
SUBJECT | Re: [Hangout - NYLXS] static code analysis for Perl5 code?
|
From hangout-bounces-at-nylxs.com Sun Feb 18 23:47:23 2024 Return-Path: X-Original-To: archive-at-mrbrklyn.com Delivered-To: archive-at-mrbrklyn.com Received: from www2.mrbrklyn.com (www2.mrbrklyn.com [96.57.23.82]) by mrbrklyn.com (Postfix) with ESMTP id E3E5A1640CB; Sun, 18 Feb 2024 23:47:21 -0500 (EST) X-Original-To: hangout-at-www2.mrbrklyn.com Delivered-To: hangout-at-www2.mrbrklyn.com Received: by mrbrklyn.com (Postfix, from userid 1000) id 371B61640BF; Sun, 18 Feb 2024 23:45:59 -0500 (EST) Resent-From: Ruben Safir Resent-Date: Sun, 18 Feb 2024 23:45:59 -0500 Resent-Message-ID: <20240219044559.GJ20445-at-www2.mrbrklyn.com> Resent-To: hangout-at-mrbrklyn.com X-Original-To: ruben-at-mrbrklyn.com Delivered-To: ruben-at-mrbrklyn.com Received: from mxout1-ec2-va.apache.org (mxout1-ec2-va.apache.org [3.227.148.255]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.apache.org", Issuer "Sectigo RSA Domain Validation Secure Server CA" (not verified)) by mrbrklyn.com (Postfix) with ESMTPS id 6171D1640AE for ; Thu, 15 Feb 2024 13:03:26 -0500 (EST) Received: from mail.apache.org (mailgw-he-de.apache.org [116.203.246.181]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by mxout1-ec2-va.apache.org (ASF Mail Server at mxout1-ec2-va.apache.org) with ESMTPS id 31B444DCC8 for ; Thu, 15 Feb 2024 18:03:24 +0000 (UTC) Received: (qmail 4988 invoked by uid 998); 15 Feb 2024 18:03:18 -0000 Mailing-List: contact modperl-help-at-perl.apache.org; run by ezmlm Precedence: bulk Delivered-To: mailing list modperl-at-perl.apache.org Received: (qmail 4931 invoked by uid 116); 15 Feb 2024 18:03:17 -0000 Received: from spamproc1-he-de.apache.org (HELO spamproc1-he-de.apache.org) (116.203.196.100) by apache.org (qpsmtpd/0.94) with ESMTP; Thu, 15 Feb 2024 18:03:17 +0000 Authentication-Results: apache.org; auth=none Received: from localhost (localhost [127.0.0.1]) by spamproc1-he-de.apache.org (ASF Mail Server at spamproc1-he-de.apache.org) with ESMTP id B83371FFCB0 for ; Thu, 15 Feb 2024 18:03:17 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamproc1-he-de.apache.org X-Spam-Flag: NO X-Spam-Score: -5.011 X-Spam-Level: X-Spam-Status: No, score=-5.011 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.2, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=disabled Authentication-Results: spamproc1-he-de.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=sunstarsys.com Received: from mx1-ec2-va.apache.org ([116.203.227.195]) by localhost (spamproc1-he-de.apache.org [116.203.196.100]) (amavisd-new, port 10024) with ESMTP id o8r7mQiqYym1 for ; Thu, 15 Feb 2024 18:03:17 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=209.85.166.54; helo=mail-io1-f54.google.com; envelope-from=joe-at-sunstarsys.com; receiver= Received: from mail-io1-f54.google.com (mail-io1-f54.google.com [209.85.166.54]) by mx1-ec2-va.apache.org (ASF Mail Server at mx1-ec2-va.apache.org) with ESMTPS id BB01BC02F8 for ; Thu, 15 Feb 2024 18:03:16 +0000 (UTC) Received: by mail-io1-f54.google.com with SMTP id ca18e2360f4ac-7c4085a960aso42357039f.3 for ; Thu, 15 Feb 2024 10:03:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sunstarsys.com; s=google; t=1708020190; x=1708624990; darn=perl.apache.org; h=mime-version:content-language:accept-language:in-reply-to :references:message-id:date:thread-index:thread-topic:subject:to :from:from:to:cc:subject:date:message-id:reply-to; bh=fcg9LpbmQinyq64ZU67hTYucCqG/bHolIsxid3/nZrw=; b=Jv8x5i8pDNS+TnLPXx230VBLOlUSHdPFW4r27AHh8bAPo+Dwd2iLlMa3EkQIxo2vK0 yNdYYqvHG1YM1BKilRfwQYgoVozWc0Mji89Gi0MgSofmulDRVC4agZklM8wyc1V1Xxc4 sb+cYvtG2tVovQ212X+B3p1BwL9jyn0Q/sS4nKGghkO8i375GBsGxAYH02v+llSHWAGE CC91OakgV7t3sQUcINAcZIb70v3UvZPf7g9Ct4/yKJ3FUQ0F6gnuZJhCFJ1EhYG/dBSl 4aVKTWmAD5tM1SZxGxIHYnLl9yGyOIIuQVzM//46Qb4H8ZSY32InG4gXd+g5viewMDAa MjJw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708020190; x=1708624990; h=mime-version:content-language:accept-language:in-reply-to :references:message-id:date:thread-index:thread-topic:subject:to :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=fcg9LpbmQinyq64ZU67hTYucCqG/bHolIsxid3/nZrw=; b=T6COCxBndT4E139BZLliwmx0Kwsus3iFUEjuSArVDVhTAJxFkOTst8R4FNnCrUrqqY dfozhHLXlxAq2+Afp4kVfHsI/V1tK/wXyN6cOKaduQ+9o/sJ6cJTaFSp5LOAxfgX4SiQ rAHmIsk35p2aZ0pDWBqGIeuRgL5+Gx8DC7aFdXBa0+z0yBn0f2TFceYumi7ZSEB74A/N ApPIrYHSw73yAee8zYqY4X/iMMeGwxAP5ztAZ+AJp1eOBTHGAv0V+mu5ilFSn45j2BYY PaaixcNCkwaYMnm1JfJ/TTGIXluK+asxAY1w1Vli0fNAoXCuoDlSQyMdIXkYw34VRPxy 7QHw== X-Forwarded-Encrypted: i=1; AJvYcCWRW32fl70k/C1Ki+B9RXUQDQQlRKC3K8FVs+ulNj0QA16Y02z9Ref78sCQWJoRgJ3njLJfp+phHvBqllDXfgATcVSLAAwt2Q== X-Gm-Message-State: AOJu0YwDLaSmqyJxPWl0nUgOX+o17llUoeBEQxcX/t4bxcKKWlYIDvqZ VO51gSkNgYAxnLFTznbKFf1WJlPIiP+hQJ1EyJeCsdB9V3Kk9NDSTK+xmlsCVoSMyrIU+ZB9qcA l X-Google-Smtp-Source: AGHT+IFblGF9TUvxy7cD4pAV5b75M4G7n0xghWmBqv1gljz/MQ/ZdejItMZ4J0KBAVErq8Odgp2EWg== X-Received: by 2002:a5e:cb47:0:b0:7c4:4686:b171 with SMTP id h7-20020a5ecb47000000b007c44686b171mr2876469iok.14.1708020190327; Thu, 15 Feb 2024 10:03:10 -0800 (PST) Received: from DS7PR12MB5888.namprd12.prod.outlook.com ([2603:1036:301:305b::5]) by smtp.gmail.com with ESMTPSA id e3-20020a056602044300b007c45fa0bf2csm431941iov.54.2024.02.15.10.03.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 15 Feb 2024 10:03:09 -0800 (PST) From: Joe Schaefer To: Joseph He , mod_perl list Thread-Topic: static code analysis for Perl5 code? Thread-Index: AQHaYCYTcMNAnRjjR0SeCaYAwYw+YbELsdan X-MS-Exchange-MessageSentRepresentingType: 1 Date: Thu, 15 Feb 2024 18:03:09 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-Exchange-Organization-SCL: -1 X-MS-TNEF-Correlator: X-MS-Exchange-Organization-RecordReviewCfmType: 0 MIME-Version: 1.0 Subject: Re: [Hangout - NYLXS] static code analysis for Perl5 code? X-BeenThere: hangout-at-nylxs.com X-Mailman-Version: 2.1.30rc1 List-Id: NYLXS Tech Talk and Politics List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============2076042525==" Errors-To: hangout-bounces-at-nylxs.com Sender: "Hangout"
--===============2076042525== Content-Language: en-US Content-Type: multipart/alternative; boundary="_000_DS7PR12MB5888FC4C50D2A04E7622EDD9FE4D2DS7PR12MB5888namp_"
--_000_DS7PR12MB5888FC4C50D2A04E7622EDD9FE4D2DS7PR12MB5888namp_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
In short, you should just be running Perl with the -T flag. Perl::Critic i= s just a very opinionated linter.
Joe Schaefer, Ph.D
+1 (954) 253-3732 SunStar Systems, Inc. Orion - The Enterprise Jamstack Wiki
________________________________ From: Joseph He Sent: Thursday, February 15, 2024 10:43:41 AM To: mod_perl list Subject: static code analysis for Perl5 code?
All, good day.
Our company wants to use some tool to do a static analysis on our Perl5 cod= e like what they can do for Java, etc.
I know Perl::Critic can scan the code for the 'best practice'. Other than t= his, anybody knows that there is another tool supposedly to help find the s= ecurity loopholes, etc?
Thank you very much. Joseph
--_000_DS7PR12MB5888FC4C50D2A04E7622EDD9FE4D2DS7PR12MB5888namp_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
>
In short, you should just be running Perl with the -T flag= . Perl::Critic is just a very opinionated linter.
Joe Schaefer, Ph.D <joe-at-sunstarsys.com> +1 (954) 253-3732 SunStar Systems, Inc. Orion - The Enterprise Jamstack Wiki
yle=3D"font-size:11pt" color=3D"#000000">From: Joseph He <joseph.= he.2008-at-gmail.com>
Sent: Thursday, February 15, 2024 10:43:41 AM
To: mod_perl list <modperl-at-perl.apache.org>
Subject: static code analysis for Perl5 code?
All, good day.
Our company wants to use some tool to do a static analysis on our Perl= 5 code like what they can do for Java, etc.
I know Perl::Critic can scan the code for the 'best practice'. Other t= han this, anybody knows that there is another tool supposedly to help find = the security loopholes, etc?
Thank you very much. Joseph
--_000_DS7PR12MB5888FC4C50D2A04E7622EDD9FE4D2DS7PR12MB5888namp_--
--===============2076042525== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
_______________________________________________ Hangout mailing list Hangout-at-nylxs.com http://lists.mrbrklyn.com/mailman/listinfo/hangout
--===============2076042525==--
--===============2076042525== Content-Language: en-US Content-Type: multipart/alternative; boundary="_000_DS7PR12MB5888FC4C50D2A04E7622EDD9FE4D2DS7PR12MB5888namp_"
--_000_DS7PR12MB5888FC4C50D2A04E7622EDD9FE4D2DS7PR12MB5888namp_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
In short, you should just be running Perl with the -T flag. Perl::Critic i= s just a very opinionated linter.
Joe Schaefer, Ph.D
+1 (954) 253-3732 SunStar Systems, Inc. Orion - The Enterprise Jamstack Wiki
________________________________ From: Joseph He Sent: Thursday, February 15, 2024 10:43:41 AM To: mod_perl list Subject: static code analysis for Perl5 code?
All, good day.
Our company wants to use some tool to do a static analysis on our Perl5 cod= e like what they can do for Java, etc.
I know Perl::Critic can scan the code for the 'best practice'. Other than t= his, anybody knows that there is another tool supposedly to help find the s= ecurity loopholes, etc?
Thank you very much. Joseph
--_000_DS7PR12MB5888FC4C50D2A04E7622EDD9FE4D2DS7PR12MB5888namp_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
>
In short, you should just be running Perl with the -T flag= . Perl::Critic is just a very opinionated linter.
Joe Schaefer, Ph.D <joe-at-sunstarsys.com> +1 (954) 253-3732 SunStar Systems, Inc. Orion - The Enterprise Jamstack Wiki
yle=3D"font-size:11pt" color=3D"#000000">From: Joseph He <joseph.= he.2008-at-gmail.com>
Sent: Thursday, February 15, 2024 10:43:41 AM
To: mod_perl list <modperl-at-perl.apache.org>
Subject: static code analysis for Perl5 code?
All, good day.
Our company wants to use some tool to do a static analysis on our Perl= 5 code like what they can do for Java, etc.
I know Perl::Critic can scan the code for the 'best practice'. Other t= han this, anybody knows that there is another tool supposedly to help find = the security loopholes, etc?
Thank you very much. Joseph
--_000_DS7PR12MB5888FC4C50D2A04E7622EDD9FE4D2DS7PR12MB5888namp_--
--===============2076042525== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
_______________________________________________ Hangout mailing list Hangout-at-nylxs.com http://lists.mrbrklyn.com/mailman/listinfo/hangout
--===============2076042525==--
|
|