perl-security

# Perl Security Patterns Comprehensive security guidelines for Perl applications covering input validation, injection prevention, and secure coding practices. ## When to Activate - Handling user input in Perl applications - Building Perl web applications (CGI, Mojolicious, Dancer2, Catalyst) - Reviewing Perl code for security vulnerabilities - Performing file operations with user-supplied paths - Executing system commands from Perl - Writing DBI database queries ## How It Works Start with taint-aware input boundaries, then move outward: validate and untaint inputs, keep filesystem and process execution constrained, and use parameterized DBI queries everywhere. The examples below show the safe defaults this skill expects you to apply before shipping Perl code that touches user input, the shell, or the network. ## Taint Mode Perl's taint mode (`-T`) tracks data from external sources and prevents it from being used in unsafe operations without explicit validation. ### Enabling Taint Mode ```perl #!/usr/bin/perl -T use v5.36; # Tainted: anything from outside the program my $input = $ARGV[0]; # Tainted my $env_path = $ENV{PATH}; # Tainted my $form = <STDIN>; # Tainted my $query = $ENV{QUERY_STRING}; # Tainted # Sanitize PATH early (required in taint mode) $ENV{PATH} = '/usr/local/bin:/usr/bin:/bin'; delete @ENV{qw(IFS CDPATH ENV BASH_ENV)}; ``` ### Untainting Pattern ```perl use v5.36; # Good: Validate and untaint with a specific regex s...