
...
Here is a list of deprecated functions along with their recommended alternatives if available:
Deprecated | Preferred |
---|
UNIVERSAL::can()
object can()
method
UNIVERSAL::isa()
object isa()
method
|
|
|
|
|
|
|
|
The following modules are also deprecated:
Deprecated | Preferred |
---|---|
|
|
Noncompliant Code Example (die()
)
This noncompliant code example tries to open a file and invokes the obsolete die()
method if it fails.
Code Block | ||||
---|---|---|---|---|
| ||||
my $file;
open(FILE, "<", $file) or die "error opening $file: stopped";
# work with FILE
|
The die()
method is considered deprecated because it prints the file name and line number in which it was invoked. This might information might be sensitive information.
Compliant Solution (croak()
)
This compliant solution uses the croak()
function instead of die()
.
Code Block | ||||
---|---|---|---|---|
| ||||
use Carp;
my $file;
open(FILE, "<", $file) or croak "error opening $file: stopped";
# work with FILE
|
Unlike die()
, croak()
provides the file name and line number of the function that invoked the function that invoked croak()
. This is solution is more useful for application code that invokes library code; in this case, croak()
and carp()
also will reveal the file name and line number of the application code rather than the library code.
Exceptions
EXP30:EX0: The -t
function should not be used for determining if input is interactive, but it is perfectly valid to determine if output is interactive. So it may be used on *STDOUT
or *STDERR
.
EXP30:EX1: There are several instances when die()
and warn()
are preferred over carp()
and croak()
:
- Inside a signal handler because the behavior of
croak()
andcarp()
functions when invoked inside a signal handler are not documented.
- Outside a subroutine, that is, when used in a small Perl script. In this case, all four functions have no stack trace to indicate their calling location.
- If the string given to
die()
orwarn()
ends with a newline, then these functions do not provide any file name or line number information. Consequently, they may be invoked if given a string literal that clearly ends with a newline (and the developer clearly does not wish to reveal file name or line number information).
Risk Assessment
Failure to handle error codes or other values returned by functions can lead to incorrect program flow and violations of data integrityUsing deprecated or obsolete classes or methods in program code can lead to erroneous behavior.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
EXP30-PL |
Medium |
Probable |
Low | P12 | L1 |
Automated Detection
Tool | Diagnostic |
---|---|
Perl::Critic |
BuiltinFunctions::ProhibitUniversalCan
BuiltinFunctions::ProhibitUniversalIsa
ErrorHandling::RequireCarping |
InputOutput::ProhibitInteractiveTest |
Miscellanea::ProhibitFormats | |
PERL_S37 |
Related Guidelines
...
...
...
...
...
Bibliography
...
...
Perl-Critic-1.116 RequireCarping, InteractiveTest, ProhibitFormats | |
---|---|
[CPAN] | Chris Dolan, base |
[CPAN] | Max Maischein, parent |
...
|http://search.cpan.org/~elliotjs/Perl-Critic-1.116/] [ProhibitUniversalCan|http://search.cpan.org/~elliotjs/Perl-Critic-1.116/lib/Perl/Critic/Policy/BuiltinFunctions/ProhibitUniversalCan.pm], [ProhibitUniversalIsa|http://search.cpan.org/~elliotjs/Perl-Critic-1.116/lib/Perl/Critic/Policy/BuiltinFunctions/ProhibitUniversalIsa.pm], [RequireCarping|http://search.cpan.org/~elliotjs/Perl-Critic-1.116/lib/Perl/Critic/Policy/ErrorHandling/RequireCarping.pm], [InteractiveTest|http://search.cpan.org/~elliotjs/Perl-Critic-1.116/lib/Perl/Critic/Policy/InputOutput/ProhibitInteractiveTest.pm], [ProhibitFormats|http://search.cpan.org/~elliotjs/Perl-Critic-1.116/lib/Perl/Critic/Policy/Miscellanea/ProhibitFormats.pm] \[[Conway 2005|AA. Bibliography#Conway 2005]\] 02. Expressions EXP31-PL. Do not use the two-argument form of open()