Do not use deprecated or obsolescent functions when more secure equivalent functions are available.

Here is a list of deprecated functions along with their recommended alternatives if available:

Deprecated

Preferred

die()

Carp::croak()

warn()

Carp::carp()

-t

IO::Interactive

format()

Template, Perl6::Form

The following modules are also deprecated:

Deprecated

Preferred

base

parent

Noncompliant Code Example (die())

This noncompliant code example tries to open a file and invokes the obsolete die() method if it fails.

my $file;
open(FILE, "<", $file) or die "error opening $file: stopped";
# work with FILE

The die() method is considered deprecated because it prints the file name and line number in which it was invoked. This information might be sensitive.

Compliant Solution (croak())

This compliant solution uses the croak() function instead of die().

use Carp;

my $file;
open(FILE, "<", $file) or croak "error opening $file: stopped";
# work with FILE

Unlike die(), croak() provides the file name and line number of the function that invoked the function that invoked croak(). This solution is more useful for application code that invokes library code; in this case, croak() and carp() also will reveal the file name and line number of the application code rather than the library code.

Exceptions

EXP30:EX0: The -t function should not be used for determining if input is interactive, but it is perfectly valid to determine if output is interactive. So it may be used on *STDOUT or *STDERR.

EXP30:EX1: There are several instances when die() and warn() are preferred over carp() and croak():

  • Inside a signal handler because the behavior of croak() and carp() functions when invoked inside a signal handler are not documented.
  • Outside a subroutine, that is, when used in a small Perl script. In this case, all four functions have no stack trace to indicate their calling location.
  • If the string given to die() or warn() ends with a newline, then these functions do not provide any file name or line number information. Consequently, they may be invoked if given a string literal that clearly ends with a newline (and the developer clearly does not wish to reveal file name or line number information).

Risk Assessment

Using deprecated or obsolete classes or methods in program code can lead to erroneous behavior.

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

EXP30-PL

Medium

Probable

Low

P12

L1

Automated Detection

Tool

Diagnostic

Perl::Critic



ErrorHandling::RequireCarping

InputOutput::ProhibitInteractiveTest

Miscellanea::ProhibitFormats

Security Reviewer - Static Reviewer

PERL_S37

Related Guidelines

Bibliography



3 Comments

  1. Via email, Michael Greb says:
    > EXP30-PL
    >
    > die, warn, -t, and format are not deprecated, discouraged may be a better word but that doesn't apply to die, warn, or -t. I'm not sure that format is even discouraged though it isn't in common use.

    Perl does not have any 'standard' notion of deprecation (unlike some languages such as Java). So anyone can declar any feature as 'deprecated'. CERT is using 'deprecated' here in its general sense: that these functions should not be used because of various inherent problems, and better alternatives exist.

    Of course, we hope the Perl community also deprecates the use of these functions, and as you note, some of them are already 'not in common use'.

    Reference: http://stackoverflow.com/questions/1701118/how-can-i-mark-perl-code-as-deprecated

    1. Anonymous

      die and warn are definitely not deprecated. In fact calling croak and carp would no longer work if they are removed, as they use die and warn internally.

      It would be better to say that that it is discouraged to use them outside of subroutine that is providing a wrapper like carp and croak are.

      For example there are numerous modules that use die with a object reference representing a exception. While they could use croak, it would be pointless as it just calls die with the original argument.

  2. Via email, Michael Greb says:
    > The purpose of carp/croak come from a usability perspective. When a module dies with an message about passing an invalid argument into the module, the line/file name of the die statement isn't very useful for debugging. Using croak in such a case would give the line and file that called the module function incorrectly, much more useful in such a case.
    >
    > die and warn are both capable of not appending line and file information. The line number, file name, and new line are only appended if the message doesn't already have a new line.
    >
    > Additionally, calling carp and croak from a perl script output indentical errors as warn and die.

    I've overhauled *EXP30:EX1* to include this information.