vwbusguy, 4 days ago

There was some stuff I wasn't sure how to sanely do with #Ansible and thought I might have to resort to a #Perl script and the AI helped me get out of the weeds with the playbook.

leonerd, 6 days ago

@tripleo If you want decent integration with 3rd party stuff (google APIs, amazon, etc...) you may need to write your own client stuff as most big service providers seem to have forgotten that #Perl exists

mjgardner, 6 days ago (edited 6 days ago)

@tripleo #Perl’s “sharp edges” are mainly early syntax and features that later experience with large and networked #programming found dangerous, but are preserved for backward (and we do mean “backward”) compatibility.

See the details of the strict and warnings pragmas, and successively missing items in feature bundles:

• https://perldoc.perl.org/strict
• https://perldoc.perl.org/warnings
• https://perldoc.perl.org/feature#FEATURE-BUNDLES

And the summary of policies included in #PerlCritic: https://MetaCPAN.org/pod/Perl::Critic::PolicySummary

mjgardner, 5 days ago

@tripleo I would also be remiss not to mention #Perl's included perltrap manual page, which notes both the strict and warnings pragmas and also has nice lists of things for those coming from other #programming languages and tools like #AWK, #C and #CPlusPlus, #JavaScript, #sed, and #shell.

https://perldoc.perl.org/perltrap

gisgeek, 5 days ago

@leonerd @tripleo I can only confirm this, even if currently FFI support does allow to bind #Perl to C/C++ quite easily. I find the general situation much better of other seasoned languages such as #Tcl or #Lisp, instead.

mjgardner, 5 days ago

@gisgeek I’m a little confused: are you saying that #Tcl and #Lisp are better than #Perl or worse regarding third-party / #FFI integrations?

/ @leonerd @tripleo

mjgardner, 5 days ago

@tripleo That link returns a “Not Found” page.

If you’re looking for documentation on #Perl's bless function, you'll find it here: https://perldoc.perl.org/functions/bless

Most people are better served with an OO system rather than raw bless calls in Perl. See https://perldoc.perl.org/perlootut#PERL-OO-SYSTEMS for a discussion.

You can also investigate the currently experimental class feature that brings native OOP keywords to Perl: https://perldoc.perl.org/perlclass

Or do you have a different question?

mjgardner, 5 days ago

@tripleo You’re thinking of #Perl’s “taint mode” (stop your teenage giggling), where outside data is untrusted unless it’s the extracted subpattern match in a #RegularExpression.

It’s only enabled under certain conditions. Read about it in the perlsec manual page: https://perldoc.perl.org/perlsec#Taint-mode

#programming #security #InfoSec #CyberSecurity #RegEx #RegExp

mjgardner, 5 days ago

@tripleo BTW, I’m quite chuffed you’re taking an interest in #Perl. Enjoy the ride!

mjgardner, 4 days ago

@tripleo You could use #Perl's taint mode for web inputs, but that’s a big performance-reducing hammer affecting everything outside your program: command line arguments, environment variables, locale, file input, certain system calls, etc.. It also breaks many #CPAN modules, including popular web application frameworks.

There's no one-size-fits-all solution, so use whatever’s appropriate for your web input. Start with @owasp’s Top 10: https://OWASP.org/www-project-top-ten/

mjgardner, 4 days ago

@tripleo Like I said in https://social.sdf.org/@mjgardner/112476483573909633, the only feature built in to #Perl for untrusted data is taint mode.

You might have heard of it or used it 25 years ago with simple #CGI scripts (and that still works!) but as I said in https://social.sdf.org/@mjgardner/112481166820565063, it breaks a lot of modern code.

It’s also no silver bullet: a taint failure is a fatal exception and it’s up to the developer to handle that gracefully.

#security #InfoSec #CyberSecurity #programming