YOU ARE HERE: HOMEVeracode Packaging Instructions for Perl

Veracode Packaging Instructions for Perl

This document is for customer licensed Veracode SAST. Last check and update 11-Jan-2018.

Required Files

The Veracode Platform requires all source files for the application.

Supported Perl Versions

Language Version
Perl 5.x (CGI Applications)

Compilation and Packaging Guidance

Upload a compressed ZIP archive containing all Perl source code, maintaining the project structure, to the Veracode Platform. Do not include third-party party packages.

The Veracode Platform only scans files with the following extensions:

  • .pl
  • .pm
  • .plx
  • .pl5
  • .cgi

Cleansing Functions

Veracode recognizes several functions native to Perl CGI that provide adequate protection against injection type attacks:

  • escapeHTML()
  • escape()
  • If Autoescape mode is enabled (default since CGI.pm v1.57), then the following CGI functions automatically escape the output HTML:
    • textfield()
    • textarea()
    • password_field()
    • filefield()
    • popup_menu()
    • optgroup()
    • scrolling_list()
    • checkbox_group()
    • checkbox()
    • radio_group()
    • submit()
    • defaults()
    • hidden()