NAME

App::Project::Doctor::Check::Security - Check for missing pragmas and hardcoded secrets

DESCRIPTION

Two security checks across all Perl source files:

1. use strict and use warnings present in every .pm and script.
2. Scan for hardcoded credential patterns (passwords, API keys, AWS key prefixes, PEM private key headers).

Pragma fixes are automated; credential findings require manual resolution.

MESSAGES

Code | Trigger                      | Resolution
-----|------------------------------|-------------------------------------------
S001 | Missing 'use strict'         | Fix inserts pragma after package declaration
S002 | Missing 'use warnings'       | Fix inserts pragma after package declaration
S003 | Possible hardcoded secret    | Move to env var / external config

FORMAL SPECIFICATION

check : Context -> [Finding]
check ctx ==
  concat [ check_file f | f <- perl_files ctx ]
  where
    check_file f ==
      strict_check f ++ warnings_check f ++ credential_check f

AUTHOR

Nigel Horne <njh@nigelhorne.com>

LICENSE

Copyright (C) 2026 Nigel Horne. This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.