zarn
zarn copied to clipboard
htrgouvea
A lightweight static security analysis tool for modern Perl Apps
Can static analysis of CVE-2022-41352 vulnerability be realized? The specific principle is that if pax program exists in the operating system, pax program is used; otherwise, cpio program is used...
Hello, I read your source code, and conducted a test, found that when the variable is first user input, and then defined as a string, there will still be an...
Modify some AST code to make it more compatible,Can be adapted to the following situations: use 5.018; use strict; use warnings; sub main { my $name = $ARGV[0]; my $name...
Currently, ZARN performs a pseudo analysis of the data flow, it tries to identify the presence of a variable and looks for the possibility of its value being changed by...
**Problem**: Currently the default ruleset includes many of the common keywords/commands that can be used to trigger an RCE attack, e.g. `system`, `eval`, `exec`, and `qx`. However, it does not...
Currently ZARN works by searching for the presence of dangerous functions/that may present risks and trying to infer whether they are "reachable" through user input. But there are some categories...
Using an SCA (Software Composition Analysis) is super important for code integrity and application security. There is no SCA present in this repository yet, so I am opening this issue...
The integration of unit testing is not merely a best practice but a crucial step toward ensuring the reliability and resilience of our codebase. By conducting targeted tests on individual...