zarn
zarn copied to clipboard
htrgouvea
Possibility to create rules for "absence of code"
Currently ZARN works by searching for the presence of dangerous functions/that may present risks and trying to infer whether they are "reachable" through user input. But there are some categories of vulnerabilities/risks that occur through the absence of a code (or a combination of both factors), example: #14
It would be interesting to have an implementation of this feature.
Example:
- id: '0005'
category: warn
name: "Lorem Ipsum"
message: "Lorem Ipsum"
type: presence
sample:
- md5
- id: '0006'
category: warn
name: "Other rule"
message: "Other message"
type: absence
sample:
- strict
- warnings
For rules with type "presence" the current behavior remains the same. For the "absence" rules, the search will be carried out for the absence of the item.
Hi @andersonbosa, of course! This task is with you for up to 5 days, if there is no update during this period I will remove it but in case of updates, I will keep it. Thanks!
Hi @andersonbosa! It's been 4 days since the assignment to you, we're close to the limit and I haven't had any updates yet. If you update me on something, I can increase this deadline.
Hi @andersonbosa, I saw that you made an update after my comment. However, the content of the update does not match the issue. Let me know if you're still interested in resolving this point. Thanks.
Due to the lack of response, I am allowing the possibility of someone else being responsible for the issue.
Hey guys,
Sorry for my delay here. I had some personal issues and was away for a few days... @htrgouvea I'm sorry I left you in the dark about this :pray: