zarn
zarn copied to clipboard
Wrong output
Hello, I read your source code, and conducted a test, found that when the variable is first user input, and then defined as a string, there will still be an error detection of the vulnerability, as follows: sub main { my $name = $ARGV[0]; my $name = "aasa"; system ("echo Hello World! $name"); }
I checked your source code and found that it is caused by find_first only looking at the first defined variable. (AST.PL)