-
Notifications
You must be signed in to change notification settings - Fork 8
/
zarn.pl
executable file
·89 lines (70 loc) · 2.48 KB
/
zarn.pl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
#!/usr/bin/env perl
use 5.030;
use strict;
use warnings;
use Carp;
use JSON;
use lib "./lib/";
use Getopt::Long;
use Zarn::Engine::AST;
use Zarn::Helper::Files;
use Zarn::Helper::Rules;
use Zarn::Helper::Sarif;
use Zarn::Engine::Source_to_Sink;
our $VERSION = '0.1.0';
sub main {
my $rules = "rules/default.yml";
my ($source, $ignore, $sarif, @results);
Getopt::Long::GetOptions (
"r|rules=s" => \$rules,
"s|source=s" => \$source,
"i|ignore=s" => \$ignore,
"srf|sarif=s" => \$sarif
);
if (!$source) {
print "\nZarn v0.1.0"
. "\nCore Commands"
. "\n==============\n"
. "\tCommand Description\n"
. "\t------- -----------\n"
. "\t-s, --source Configure a source directory to do static analysis\n"
. "\t-r, --rules Define YAML file with rules\n"
. "\t-i, --ignore Define a file or directory to ignore\n"
. "\t-srf, --sarif Define the SARIF output file\n"
. "\t-h, --help To see help menu of a module\n\n";
return 0;
}
my @rules = Zarn::Helper::Rules -> new($rules);
my @files = Zarn::Helper::Files -> new($source, $ignore);
foreach my $file (@files) {
if (@rules) {
my $ast = Zarn::Engine::AST -> new (["--file" => $file]);
my @analysis = Zarn::Engine::Source_to_Sink -> new ([
"--ast" => $ast,
"--rules" => @rules
]);
if (@analysis) {
$analysis[0] -> {'file'} = $file;
}
push @results, @analysis;
}
}
foreach my $result (@results) {
my $category = $result -> {category};
my $file = $result -> {file};
my $title = $result -> {title};
my $line_sink = $result -> {line_sink};
my $rowchar_sink = $result -> {rowchar_sink};
my $line_source = $result -> {line_source};
my $rowchar_source = $result -> {rowchar_source};
print "[$category] - FILE:$file \t Potential: $title. \t Dangerous function on line: $line_sink:$rowchar_sink \t Data point possibility controlled: $line_source:$rowchar_source\n";
}
if ($sarif) {
my $sarif_data = Zarn::Helper::Sarif -> new (@results);
open(my $output, '>', $sarif) or croak "Cannot open file '$sarif': $!";
print $output encode_json($sarif_data);
close($output);
}
return 0;
}
main();