ZARN
A lightweight static code security analysis for Modern Perl Applications
Performing static analysis, Zarn is able to identify possible vulnerabilities: for this purpose, each file is parsed using AST analysis to recognize tokens that present risks and subsequently runs the taint tracking process to confirm that it is a whether exploitable or not, to validate whether a malicious agent is able to target the method in question.
Currently, Zarn do single file context analysis, which means that it is not able to identify vulnerabilities that are not directly related to the file being analyzed. But in the future, we plan to implement a call graph analysis to identify vulnerabilities that are not directly related to the file being analyzed.
You can read the full publication about Zarn at: a lightweight static security analysis tool for modern Perl Apps.
# Download
$ git clone https://github.com/htrgouvea/zarn && cd zarn
# Install libs dependencies
$ sudo cpanm --installdeps .$ perl zarn.pl --rules rules/quick-wins.yml --source ../nozaki
[warn] - FILE:../nozaki/lib/Functions/Helper.pm Potential: Timing Attack.
[vuln] - FILE:../nozaki/lib/Engine/Orchestrator.pm Potential: Path Traversal.
[vuln] - FILE:../nozaki/lib/Engine/Orchestrator.pm Potential: Path Traversal.
[warn] - FILE:../nozaki/lib/Engine/FuzzerThread.pm Potential: Timing Attack.rules:
- id: '0001'
category: info
name: Debug module enabled
message:
sample:
- Dumper
- id: '0002'
category: vuln
name: Code Injection
message:
sample:
- system
- eval
- exec
- id: '0003'
category: vuln
name: Path Traversal
message:
sample:
- openYour contributions and suggestions are heartily ♥ welcome. See here the contribution guidelines. Please, report bugs via issues page and for security issues, see here the security policy. (✿ ◕‿◕) This project follows this style guide: (https://github.com/htrgouvea/perl-style-guide).
This work is licensed under MIT License.