Fix #37: Line numbers in the output doesn't match with the Line numbe…

…rs in the source code (#38) * some fix for linter warnings * update example of rules with description * fix row and line numbers on print findings * change quote to double quotes
htrgouvea · Feb 19, 2024 · 4cf284d · 4cf284d
1 parent 1acf595
commit 4cf284d
Show file tree

Hide file tree

Showing 7 changed files with 24 additions and 25 deletions.
diff --git a/.perlcriticrc b/.perlcriticrc
@@ -1,4 +1,4 @@
-severity = 4
+severity = 3
 
 [-TestingAndDebugging::RequireUseStrict]
 [-TestingAndDebugging::RequireUseWarnings]
diff --git a/README.md b/README.md
@@ -6,7 +6,7 @@
       <img src="https://img.shields.io/badge/license-MIT-blue.svg">
     </a>
      <a href="https://github.com/htrgouvea/zarn/releases">
-      <img src="https://img.shields.io/badge/version-0.0.9-blue.svg">
+      <img src="https://img.shields.io/badge/version-0.1.0-blue.svg">
     </a>
     <br/>
     <img src="https://github.com/htrgouvea/zarn/actions/workflows/linter.yml/badge.svg">
@@ -57,21 +57,22 @@ rules:
   - id: '0001'
     category: info
     name: Debug module enabled
-    message:
+    message: Debug modules can expose sensitive information and potentially create security vulnerabilities.
     sample:
       - Dumper
   - id: '0002'
     category: vuln
     name: Code Injection
-    message: 
+    message: Occur when untrusted data is executed as code, allowing attackers to run arbitrary commands on the server.
     sample:
       - system
       - eval
       - exec
+      - qx
   - id: '0003'
     category: vuln
     name: Path Traversal
-    message: 
+    message: Occur when user input is not properly sanitized, allowing attackers to access files and directories outside of the intended directory structure.
     sample:
       - open
 ```
@@ -89,7 +90,7 @@ on:
   pull_request:
     branches: [ "main" ]
   schedule:
-    - cron: '28 23 * * 1'
+    - cron: "28 23 * * 1"
 
 jobs:
   zarn:
@@ -114,7 +115,6 @@ jobs:
 
 Your contributions and suggestions are heartily ♥ welcome. [See here the contribution guidelines.](/.github/CONTRIBUTING.md) Please, report bugs via [issues page](https://github.com/htrgouvea/zarn/issues) and for security issues, see here the [security policy.](/SECURITY.md) (✿ ◕‿◕) This project follows this [style guide: (https://github.com/htrgouvea/perl-style-guide)](https://github.com/htrgouvea/perl-style-guide).
 
-
 ---
 
 ### License

diff --git a/lib/Zarn/AST.pm b/lib/Zarn/AST.pm
@@ -5,7 +5,7 @@ package Zarn::AST {
     use PPI::Find;
     use PPI::Document;
 
-    our $VERSION = '0.01';
+    our $VERSION = '0.0.1';
 
     sub new {
         my ($self, $parameters) = @_;
@@ -45,7 +45,7 @@ package Zarn::AST {
                                     $var_token -> parent -> isa("PPI::Token::Operator") ||
                                     $var_token -> parent -> isa("PPI::Statement::Expression")
                                 )) {
-                                    my ($line, $rowchar) = @{$var_token -> location};
+                                    my ($line, $rowchar) = @{$token -> location};
 
                                     push @results, {
                                         category => $category,

diff --git a/lib/Zarn/Files.pm b/lib/Zarn/Files.pm
@@ -3,7 +3,7 @@ package Zarn::Files {
     use warnings;
     use File::Find::Rule;
 
-    our $VERSION = '0.01';
+    our $VERSION = '0.0.1';
 
     sub new {
         my ($self, $source, $ignore) = @_;

diff --git a/lib/Zarn/Rules.pm b/lib/Zarn/Rules.pm
@@ -3,7 +3,7 @@ package Zarn::Rules {
     use warnings;
     use YAML::Tiny;
 
-    our $VERSION = '0.01';
+    our $VERSION = '0.0.1';
 
     sub new {
         my ($self, $rules) = @_;

diff --git a/lib/Zarn/Sarif.pm b/lib/Zarn/Sarif.pm
@@ -2,7 +2,7 @@ package Zarn::Sarif {
     use strict;
     use warnings;
 
-    our $VERSION = '0.01';
+    our $VERSION = '0.0.1';
 
      sub new {
         my ($self, @vulnerabilities) = @_;

diff --git a/zarn.pl b/zarn.pl
@@ -3,6 +3,7 @@
 use 5.030;
 use strict;
 use warnings;
+use Carp;
 use lib "./lib/";
 use Getopt::Long;
 use Zarn::AST;
@@ -25,18 +26,16 @@ sub main {
     );
 
     if (!$source) {
-        print "
-          \rZarn v0.0.9
-          \rCore Commands
-          \r==============
-          \r\tCommand          Description
-          \r\t-------          -----------
-          \r\t-s, --source     Configure a source directory to do static analysis
-          \r\t-r, --rules      Define YAML file with rules
-          \r\t-i, --ignore     Define a file or directory to ignore
-          \r\t-srf, --sarif    Define the SARIF output file
-          \r\t-h, --help       To see help menu of a module\n
-        \r";
+        print "\nZarn v0.0.9"
+        . "\nCore Commands"
+        . "\n==============\n"
+        . "\tCommand          Description\n"
+        . "\t-------          -----------\n"
+        . "\t-s, --source     Configure a source directory to do static analysis\n"
+        . "\t-r, --rules      Define YAML file with rules\n"
+        . "\t-i, --ignore     Define a file or directory to ignore\n"
+        . "\t-srf, --sarif    Define the SARIF output file\n"
+        . "\t-h, --help       To see help menu of a module\n\n";
 
         exit 1;
     }
@@ -68,7 +67,7 @@ sub main {
     if ($sarif) {
         my $sarif_data = Zarn::Sarif -> new (@results);
 
-        open(my $output, '>', $sarif) or die "Cannot open file '$sarif': $!";
+        open(my $output, '>', $sarif) or croak "Cannot open file '$sarif': $!";
 
         print $output encode_json($sarif_data);