Skip to content

Commit

Permalink
improve taint analysis function
Browse files Browse the repository at this point in the history
  • Loading branch information
@htrgouvea
htrgouvea committed Mar 30, 2024
1 parent 22367a2 commit 4e7dd58
Showing 1 changed file with 11 additions and 4 deletions.
15 changes: 11 additions & 4 deletions lib/Zarn/AST.pm
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ package Zarn::AST {
use PPI::Find;
use PPI::Document;

our $VERSION = '0.0.3';
our $VERSION = '0.0.4';

sub new {
my ($self, $parameters) = @_;
Expand Down Expand Up @@ -36,14 +36,21 @@ package Zarn::AST {
# this is a draft source-to-sink function
if (defined $next_element && ref $next_element && $next_element -> content() =~ /[\$\@\%](\w+)/xms) {
# perform taint analyis
my $var_token = $document -> find_first (
sub { $_[1] -> isa("PPI::Token::Symbol") and $_[1] -> content eq "\$$1" }
my $var_token = $document -> find_first (
sub {
$_[1] -> isa("PPI::Token::Symbol") and
($_[1] ->content eq "\$$1" or $_[1] -> content eq "\@$1" or $_[1] -> content eq "\%$1")
}
);

if ($var_token && $var_token -> can("parent")) {

Check failure on line 46 in lib/Zarn/AST.pm

View workflow job for this annotation

GitHub Actions / critic 

Code structure is deeply nested at line 46, column 29. Consider refactoring.
my @childrens = $var_token -> parent -> children;

if (grep {$_ -> isa("PPI::Token::Quote::Double")} @childrens) {
if (grep { # verifyng if the variable is a fixed string or a number

Check failure on line 49 in lib/Zarn/AST.pm

View workflow job for this annotation

GitHub Actions / critic 

Code structure is deeply nested at line 49, column 33. Consider refactoring.
$_ -> isa("PPI::Token::Quote::Double") ||
$_ -> isa("PPI::Token::Quote::Single") ||
$_ -> isa("PPI::Token::Number")
} @childrens) {
next;
}

Expand Down

0 comments on commit 4e7dd58

Please sign in to comment.