Develop (#31)

* update year

* add the /x flag to the regular expression

* added tracker of versions

* fix regex warnings from linter

* added tracker of versions

* run more rules of linter

* remove new lines

.github/workflows/security-gate.yml

@@ -30,4 +30,4 @@ jobs:
         --critical $MAX_CRITICAL \
         --high $MAX_HIGH \
         --medium $MAX_MEDIUM \
-        --low $MAX_LOW
+        --low $MAX_LOW

.perlcriticrc

@@ -1,2 +1,3 @@
-only = 1
-include = ProhibitUnusedVariables ProhibitUnusedConstant ProhibitUnusedInclude ProhibitUnusedImport ProhibitUnreachableCode ProhibitComplexRegexes ProhibitDuplicatedSub ProhibitDuplicateHashKeys ProhibitUnusedPrivateSubroutines ProhibitUnlessBlocks ProhibitExcessiveColons ProhibitExplicitReturnUndef RequireCamelCase ProhibitMagicNumbers ProhibitTrailingWhitespace ProhibitHardTabs
+severity = 5
+
+[-TestingAndDebugging::RequireUseStrict]

.perltidyrc

@@ -3,4 +3,4 @@
 --continuation-indentation=4
 --square-bracket-tightness=2
 --tight-secret-operators
---maximum-consecutive-blank-lines=1
+--maximum-consecutive-blank-lines=1

LICENSE.MD

@@ -2,7 +2,7 @@ License
 ==============
 The MIT License (MIT)
 
-Copyright (c) 2023 | Heitor Gouvêa.
+Copyright (c) 2023 - 2024 | Heitor Gouvêa.
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

lib/Zarn/AST.pm

@@ -4,6 +4,8 @@ package Zarn::AST {
     use Getopt::Long;
     use PPI::Find;
     use PPI::Document;
+
+    our $VERSION = '0.01';
 
     sub new {
         my ($self, $parameters) = @_;
@@ -27,11 +29,11 @@ package Zarn::AST {
                     my $category = $rule -> {category};
                     my $title    = $rule -> {name};
 
-                    if (grep {my $content = $_; scalar(grep {$content =~ m/$_/} @sample)} $token -> content()) {
+                    if (grep {my $content = $_; scalar(grep {$content =~ m/$_/xms} @sample)} $token -> content()) {
                         my $next_element = $token -> snext_sibling;
 
                         # this is a draft source-to-sink function
-                        if (defined $next_element && ref $next_element && $next_element -> content() =~ /[\$\@\%](\w+)/) {
+                        if (defined $next_element && ref $next_element && $next_element -> content() =~ /[\$\@\%](\w+)/xms) {
                             # perform taint analyis
                             my $var_token = $document -> find_first (
                                 sub { $_[1] -> isa("PPI::Token::Symbol") and $_[1] -> content eq "\$$1" }

lib/Zarn/Files.pm

@@ -3,6 +3,8 @@ package Zarn::Files {
     use warnings;
     use File::Find::Rule;
 
+    our $VERSION = '0.01';
+
     sub new {
         my ($self, $source, $ignore) = @_;
 

lib/Zarn/Rules.pm

@@ -3,6 +3,8 @@ package Zarn::Rules {
     use warnings;
     use YAML::Tiny;
 
+    our $VERSION = '0.01';
+
     sub new {
         my ($self, $rules) = @_;
 

lib/Zarn/Sarif.pm

@@ -2,6 +2,8 @@ package Zarn::Sarif {
     use strict;
     use warnings;
 
+    our $VERSION = '0.01';
+
      sub new {
         my ($self, @vulnerabilities) = @_;
 

zarn.pl

@@ -11,6 +11,8 @@
 use Zarn::Sarif;
 use JSON;
 
+our $VERSION = '0.01';
+
 sub main {
     my $rules = "rules/default.yml";
     my ($source, $ignore, $sarif, @results);