search

htrgouvea / zarn

A lightweight static security analysis tool for modern Perl Apps
https://heitorgouvea.me/2023/03/19/static-security-analysis-tool-perl
Other
44 stars 8 forks source link

Implement a Data flow engine #12

Open htrgouvea opened 10 months ago

htrgouvea commented 10 months ago

Currently, ZARN performs a pseudo analysis of the data flow, it tries to identify the presence of a variable and looks for the possibility of its value being changed by the user.

This is not the ideal way to implement a Data Flow. I'm opening this issue to discuss the possibility of a new way and also how to do this.

After implementing this data flow engine, I hope that it will be possible to do alias analysis and also Multiple files context analysis.

giovannism20 commented 9 months ago

Hey @htrgouvea, would be great if we have a diagram of the actual data flow to discuss about it.

htrgouvea commented 9 months ago

Great ideia @giovannism20, i will make and share here.

htrgouvea commented 6 months ago

I find a module called Devel::Graph, which makes a very interesting analysis of the flow of a Perl script. Here is an example using Devel::Graph:

#!/usr/bin/env perl

use 5.018;
use strict;
use warnings;
use Devel::Graph;

sub main {
    my $file = $ARGV[0];

    if ($file) {
        my $grapher = Devel::Graph -> new();
        my $decompose   = $grapher -> decompose ($file);

        print $decompose -> as_ascii();
    }

    return 0;
}

exit main();

And a demo with the following code:

#!/usr/bin/env perl

use 5.018;
use strict;
use warnings;

sub main {
    my $name = $ARGV[0];

    if ($name) {
        system ("echo Hello World! $name");
        # system ("echo Hello World! $name");
    }

    return 0;
}

exit main();

The output is:

  #######################################
  #                start                #
  #######################################
    |
    |
    v
  +-------------------------------------+
  |             use 5.018;              |
  |             use strict;             |
  |            use warnings;            |
  |            exit main();             |
  +-------------------------------------+
+ - - - - - - - - - - - - - - - - - - - - +
' sub main:                               '
'                                         '
' +-------------------------------------+ '
' |        my $name = $ARGV[0];         | '
' +-------------------------------------+ '
'   |                                     '
'   |                                     '
'   |                                     '
'   |                                       - - - - - +
'   v                                                 '
' +-------------------------------------+             '
' |             if ($name)              | ---+        '
' +-------------------------------------+    |        '
'   |                                        |        '
'   | true                                   |        '
'   v                                        |        '
' +-------------------------------------+    |        '
' | system ("echo Hello World! $name"); |    | false  '
' +-------------------------------------+    |        '
'   |                                        |        '
'   |                                        |        '
'   v                                        |        '
' +-------------------------------------+    |        '
' |              return 0;              | <--+        '
' +-------------------------------------+             '
'                                                     '
+ - - - - - - - - - - - - - - - - - - - - - - - - - - +
htrgouvea commented 6 months ago

I think we can use logic similar to this module (maybe even it itself) to create the DataFlow Engine .