From 27d6c6530d5b5014c4c72f3c19646f2bfcaea36d Mon Sep 17 00:00:00 2001
From: x86s7ven <153223838+x86s7ven@users.noreply.github.com>
Date: Sat, 23 Mar 2024 14:37:30 -0300
Subject: [PATCH] show source and sink in output message (#40)

---
 lib/Zarn/AST.pm | 17 ++++++++++-------
 zarn.pl         | 14 ++++++++------
 2 files changed, 18 insertions(+), 13 deletions(-)

diff --git a/lib/Zarn/AST.pm b/lib/Zarn/AST.pm
index 9977624..4a60203 100644
--- a/lib/Zarn/AST.pm
+++ b/lib/Zarn/AST.pm
@@ -45,15 +45,18 @@ package Zarn::AST {
                                     $var_token -> parent -> isa("PPI::Token::Operator") ||
                                     $var_token -> parent -> isa("PPI::Statement::Expression")
                                 )) {
-                                    my ($line, $rowchar) = @{$token -> location};
+                                    my ($line_sink, $rowchar_sink) = @{$token -> location};
+                                    my ($line_source, $rowchar_source) = @{$var_token -> location};
 
                                     push @results, {
-                                        category => $category,
-                                        file     => $file,
-                                        title    => $title,
-                                        message  => $message,
-                                        line     => $line,
-                                        rowchar  => $rowchar
+                                        category       => $category,
+                                        file           => $file,
+                                        title          => $title,
+                                        message        => $message,
+                                        line_sink      => $line_sink,
+                                        rowchar_sink   => $rowchar_sink,
+                                        line_source    => $line_source,
+                                        rowchar_source => $rowchar_source
                                     };
                                 }
                             }
diff --git a/zarn.pl b/zarn.pl
index 9a97155..88ea37c 100755
--- a/zarn.pl
+++ b/zarn.pl
@@ -55,13 +55,15 @@ sub main {
     }
 
     foreach my $result (@results) {
-        my $category = $result -> {category};
-        my $file     = $result -> {file};
-        my $title    = $result -> {title};
-        my $line     = $result -> {line};
-        my $rowchar  = $result -> {rowchar};
+        my $category       = $result -> {category};
+        my $file           = $result -> {file};
+        my $title          = $result -> {title};
+        my $line_sink      = $result -> {line_sink};
+        my $rowchar_sink   = $result -> {rowchar_sink};
+        my $line_source    = $result -> {line_source};
+        my $rowchar_source = $result -> {rowchar_source};
 
-        print "[$category] - FILE:$file \t Potential: $title. \t Line: $line:$rowchar\n";
+        print "[$category] - FILE:$file \t Potential: $title. \t Dangerous function on line: $line_sink:$rowchar_sink \t Data point possibility controlled: $line_source:$rowchar_source\n";
     }
 
     if ($sarif) {