Comments (2)
mlevesquedion
commented on July 22, 2024
Currently this case could be handled easily by leveraging the interprocedural analysis introduced by #57, e.g. :
func OneParamSinkWrapper(a interface{}) { // want OneParamSinkWrapper:"genericFunc{ sinks: <0>, taints: <<>> }"
core.Sink(a)
}Upon examining a call that passes a Source to OneParamSinkWrapper, we find that it sinks its first argument and produce a report.
from go-flow-levee.
mlevesquedion
commented on July 22, 2024
I've been experimenting with interprocedural analysis recently and I would like to record some thoughts/learnings:
- Variadic functions need special handling, e.g. if a function has 3 parameters and the last one is variadic, it is valid to ask what happens to the 4th argument in a call to this function. (This is not what #57 currently does.)
- When an argument that has a known source type is passed to a function that takes that source type as a parameter in that position, it is not necessary to query the function about whether it sinks that argument, because if it does, the standard intraprocedural analysis will detect it. (Failing to account for this can cause double reports.)
from go-flow-levee.
Related Issues (20)
- go core.Sink(source) does not create report
- Handle methods on non-struct source types HOT 2
- Proposal for testdata convention - spoof source root with go.mod to assist IDEs HOT 6
- Improve error reporting when config is missing HOT 2
- Revisit tests involving source interface propagation HOT 3
- Enable exclusion of analysis by filename (rather than only package)
- Improve handling of suppression comments in nested calls
- Implement understanding of formatting verbs
- Support "reverse" propagation through Store instructions
- Determine how/whether we should explicitly enumerate functions that don't propagate taint
- Refine handling of Defer and Go instructions.
- false negative when analyze the url parameters about gin framework HOT 5
- Handle standard library functions in the analysis engine HOT 1
- handle the unify-by-value semantics in the EAR pointer analysis
- Use more advanced call graph in inter-procedural analysis
- Separate the unit-tests for the two taint analyses
- Stack Overflow in internal/pkg/sourcetype/sourcetype.go HOT 3
- `utils.Dereference` can get stuck in an infinite loop
- Generics are not supported by analyzers
- Crashes when analyzing Go 1.19 standard libraries
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from go-flow-levee.