dataflow

package
v0.8.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 29, 2026 License: MIT Imports: 4 Imported by: 0

Documentation

Overview

Package dataflow implements source-to-sink data flow analysis on top of the existing CALLS graph. It heuristically tags function/method nodes as "sources" (data entry points: HTTP handlers, parsers, env-var accessors) or "sinks" (dangerous data exits: SQL exec, file writes, exec.Command), then creates DATA_FLOWS summary edges for each (source, sink) pair reachable within maxHops via CALLS edges.

This is call-path-based taint analysis — not variable-level taint propagation. It delivers 80% of the security review value without the edge explosion and token-budget problems that full inter-procedural taint analysis would cause.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AnnotateGraph 

func AnnotateGraph(g *graph.Graph, cfg *config.Config) int

AnnotateGraph walks all function/method nodes, marks sources and sinks via built-in heuristics supplemented by cfg patterns, then creates DATA_FLOWS summary edges for each (source, sink) pair reachable within maxHops CALLS hops. Returns the number of DATA_FLOWS edges created.

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.