analyzer

package
v1.6.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 31, 2025 License: MIT Imports: 7 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AnalyzerContext 

type AnalyzerContext struct {
	// Fset holds the parsed file set for position information.
	Fset *token.FileSet

	// Types contains type-checker results.
	Types *types.Info

	// SSA contains the SSA function representation of the current package.
	SSA *ssa.Package

	// Filename represents the absolute or relative path of the file being analyzed.
	Filename string

	// PackageName is the Go package name.
	PackageName string

	// Source holds the entire source code of the file (optional, useful for highlighting).
	Source []byte

	// CustomData is a generic key-value map that allows analyzers to store state.
	CustomData map[string]any

	// Rules stores registered rules for analysis
	Rules []*Rule

	// Issues stores found issues during analysis
	Issues []result.Issue
}

AnalyzerContext represents the shared context used during all analysis phases.

func NewAnalyzerContext 

func NewAnalyzerContext(
	fset *token.FileSet,
	typesInfo *types.Info,
	ssaPkg *ssa.Package,
	filename string,
	packageName string,
	source []byte,
) *AnalyzerContext

NewAnalyzerContext creates a new AnalyzerContext instance.

func (*AnalyzerContext) ClearIssues 

func (ctx *AnalyzerContext) ClearIssues()

ClearIssues clears all reported issues.

func (*AnalyzerContext) GetCustom 

func (ctx *AnalyzerContext) GetCustom(key string) (any, bool)

GetCustom retrieves a value from the CustomData map.

func (*AnalyzerContext) GetFset 

func (ctx *AnalyzerContext) GetFset() *token.FileSet

GetFset returns the file set for position information.

func (*AnalyzerContext) GetIssues 

func (ctx *AnalyzerContext) GetIssues() []result.Issue

GetIssues returns all reported issues.

func (*AnalyzerContext) Info 

func (ctx *AnalyzerContext) Info() *types.Info

Info returns the types info.

func (*AnalyzerContext) RegisterRule 

func (ctx *AnalyzerContext) RegisterRule(rule *Rule)

RegisterRule registers a rule with the analyzer context.

func (*AnalyzerContext) Report 

func (ctx *AnalyzerContext) Report(issue result.Issue)

Report reports an issue found during analysis.

func (*AnalyzerContext) SetCustom 

func (ctx *AnalyzerContext) SetCustom(key string, value any)

SetCustom sets a value in the CustomData map.

type ConfidenceConfig added in v1.6.0 

type ConfidenceConfig struct {
	EnableContextAnalysis  bool    `yaml:"enable_context_analysis"`
	EnableValidationChecks bool    `yaml:"enable_validation_checks"`
	EnableSafePatterns     bool    `yaml:"enable_safe_patterns"`
	MinConfidence          float64 `yaml:"min_confidence"`
	MaxFalsePositiveRate   float64 `yaml:"max_false_positive_rate"`
}

ConfidenceConfig holds configuration for confidence scoring

type ConfidenceScorer added in v1.6.0 

type ConfidenceScorer struct {
	// contains filtered or unexported fields
}

ConfidenceScorer provides confidence scoring for security findings

func NewConfidenceScorer added in v1.6.0 

func NewConfidenceScorer(config ConfidenceConfig) *ConfidenceScorer

NewConfidenceScorer creates a new confidence scorer

func (*ConfidenceScorer) GetRecommendation added in v1.6.0 

func (cs *ConfidenceScorer) GetRecommendation(confidence float64, context *ContextInfo) string

GetRecommendation returns a recommendation based on confidence and context

func (*ConfidenceScorer) GetSeverityAdjustment added in v1.6.0 

func (cs *ConfidenceScorer) GetSeverityAdjustment(confidence float64) string

GetSeverityAdjustment returns severity adjustment based on confidence

func (*ConfidenceScorer) ScoreConfidence added in v1.6.0 

func (cs *ConfidenceScorer) ScoreConfidence(node ast.Node, context *ContextInfo) float64

ScoreConfidence calculates a confidence score for a potential vulnerability

func (*ConfidenceScorer) ShouldReport added in v1.6.0 

func (cs *ConfidenceScorer) ShouldReport(confidence float64) bool

ShouldReport determines if a finding should be reported based on confidence

type ContextAnalyzer added in v1.6.0 

type ContextAnalyzer struct {
	// contains filtered or unexported fields
}

ContextAnalyzer provides context-aware analysis to reduce false positives

func NewContextAnalyzer added in v1.6.0 

func NewContextAnalyzer() *ContextAnalyzer

NewContextAnalyzer creates a new context analyzer

func (*ContextAnalyzer) AnalyzeContext added in v1.6.0 

func (ca *ContextAnalyzer) AnalyzeContext(node ast.Node, pass *analysis.Pass) *ContextInfo

AnalyzeContext analyzes the context around a potential vulnerability

type ContextInfo added in v1.6.0 

type ContextInfo struct {
	HasValidation   bool    // Whether validation functions are present
	HasSanitization bool    // Whether sanitization functions are present
	IsSafePattern   bool    // Whether the code follows safe patterns
	Confidence      float64 // Confidence score (0.0 to 1.0)
	ContextType     string  // Type of context (e.g., "validation", "sanitization")
	Recommendation  string  // Recommendation for the finding
}

ContextInfo holds information about the context of a potential vulnerability

func (*ContextInfo) GetSeverityAdjustment added in v1.6.0 

func (ci *ContextInfo) GetSeverityAdjustment() string

GetSeverityAdjustment returns how much to adjust the severity based on context

func (*ContextInfo) ShouldSuppress added in v1.6.0 

func (ci *ContextInfo) ShouldSuppress(threshold float64) bool

ShouldSuppress determines if a finding should be suppressed based on context

type Rule 

type Rule struct {
	ID       string
	Title    string
	Category string
	Severity result.Severity
	Summary  string
	Matcher  func(*AnalyzerContext, *analysis.Pass)
}

type SuppressionConfig added in v1.6.0 

type SuppressionConfig struct {
	EnableAutoSuppression bool    `yaml:"enable_auto_suppression"`
	MaxSuppressionRate    float64 `yaml:"max_suppression_rate"`
	ConfidenceThreshold   float64 `yaml:"confidence_threshold"`
}

SuppressionConfig holds configuration for suppression

type SuppressionManager added in v1.6.0 

type SuppressionManager struct {
	// contains filtered or unexported fields
}

SuppressionManager manages automatic suppression of false positives

func NewSuppressionManager added in v1.6.0 

func NewSuppressionManager(config SuppressionConfig) *SuppressionManager

NewSuppressionManager creates a new suppression manager

func (*SuppressionManager) GetSuppressionReason added in v1.6.0 

func (sm *SuppressionManager) GetSuppressionReason(issue *result.Issue, context *ContextInfo) string

GetSuppressionReason returns the reason for suppression

func (*SuppressionManager) ShouldSuppress added in v1.6.0 

func (sm *SuppressionManager) ShouldSuppress(issue *result.Issue, context *ContextInfo) bool

ShouldSuppress determines if a finding should be suppressed based on context

Source Files

View all Source files

Directories

Path Synopsis
builtin
yaml

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.