Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Sink ¶
type Sink struct {
Package string // Package name (e.g., "os", "net/http", "database/sql")
Function string // Function name (e.g., "Open", "Exec", "Get")
MatchArgs []int // Indexes of arguments that must be checked for taint
Description string // Short description of the sink behavior
Tags []string // Tags: "fs", "net", "cmd", "sql", etc.
}
Sink represents a dangerous function that can be exploited if it receives tainted input.
type SinkRegistry ¶
type SinkRegistry struct {
// contains filtered or unexported fields
}
SinkRegistry contains known sinks used in taint analysis.
func NewSinkRegistry ¶
func NewSinkRegistry() *SinkRegistry
NewSinkRegistry creates and initializes a SinkRegistry with built-in sinks.
type TaintEngine ¶
type TaintEngine struct {
Sources *SourceRegistry
Sinks *SinkRegistry
Issues []TaintIssue
// contains filtered or unexported fields
}
TaintEngine performs taint flow analysis from source to sink.
func NewTaintEngine ¶
func NewTaintEngine(sources *SourceRegistry, sinks *SinkRegistry, pos token.Positioner) *TaintEngine
NewTaintEngine creates a new TaintEngine instance.
func (*TaintEngine) AnalyzeFunction ¶
func (t *TaintEngine) AnalyzeFunction(fn *ssa.Function)
AnalyzeFunction analyzes a single function for taint flows.
Source Files
Click to show internal directories.
Click to hide internal directories.