flow

package

v1.6.0 Latest Latest Go to latest Published: Jul 31, 2025 License: MIT Imports: 4 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/Voskan/codexsentinel

Links

Open Source Insights

Documentation ¶

Index ¶

type Sink
type SinkRegistry
- func NewSinkRegistry() *SinkRegistry
- func (sr *SinkRegistry) All() []Sink
- func (sr *SinkRegistry) Match(call *ast.CallExpr) (*Sink, []int)
type Source
type SourceRegistry
- func NewSourceRegistry() *SourceRegistry
type TaintEngine
- func NewTaintEngine(sources *SourceRegistry, sinks *SinkRegistry, pos token.Position) *TaintEngine
- func (t *TaintEngine) AnalyzeFunction(fn *ssa.Function)
type TaintIssue

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Sink ¶

type Sink struct {
	Package     string   // Package name (e.g., "os", "net/http", "database/sql")
	Function    string   // Function name (e.g., "Open", "Exec", "Get")
	MatchArgs   []int    // Indexes of arguments that must be checked for taint
	Description string   // Short description of the sink behavior
	Tags        []string // Tags: "fs", "net", "cmd", "sql", etc.
}

Sink represents a dangerous function that can be exploited if it receives tainted input.

type SinkRegistry ¶

type SinkRegistry struct {
	// contains filtered or unexported fields
}

SinkRegistry contains known sinks used in taint analysis.

func NewSinkRegistry ¶

func NewSinkRegistry() *SinkRegistry

NewSinkRegistry creates and initializes a SinkRegistry with built-in sinks.

func (*SinkRegistry) All ¶

func (sr *SinkRegistry) All() []Sink

All returns all registered sinks.

func (*SinkRegistry) Match ¶

func (sr *SinkRegistry) Match(call *ast.CallExpr) (*Sink, []int)

Match checks if the given call expression is a known sink. It returns the matched Sink and the argument positions that should be checked.

type Source ¶

type Source struct {
	Package     string   // Package name (e.g., "net/http", "os")
	Function    string   // Function name (e.g., "FormValue", "Getenv")
	Description string   // Short description of the source behavior
	Tags        []string // Tags: "http", "env", "fs", etc.
}

Source represents a function that returns user input or untrusted data.

type SourceRegistry ¶

type SourceRegistry struct {
	// contains filtered or unexported fields
}

SourceRegistry contains known sources used in taint analysis.

func NewSourceRegistry ¶

func NewSourceRegistry() *SourceRegistry

NewSourceRegistry creates and initializes a SourceRegistry with built-in sources.

func (*SourceRegistry) All ¶

func (sr *SourceRegistry) All() []Source

All returns all registered sources.

func (*SourceRegistry) MatchCall ¶

func (sr *SourceRegistry) MatchCall(call *ssa.Call) bool

MatchCall checks if the given SSA call is a known source.

func (*SourceRegistry) MatchParameter ¶

func (sr *SourceRegistry) MatchParameter(param *ssa.Parameter) bool

MatchParameter checks if the given SSA parameter is a known source.

type TaintEngine ¶

type TaintEngine struct {
	Sources *SourceRegistry
	Sinks   *SinkRegistry
	Issues  []TaintIssue
	// contains filtered or unexported fields
}

TaintEngine performs taint flow analysis from source to sink.

func NewTaintEngine ¶

func NewTaintEngine(sources *SourceRegistry, sinks *SinkRegistry, pos token.Position) *TaintEngine

NewTaintEngine creates a new TaintEngine instance.

func (*TaintEngine) AnalyzeFunction ¶

func (t *TaintEngine) AnalyzeFunction(fn *ssa.Function)

AnalyzeFunction analyzes a single function for taint flows.

type TaintIssue ¶

type TaintIssue struct {
	SourcePos token.Pos
	SinkPos   token.Pos
	Source    string
	Sink      string
	Trace     []token.Pos
}

TaintIssue represents a detected source-to-sink flow.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL