Documentation
¶
Overview ¶
Package analyzer defines the interface for language-specific analyzers
Index ¶
- Variables
- func CreateFlowNode(node *sitter.Node, source []byte, filePath, language string, ...) *types.FlowNode
- func FindChildByFieldName(node *sitter.Node, fieldName string) *sitter.Node
- func FindChildByType(node *sitter.Node, nodeType string) *sitter.Node
- func FindChildrenByType(node *sitter.Node, nodeType string) []*sitter.Node
- func FindNodesOfType(root *sitter.Node, nodeType string) []*sitter.Node
- func FindNodesOfTypes(root *sitter.Node, nodeTypes []string) []*sitter.Node
- func GenerateNodeID(filePath string, node *sitter.Node) string
- func GetAncestorOfType(node *sitter.Node, nodeType string) *sitter.Node
- func GetEnclosingClass(node *sitter.Node, classTypes []string) *sitter.Node
- func GetEnclosingFunction(node *sitter.Node, functionTypes []string) *sitter.Node
- func GetNodeText(node *sitter.Node, source []byte) string
- func NodeLocation(node *sitter.Node, filePath string) types.Location
- func TraverseTree(node *sitter.Node, callback func(*sitter.Node) bool)
- type BaseAnalyzer
- type LanguageAnalyzer
- type MethodFlowAnalysis
- type Registry
- type ReturnInfo
Constants ¶
This section is empty.
Variables ¶
View Source
var DefaultRegistry = NewRegistry()
DefaultRegistry is the global analyzer registry
Functions ¶
func CreateFlowNode ¶
func CreateFlowNode(node *sitter.Node, source []byte, filePath, language string, nodeType types.FlowNodeType) *types.FlowNode
CreateFlowNode creates a FlowNode from an AST node
func FindChildByFieldName ¶
FindChildByFieldName finds a child by its field name
func FindChildByType ¶
FindChildByType finds the first child with a specific type
func FindChildrenByType ¶
FindChildrenByType finds all children with a specific type
func FindNodesOfType ¶
FindNodesOfType finds all nodes of a specific type in the tree
func FindNodesOfTypes ¶
FindNodesOfTypes finds all nodes matching any of the given types
func GenerateNodeID ¶
GenerateNodeID generates a unique ID for a node
func GetAncestorOfType ¶
GetAncestorOfType finds the first ancestor of a specific type
func GetEnclosingClass ¶
GetEnclosingClass finds the enclosing class definition
func GetEnclosingFunction ¶
GetEnclosingFunction finds the enclosing function/method definition
func GetNodeText ¶
GetNodeText extracts the text content of a node
func NodeLocation ¶
NodeLocation creates a Location from a node
Types ¶
type BaseAnalyzer ¶
type BaseAnalyzer struct {
// contains filtered or unexported fields
}
BaseAnalyzer provides common functionality for all analyzers
func NewBaseAnalyzer ¶
func NewBaseAnalyzer(language string, extensions []string) *BaseAnalyzer
NewBaseAnalyzer creates a new base analyzer
func (*BaseAnalyzer) AddFrameworkPattern ¶
func (b *BaseAnalyzer) AddFrameworkPattern(pattern *types.FrameworkPattern)
AddFrameworkPattern adds a framework pattern
func (*BaseAnalyzer) GetFrameworkPatterns ¶
func (b *BaseAnalyzer) GetFrameworkPatterns() []*types.FrameworkPattern
GetFrameworkPatterns returns framework patterns
func (*BaseAnalyzer) Language ¶
func (b *BaseAnalyzer) Language() string
Language returns the language
func (*BaseAnalyzer) SupportedExtensions ¶
func (b *BaseAnalyzer) SupportedExtensions() []string
SupportedExtensions returns supported extensions
type LanguageAnalyzer ¶
type LanguageAnalyzer interface {
// Language returns the language this analyzer handles
Language() string
// SupportedExtensions returns file extensions this analyzer handles
SupportedExtensions() []string
// BuildSymbolTable parses a file and builds its symbol table
BuildSymbolTable(filePath string, source []byte, root *sitter.Node) (*types.SymbolTable, error)
// ResolveImports resolves import/include statements to actual file paths
ResolveImports(symbolTable *types.SymbolTable, basePath string) ([]string, error)
// ExtractClasses extracts class definitions from the AST
ExtractClasses(root *sitter.Node, source []byte) ([]*types.ClassDef, error)
// ExtractFunctions extracts function definitions from the AST
ExtractFunctions(root *sitter.Node, source []byte) ([]*types.FunctionDef, error)
// ExtractAssignments extracts all variable assignments from the AST
ExtractAssignments(root *sitter.Node, source []byte, scope string) ([]*types.Assignment, error)
// ExtractCalls extracts all function/method calls from the AST
ExtractCalls(root *sitter.Node, source []byte, scope string) ([]*types.CallSite, error)
// FindInputSources finds all user input sources in the AST
FindInputSources(root *sitter.Node, source []byte) ([]*types.FlowNode, error)
// AnalyzeMethodBody analyzes a method body for data flow
AnalyzeMethodBody(method *types.MethodDef, source []byte, state *types.AnalysisState) (*MethodFlowAnalysis, error)
// DetectFrameworks detects which frameworks are used in the code
DetectFrameworks(symbolTable *types.SymbolTable, source []byte) ([]string, error)
// GetFrameworkPatterns returns known framework patterns for this language
GetFrameworkPatterns() []*types.FrameworkPattern
// TraceExpression traces a specific expression back to its sources
TraceExpression(target types.FlowTarget, state *types.AnalysisState) (*types.FlowMap, error)
}
LanguageAnalyzer defines the interface that all language analyzers must implement
type MethodFlowAnalysis ¶
type MethodFlowAnalysis struct {
// Which parameters flow to return value
ParamsToReturn []int
// Which parameters flow to which properties
ParamsToProperties map[int][]string
// Which parameters flow to which method calls (param index -> call sites)
ParamsToCallArgs map[int][]*types.CallSite
// Variables that become tainted within the method
TaintedVariables map[string]*types.TaintInfo
// All assignments in the method
Assignments []*types.Assignment
// All calls in the method
Calls []*types.CallSite
// Return statements
Returns []ReturnInfo
// Does this method return user input?
ReturnsInput bool
// Does this method modify properties with input?
ModifiesProperties bool
}
MethodFlowAnalysis represents the result of analyzing a method body
type Registry ¶
type Registry struct {
// contains filtered or unexported fields
}
Registry holds all registered language analyzers
func (*Registry) Get ¶
func (r *Registry) Get(language string) LanguageAnalyzer
Get returns the analyzer for a language
func (*Registry) GetByExtension ¶
func (r *Registry) GetByExtension(ext string) LanguageAnalyzer
GetByExtension returns the analyzer for a file extension
func (*Registry) Register ¶
func (r *Registry) Register(analyzer LanguageAnalyzer)
Register registers an analyzer for a language
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
Package base provides shared helpers for language analyzers.
|
Package base provides shared helpers for language analyzers. |
|
Package c implements the C language analyzer for semantic input tracing
|
Package c implements the C language analyzer for semantic input tracing |
|
Package cpp implements the C++ language analyzer for semantic input tracing
|
Package cpp implements the C++ language analyzer for semantic input tracing |
|
Package csharp implements the C# language analyzer for semantic input tracing
|
Package csharp implements the C# language analyzer for semantic input tracing |
|
Package golang implements the Go language analyzer for semantic input tracing
|
Package golang implements the Go language analyzer for semantic input tracing |
|
Package java implements the Java language analyzer for semantic input tracing
|
Package java implements the Java language analyzer for semantic input tracing |
|
Package javascript implements the JavaScript language analyzer for semantic input tracing
|
Package javascript implements the JavaScript language analyzer for semantic input tracing |
|
Package php implements the PHP language analyzer for semantic input tracing
|
Package php implements the PHP language analyzer for semantic input tracing |
|
Package python implements the Python language analyzer for semantic input tracing
|
Package python implements the Python language analyzer for semantic input tracing |
|
Package ruby implements the Ruby language analyzer for semantic input tracing
|
Package ruby implements the Ruby language analyzer for semantic input tracing |
|
Package rust implements the Rust language analyzer for semantic input tracing
|
Package rust implements the Rust language analyzer for semantic input tracing |
|
Package typescript implements the TypeScript language analyzer for semantic input tracing
|
Package typescript implements the TypeScript language analyzer for semantic input tracing |
Click to show internal directories.
Click to hide internal directories.