Documentation
¶
Overview ¶
Package pathanalysis provides inter-procedural path expansion and pruning for taint analysis.
Key features: - Expands paths through function calls to discover all execution paths - Prunes infeasible paths based on condition analysis - Handles recursive calls and cycles gracefully
Index ¶
- Constants
- type ExecutionPath
- type FunctionInfo
- type PathExpander
- func (pe *PathExpander) AddCallEdge(caller, callee string)
- func (pe *PathExpander) AddFunction(info *FunctionInfo)
- func (pe *PathExpander) ExpandPaths(source, target *PathNode) []*ExecutionPath
- func (pe *PathExpander) FilterFeasible(paths []*ExecutionPath) []*ExecutionPath
- func (pe *PathExpander) GetCallGraph() map[string][]string
- func (pe *PathExpander) GetReverseCallGraph() map[string][]string
- func (pe *PathExpander) SetMaxDepth(depth int)
- func (pe *PathExpander) SetMaxPaths(max int)
- func (pe *PathExpander) Stats() map[string]int
- type PathNode
- type PathNodeType
- type PruneReason
Constants ¶
const ( PathNodeSource = constants.PathNodeSource PathNodeCall = constants.PathNodeCall PathNodeReturn = constants.PathNodeReturn PathNodeAssign = constants.PathNodeAssign PathNodeCondition = constants.PathNodeCondition PathNodeTransform = constants.PathNodeTransform )
Re-export PathNodeType constants for backward compatibility
const ( PruneNone = constants.PruneNone PruneMaxDepth = constants.PruneMaxDepth PruneCycle = constants.PruneCycle PruneInfeasible = constants.PruneInfeasible PruneDead = constants.PruneDead PruneUnreachable = constants.PruneUnreachable PruneLowPriority = constants.PruneLowPriority )
Re-export PruneReason constants for backward compatibility
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ExecutionPath ¶
type ExecutionPath struct {
ID string `json:"id"`
Nodes []*PathNode `json:"nodes"`
// Source and target info
SourceNode *PathNode `json:"source_node"`
TargetNode *PathNode `json:"target_node"`
// Path characteristics
Depth int `json:"depth"` // Function call depth
Length int `json:"length"` // Number of nodes
Feasible bool `json:"feasible"` // Is path feasible?
PruneReason PruneReason `json:"prune_reason,omitempty"`
// Conditions along the path
Conditions []string `json:"conditions,omitempty"`
}
ExecutionPath represents a complete path from source to target
type FunctionInfo ¶
type FunctionInfo struct {
Name string
FilePath string
Line int
ClassName string
Parameters []string
Returns bool // Does it return a value?
TaintThrough []int // Which params flow to return?
IsSource bool
}
FunctionInfo stores information about a function
type PathExpander ¶
type PathExpander struct {
// contains filtered or unexported fields
}
PathExpander expands and prunes inter-procedural paths
func NewPathExpander ¶
func NewPathExpander() *PathExpander
NewPathExpander creates a new path expander
func (*PathExpander) AddCallEdge ¶
func (pe *PathExpander) AddCallEdge(caller, callee string)
AddCallEdge adds a call relationship
func (*PathExpander) AddFunction ¶
func (pe *PathExpander) AddFunction(info *FunctionInfo)
AddFunction adds function information
func (*PathExpander) ExpandPaths ¶
func (pe *PathExpander) ExpandPaths(source, target *PathNode) []*ExecutionPath
ExpandPaths finds all paths from source to target, expanding through calls
func (*PathExpander) FilterFeasible ¶
func (pe *PathExpander) FilterFeasible(paths []*ExecutionPath) []*ExecutionPath
FilterFeasible filters to keep only feasible paths
func (*PathExpander) GetCallGraph ¶
func (pe *PathExpander) GetCallGraph() map[string][]string
GetCallGraph returns the call graph
func (*PathExpander) GetReverseCallGraph ¶
func (pe *PathExpander) GetReverseCallGraph() map[string][]string
GetReverseCallGraph returns the reverse call graph (callee -> callers)
func (*PathExpander) SetMaxDepth ¶
func (pe *PathExpander) SetMaxDepth(depth int)
SetMaxDepth sets the maximum function call depth
func (*PathExpander) SetMaxPaths ¶
func (pe *PathExpander) SetMaxPaths(max int)
SetMaxPaths sets the maximum number of paths to explore
func (*PathExpander) Stats ¶
func (pe *PathExpander) Stats() map[string]int
Stats returns expansion statistics
type PathNode ¶
type PathNode struct {
ID string `json:"id"`
Type PathNodeType `json:"type"`
Name string `json:"name"`
Expression string `json:"expression,omitempty"`
FilePath string `json:"file_path"`
Line int `json:"line"`
Column int `json:"column"`
// Function context
FunctionName string `json:"function_name,omitempty"`
ClassName string `json:"class_name,omitempty"`
// Taint information
TaintedVars []string `json:"tainted_vars,omitempty"`
TaintSource string `json:"taint_source,omitempty"`
// Condition information (for condition nodes)
Condition string `json:"condition,omitempty"`
BranchTaken bool `json:"branch_taken,omitempty"` // true/false branch
// Metadata
Metadata map[string]any `json:"metadata,omitempty"`
}
PathNode represents a node in an execution path
type PathNodeType ¶
type PathNodeType = constants.PathNodeType
PathNodeType represents the type of a path node Re-exported from pkg/sources/constants for backward compatibility
type PruneReason ¶
type PruneReason = constants.PruneReason
PruneReason explains why a path was pruned Re-exported from pkg/sources/constants for backward compatibility
Source Files