Documentation
¶
Overview ¶
Package types defines universal data structures for semantic input tracing across all supported programming languages.
Types are organized across four files by concern:
- types_flow.go — FlowNode, FlowEdge, FlowMap and its methods
- types_symbol.go — SymbolTable, ClassDef, FunctionDef and related
- types_taint.go — TaintChain, Assignment, AnalysisState and related
- types_result.go — BackwardTraceResult, BatchTraceResult, FrameworkPattern
Index ¶
- Constants
- type AnalysisState
- type AnnotationDef
- type Assignment
- type BackwardPath
- type BackwardStep
- type BackwardTraceResult
- type BatchTraceResult
- type CallArg
- type CallSite
- type CarrierChain
- type CarrierInfo
- type ClassDef
- type ConstantDef
- type FlowEdge
- type FlowEdgeType
- type FlowMap
- func (fm *FlowMap) AddCarrier(carrier FlowNode) bool
- func (fm *FlowMap) AddEdge(edge FlowEdge) bool
- func (fm *FlowMap) AddNode(node FlowNode) bool
- func (fm *FlowMap) AddSource(source FlowNode) bool
- func (fm *FlowMap) AddUsage(usage FlowNode) bool
- func (fm *FlowMap) HasEdge(from, to string, edgeType FlowEdgeType) bool
- func (fm *FlowMap) HasNode(nodeID string) bool
- func (fm *FlowMap) Summary() string
- func (fm *FlowMap) ToDOT() string
- func (fm *FlowMap) ToJSON() (string, error)
- func (fm *FlowMap) ToMermaid() string
- type FlowMapMetadata
- type FlowNode
- type FlowNodeType
- type FlowPath
- type FlowStep
- type FlowTarget
- type FrameworkPattern
- type FrameworkPatternData
- type FunctionDef
- type ImportInfo
- type Location
- type MethodDef
- type ObjectInstance
- type ParameterDef
- type PropertyDef
- type SourceInfo
- type SourceType
- type SymbolTable
- type TaintChain
- type TaintInfo
- type TaintStep
- type TypeInfo
- type VariableDef
Constants ¶
View Source
const ( NodeSource = constants.NodeSource NodeCarrier = constants.NodeCarrier NodeVariable = constants.NodeVariable NodeFunction = constants.NodeFunction NodeProperty = constants.NodeProperty NodeParam = constants.NodeParam NodeReturn = constants.NodeReturn )
View Source
const ( EdgeAssignment = constants.EdgeAssignment EdgeParameter = constants.EdgeParameter EdgeReturn = constants.EdgeReturn EdgeProperty = constants.EdgeProperty EdgeArraySet = constants.EdgeArraySet EdgeArrayGet = constants.EdgeArrayGet EdgeMethodCall = constants.EdgeMethodCall EdgeConstructor = constants.EdgeConstructor EdgeFramework = constants.EdgeFramework EdgeConcatenate = constants.EdgeConcatenate EdgeDestructure = constants.EdgeDestructure EdgeIteration = constants.EdgeIteration EdgeConditional = constants.EdgeConditional EdgeCall = constants.EdgeCall EdgeDataFlow = constants.EdgeDataFlow )
View Source
const ( SourceHTTPGet = common.SourceHTTPGet SourceHTTPPost = common.SourceHTTPPost SourceHTTPBody = common.SourceHTTPBody SourceHTTPJSON = common.SourceHTTPJSON SourceHTTPHeader = common.SourceHTTPHeader SourceHTTPCookie = common.SourceHTTPCookie SourceHTTPPath = common.SourceHTTPPath SourceHTTPFile = common.SourceHTTPFile SourceHTTPRequest = common.SourceHTTPRequest SourceSession = common.SourceSession SourceCLIArg = common.SourceCLIArg SourceEnvVar = common.SourceEnvVar SourceStdin = common.SourceStdin SourceFile = common.SourceFile SourceDatabase = common.SourceDatabase SourceNetwork = common.SourceNetwork SourceUserInput = common.SourceUserInput SourceUnknown = common.SourceUnknown )
View Source
const ( // DefaultMaxFlowNodes limits total nodes to prevent unbounded memory growth in large codebases DefaultMaxFlowNodes = 10000 // DefaultMaxFlowEdges limits total edges to prevent unbounded memory growth in large codebases DefaultMaxFlowEdges = 20000 )
Default limits for flow graph size
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AnalysisState ¶
type AnalysisState struct {
// Symbol tables by file
SymbolTables map[string]*SymbolTable `json:"symbol_tables"`
// All discovered sources
Sources []FlowNode `json:"sources"`
// All discovered carriers
Carriers []FlowNode `json:"carriers"`
// Tainted variables by scope
TaintedVars map[string]map[string]*TaintInfo `json:"tainted_vars"` // scope -> name -> info
// Object instances being tracked
ObjectInstances map[string]*ObjectInstance `json:"object_instances"`
// Call graph
CallGraph map[string][]string `json:"call_graph"`
// File dependencies
FileDependencies map[string][]string `json:"file_dependencies"`
// Current context
CurrentFile string `json:"current_file"`
CurrentClass string `json:"current_class"`
CurrentMethod string `json:"current_method"`
CurrentScope string `json:"current_scope"`
// Analysis depth tracking
Depth int `json:"depth"`
MaxDepth int `json:"max_depth"`
// Visited tracking (prevent infinite loops)
Visited map[string]bool `json:"-"`
}
AnalysisState holds the current state during analysis
func NewAnalysisState ¶
func NewAnalysisState(maxDepth int) *AnalysisState
NewAnalysisState creates a new analysis state
type AnnotationDef ¶
type AnnotationDef struct {
Name string `json:"name"`
Arguments map[string]interface{} `json:"arguments,omitempty"`
Line int `json:"line"`
}
AnnotationDef represents a decorator/annotation
type Assignment ¶
type Assignment struct {
Target string `json:"target"` // Variable being assigned to
TargetType string `json:"target_type"` // "variable", "property", "array_element"
Source string `json:"source"` // Expression being assigned
SourceType string `json:"source_type"` // Type of source expression
Line int `json:"line"`
Column int `json:"column"`
FilePath string `json:"file_path"`
Scope string `json:"scope"`
IsTainted bool `json:"is_tainted"`
TaintSource string `json:"taint_source,omitempty"`
// For compound assignments
Operator string `json:"operator,omitempty"` // =, +=, .=, etc.
// For array/object access
Keys []string `json:"keys,omitempty"` // Access path: ["input", "thumbnail"]
}
Assignment represents a variable assignment
type BackwardPath ¶
type BackwardPath struct {
// Source information
Source SourceInfo `json:"source"`
// Steps from source to target (in forward order for readability)
Steps []BackwardStep `json:"steps"`
// Whether path crosses file boundaries
CrossFile bool `json:"cross_file"`
}
BackwardPath represents one path from a source to the target
type BackwardStep ¶
type BackwardStep struct {
StepNumber int `json:"step_number"`
Expression string `json:"expression"` // The code at this step
FilePath string `json:"file_path"`
Line int `json:"line"`
StepType string `json:"step_type"` // "source", "assignment", "parameter", "return", "property"
Description string `json:"description"`
}
BackwardStep represents one step in a backward trace path
type BackwardTraceResult ¶
type BackwardTraceResult struct {
// Target expression being traced
TargetExpression string `json:"target_expression"`
TargetFile string `json:"target_file"`
TargetLine int `json:"target_line"`
// All paths from sources to this target
Paths []BackwardPath `json:"paths"`
// Summary of all sources found
Sources []SourceInfo `json:"sources"`
// Analysis metadata
AnalyzedFiles int `json:"analyzed_files"`
Duration time.Duration `json:"duration"`
}
BackwardTraceResult represents the result of backward taint analysis, tracing from a target expression back to its input sources.
type BatchTraceResult ¶
type BatchTraceResult struct {
// Whether ANY variable traces back to user input
HasUserInput bool `json:"has_user_input"`
// Results for each variable traced
PerVariable map[string]*BackwardTraceResult `json:"per_variable"`
// Analysis metadata
TotalDuration time.Duration `json:"total_duration"`
AnalyzedFiles int `json:"analyzed_files"`
VariablesFound int `json:"variables_found"`
}
BatchTraceResult represents the result of batch backward taint analysis. Traces multiple target expressions in a SINGLE pass through the codebase for performance: reduces file reads from N*files to just files.
type CallArg ¶
type CallArg struct {
Index int `json:"index"`
Value string `json:"value"`
Type string `json:"type,omitempty"`
IsTainted bool `json:"is_tainted"`
TaintSource string `json:"taint_source,omitempty"`
TaintChain *TaintChain `json:"taint_chain,omitempty"`
}
CallArg represents a function call argument
type CallSite ¶
type CallSite struct {
FunctionName string `json:"function_name"`
ClassName string `json:"class_name,omitempty"`
MethodName string `json:"method_name,omitempty"`
Arguments []CallArg `json:"arguments"`
Line int `json:"line"`
Column int `json:"column"`
FilePath string `json:"file_path"`
Scope string `json:"scope"`
// Result assignment
ResultVar string `json:"result_var,omitempty"`
// Call type
IsStatic bool `json:"is_static"`
IsConstructor bool `json:"is_constructor"`
// Taint info
HasTaintedArgs bool `json:"has_tainted_args"`
TaintedArgIndices []int `json:"tainted_arg_indices,omitempty"`
}
CallSite represents a function/method call
type CarrierChain ¶
type CarrierChain struct {
ClassName string `json:"class_name"`
PropertyName string `json:"property_name"`
Initialization string `json:"initialization"`
PopulationMethod string `json:"population_method,omitempty"`
PopulationCalls []string `json:"population_calls,omitempty"`
Framework string `json:"framework,omitempty"`
}
CarrierChain describes how a carrier object propagates input
type CarrierInfo ¶
type CarrierInfo struct {
PropertyName string `json:"property_name"`
SourceTypes []string `json:"source_types"` // Which source types it carries
PopulationMethod string `json:"population_method"` // Method that populates it
PopulationPattern string `json:"population_pattern"` // Pattern used
AccessPattern string `json:"access_pattern"` // How to access: "array", "method", "property"
}
CarrierInfo describes how a class carries user input
type ClassDef ¶
type ClassDef struct {
Name string `json:"name"`
FilePath string `json:"file_path"`
Line int `json:"line"`
EndLine int `json:"end_line"`
// Inheritance
Extends string `json:"extends,omitempty"`
Implements []string `json:"implements,omitempty"`
Traits []string `json:"traits,omitempty"` // PHP traits
// Members
Properties map[string]*PropertyDef `json:"properties"`
Methods map[string]*MethodDef `json:"methods"`
Constructor *MethodDef `json:"constructor,omitempty"`
// For framework detection
IsCarrier bool `json:"is_carrier"`
CarrierInfo *CarrierInfo `json:"carrier_info,omitempty"`
// Visibility
Visibility string `json:"visibility"` // public, private, protected
IsAbstract bool `json:"is_abstract"`
IsFinal bool `json:"is_final"`
// Namespace/package
Namespace string `json:"namespace,omitempty"`
}
ClassDef represents a class definition
func NewClassDef ¶
NewClassDef creates a new class definition
func (*ClassDef) ReleaseBodySources ¶
func (cd *ClassDef) ReleaseBodySources()
ReleaseBodySources releases all method body sources to free memory.
type ConstantDef ¶
type ConstantDef struct {
Name string `json:"name"`
Value string `json:"value"`
Type string `json:"type,omitempty"`
Line int `json:"line"`
}
ConstantDef represents a constant definition
type FlowEdge ¶
type FlowEdge struct {
ID string `json:"id"`
From string `json:"from"` // Source node ID
To string `json:"to"` // Target node ID
Type FlowEdgeType `json:"type"`
// Location where flow occurs
FilePath string `json:"file_path"`
Line int `json:"line"`
// Human-readable description
Description string `json:"description"`
// Code causing the flow
Code string `json:"code,omitempty"`
// Additional context
Metadata map[string]interface{} `json:"metadata,omitempty"`
}
FlowEdge represents a directed edge in the data flow graph
type FlowEdgeType ¶
type FlowEdgeType = constants.FlowEdgeType
FlowEdgeType represents how data flows between nodes. Re-exported from pkg/sources/constants.
type FlowMap ¶
type FlowMap struct {
// Target expression being traced
Target FlowTarget `json:"target"`
// Ultimate sources (where data originally comes from)
Sources []FlowNode `json:"sources"`
// Complete paths from sources to target
Paths []FlowPath `json:"paths"`
// All intermediate carriers
Carriers []FlowNode `json:"carriers"`
// All nodes in the flow graph
AllNodes []FlowNode `json:"all_nodes"`
// All edges in the flow graph
AllEdges []FlowEdge `json:"all_edges"`
// Usage locations (where the data is used)
Usages []FlowNode `json:"usages"`
// Carrier chain information
CarrierChain *CarrierChain `json:"carrier_chain,omitempty"`
// Call graph relevant to this flow
CallGraph map[string][]string `json:"call_graph,omitempty"`
// Analysis metadata
Metadata FlowMapMetadata `json:"metadata"`
// contains filtered or unexported fields
}
FlowMap represents the complete data flow analysis result Memory-optimized with internal deduplication maps
func NewFlowMap ¶
func NewFlowMap() *FlowMap
NewFlowMap creates an optimized FlowMap with default limits and deduplication support
func NewFlowMapWithLimits ¶
NewFlowMapWithLimits creates a FlowMap with custom node/edge limits. Use maxNodes=0 or maxEdges=0 to use the default limits.
func (*FlowMap) AddCarrier ¶
AddCarrier adds a carrier node with deduplication
func (*FlowMap) HasEdge ¶
func (fm *FlowMap) HasEdge(from, to string, edgeType FlowEdgeType) bool
HasEdge checks if an edge exists in O(1)
type FlowMapMetadata ¶
type FlowMapMetadata struct {
AnalyzedAt time.Time `json:"analyzed_at"`
Duration string `json:"duration"`
FilesAnalyzed int `json:"files_analyzed"`
Language string `json:"language"`
Framework string `json:"framework,omitempty"`
TracerVersion string `json:"tracer_version"`
}
FlowMapMetadata contains analysis metadata
type FlowNode ¶
type FlowNode struct {
ID string `json:"id"`
Type FlowNodeType `json:"type"`
Language string `json:"language"`
// Location information
FilePath string `json:"file_path"`
Line int `json:"line"`
Column int `json:"column"`
EndLine int `json:"end_line,omitempty"`
EndColumn int `json:"end_column,omitempty"`
// Semantic information
Name string `json:"name"` // Variable/function/property name
ClassName string `json:"class_name,omitempty"` // If part of a class
MethodName string `json:"method_name,omitempty"` // If inside a method
Scope string `json:"scope,omitempty"` // Scope identifier
// Type information
TypeInfo *TypeInfo `json:"type_info,omitempty"`
// Source information (if this is a source node)
SourceType SourceType `json:"source_type,omitempty"`
SourceKey string `json:"source_key,omitempty"` // Parameter name
// Carrier information
CarrierType string `json:"carrier_type,omitempty"` // "array", "object_property", etc.
// Code snippet
Snippet string `json:"snippet"`
// Metadata
Metadata map[string]interface{} `json:"metadata,omitempty"`
}
FlowNode represents a node in the data flow graph
type FlowNodeType ¶
type FlowNodeType = constants.FlowNodeType
FlowNodeType represents the type of a node in the data flow graph. Re-exported from pkg/sources/constants.
type FlowPath ¶
type FlowPath struct {
ID string `json:"id"`
Description string `json:"description"`
Steps []FlowStep `json:"steps"`
Source *FlowNode `json:"source"`
Target *FlowNode `json:"target"`
}
FlowPath represents a complete path from source to target
type FlowStep ¶
type FlowStep struct {
Node FlowNode `json:"node"`
Edge *FlowEdge `json:"edge,omitempty"` // Edge to next step
Description string `json:"description"`
StepNumber int `json:"step_number"`
}
FlowStep represents one step in a flow path
type FlowTarget ¶
type FlowTarget struct {
FilePath string `json:"file_path"`
Line int `json:"line"`
Column int `json:"column,omitempty"`
Expression string `json:"expression"`
}
FlowTarget specifies what expression to trace
type FrameworkPattern ¶
type FrameworkPattern struct {
ID string `json:"id"`
Framework string `json:"framework"`
Language string `json:"language"`
Name string `json:"name"`
Description string `json:"description"`
// Pattern matching
ClassPattern string `json:"class_pattern,omitempty"` // Regex for class names
MethodPattern string `json:"method_pattern,omitempty"` // Regex for method names
PropertyPattern string `json:"property_pattern,omitempty"` // Regex for property names
AccessPattern string `json:"access_pattern,omitempty"` // How data is accessed
// Source mapping
SourceType SourceType `json:"source_type"`
SourceKey string `json:"source_key,omitempty"` // How to extract the key
// Flow information
CarrierClass string `json:"carrier_class,omitempty"`
CarrierProperty string `json:"carrier_property,omitempty"`
PopulatedBy string `json:"populated_by,omitempty"` // Method that populates
PopulatedFrom []string `json:"populated_from,omitempty"` // Original sources
}
FrameworkPattern defines a known framework input pattern
type FrameworkPatternData ¶
type FrameworkPatternData struct {
ID string
Framework string
Language string
Name string
Description string
ClassPattern string
MethodPattern string
PropertyPattern string
AccessPattern string
SourceType string
SourceKey string
CarrierClass string
CarrierProperty string
PopulatedBy string
PopulatedFrom []string
}
FrameworkPatternData is a plain data struct for importing patterns from pkg/sources, avoiding import cycles.
func (*FrameworkPatternData) ToFrameworkPattern ¶
func (d *FrameworkPatternData) ToFrameworkPattern() *FrameworkPattern
ToFrameworkPattern converts a FrameworkPatternData into a FrameworkPattern
type FunctionDef ¶
type FunctionDef struct {
Name string `json:"name"`
FilePath string `json:"file_path"`
Parameters []ParameterDef `json:"parameters"`
ReturnType string `json:"return_type,omitempty"`
Line int `json:"line"`
EndLine int `json:"end_line"`
IsExported bool `json:"is_exported"`
IsAsync bool `json:"is_async"`
// Body information
BodyStart int `json:"body_start"`
BodyEnd int `json:"body_end"`
BodySource string `json:"body_source,omitempty"`
// Flow analysis results
ParamsToReturn []int `json:"params_to_return,omitempty"`
ReturnsInput bool `json:"returns_input"`
CallsExternal []string `json:"calls_external,omitempty"`
ReturnTaintChain *TaintChain `json:"return_taint_chain,omitempty"`
ParamTaintChains map[int]*TaintChain `json:"param_taint_chains,omitempty"`
}
FunctionDef represents a standalone function definition
type ImportInfo ¶
type ImportInfo struct {
Path string `json:"path"` // Import path/module name
Alias string `json:"alias,omitempty"`
Names []string `json:"names,omitempty"` // Specific imports (from X import a, b)
IsRelative bool `json:"is_relative"`
Line int `json:"line"`
Type string `json:"type"` // "import", "require", "include", "use"
}
ImportInfo represents an import/include/require statement
type Location ¶
type Location struct {
FilePath string `json:"file_path"`
Line int `json:"line"`
Column int `json:"column"`
EndLine int `json:"end_line,omitempty"`
EndColumn int `json:"end_column,omitempty"`
}
Location represents a code location
type MethodDef ¶
type MethodDef struct {
Name string `json:"name"`
Parameters []ParameterDef `json:"parameters"`
ReturnType string `json:"return_type,omitempty"`
Line int `json:"line"`
EndLine int `json:"end_line"`
Visibility string `json:"visibility"`
IsStatic bool `json:"is_static"`
IsAbstract bool `json:"is_abstract"`
IsAsync bool `json:"is_async"`
// Body information
BodyStart int `json:"body_start"`
BodyEnd int `json:"body_end"`
BodySource string `json:"body_source,omitempty"` // Actual source code
// Flow analysis results
ParamsToReturn []int `json:"params_to_return,omitempty"` // Which params flow to return
ParamsToProps map[int]string `json:"params_to_props,omitempty"` // Param -> property flows
CallsInternal []string `json:"calls_internal,omitempty"` // Internal method calls
CallsExternal []string `json:"calls_external,omitempty"` // External function calls
ReturnsInput bool `json:"returns_input"` // Does it return user input?
// Annotations/decorators
Annotations []AnnotationDef `json:"annotations,omitempty"`
}
MethodDef represents a method/function definition
type ObjectInstance ¶
type ObjectInstance struct {
VariableName string `json:"variable_name"`
ClassName string `json:"class_name"`
CreatedAt Location `json:"created_at"`
Properties map[string]*TaintInfo `json:"properties"`
Framework string `json:"framework,omitempty"`
}
ObjectInstance represents a tracked object instance
type ParameterDef ¶
type ParameterDef struct {
Name string `json:"name"`
Type string `json:"type,omitempty"`
DefaultValue string `json:"default_value,omitempty"`
Index int `json:"index"`
IsVariadic bool `json:"is_variadic"`
IsReference bool `json:"is_reference"` // PHP &$param
// Flow analysis
ReceivesInput bool `json:"receives_input"`
InputSource string `json:"input_source,omitempty"`
TaintChain *TaintChain `json:"taint_chain,omitempty"`
}
ParameterDef represents a function/method parameter
type PropertyDef ¶
type PropertyDef struct {
Name string `json:"name"`
Type string `json:"type,omitempty"`
Visibility string `json:"visibility"` // public, private, protected
InitialValue string `json:"initial_value,omitempty"`
Line int `json:"line"`
IsStatic bool `json:"is_static"`
IsReadonly bool `json:"is_readonly"`
// Flow analysis results
ReceivesInput bool `json:"receives_input"`
InputSources []string `json:"input_sources,omitempty"`
TaintDepth int `json:"taint_depth,omitempty"`
}
PropertyDef represents a class property/field
type SourceInfo ¶
type SourceInfo struct {
Type SourceType `json:"type"` // http_get, http_post, etc.
Expression string `json:"expression"` // e.g., "$_GET['id']"
FilePath string `json:"file_path"`
Line int `json:"line"`
}
SourceInfo provides details about a discovered input source
type SourceType ¶
type SourceType = common.SourceType
SourceType represents the type of input source. Re-exported from pkg/sources/common.
type SymbolTable ¶
type SymbolTable struct {
FilePath string `json:"file_path"`
Language string `json:"language"`
Imports []ImportInfo `json:"imports"`
Classes map[string]*ClassDef `json:"classes"`
Functions map[string]*FunctionDef `json:"functions"`
Variables map[string]*VariableDef `json:"variables"`
Constants map[string]*ConstantDef `json:"constants"`
Namespace string `json:"namespace,omitempty"`
// File-level metadata
Framework string `json:"framework,omitempty"`
Metadata map[string]interface{} `json:"metadata,omitempty"`
}
SymbolTable holds all symbols discovered in a file
func NewSymbolTable ¶
func NewSymbolTable(filePath, language string) *SymbolTable
NewSymbolTable creates a new empty symbol table
func (*SymbolTable) ReleaseBodySources ¶
func (st *SymbolTable) ReleaseBodySources()
ReleaseBodySources releases all body sources from classes and functions to free large string memory after analysis is complete.
type TaintChain ¶
type TaintChain struct {
// Original source information
OriginalSource string `json:"original_source"` // e.g., "$_GET['id']"
OriginalType SourceType `json:"original_type"` // e.g., "http_get"
OriginalFile string `json:"original_file"`
OriginalLine int `json:"original_line"`
// Chain of transformations/assignments
Steps []TaintStep `json:"steps"`
// Current state
CurrentExpression string `json:"current_expression"` // What the taint looks like now
Depth int `json:"depth"` // How many hops from source
}
TaintChain tracks the complete propagation path of tainted data, enabling precise tracking of how data flows from source to usage.
func NewTaintChain ¶
func NewTaintChain(source, sourceType, file string, line int) *TaintChain
NewTaintChain creates a new taint chain from an original source
func (*TaintChain) AddStep ¶
func (tc *TaintChain) AddStep(stepType, expression, file string, line int, description string)
AddStep adds a propagation step to the taint chain
func (*TaintChain) Clone ¶
func (tc *TaintChain) Clone() *TaintChain
Clone creates a copy of the taint chain for branching flows
type TaintInfo ¶
type TaintInfo struct {
Source *FlowNode `json:"source"`
SourceType SourceType `json:"source_type"`
SourceKey string `json:"source_key"`
Depth int `json:"depth"`
Path []string `json:"path"` // How taint reached this var
}
TaintInfo holds simplified taint information for a variable during analysis. Use TaintChain when full propagation history is needed.
type TaintStep ¶
type TaintStep struct {
StepType string `json:"step_type"` // "assignment", "parameter", "return", "property", "method_call"
Expression string `json:"expression"` // The code at this step
FilePath string `json:"file_path"`
Line int `json:"line"`
Description string `json:"description"` // Human-readable description
}
TaintStep represents one step in the taint propagation chain
type TypeInfo ¶
type TypeInfo struct {
Name string `json:"name"`
Kind string `json:"kind"` // "class", "interface", "primitive", "array", "map"
Package string `json:"package,omitempty"`
Generics []string `json:"generics,omitempty"`
IsNullable bool `json:"is_nullable,omitempty"`
}
TypeInfo holds type information for a node
type VariableDef ¶
type VariableDef struct {
Name string `json:"name"`
Type string `json:"type,omitempty"`
InitialValue string `json:"initial_value,omitempty"`
Line int `json:"line"`
Scope string `json:"scope"`
IsGlobal bool `json:"is_global"`
IsConstant bool `json:"is_constant"`
// Flow analysis
IsTainted bool `json:"is_tainted"`
TaintSource string `json:"taint_source,omitempty"`
TaintDepth int `json:"taint_depth,omitempty"`
TaintChain *TaintChain `json:"taint_chain,omitempty"`
}
VariableDef represents a variable definition
Source Files
Click to show internal directories.
Click to hide internal directories.