core

package
v0.0.0-...-d33c02b Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 16, 2025 License: AGPL-3.0 Imports: 2 Imported by: 0

Documentation

Overview

Package core provides foundational type definitions for the callgraph analyzer.

This package contains pure data structures with minimal dependencies that form the contract for all other callgraph packages. Types in this package should:

  • Have zero circular dependencies
  • Contain minimal business logic
  • Be stable and rarely change

Core Types

CallGraph represents the complete call graph with edges between functions.

Statement represents individual program statements for def-use analysis.

TaintSummary stores results of taint analysis for a function.

Usage 

import "github.com/shivasurya/code-pathfinder/sourcecode-parser/graph/callgraph/core"

cg := core.NewCallGraph()
cg.AddEdge("main.foo", "main.bar")

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GetFrameworkCategory 

func GetFrameworkCategory(fqn string) string

GetFrameworkCategory returns the category of a framework given its FQN. Returns empty string if not a known framework.

func GetFrameworkName 

func GetFrameworkName(fqn string) string

GetFrameworkName returns the name of a framework given its FQN. Returns empty string if not a known framework.

Types

type Argument 

type Argument struct {
	Value      string // The argument expression as a string
	IsVariable bool   // Whether this argument is a variable reference
	Position   int    // Position in the argument list (0-indexed)
}

Argument represents a single argument passed to a function call. Tracks both the value/expression and metadata about the argument.

type CallGraph 

type CallGraph struct {
	// Forward edges: maps fully qualified function name to list of functions it calls
	// Key: caller FQN (e.g., "myapp.views.get_user")
	// Value: list of callee FQNs (e.g., ["myapp.db.query", "myapp.utils.sanitize"])
	Edges map[string][]string

	// Reverse edges: maps fully qualified function name to list of functions that call it
	// Useful for backward slicing and finding all callers of a function
	// Key: callee FQN
	// Value: list of caller FQNs
	ReverseEdges map[string][]string

	// Detailed call site information for each function
	// Key: caller FQN
	// Value: list of all call sites within that function
	CallSites map[string][]CallSite

	// Map from fully qualified name to the actual function node in the graph
	// This allows quick lookup of function metadata (line number, file, etc.)
	Functions map[string]*graph.Node

	// Taint summaries for each function (intra-procedural analysis results)
	// Key: function FQN
	// Value: TaintSummary with taint flow information
	Summaries map[string]*TaintSummary
}

CallGraph represents the complete call graph of a program. It maps function definitions to their call sites and provides both forward (callers → callees) and reverse (callees → callers) edges.

Example: 

Function A calls B and C
edges: {"A": ["B", "C"]}
reverseEdges: {"B": ["A"], "C": ["A"]}

func NewCallGraph 

func NewCallGraph() *CallGraph

NewCallGraph creates and initializes a new CallGraph instance. All maps are pre-allocated to avoid nil pointer issues.

func (*CallGraph) AddCallSite 

func (cg *CallGraph) AddCallSite(caller string, callSite CallSite)

AddCallSite adds a call site to the call graph. This stores detailed information about where and how a function is called.

Parameters:

  • caller: fully qualified name of the calling function
  • callSite: detailed information about the call

func (*CallGraph) AddEdge 

func (cg *CallGraph) AddEdge(caller, callee string)

AddEdge adds a directed edge from caller to callee in the call graph. Automatically updates both forward and reverse edges.

Parameters:

  • caller: fully qualified name of the calling function
  • callee: fully qualified name of the called function

func (*CallGraph) GetCallees 

func (cg *CallGraph) GetCallees(caller string) []string

GetCallees returns all functions called by the specified function. Uses the forward edges for efficient lookup.

Parameters:

  • caller: fully qualified name of the function

Returns:

  • list of callee FQNs, or empty slice if no callees found

func (*CallGraph) GetCallers 

func (cg *CallGraph) GetCallers(callee string) []string

GetCallers returns all functions that call the specified function. Uses the reverse edges for efficient lookup.

Parameters:

  • callee: fully qualified name of the function

Returns:

  • list of caller FQNs, or empty slice if no callers found

type CallSite 

type CallSite struct {
	Target        string     // The name of the function being called (e.g., "eval", "utils.sanitize")
	Location      Location   // Where this call occurs in the source code
	Arguments     []Argument // Arguments passed to the call
	Resolved      bool       // Whether we successfully resolved this call to a definition
	TargetFQN     string     // Fully qualified name after resolution (e.g., "myapp.utils.sanitize")
	FailureReason string     // Why resolution failed (empty if Resolved=true)

	// Phase 2: Type inference metadata
	ResolvedViaTypeInference bool    // Was this resolved using type inference?
	InferredType             string  // The inferred type FQN (e.g., "builtins.str", "test.User")
	TypeConfidence           float32 // Confidence score of the type inference (0.0-1.0)
	TypeSource               string  // How type was inferred (e.g., "literal", "return_type", "class_instantiation")
}

CallSite represents a function/method call location in the source code. It captures both the syntactic information (where the call is) and semantic information (what is being called and with what arguments).

type ClassAttribute 

type ClassAttribute struct {
	Name       string                // Attribute name (e.g., "value", "user")
	Type       *TypeInfo             // Inferred type of the attribute
	AssignedIn string                // Method where assigned (e.g., "__init__", "setup")
	Location   *graph.SourceLocation // Source location of the attribute
	Confidence float64               // Confidence in type inference (0.0-1.0)
}

ClassAttribute represents a single attribute of a class.

type ClassAttributes 

type ClassAttributes struct {
	ClassFQN   string                     // Fully qualified class name (e.g., "myapp.models.User")
	Attributes map[string]*ClassAttribute // Map from attribute name to attribute info
	Methods    []string                   // List of method FQNs in this class
	FilePath   string                     // Source file path where class is defined
}

ClassAttributes holds all attributes for a single class.

type DefUseChain 

type DefUseChain struct {
	// Defs maps variable names to all statements that define them.
	// A variable can have multiple definitions across different code paths.
	Defs map[string][]*Statement

	// Uses maps variable names to all statements that use them.
	// A variable can be used in multiple places.
	Uses map[string][]*Statement
}

DefUseChain represents the def-use relationships for all variables in a function.

func BuildDefUseChains 

func BuildDefUseChains(statements []*Statement) *DefUseChain

BuildDefUseChains constructs a def-use chain from a list of statements. This is a single-pass algorithm that builds an inverted index.

Algorithm:

  1. Initialize empty Defs and Uses maps
  2. For each statement: - If stmt.Def is not empty: add stmt to Defs[stmt.Def] - For each variable in stmt.Uses: add stmt to Uses[variable]
  3. Return DefUseChain

Time complexity: O(n × m) 

where n = number of statements
      m = average number of uses per statement
Typical: 50 statements × 3 variables = 150 operations (~1 microsecond)

Space complexity: O(v × k) 

where v = number of unique variables
      k = average number of defs + uses per variable
Typical: 20 variables × 5 references = 100 pointers = 800 bytes

Example: 

statements := []*Statement{
    {LineNumber: 1, Def: "x", Uses: []string{}},
    {LineNumber: 2, Def: "y", Uses: []string{"x"}},
    {LineNumber: 3, Def: "", Uses: []string{"y"}},
}

chain := BuildDefUseChains(statements)

// Query: where is x defined?
xDefs := chain.Defs["x"]  // [stmt1]

// Query: where is x used?
xUses := chain.Uses["x"]  // [stmt2]

func NewDefUseChain 

func NewDefUseChain() *DefUseChain

NewDefUseChain creates an empty def-use chain.

func (*DefUseChain) AddDef 

func (chain *DefUseChain) AddDef(varName string, stmt *Statement)

AddDef registers a statement as defining a variable.

func (*DefUseChain) AddUse 

func (chain *DefUseChain) AddUse(varName string, stmt *Statement)

AddUse registers a statement as using a variable.

func (*DefUseChain) AllVariables 

func (chain *DefUseChain) AllVariables() []string

AllVariables returns a list of all variable names in the def-use chain.

func (*DefUseChain) ComputeStats 

func (chain *DefUseChain) ComputeStats() DefUseStats

ComputeStats computes statistics about this def-use chain. Useful for performance analysis and debugging.

Example: 

stats := chain.ComputeStats()
fmt.Printf("Function has %d variables, %d defs, %d uses\n",
           stats.NumVariables, stats.NumDefs, stats.NumUses)

func (*DefUseChain) GetDefs 

func (chain *DefUseChain) GetDefs(varName string) []*Statement

GetDefs returns all statements that define a given variable. Returns empty slice if variable is never defined.

func (*DefUseChain) GetUses 

func (chain *DefUseChain) GetUses(varName string) []*Statement

GetUses returns all statements that use a given variable. Returns empty slice if variable is never used.

func (*DefUseChain) IsDefined 

func (chain *DefUseChain) IsDefined(varName string) bool

IsDefined returns true if the variable has at least one definition.

func (*DefUseChain) IsUsed 

func (chain *DefUseChain) IsUsed(varName string) bool

IsUsed returns true if the variable has at least one use.

type DefUseStats 

type DefUseStats struct {
	NumVariables       int // Total unique variables
	NumDefs            int // Total definition sites
	NumUses            int // Total use sites
	MaxDefsPerVariable int // Most definitions for a single variable
	MaxUsesPerVariable int // Most uses for a single variable
	UndefinedVariables int // Variables used but never defined (parameters)
	DeadVariables      int // Variables defined but never used
}

DefUseStats contains statistics about the def-use chain (for debugging/diagnostics).

type FrameworkDefinition 

type FrameworkDefinition struct {
	Name        string   // Display name (e.g., "Django")
	Prefixes    []string // Module prefixes to match (e.g., ["django.", "django"])
	Description string   // Human-readable description
	Category    string   // Category: "web", "orm", "testing", "stdlib", etc.
}

FrameworkDefinition represents a known external framework or library. This is used to mark calls to external code as resolved, even though we don't have the source code for these frameworks.

func IsKnownFramework 

func IsKnownFramework(fqn string) (bool, *FrameworkDefinition)

IsKnownFramework checks if the given fully qualified name (FQN) belongs to a known external framework or standard library.

Parameters:

  • fqn: fully qualified name (e.g., "django.db.models.ForeignKey")

Returns:

  • true if the FQN matches any known framework
  • the matching framework definition

func LoadFrameworks 

func LoadFrameworks() []FrameworkDefinition

LoadFrameworks returns the list of known frameworks. This function provides an extensibility hook for future enhancements where frameworks might be loaded from a configuration file.

type FunctionParam 

type FunctionParam struct {
	Name     string `json:"name"`
	Type     string `json:"type"`
	Required bool   `json:"required"`
}

FunctionParam represents a function parameter.

type ImportMap 

type ImportMap struct {
	FilePath string            // Absolute path to the file containing these imports
	Imports  map[string]string // Maps alias/name to fully qualified module path
}

ImportMap represents the import statements in a single Python file. Maps local aliases to fully qualified module paths.

Example: 

File contains: from myapp.utils import sanitize as clean
Imports: {"clean": "myapp.utils.sanitize"}

func NewImportMap 

func NewImportMap(filePath string) *ImportMap

NewImportMap creates and initializes a new ImportMap instance.

func (*ImportMap) AddImport 

func (im *ImportMap) AddImport(alias, fqn string)

AddImport adds an import mapping to the import map.

Parameters:

  • alias: the local name used in the file (e.g., "clean", "sanitize", "utils")
  • fqn: the fully qualified name (e.g., "myapp.utils.sanitize")

func (*ImportMap) Resolve 

func (im *ImportMap) Resolve(alias string) (string, bool)

Resolve looks up the fully qualified name for a local alias.

Parameters:

  • alias: the local name to resolve

Returns:

  • fully qualified name and true if found, empty string and false otherwise

type Location 

type Location struct {
	File   string // Absolute path to the source file
	Line   int    // Line number (1-indexed)
	Column int    // Column number (1-indexed)
}

Location represents a source code location for tracking call sites. This enables precise mapping of where calls occur in the source code.

type Manifest 

type Manifest struct {
	SchemaVersion    string            `json:"schema_version"`
	RegistryVersion  string            `json:"registry_version"`
	PythonVersion    PythonVersionInfo `json:"python_version"`
	GeneratedAt      string            `json:"generated_at"`
	GeneratorVersion string            `json:"generator_version"`
	BaseURL          string            `json:"base_url"`
	Modules          []*ModuleEntry    `json:"modules"`
	Statistics       *RegistryStats    `json:"statistics"`
}

Manifest contains metadata about the stdlib registry.

type ModuleEntry 

type ModuleEntry struct {
	Name      string `json:"name"`
	File      string `json:"file"`
	URL       string `json:"url"`
	SizeBytes int64  `json:"size_bytes"`
	Checksum  string `json:"checksum"`
}

ModuleEntry represents a single module in the manifest.

type ModuleRegistry 

type ModuleRegistry struct {
	// Maps fully qualified module path to absolute file path
	// Key: "myapp.utils.helpers"
	// Value: "/absolute/path/to/myapp/utils/helpers.py"
	Modules map[string]string

	// Maps absolute file path to fully qualified module path (reverse of Modules)
	// Key: "/absolute/path/to/myapp/utils/helpers.py"
	// Value: "myapp.utils.helpers"
	// Used for resolving relative imports
	FileToModule map[string]string

	// Maps short module names to all matching file paths (handles ambiguity)
	// Key: "helpers"
	// Value: ["/path/to/myapp/utils/helpers.py", "/path/to/lib/helpers.py"]
	ShortNames map[string][]string

	// Cache for resolved imports to avoid redundant lookups
	// Key: import string (e.g., "utils.helpers")
	// Value: fully qualified module path
	ResolvedImports map[string]string
}

ModuleRegistry maintains the mapping between Python file paths and module paths. This is essential for resolving imports and building fully qualified names.

Example: 

File: /project/myapp/utils/helpers.py
Module: myapp.utils.helpers

func NewModuleRegistry 

func NewModuleRegistry() *ModuleRegistry

NewModuleRegistry creates and initializes a new ModuleRegistry instance.

func (*ModuleRegistry) AddModule 

func (mr *ModuleRegistry) AddModule(modulePath, filePath string)

AddModule registers a module in the registry. Automatically indexes both the full module path and the short name.

Parameters:

  • modulePath: fully qualified module path (e.g., "myapp.utils.helpers")
  • filePath: absolute file path (e.g., "/project/myapp/utils/helpers.py")

func (*ModuleRegistry) GetModulePath 

func (mr *ModuleRegistry) GetModulePath(modulePath string) (string, bool)

GetModulePath returns the file path for a given module, if it exists.

Parameters:

  • modulePath: fully qualified module path

Returns:

  • file path and true if found, empty string and false otherwise

type PythonVersionInfo 

type PythonVersionInfo struct {
	Major int    `json:"major"`
	Minor int    `json:"minor"`
	Patch int    `json:"patch"`
	Full  string `json:"full"`
}

PythonVersionInfo contains Python version details.

type RegistryStats 

type RegistryStats struct {
	TotalModules    int `json:"total_modules"`
	TotalFunctions  int `json:"total_functions"`
	TotalClasses    int `json:"total_classes"`
	TotalConstants  int `json:"total_constants"`
	TotalAttributes int `json:"total_attributes"`
}

RegistryStats contains aggregate statistics.

type Statement 

type Statement struct {
	// Type is the kind of statement (assignment, call, return, etc.)
	Type StatementType

	// LineNumber is the source line number for this statement (1-indexed)
	LineNumber uint32

	// Def is the variable being defined by this statement (if any)
	// For assignments: the left-hand side variable
	// For for loops: the loop variable
	// For with statements: the as variable
	// Empty string if no definition
	Def string

	// Uses is the list of variables used/read by this statement
	// For assignments: variables in the right-hand side expression
	// For calls: variables used in arguments
	// For conditions: variables in the condition expression
	Uses []string

	// CallTarget is the function/method being called (if Type == StatementTypeCall)
	// Format: "function_name" for direct calls, "obj.method" for method calls
	// Empty string for non-call statements
	CallTarget string

	// CallArgs are the argument variables passed to the call (if Type == StatementTypeCall)
	// Only includes variable names, not literals
	CallArgs []string

	// NestedStatements contains statements inside this statement's body
	// Used for if/for/while/with/try blocks
	// Empty for simple statements like assignments
	NestedStatements []*Statement

	// ElseBranch contains statements in the else branch (if applicable)
	// Used for if/try statements
	ElseBranch []*Statement
}

Statement represents a single statement in the code with def-use information.

func (*Statement) AllStatements 

func (s *Statement) AllStatements() []*Statement

AllStatements returns a flattened list of this statement and all nested statements. Performs depth-first traversal.

func (*Statement) GetDef 

func (s *Statement) GetDef() string

GetDef returns the variable defined by this statement, or empty string if none.

func (*Statement) GetUses 

func (s *Statement) GetUses() []string

GetUses returns the list of variables used by this statement.

func (*Statement) HasNestedStatements 

func (s *Statement) HasNestedStatements() bool

HasNestedStatements returns true if this statement contains nested statements.

func (*Statement) IsAssignment 

func (s *Statement) IsAssignment() bool

IsAssignment returns true if this statement is a variable assignment.

func (*Statement) IsCall 

func (s *Statement) IsCall() bool

IsCall returns true if this statement is a function/method call.

func (*Statement) IsControlFlow 

func (s *Statement) IsControlFlow() bool

IsControlFlow returns true if this statement is a control flow construct.

type StatementType 

type StatementType string

StatementType represents the type of statement in the code. 

const (
	// Assignment represents variable assignments: x = expr.
	StatementTypeAssignment StatementType = "assignment"

	// Call represents function/method calls: foo(), obj.method().
	StatementTypeCall StatementType = "call"

	// Return represents return statements: return expr.
	StatementTypeReturn StatementType = "return"

	// If represents conditional statements: if condition: ...
	StatementTypeIf StatementType = "if"

	// For represents loop statements: for x in iterable: ...
	StatementTypeFor StatementType = "for"

	// While represents while loop statements: while condition: ...
	StatementTypeWhile StatementType = "while"

	// With represents context manager statements: with expr as var: ...
	StatementTypeWith StatementType = "with"

	// Try represents exception handling: try: ... except: ...
	StatementTypeTry StatementType = "try"

	// Raise represents exception raising: raise Exception().
	StatementTypeRaise StatementType = "raise"

	// Import represents import statements: import module, from module import name.
	StatementTypeImport StatementType = "import"

	// Expression represents expression statements (calls, attribute access, etc.).
	StatementTypeExpression StatementType = "expression"
)

type StdlibAttribute 

type StdlibAttribute struct {
	Type        string  `json:"type"`
	BehavesLike string  `json:"behaves_like,omitempty"`
	Confidence  float32 `json:"confidence"`
	Docstring   string  `json:"docstring,omitempty"`
}

StdlibAttribute represents a module-level attribute (os.environ, sys.modules, etc.).

type StdlibClass 

type StdlibClass struct {
	Type      string                     `json:"type"`
	Methods   map[string]*StdlibFunction `json:"methods"`
	Docstring string                     `json:"docstring,omitempty"`
}

StdlibClass represents a class in a stdlib module.

type StdlibConstant 

type StdlibConstant struct {
	Type             string  `json:"type"`
	Value            string  `json:"value"`
	Confidence       float32 `json:"confidence"`
	PlatformSpecific bool    `json:"platform_specific,omitempty"`
}

StdlibConstant represents a module-level constant.

type StdlibFunction 

type StdlibFunction struct {
	ReturnType string           `json:"return_type"`
	Confidence float32          `json:"confidence"`
	Params     []*FunctionParam `json:"params"`
	Source     string           `json:"source"`
	Docstring  string           `json:"docstring,omitempty"`
}

StdlibFunction represents a function in a stdlib module.

type StdlibModule 

type StdlibModule struct {
	Module        string                      `json:"module"`
	PythonVersion string                      `json:"python_version"`
	GeneratedAt   string                      `json:"generated_at"`
	Functions     map[string]*StdlibFunction  `json:"functions"`
	Classes       map[string]*StdlibClass     `json:"classes"`
	Constants     map[string]*StdlibConstant  `json:"constants"`
	Attributes    map[string]*StdlibAttribute `json:"attributes"`
}

StdlibModule represents a single stdlib module registry.

type StdlibRegistry 

type StdlibRegistry struct {
	Modules  map[string]*StdlibModule
	Manifest *Manifest
}

StdlibRegistry holds all Python stdlib module registries.

func NewStdlibRegistry 

func NewStdlibRegistry() *StdlibRegistry

NewStdlibRegistry creates a new stdlib registry.

func (*StdlibRegistry) GetAttribute 

func (r *StdlibRegistry) GetAttribute(moduleName, attributeName string) *StdlibAttribute

GetAttribute returns an attribute from a module.

func (*StdlibRegistry) GetClass 

func (r *StdlibRegistry) GetClass(moduleName, className string) *StdlibClass

GetClass returns a class from a module.

func (*StdlibRegistry) GetConstant 

func (r *StdlibRegistry) GetConstant(moduleName, constantName string) *StdlibConstant

GetConstant returns a constant from a module.

func (*StdlibRegistry) GetFunction 

func (r *StdlibRegistry) GetFunction(moduleName, functionName string) *StdlibFunction

GetFunction returns a function from a module.

func (*StdlibRegistry) GetModule 

func (r *StdlibRegistry) GetModule(moduleName string) *StdlibModule

GetModule returns the registry for a specific module.

func (*StdlibRegistry) HasModule 

func (r *StdlibRegistry) HasModule(moduleName string) bool

HasModule checks if a module exists in the registry.

func (*StdlibRegistry) ModuleCount 

func (r *StdlibRegistry) ModuleCount() int

ModuleCount returns the number of loaded modules.

type TaintInfo 

type TaintInfo struct {
	// SourceLine is the line number where taint originated (1-indexed)
	SourceLine uint32

	// SourceVar is the variable name at the taint source
	SourceVar string

	// SinkLine is the line number where tainted data reaches a dangerous sink (1-indexed)
	SinkLine uint32

	// SinkVar is the variable name at the sink
	SinkVar string

	// SinkCall is the dangerous function/method call at the sink
	// Examples: "execute", "eval", "os.system"
	SinkCall string

	// PropagationPath is the list of variables through which taint propagated
	// Example: ["user_input", "data", "query"] shows user_input -> data -> query
	PropagationPath []string

	// Confidence is a score from 0.0 to 1.0 indicating detection confidence
	// 1.0 = high confidence (direct flow)
	// 0.7 = medium confidence (through stdlib function)
	// 0.5 = low confidence (through third-party library)
	// 0.0 = no taint detected
	Confidence float64

	// Sanitized indicates if a sanitizer was detected in the propagation path
	// If true, the taint was neutralized and should not trigger a finding
	Sanitized bool

	// SanitizerLine is the line number where sanitization occurred (if Sanitized == true)
	SanitizerLine uint32

	// SanitizerCall is the sanitizer function that was called
	// Examples: "escape_html", "quote_sql", "validate_email"
	SanitizerCall string
}

TaintInfo represents detailed taint tracking information for a single detection.

func (*TaintInfo) IsHighConfidence 

func (ti *TaintInfo) IsHighConfidence() bool

IsHighConfidence returns true if confidence >= 0.8.

func (*TaintInfo) IsLowConfidence 

func (ti *TaintInfo) IsLowConfidence() bool

IsLowConfidence returns true if 0.0 < confidence < 0.5.

func (*TaintInfo) IsMediumConfidence 

func (ti *TaintInfo) IsMediumConfidence() bool

IsMediumConfidence returns true if 0.5 <= confidence < 0.8.

func (*TaintInfo) IsTainted 

func (ti *TaintInfo) IsTainted() bool

IsTainted returns true if this TaintInfo represents actual taint (confidence > 0).

type TaintSummary 

type TaintSummary struct {
	// FunctionFQN is the fully qualified name of the analyzed function
	// Format: "module.Class.method" or "module.function"
	FunctionFQN string

	// TaintedVars maps variable names to their taint information
	// If a variable is not in this map, it is considered untainted
	// Multiple TaintInfo entries indicate multiple taint paths to the same variable
	TaintedVars map[string][]*TaintInfo

	// Detections is a list of all taint flows that reached a dangerous sink
	// These represent potential security vulnerabilities
	Detections []*TaintInfo

	// TaintedParams tracks which function parameters are tainted (by parameter name)
	// Used for inter-procedural analysis
	TaintedParams []string

	// TaintedReturn indicates if the function's return value is tainted
	TaintedReturn bool

	// ReturnTaintInfo provides details if TaintedReturn is true
	ReturnTaintInfo *TaintInfo

	// AnalysisError indicates if the analysis failed for this function
	// If true, the summary is incomplete
	AnalysisError bool

	// ErrorMessage contains the error description if AnalysisError is true
	ErrorMessage string
}

TaintSummary represents the complete taint analysis results for a function.

func NewTaintSummary 

func NewTaintSummary(functionFQN string) *TaintSummary

NewTaintSummary creates an empty taint summary for a function.

func (*TaintSummary) AddDetection 

func (ts *TaintSummary) AddDetection(detection *TaintInfo)

AddDetection records a taint flow that reached a dangerous sink.

func (*TaintSummary) AddTaintedVar 

func (ts *TaintSummary) AddTaintedVar(varName string, taintInfo *TaintInfo)

AddTaintedVar records taint information for a variable.

func (*TaintSummary) GetDetectionCount 

func (ts *TaintSummary) GetDetectionCount() int

GetDetectionCount returns the total number of detections.

func (*TaintSummary) GetHighConfidenceDetections 

func (ts *TaintSummary) GetHighConfidenceDetections() []*TaintInfo

GetHighConfidenceDetections returns detections with confidence >= 0.8.

func (*TaintSummary) GetLowConfidenceDetections 

func (ts *TaintSummary) GetLowConfidenceDetections() []*TaintInfo

GetLowConfidenceDetections returns detections with 0.0 < confidence < 0.5.

func (*TaintSummary) GetMediumConfidenceDetections 

func (ts *TaintSummary) GetMediumConfidenceDetections() []*TaintInfo

GetMediumConfidenceDetections returns detections with 0.5 <= confidence < 0.8.

func (*TaintSummary) GetTaintInfo 

func (ts *TaintSummary) GetTaintInfo(varName string) []*TaintInfo

GetTaintInfo retrieves all taint information for a variable. Returns nil if variable is not tainted.

func (*TaintSummary) GetTaintedVarCount 

func (ts *TaintSummary) GetTaintedVarCount() int

GetTaintedVarCount returns the number of distinct tainted variables.

func (*TaintSummary) HasDetections 

func (ts *TaintSummary) HasDetections() bool

HasDetections returns true if any taint flows reached dangerous sinks.

func (*TaintSummary) IsComplete 

func (ts *TaintSummary) IsComplete() bool

IsComplete returns true if analysis completed without errors.

func (*TaintSummary) IsParamTainted 

func (ts *TaintSummary) IsParamTainted(paramName string) bool

IsParamTainted checks if a function parameter is tainted.

func (*TaintSummary) IsTainted 

func (ts *TaintSummary) IsTainted(varName string) bool

IsTainted checks if a variable is tainted (has at least one unsanitized taint path).

func (*TaintSummary) MarkReturnTainted 

func (ts *TaintSummary) MarkReturnTainted(taintInfo *TaintInfo)

MarkReturnTainted marks the function's return value as tainted.

func (*TaintSummary) MarkTaintedParam 

func (ts *TaintSummary) MarkTaintedParam(paramName string)

MarkTaintedParam marks a function parameter as tainted.

func (*TaintSummary) SetError 

func (ts *TaintSummary) SetError(errorMsg string)

SetError marks the analysis as failed with an error message.

type TypeInfo 

type TypeInfo struct {
	TypeFQN    string  // Fully qualified type name (e.g., "builtins.str", "myapp.models.User")
	Confidence float32 // Confidence level from 0.0 to 1.0 (1.0 = certain, 0.5 = heuristic, 0.0 = unknown)
	Source     string  // How the type was inferred (e.g., "literal", "assignment", "annotation")
}

TypeInfo represents inferred type information for a variable or expression. It tracks the fully qualified type name, confidence level, and how the type was inferred.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.