globstar/analysis/feature at 2c68a3252be8416ab256a4d8d9481668b02cb3f3 · DeepSourceCorp/globstar · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
type AnalysisFunction struct {
	Name 	  string
	Parameters []reflect.Type
	Run func(args ...interface{}) (Analyzer, error)
}

---
functions/run_taint_analysis.go
---
TaintAnalysisFunction := AnalysisFunction{
	Name: "taint",
	Parameters: []reflect.Type{
		reflect.TypeOf([]string{}), // sources
		reflect.TypeOf([]string{}), // sinks
	},
	Description: "Runs a taint analysis on the provided function and its parameters.",
	Run: func(args ...interface{}) (Analyzer, error) {
		sources := args[0].([]string)
		sinks := args[1].([]string)

		analyzer := NewTaintAnalyzer(sources, sinks)
		return analyzer, nil
	}
}

func NewTaintAnalyzer(sources, sinks []string) Analyzer {
	return &TaintAnalyzer{
		Sources: sources,
		Sinks:   sinks,
	}
}

---
directory.go
---
functions := []AnalysisFunction{
	TaintAnalysisFunction,
}

for _, function := range functions {
	analyzer, err := function.Run(function.Parameters...)
	analyzers = append(analyzers, analyzer)
}


---
name: "run_taint_analysis"
language: go
description: "Runs a taint analysis on the provided function and its parameters."
analysisFunction:
	name: taint
	parameters:
		sources:
			- (query)
		sinks:
			- (
	(callexpression method @methodname (parameterList))
	#match @methodname "get_user_input"
	)
		- (function (parameterList))
		- (function (parameterList))