search

Fraunhofer-AISEC / codyze

Codyze is a static analyzer for Java, C, C++ based on code property graphs
https://www.codyze.io
Apache License 2.0
87 stars 18 forks source link

Coko 'ArgumentOrigin' Evaluator #873

Closed CodingDepot closed 2 months ago

CodingDepot commented 5 months ago

This PR adds an ArgumentOrigin evaluator to Coko that verifies the origin of an argument. It finds instances of the target Op and checks whether the argument at the specified position was produced by a call of the origin Op.

It also makes sure that the value of the argument was not changed between the origin call and the target call.

This evaluator is useful when you have a trusted method whose return value should be used as input to another method in all cases. (e.g. always use SecureRandom.getInstanceStrong() as RNG source)

codecov[bot] commented 5 months ago

Codecov Report

Attention: Patch coverage is 88.09524% with 5 lines in your changes missing coverage. Please review.

Project coverage is 77.58%. Comparing base (c14fbcd) to head (736ce13). Report is 1 commits behind head on main.

Files with missing lines Patch % Lines
.../backends/cpg/coko/evaluators/ArgumentEvaluator.kt 86.84% 1 Missing and 4 partials :warning:
Additional details and impacted files ```diff @@ Coverage Diff @@ ## main #873 +/- ## ============================================ + Coverage 77.35% 77.58% +0.22% - Complexity 259 273 +14 ============================================ Files 60 61 +1 Lines 1930 1972 +42 Branches 272 280 +8 ============================================ + Hits 1493 1530 +37 - Misses 312 313 +1 - Partials 125 129 +4 ``` | [Flag](https://app.codecov.io/gh/Fraunhofer-AISEC/codyze/pull/873/flags?src=pr&el=flags&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Fraunhofer-AISEC) | Coverage Δ | | |---|---|---| | [unittests](https://app.codecov.io/gh/Fraunhofer-AISEC/codyze/pull/873/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Fraunhofer-AISEC) | `77.58% <88.09%> (+0.22%)` | :arrow_up: | Flags with carried forward coverage won't be shown. [Click here](https://docs.codecov.io/docs/carryforward-flags?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Fraunhofer-AISEC#carryforward-flags-in-the-pull-request-comment) to find out more.

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.