chains-project / GoSurf

Static analyzer to find locations to hide malicious code in Go
2 stars 1 forks source link

CGO parser #3

Closed vivi365 closed 5 months ago

vivi365 commented 5 months ago

All C function calls from Go are done via the C package C.someCFunction(). Thus it seems we can just look for the C identity.

if pkg, ok := sel.X.(*ast.Ident); ok && pkg.Name == "C" 

Have not tested thoroughly yet, only on the POC.