mlevesquedion
commented
3 years ago I see you have already added a hook visitKnownFunction for this purpose.
FWIW, the non-EAR version of the analysis already supports this to a large extent. See the internal/pkg/propagation/summary package.
Perhaps these summaries can be used by EAR as well.
Bug report
Describe the bug Go has a large number of library functions in the standard package, whose source code may be missing and the propagation analysis may have no clue on their semantics. While we can hard-code the support for some known ones, e.g.
fmt.Printf(...), it may be impractical to do that for all the functions. If we over-approximate their semantics, then false positives will be generated. This bug is to track the progress of the support for these library functions.