Closed hex0punk closed 3 months ago
This pull request introduces various improvements and enhancements to the Wally tool, including improved limiter mode validation, enhanced documentation, potential security concerns, callgraph analysis enhancements, and the addition of utility functions, all of which aim to enhance the functionality and security of the tool.
We ran 9 analyzers
against 6 files
and 1 analyzer
had findings. 8 analyzers
had no findings.
Analyzer | Findings |
---|---|
Authn/Authz Analyzer | 1 finding |
:green_circle: Risk threshold not exceeded.
Introducing a new "very-strict" limiter mode to provide more granular control over the call graph analysis. In this mode, wally matches site call names to the node names. For instance, say in the below example that we are looking for call paths to
Foo()
. Wally knows that to reachFoo()
a function would need to callMyFunc()
. Invery-strict
mode, Wally makes sure that MyFunc() can only be calledMyFunc
and nothing else. This allows Wally to skip invalid callers that are generated by the "golang.org/x/tools/go/callgraph" algorithms.