search

hex0punk / wally

Function callpath mapping analysis tool for Go
Mozilla Public License 2.0
28 stars 0 forks source link

Match filtering string #66

Closed hex0punk closed 2 months ago

hex0punk commented 2 months ago

Introduces the ability to filter match packages (as opposed to path nodes). Fixes bugs in BFS

dryrunsecurity[bot] commented 2 months ago

DryRun Security Summary

The pull request introduces changes to improve the functionality and flexibility of the application's static analysis capabilities, particularly around function mapping, call tracking, and indicator-based filtering, which can enhance the application's security posture by providing better code understanding and the foundation for more advanced security-focused analyses.

Expand for full summary
**Summary:** The code changes in this pull request span several files and appear to be focused on improving the functionality and flexibility of the application's static analysis capabilities, particularly around function mapping, call tracking, and indicator-based filtering. While the changes do not directly introduce any obvious security vulnerabilities, they do have the potential to enhance the application's security posture by providing better code understanding and the foundation for more advanced security-focused analyses. The key changes include the addition of a new `MatchFilter` field to the `Indicator` struct, improvements to the `CallMapper` struct's concurrency handling and path mapping logic, and the introduction of the `EnclosedBy` field in the `FuncInfo` struct to capture the enclosing function information. Additionally, the changes in the `navigator` package integrate the SSA-based callgraph information, which can enable more comprehensive code understanding and potentially support advanced security checks in the future. **Files Changed:** 1. `indicator/indicator.go`: - Addition of a new `MatchFilter` field to the `Indicator` struct. - Initialization of the `MatchFilter` field in the `getStockIndicators()` function. 2. `wallylib/callmapper/callmapper.go`: - Addition of a `sync.Mutex` field `pathMutex` to handle concurrent access to the `CallMapper` struct's internal data structures. - Modifications to the `BFS` and `DFS` methods to optimize the call mapping logic and handle closure functions. 3. `wallylib/core.go`: - Addition of a new `EnclosedBy` field of type `*FuncDecl` to the `FuncInfo` struct. - Update to the `Match` method to include a check for the `MatchFilter` field of the `indicator.Indicator` struct. 4. `navigator/navigator.go`: - Capture of the enclosing function information for a given call expression using the `callMapper.EnclosingFunc(ce)` function. - Handling of module name retrieval when the package information is not sufficient. - Integration of the SSA-based callgraph information, including storing the SSA instruction and function details. Overall, these changes appear to be focused on improving the application's static analysis capabilities, which can indirectly contribute to the application's security posture by providing better code understanding and the potential for more advanced security-focused analyses in the future.

Code Analysis

We ran 9 analyzers against 4 files and 0 analyzers had findings. 9 analyzers had no findings.

Riskiness

:green_circle: Risk threshold not exceeded.

View PR in the DryRun Dashboard.