search

microsoft / infersharp

Infer# is an interprocedural and scalable static code analyzer for C#. Via the capabilities of Facebook's Infer, this tool detects null dereferences, resource leaks, and thread-safety violations. It also performs taint flow tracking to detect critical security vulnerabilities like SQL injections.
MIT License
727 stars 29 forks source link

Add Method Annotations to Translation #158

Closed matjin closed 1 year ago

matjin commented 1 year ago

This PR adds method annotations to the InferSharp pipeline, enabling them to be used for Taint analysis by Infer.

xi-liu-ds commented 1 year ago

Could you point me to the complementary PR at Infer side? I am thinking since we add method annotation to cfg, do we need to add parsing logics at InferAnalyzeJson.ml?

matjin commented 1 year ago

Could you point me to the complementary PR at Infer side? I am thinking since we add method annotation to cfg, do we need to add parsing logics at InferAnalyzeJson.ml?

https://github.com/facebook/infer/pull/1669 here

matjin commented 1 year ago

Could you point me to the complementary PR at Infer side? I am thinking since we add method annotation to cfg, do we need to add parsing logics at InferAnalyzeJson.ml?

inferanalyzejson.ml already handled it. https://github.com/facebook/infer/blob/ce40c8193745f5ac74817625c8b06c77bb71289e/infer/src/backend/InferAnalyzeJson.ml#L445