Document data flow analysis

[timtebeek]

We've had data flow analysis as an incubating feature for a while now; in particular in rewrite-java-security. Might be good to document or at least mention this feature in the documentation, to make it easier for people to discover and potentially use.

[mike-solomon]

@timtebeek I'm not sure what exactly data flow analysis is or how people might use it. Do you know of any discussions about this I could read to get some context? Or, if you have some time at some point, could you add some context to this issue?

[timtebeek]

This has since been spun of into a separate module (rewrite-analysis), that's being worked on mostly by @JLLeitschuh and his mentees; it might be in flux for a bit, although I don't have the details there.

Essentially what it would allow you to do (if I'm correct) is not just look at a line of code, but also what goes in and out in terms of data and subsequent calls, such that you can for instance find security issues when a String is later used in an SQL statement (hypothesizing).

I think at the very least the module deserves a mention in the docs, with perhaps a brief example of how to use it, even if that merely links to an existing recipe. Could you two perhaps briefly coordinate how to document that at this stage?

[mike-solomon]

Thanks @timtebeek !

@JLLeitschuh - Would you mind providing some context on the data flow analysis package here? Would appreciate links to any examples or things you think would be useful for the docs. Also happy to set up a call at some point to discuss if that's easier.

[JLLeitschuh]

Likely easier to setup a call. I'm going on vacation next Tuesday for 10 days though.

https://calendly.com/jonathan-leitschuh-at-open-source-security-foundation

Please also take a look at the talk I gave on this topic too:

"Scaling the Security Researcher to Eliminate OSS Vulnerabilities Once and For All" you can find the links to the talk on my README: https://github.com/JLLeitschuh

[JLLeitschuh]

Also, this document explains the concepts behind what Data Flow is:

https://codeql.github.com/docs/writing-codeql-queries/about-data-flow-analysis/

[JLLeitschuh]

Rewrite-analysis also has support for Control Flow Analysis as well, which might be worth documenting as well.

Here's an examination of that from CodeQL too (but specific to python in their case): https://codeql.github.com/docs/codeql-language-guides/analyzing-control-flow-in-python/

Control Flow can also be found here:

https://en.m.wikipedia.org/wiki/Control_flow

[mike-solomon]

Thanks for the information @JLLeitschuh ! When I have time, I’ll give those a read and see if I need any other information from you (can then set up a call if I do). If I don’t need anything, I’ll tag you in the PR to review (with the understanding that there’s no rush on if you’re gone).

[JLLeitschuh]

I kinda want to do a Data Flow and Control Flow API user crash course demo for the OpenRewrite team at some point. Maybe something we can record and post somewhere.

@jkschneider @sambsnyd thoughts/interested in this idea?

[sambsnyd]

@JLLeitschuh Yes, I am interested. Please invite me and Tracey and Kun

[kunli2]

I am interested too. Thanks

[mike-solomon]

I’d also appreciate an invite for whenever this happens :)

[timtebeek]

@JLLeitschuh Please invite me as well, +1.

[escardin]

Add me please!