To keep the same functionality (like graph construction and path searching) provided by the previous callgraph package, a github.com/picatz/taint/callgraphutils package has been created which operates on golang.org/x/tools/go/callgraph.Graph types.
Importantly, this allows for seamless "apples to apples" comparisons with other call graph construction algorithms (CHA, RTA, VTA, Static, Pointer), or even those provided by projects like govulncheck.
Today, I believe the graph constructed by github.com/picatz/taint/callgraphutils.NewGraph provides the best foundation for taint analysis. I look forward to progress in this space in the near future to handle complex edges (#23) not easily handled by today's algorithm(s).
This PR deprecates (by outright removing) the non-standard
github.com/picatz/taint/callgraphpackage in favor of using the standardgolang.org/x/tools/go/callgraphpackage.To keep the same functionality (like graph construction and path searching) provided by the previous
callgraphpackage, agithub.com/picatz/taint/callgraphutilspackage has been created which operates ongolang.org/x/tools/go/callgraph.Graphtypes.Importantly, this allows for seamless "apples to apples" comparisons with other call graph construction algorithms (CHA, RTA, VTA, Static, Pointer), or even those provided by projects like
govulncheck.Today, I believe the graph constructed by
github.com/picatz/taint/callgraphutils.NewGraphprovides the best foundation for taint analysis. I look forward to progress in this space in the near future to handle complex edges (#23) not easily handled by today's algorithm(s).