picatz / taint

🚰 Static taint analysis for Go programs.
https://picatz.github.io/#blog/taint
Mozilla Public License 2.0
57 stars 1 forks source link

Add `callgraphutil.WriteCSV` #29

Closed picatz closed 10 months ago

picatz commented 10 months ago

This PR adds the callgraphutil.WriteCSV function which can write a given *callgraph.Graph in CSV format to an io.Writer.

Example

Here are some examples of how to visualize this information with Observable:

Screenshot 2024-01-06 at 1 45 55 PM

Looking at calls from packages in this repository make to the Go standard library:

Screenshot 2024-01-06 at 1 38 02 PM

Looking at calls across tailscale:

Screenshot 2024-01-09 at 10 06 38 PM

[!NOTE] That line going down the middle is when a package calls itself, which happens often it seems.

Here is another fun slice:

Screenshot 2024-01-09 at 10 08 16 PM Screenshot 2024-01-09 at 10 09 15 PM

Or breaking down the same information as a stacked bar chart:

Screenshot 2024-01-09 at 10 12 12 PM Screenshot 2024-01-09 at 10 12 48 PM

Or making a force directed graph:

data = {
  const csvData = await FileAttachment("tailscale.csv").csv();

  const links = csvData.map(d => ({source: d.source_func, target: d.target_func}));

  const nodes = Array.from(new Set(links.flatMap(l => [l.source, l.target])), id => ({id}));

  return {nodes, links};
}

ForceGraph(data, {
  nodeId: (d) => d.id,
  nodeTitle: (d) => d.id,
  width: 8000,
  height: 8000,
  invalidation // stop when the cell is re-run
})

tailscale

This is the one for Vault:

vault

We can also break this information down by package, just need to change the source and targets to use different columns from our OSV:

data = {
  const csvData = await FileAttachment("vault.csv").csv();

  const links = csvData.map(d => ({source: d.source_pkg, target: d.target_pkg}));

  const nodes = Array.from(new Set(links.flatMap(l => [l.source, l.target])), id => ({id}));

  return {nodes, links};
}

vault-pkgs

This is the one for Terraform: terraform)

This is the one for Nomad:

nomad

This is one for Mimir:

mimir

picatz commented 9 months ago

https://observablehq.com/d/d5a9ad2cb65e27c1