analyzers

Documentation

Index

• Variables
• func EvalConst(expr ssa.Value, cg util.CallGraph) (*ssa.Const, bool)
• func FilterResults(unfilteredResults []util.Finding, parent_dir string) ([]util.Finding, error)
• func LoadGenericAnalyzers() []*analysis.Analyzer
• func OutputResults(results []util.Finding, success bool) error
• func Scan(args []string) ([]util.Finding, error)
• type FuncCheck
  • func (fc FuncCheck) AnalyzeFunction(pass *analysis.Pass, fn *ssa.Function)
• type FuncContent

Variables

var AllcryptoAnalyzer = &analysis.Analyzer{
	Name:     "all_crypto",
	Doc:      "reports all cryptographic algorithms",
	Run:      allcryptoRun,
	Requires: []*analysis.Analyzer{buildssa.Analyzer},
}

var Analyzers = []*analysis.Analyzer{

	WeakcryptoAnalyzer,
	lowLengthAnalyzer,
	FuncTaintAnalyzer,
	RandomAnalyzer,
	SSRFAnalyzer,
	TLSAnalyzer,
}

Analyzers

var FuncTaintAnalyzer = &analysis.Analyzer{
	Name:     "function taint",
	Doc:      "misuse crypto function",
	Run:      funcRun,
	Requires: []*analysis.Analyzer{buildssa.Analyzer},
}

AESKeyLenAnalyzer

var RECOMMENDED_KEYLEN []int64

var RECOMMENDED_KEYLEN_ string

var RandomAnalyzer = &analysis.Analyzer{
	Name:     "random",
	Doc:      "random generation is not correct",
	Run:      randomRun,
	Requires: []*analysis.Analyzer{buildssa.Analyzer},
}

AESKeyLenAnalyzer

var ReuseFileFlat map[string]bool

reuse

var SSRFAnalyzer = &analysis.Analyzer{
	Name:     "HTTP",
	Doc:      "Do not use HTTP URL connections",
	Run:      ssrfRun,
	Requires: []*analysis.Analyzer{buildssa.Analyzer},
}

SSRF Analyzer constructs Sinks from a set of functions known to be vulnerable to Server Side Request Forgery, converts all variables to SSA form to construct a call graph and performs recursive taint analysis to search for input sources of user-controllable data

var TLSAnalyzer = &analysis.Analyzer{
	Name:     "SSL/TLS",
	Doc:      "focus on the cryptographic use of SSL/TLS applications",
	Run:      tlsRun,
	Requires: []*analysis.Analyzer{buildssa.Analyzer},
}

var WeakcryptoAnalyzer = &analysis.Analyzer{
	Name:     "weak_crypto",
	Doc:      "reports when some weak cryptographic algorithms are used",
	Run:      weakcryptoRun,
	Requires: []*analysis.Analyzer{buildssa.Analyzer},
}

Functions

func EvalConst

func EvalConst(expr ssa.Value, cg util.CallGraph) (*ssa.Const, bool)

EvalConst attempts to take a value, and simplify it down to a single constant it returns a tuple of (the constant, whether or not it successfully simplified)

func FilterResults

func FilterResults(unfilteredResults []util.Finding, parent_dir string) ([]util.Finding, error)

func LoadGenericAnalyzers

func LoadGenericAnalyzers() []*analysis.Analyzer

LoadGenericAnalyzers creates generic taint analyzers from custom Sources and Sinks defined in analyzers.yaml converts all variables to SSA form to construct a call graph and performs recursive taint analysis to search for input sources of user-controllable data

func OutputResults

func OutputResults(results []util.Finding, success bool) error

func Scan

func Scan(args []string) ([]util.Finding, error)

Scan

Types

type FuncCheck

type FuncCheck map[string][]FuncContent

func (FuncCheck) AnalyzeFunction

func (fc FuncCheck) AnalyzeFunction(pass *analysis.Pass, fn *ssa.Function)

type FuncContent

type FuncContent struct {
	Method string
	Attr   map[string][]int
}