Documentation
¶
Overview ¶
Package util implements underlying functionality for building and traversing call graphs, configuraing and building analyzers and generating findings
Index ¶
- Variables
- func CleanupModule(dir string) error
- func CloneModule(dir string, url string, branch string, keyFile string, quiet bool) error
- func GrabSourceCode(filename string, lineNumber int) string
- func InitConfig(globals bool, sarif bool, json bool, verbose bool, debug bool, ...)
- func InitSarifReporting()
- func IsValidFinding(finding Finding) bool
- func LoadScanConfig()
- func OutputFinding(finding Finding, outputColor bool)
- func OutputFindingMetadata(results []Finding, outputColor bool)
- func SSAvalToHash(val *ssa.Value) uint64
- func SarifPrintReport()
- func SarifRecordFinding(type_ string, message string, filename string, lineNumber int)
- func StripArguments(parentFunction string) string
- type Analyzer
- type CGRelation
- type CallGraph
- type ConfigFile
- type ConfigType
- type Finding
- type MapData
- type ReturnSet
- type Sources
- type TaintAnalyzer
- type TaintedCode
Constants ¶
This section is empty.
Variables ¶
var ( FilesFound = 0 VulnGlobalVars map[string][]string VulnGlobalFuncs map[string][]string FiltersGlobalFuncs map[string][]string VulnTypes map[string][]string //go:embed analyzers.yml DefaultAnalyzersContent []byte )
var ( Config ConfigType ScanConfig ConfigFile )
var AESFlat bool
var CallFlat bool
var Cwelist = map[string]bool{}
var Cwelist map[string]bool
var DESFlat bool
var SarifReport *sarif.Report
var SarifRun *sarif.Run
var StringFlat bool
Functions ¶
func CleanupModule ¶
CleanupModule attempts to delete a directory.
func CloneModule ¶
CloneModule clones a remote git repository An optional keyfile may be specified for use in ssh authentication If quiet is true, don't print clone progress to stdout
func GrabSourceCode ¶
GrabSourceCode retrieves the specified line of source code from the specified file
func InitConfig ¶
func InitConfig(globals bool, sarif bool, json bool, verbose bool, debug bool, output_path string, yml string, exitCode bool)
InitConfig() parses the flags and sets the corresponding Config variables
func InitSarifReporting ¶
func InitSarifReporting()
func IsValidFinding ¶
returns true if the finding was valid and false if the finding had the same source and sink
func LoadScanConfig ¶
func LoadScanConfig()
func OutputFindingMetadata ¶
func SSAvalToHash ¶
SSAvalToHash returns the hash of an ssa.Value to be used in the Taint Map
func SarifPrintReport ¶
func SarifPrintReport()
func SarifRecordFinding ¶
func StripArguments ¶
Types ¶
type Analyzer ¶
type Analyzer struct {
Doc string `yaml:"doc"`
Message string `yaml:"message"`
VulnCalls map[string][]string `yaml:"vuln_calls"`
}
Analyzer stores an analyzer parsed from the configuration file
type CGRelation ¶
CGRelation is a struct that contains information about an instruction and a function in the call graph
type CallGraph ¶
type CallGraph map[string][]CGRelation
func (CallGraph) AnalyzeFunctionO ¶
AnalyzeFunction updates the CallGraph to contain relations between callee and caller functions. This should be called once on every function in a local package
type ConfigFile ¶
type ConfigFile struct {
Analyzers map[string]Analyzer `yaml:"analyzers"`
Sources Sources `yaml:"sources"`
}
ConfigFile stores the values parsed from the configuration file
type ConfigType ¶
type ConfigType struct {
GlobalsSafe bool
OutputSarif bool
OutputJSON bool
Debug bool
Verbose bool
ExitCode bool
YMLPath string
OutputPath string
}
ConfigType stores booleans for CryptoGo analysis configuration
type Finding ¶
type Finding struct {
Vulnerable_Function TaintedCode
Untrusted_Source []TaintedCode
Type string
// contains filtered or unexported fields
}
Finding represents a single vulnerability
func MakeFinding ¶
func MakeFinding(message string, vulnerable_function TaintedCode, untrusted_source []TaintedCode, finding_type string) Finding
Create a finding object
type MapData ¶
type MapData struct {
Mapped bool // whether a hash has already been mapped
Vulnerable bool // whether a hash has been found vulnerable
Count int // the number of times a hash has been visited
}
MapData is a struct that contains information about each hash
type ReturnSet ¶
func ReturnValues ¶
ReturnValues returns a set of the return values of the function
type Sources ¶
type Sources struct {
Variables map[string][]string `yaml:"variables"`
Functions map[string][]string `yaml:"functions"`
Types map[string][]string `yaml:"types"`
// For compatibility with older analyzer.yml format
OldSrcs *Sources `yaml:"sources"`
}
Sources stores the untrusted sources parsed from the configuration file
type TaintAnalyzer ¶
type TaintAnalyzer struct {
TaintSource []TaintedCode
// contains filtered or unexported fields
}
TaintAnalyzer is a struct that contains information about each taint analyzer
func CreateTaintAnalyzer ¶
func CreateTaintAnalyzer(pass *analysis.Pass, location token.Pos) TaintAnalyzer
CreateTaintAnalyzer returns a new TaintAnalyzer struct
func (*TaintAnalyzer) ContainsTaint ¶
func (ta *TaintAnalyzer) ContainsTaint(startCall *ssa.CallCommon, val *ssa.Value, cg CallGraph) bool
ContainsTaint analyzes the ssa.Value, recursively traces the value to all possible sources, and returns True if any of the sources are vulnerable. It returns False otherwise.
func (*TaintAnalyzer) ContainsTaintRecurse ¶
func (ta *TaintAnalyzer) ContainsTaintRecurse(startCall *ssa.CallCommon, val *ssa.Value, cg CallGraph, depth int, visitedMutable []ssa.Value) bool
type TaintedCode ¶
type TaintedCode struct {
SourceCode string
SourceFilename string
SourceLineNum int
ParentFunction string
}
TaintedCode is a struct that contains information about the vulnerable line of code
func GenerateTaintedCode ¶
GenerateTaintedCode returns a TaintedCode struct that stores information (source code, filename, linenumber) for a line of code
Source Files