feat(dataflow): Add core data structures for intra-procedural taint analysis

[shivasurya]

Summary

This PR implements the foundation for intra-procedural taint tracking by adding core data structures. This is PR #1 of 5 in the intra-procedural dataflow feature stack.

Changes

New Files

1. graph/callgraph/statement.go (208 lines)

   • StatementType enum with 11 Python statement types (assignment, call, return, if, for, while, with, try, raise, import, expression)
   • Statement struct for representing code statements with def-use information
   • DefUseChain for tracking variable definitions and uses across a function
   • Complete API for def-use chain construction and querying

2. graph/callgraph/taint_summary.go (238 lines)

   • TaintInfo struct for detailed taint tracking (source/sink locations, propagation paths)
   • Confidence scoring (0.0-1.0) for detection quality (high/medium/low)
   • TaintSummary for complete function-level analysis results
   • Support for parameter and return value tainting
   • Error tracking for failed analyses

3. graph/callgraph/statement_test.go (444 lines)

   • 16 comprehensive test functions covering all Statement functionality
   • Table-driven tests with multiple scenarios
   • Complex scenario test simulating real code patterns

4. graph/callgraph/taint_summary_test.go (397 lines)

   • 21 comprehensive test functions covering all TaintSummary functionality
   • Table-driven tests for confidence level classification
   • Complex scenario test simulating SQL injection detection

Test Coverage

✅ 100% code coverage (all 36 functions tested)

• Total: 1,089 lines of code
• 37 test cases covering all functionality
• All edge cases tested (empty inputs, nil values, duplicates)

Quality Checks

✅ All tests pass (gradle testGo)
✅ Lint passes with 0 issues (gradle lintGo)
✅ Build succeeds (gradle buildGo)
✅ 100% code coverage

Technical Details

Statement Representation

• Captures both def-use information and control flow structure
• Supports nested statements (if/for/while/try blocks)
• Line number tracking for precise error reporting

Taint Tracking

• Multi-path taint tracking (variables can have multiple taint sources)
• Confidence-based detection (0.8+ high, 0.5-0.8 medium, <0.5 low)
• Sanitization tracking to reduce false positives
• Propagation path recording for debugging

Design Decisions

• Conservative approach: Track ALL definitions (not just reaching definitions)
• Future-proof: Supports both intra-procedural and inter-procedural analysis
• Memory-efficient: Only metadata stored, not full code snippets

Next Steps

This PR provides the foundational data structures. Future PRs will implement:

• Statement extraction from Python AST
• Def-use chain construction algorithms
• Intra-procedural taint propagation engine
• Integration into the call graph builder

🤖 Generated with Claude Code

Co-Authored-By: Claude [email protected]

[shivasurya]

• Fix intra-procedural vulnerability detection #348
• feat(callgraph): Integrate taint analysis into call graph builder #347
• feat(taint): Implement intra-procedural taint propagation #346
• feat(callgraph): Add def-use chain construction (PR #3) #345
• feat(callgraph): Add Python statement extraction for intra-procedural dataflow #344
• feat(dataflow): Add core data structures for intra-procedural taint analysis #343 👈 (View in Graphite)
• main

This stack of pull requests is managed by Graphite. Learn more about stacking.

[safedep]

SafeDep Report Summary

No dependency changes detected. Nothing to scan.

_{This report is generated by SafeDep Github App}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 75.50%. Comparing base (3ed6a7e) to head (aeccb4a).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #343      +/-   ##
==========================================
+ Coverage   74.91%   75.50%   +0.58%     
==========================================
  Files          47       49       +2     
  Lines        5566     5699     +133     
==========================================
+ Hits         4170     4303     +133     
  Misses       1221     1221              
  Partials      175      175              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[shivasurya]

Merge activity

• Nov 4, 1:51 AM UTC: A user started a stack merge that includes this pull request via Graphite.
• Nov 4, 1:51 AM UTC: @shivasurya merged this pull request with Graphite.