Skip to content

feat(callgraph): Integrate taint analysis into call graph builder #347

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
shivasurya merged 3 commits into from
Nov 4, 2025
Merged

feat(callgraph): Integrate taint analysis into call graph builder #347

shivasurya merged 3 commits into from
Nov 4, 2025

Conversation

@shivasurya
Copy link
Owner

@shivasurya shivasurya commented Nov 4, 2025
edited
Loading

Integrates taint analysis into call graph building (Pass 5).

  • Analyzes all functions for taint flows
  • Stores TaintSummary in CallGraph.Summaries
  • Progress logging every 1000 functions
  • Enables pattern matching in PR Update build.yml #6

Stacked on PR #4.

🤖 Generated with Claude Code

This was referenced Nov 4, 2025
Merged
Merged
Merged
@shivasurya Graphite App
Copy link
Owner Author

shivasurya commented Nov 4, 2025
edited
Loading

This stack of pull requests is managed by Graphite. Learn more about stacking.

@shivasurya shivasurya mentioned this pull request Nov 4, 2025
Merged
@codecov
Copy link

codecov bot commented Nov 4, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 81.81818% with 10 lines in your changes missing coverage. Please review.
✅ Project coverage is 76.41%. Comparing base (aa72685) to head (78f3534).
⚠️ Report is 1 commits behind head on main.

Files with missing lines Patch % Lines
sourcecode-parser/graph/callgraph/builder.go 81.48% 7 Missing and 3 partials ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #347      +/-   ##
==========================================
+ Coverage   76.29%   76.41%   +0.11%     
==========================================
  Files          51       51              
  Lines        6096     6151      +55     
==========================================
+ Hits         4651     4700      +49     
- Misses       1249     1253       +4     
- Partials      196      198       +2

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@shivasurya shivasurya marked this pull request as ready for review November 4, 2025 01:10
@safedep
Copy link

safedep bot commented Nov 4, 2025
edited
Loading

SafeDep Report Summary

Green Malicious Packages Badge Green Vulnerable Packages Badge Green Risky License Badge

No dependency changes detected. Nothing to scan.

This report is generated by SafeDep Github App

@shivasurya shivasurya self-assigned this Nov 4, 2025
@shivasurya shivasurya added enhancement New feature or request go Pull requests that update go code labels Nov 4, 2025
@shivasurya shivasurya mentioned this pull request Nov 4, 2025
Merged
@shivasurya Graphite App
Copy link
Owner Author

shivasurya commented Nov 4, 2025
edited
Loading

Merge activity

  • Nov 4, 1:51 AM UTC: A user started a stack merge that includes this pull request via Graphite.
  • Nov 4, 1:58 AM UTC: Graphite rebased this pull request as part of a merge.
  • Nov 4, 1:59 AM UTC: @shivasurya merged this pull request with Graphite.

@shivasurya shivasurya changed the base branch from feat/intra-procedural-dataflow-pr4-taint-propagation to graphite-base/347 November 4, 2025 01:56
@shivasurya shivasurya changed the base branch from graphite-base/347 to main November 4, 2025 01:57
shivasurya and others added 3 commits November 4, 2025 01:58
@shivasurya @claude
feat(callgraph): Integrate taint analysis into call graph builder
67ab18f 
Add Pass 5 to BuildCallGraph for taint summary generation:
- Generate TaintSummary for all functions
- Add Summaries map to CallGraph struct
- Helper function to find functions by line number
- Progress logging every 1000 functions

Integration ready for pattern matching (PR #6).

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <[email protected]>
@shivasurya @claude
test(callgraph): Add integration tests for taint summary generation
daf32ed 
Comprehensive tests for Pass 5 integration:
- TestFindFunctionAtLine: 100% coverage
- TestGenerateTaintSummaries_Integration: Happy path
- TestGenerateTaintSummaries_EmptyCallGraph: Edge case
- TestGenerateTaintSummaries_FileReadError: Error handling
- TestGenerateTaintSummaries_ParseError: Error handling

Coverage: generateTaintSummaries 78.8% (was 72.7%)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <[email protected]>
@shivasurya
test(callgraph): Add comprehensive tests for generateTaintSummaries
78f3534 
- Add test for statement extraction path
- Add test for multiple functions analysis
- Improves generateTaintSummaries coverage from 78.8% to higher
- Tests edge cases for taint summary generation
@shivasurya shivasurya force-pushed the feat/intra-procedural-dataflow-pr5-integration branch from 90f0823 to 78f3534 Compare November 4, 2025 01:58
@shivasurya shivasurya merged commit 4663d33 into main Nov 4, 2025
3 checks passed
@shivasurya shivasurya deleted the feat/intra-procedural-dataflow-pr5-integration branch November 4, 2025 01:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@shivasurya shivasurya

Labels

enhancement New feature or request go Pull requests that update go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@shivasurya