Skip to content

refactor(callgraph): Create analysis/taint, extraction packages and complete registry #374

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
shivasurya merged 1 commit into from
Nov 16, 2025
Merged

refactor(callgraph): Create analysis/taint, extraction packages and complete registry #374

shivasurya merged 1 commit into from
Nov 16, 2025

Conversation

@shivasurya
Copy link
Owner

@shivasurya shivasurya commented Nov 15, 2025

This PR completes the registry layer with stdlib support and creates the foundation for taint analysis by establishing the analysis/taint and extraction packages. The refactoring establishes three new packages for improved code organization while maintaining complete backward compatibility through type aliases.

New packages created include analysis/taint for intra-procedural taint analysis with 15 tests achieving 94.8% coverage, extraction for AST statement extraction with 46 tests at 89.1% coverage, and registry enhancements for stdlib loader and remote CDN support. Files migrated from their original locations to the new package structure include taint.go to analysis/taint/analyzer.go, statement_extraction.go to extraction/statements.go, stdlib_registry_loader.go to registry/stdlib_loader.go, and stdlib_registry_remote.go to registry/stdlib_remote.go.

The refactoring includes a critical bug fix that enhanced matchesFunctionName in analysis/taint/analyzer.go to properly handle parentheses in call targets and support suffix/prefix matching patterns, resolving test failures in intra-procedural taint detection that were uncovered during the refactoring process.

Verification completed successfully with gradle clean buildGo showing successful compilation with no errors, gradle testGo confirming all test suites pass including diagnostic callgraph analysis/taint and extraction packages, and gradle lintGo reporting zero issues. Test coverage ranges from 89.1% to 94.8% across new packages exceeding the 85% target.

@safedep
Copy link

safedep bot commented Nov 15, 2025
edited
Loading

SafeDep Report Summary

Green Malicious Packages Badge Green Vulnerable Packages Badge Green Risky License Badge

No dependency changes detected. Nothing to scan.

This report is generated by SafeDep Github App

@codecov
Copy link

codecov bot commented Nov 15, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 81.86813% with 99 lines in your changes missing coverage. Please review.
⚠️ Please upload report for BASE (main@64f8c7a). Learn more about missing BASE report.
⚠️ Report is 1 commits behind head on main.

Files with missing lines Patch % Lines
...de-parser/graph/callgraph/extraction/statements.go 83.04% 23 Missing and 16 partials ⚠️
...e-parser/graph/callgraph/registry/stdlib_loader.go 45.83% 23 Missing and 3 partials ⚠️
...-parser/graph/callgraph/analysis/taint/analyzer.go 87.83% 9 Missing and 9 partials ⚠️
...e-parser/graph/callgraph/registry/stdlib_remote.go 89.09% 6 Missing and 6 partials ⚠️
...e-parser/graph/callgraph/stdlib_registry_loader.go 0.00% 3 Missing ⚠️
sourcecode-parser/graph/callgraph/taint.go 66.66% 1 Missing ⚠️
Additional details and impacted files 
@@           Coverage Diff           @@
##             main     #374   +/-   ##
=======================================
  Coverage        ?   79.85%           
=======================================
  Files           ?       78           
  Lines           ?     6886           
  Branches        ?        0           
=======================================
  Hits            ?     5499           
  Misses          ?     1157           
  Partials        ?      230

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@shivasurya shivasurya mentioned this pull request Nov 15, 2025
Merged
6 tasks
@shivasurya Graphite App
Copy link
Owner Author

shivasurya commented Nov 15, 2025
edited
Loading

This stack of pull requests is managed by Graphite. Learn more about stacking.

This was referenced Nov 15, 2025
Merged
Merged
Merged
@shivasurya shivasurya self-assigned this Nov 15, 2025
@shivasurya shivasurya added enhancement New feature or request go Pull requests that update go code refactor labels Nov 15, 2025
This was referenced Nov 15, 2025
Merged
Merged
@shivasurya Graphite App
Copy link
Owner Author

shivasurya commented Nov 16, 2025
edited
Loading

Merge activity

  • Nov 16, 12:00 AM UTC: A user started a stack merge that includes this pull request via Graphite.
  • Nov 16, 12:03 AM UTC: Graphite rebased this pull request as part of a merge.
  • Nov 16, 12:04 AM UTC: @shivasurya merged this pull request with Graphite.

@shivasurya shivasurya changed the base branch from refactor/02-infrastructure-core to graphite-base/374 November 16, 2025 00:01
@shivasurya shivasurya changed the base branch from graphite-base/374 to main November 16, 2025 00:02
@shivasurya @claude
refactor(callgraph): Create analysis/taint, extraction packages and c…
0ccaeb2 
…omplete registry

This PR completes the registry layer with stdlib support and creates the foundation for taint analysis by establishing the analysis/taint and extraction packages.

Package Structure Created:
- analysis/taint: Intra-procedural taint analysis (15 tests, 94.8% coverage)
- extraction: AST statement extraction (46 tests, 89.1% coverage)
- registry: Enhanced with stdlib loader and remote CDN support

Files Migrated:
- taint.go → analysis/taint/analyzer.go
- statement_extraction.go → extraction/statements.go
- stdlib_registry_loader.go → registry/stdlib_loader.go
- stdlib_registry_remote.go → registry/stdlib_remote.go

Type Aliases:
All original files updated with backward-compatible type aliases to maintain zero breaking changes.

Bug Fix:
Enhanced matchesFunctionName in analysis/taint/analyzer.go to handle parentheses and support suffix/prefix matching, fixing test failures in intra-procedural taint detection.

Verification: gradle clean buildGo (SUCCESS), gradle testGo (all pass), gradle lintGo (0 issues), coverage 89.1-94.8% (exceeds 85% target).

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <[email protected]>
@shivasurya shivasurya force-pushed the refactor/03-stdlib-taint branch from 5b7b8fd to 0ccaeb2 Compare November 16, 2025 00:03
@shivasurya shivasurya merged commit 7ea3953 into main Nov 16, 2025
3 checks passed
@shivasurya shivasurya deleted the refactor/03-stdlib-taint branch November 16, 2025 00:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@shivasurya shivasurya

Labels

enhancement New feature or request go Pull requests that update go code refactor

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@shivasurya