backtrace

Documentation

Overview

Package backtrace defines a dataflow analysis that finds all the backwards dataflow paths from an entrypoint. This analysis finds data flows which means that a backtrace consists of the data flowing backwards from an argument to the "backtracepoint" (entrypoint) call.

Index

• Variables
• func IsStatic(node df.GraphNode) bool
• type AnalysisReqs
• type AnalysisResult
  • func Analyze(state *df.State, reqs AnalysisReqs) (AnalysisResult, error)
• type FlowReports
• type Trace
  • func (t Trace) Key() df.KeyType
  • func (t Trace) String() string
• type TraceNode
  • func (n TraceNode) String() string
• type Visitor
  • func (v *Visitor) Visit(s *df.State, entrypoint df.NodeWithTrace)

Variables

var ErrMaxDepth = errors.New("configured max depth exceeded")

ErrMaxDepth is the error when the max depth is exceeded.

Functions

func IsStatic

func IsStatic(node df.GraphNode) bool

IsStatic returns true if node is a constant value. TODO make this better

Types

type AnalysisReqs

type AnalysisReqs struct {
	// Tag is the tag to analyze, ignored if non-empty.
	Tag string
}

AnalysisReqs provides constraints on the backtrace analysis to run.

type AnalysisResult

type AnalysisResult struct {
	// Graph is the cross function dataflow graph built by the dataflow analysis. It contains the linked summaries of
	// each function appearing in the program and analyzed.
	Graph df.InterProceduralFlowGraph

	// Traces represents all the paths where data flows out from the analysis entry points for each problem tag.
	Traces map[string]map[df.GraphNode][]Trace
}

An AnalysisResult from the backtrace analysis contains a constructed a Graph representing the inter-procedural graph along with the traces found by the backtrace analysis in Traces

func Analyze

func Analyze(state *df.State, reqs AnalysisReqs) (AnalysisResult, error)

Analyze runs the analysis on the program prog with the user-provided configuration config. If the analysis run successfully, an AnalysisResult is returned, containing all the information collected.

- cfg is the configuration that determines which functions are sources, sinks and sanitizers.

- prog is the built ssa representation of the program. The program must contain a main package and include all its dependencies, otherwise the pointer analysis will fail.

type FlowReports

type FlowReports struct {
	Tag    string
	Traces map[string][][]dataflow.ReportNodeInfo
}

A FlowReports contains the information we serialize about backwards data flow traces. Traces are grouped by problem tag. A trace in the report is a list of dataflow.ReportNodeInfo.

type Trace

type Trace []TraceNode

Trace represents a dataflow path (sequence of nodes) out of an analysis entrypoint.

The first node in the trace is the origin of the data flow.

The last node in the trace is an argument to the backtrace entrypoint function defined in the config.

func (Trace) Key

func (t Trace) Key() df.KeyType

Key generates a unique key for trace t.

func (Trace) String

func (t Trace) String() string

type TraceNode

type TraceNode struct {
	df.GraphNode
	Pos token.Position
}

TraceNode represents a node in the trace.

func (TraceNode) String

func (n TraceNode) String() string

type Visitor

type Visitor struct {
	SlicingSpec *config.SlicingSpec
	Traces      map[df.GraphNode][]Trace
	Errs        []error
	// contains filtered or unexported fields
}

Visitor implements the dataflow.Visitor interface and holds the specification of the problem to solve in the SlicingSpec as well as the set of traces.

func (*Visitor) Visit

func (v *Visitor) Visit(s *df.State, entrypoint df.NodeWithTrace)

Visit runs an inter-procedural backwards analysis to add any detected backtraces to v.Traces.