apunkt/nyx
1
0
Fork 0
mirror of https://github.com/elicpeter/nyx.git synced 2026-06-09 19:45:13 +02:00
Code Issues Projects Releases Packages Wiki Activity

[pitboss/grind] cleanup session-0012 (20260521T201327Z-3848)

Browse source
This commit is contained in:
pitboss 2026-05-21 18:15:53 -05:00
parent 3c427436aa
commit ca4349ded5
10 changed files with 25 additions and 63 deletions
Download patch file Download diff file Expand all files Collapse all files

1
src/ast.rs
View file

@ -1893,7 +1893,6 @@ impl<'a> ParsedFile<'a> {
cfg: &body.graph,
entry: body.entry,
lang: caller_lang,
file_path: &self.source.file_path_str,
source_bytes: self.source.bytes,
func_summaries: self.local_summaries(),
global_summaries,

5
src/cfg_analysis/auth.rs
View file

@ -157,10 +157,6 @@ fn find_auth_nodes(ctx: &AnalysisContext) -> Vec<NodeIndex> {
}
impl CfgAnalysis for AuthGap {
fn name(&self) -> &'static str {
"auth-gap"
}
fn run(&self, ctx: &AnalysisContext) -> Vec<CfgFinding> {
// Decorator/annotation/attribute auth on the body declaration
// already gates every sink in the body, skip the
@ -218,7 +214,6 @@ impl CfgAnalysis for AuthGap {
findings.push(CfgFinding {
rule_id: "cfg-auth-gap".to_string(),
title: "Missing auth check".to_string(),
severity: Severity::High,
confidence: Confidence::Medium,
span: info.ast.span,

5
src/cfg_analysis/error_handling.rs
View file

@ -306,10 +306,6 @@ fn find_post_if_sinks(cfg: &crate::cfg::Cfg, if_node: NodeIndex) -> Vec<NodeInde
}
impl CfgAnalysis for IncompleteErrorHandling {
fn name(&self) -> &'static str {
"incomplete-error-handling"
}
fn run(&self, ctx: &AnalysisContext) -> Vec<CfgFinding> {
let mut findings = Vec::new();
@ -369,7 +365,6 @@ impl CfgAnalysis for IncompleteErrorHandling {
if has_dangerous_successor {
findings.push(CfgFinding {
rule_id: "cfg-error-fallthrough".to_string(),
title: "Error check without return".to_string(),
severity: Severity::Medium,
confidence: Confidence::Medium,
span: info.ast.span,

5
src/cfg_analysis/guards.rs
View file

@ -2715,10 +2715,6 @@ fn sink_in_entrypoint(ctx: &AnalysisContext, sink: NodeIndex) -> bool {
}
impl CfgAnalysis for UnguardedSink {
fn name(&self) -> &'static str {
"unguarded-sink"
}
fn run(&self, ctx: &AnalysisContext) -> Vec<CfgFinding> {
let doms = dominators::compute_dominators(ctx.cfg, ctx.entry);
let sink_nodes = dominators::find_sink_nodes(ctx.cfg);
@ -2976,7 +2972,6 @@ impl CfgAnalysis for UnguardedSink {
findings.push(CfgFinding {
rule_id: "cfg-unguarded-sink".to_string(),
title: "Unguarded sink".to_string(),
severity,
confidence,
span: sink_info.ast.span,

9
src/cfg_analysis/mod.rs
View file

@ -140,8 +140,6 @@ pub enum Confidence {
#[derive(Debug, Clone)]
pub struct CfgFinding {
pub rule_id: String,
#[allow(dead_code)]
pub title: String,
pub severity: Severity,
pub confidence: Confidence,
pub span: (usize, usize),
@ -154,12 +152,8 @@ pub struct AnalysisContext<'a> {
pub cfg: &'a crate::cfg::Cfg,
pub entry: NodeIndex,
pub lang: Lang,
#[allow(dead_code)]
pub file_path: &'a str,
#[allow(dead_code)]
pub source_bytes: &'a [u8],
pub func_summaries: &'a FuncSummaries,
#[allow(dead_code)]
pub global_summaries: Option<&'a GlobalSummaries>,
/// Per-file SSA summaries map produced by
/// `lower_all_functions_from_bodies` (after both the augment pass
@ -170,7 +164,6 @@ pub struct AnalysisContext<'a> {
/// suppress structural findings whose taint flow has been proven
/// validated through helper summaries (CVE-2026-25544 patched
/// counterpart).
#[allow(dead_code)]
pub ssa_summaries: Option<
&'a std::collections::HashMap<
crate::symbol::FuncKey,
@ -218,8 +211,6 @@ pub struct AnalysisContext<'a> {
}
pub trait CfgAnalysis {
#[allow(dead_code)]
fn name(&self) -> &'static str;
fn run(&self, ctx: &AnalysisContext) -> Vec<CfgFinding>;
}

5
src/cfg_analysis/resources.rs
View file

@ -531,10 +531,6 @@ fn has_explicit_lock_acquire(ctx: &AnalysisContext, acquire: NodeIndex) -> bool
}
impl CfgAnalysis for ResourceMisuse {
fn name(&self) -> &'static str {
"resource-misuse"
}
fn run(&self, ctx: &AnalysisContext) -> Vec<CfgFinding> {
let pairs = rules::resource_pairs(ctx.lang);
let exit = match dominators::find_exit_node(ctx.cfg) {
@ -631,7 +627,6 @@ impl CfgAnalysis for ResourceMisuse {
} else {
"cfg-resource-leak".to_string()
},
title: format!("{} may leak", pair.resource_name),
severity: Severity::Medium,
confidence: Confidence::Medium,
span: info.ast.span,

6
src/cfg_analysis/tests.rs
View file

@ -23,7 +23,6 @@ fn parse_and_analyse<A: CfgAnalysis>(
cfg,
entry,
lang,
file_path: "test.rs",
source_bytes: src,
func_summaries: summaries,
global_summaries: None,
@ -54,7 +53,6 @@ fn parse_and_run_all(src: &[u8], lang_str: &str, ts_lang: Language) -> Vec<CfgFi
cfg,
entry,
lang,
file_path: "test.rs",
source_bytes: src,
func_summaries: summaries,
global_summaries: None,
@ -90,7 +88,6 @@ fn parse_and_run_all_with_taint(
cfg,
entry,
lang,
file_path: "test.rs",
source_bytes: src,
func_summaries: summaries,
global_summaries: None,
@ -210,7 +207,6 @@ fn parse_and_analyse_with_ssa<A: CfgAnalysis>(
cfg: &body.graph,
entry: body.entry,
lang,
file_path: "test.rs",
source_bytes: src,
func_summaries: &file_cfg.summaries,
global_summaries: None,
@ -1227,7 +1223,6 @@ fn config_sanitizer_suppresses_unguarded_sink() {
cfg,
entry,
lang,
file_path: "test.rs",
source_bytes: src,
func_summaries: summaries,
global_summaries: None,
@ -1708,7 +1703,6 @@ fn cfg_only_no_taint_produces_low_severity() {
cfg,
entry,
lang,
file_path: "test.rs",
source_bytes: src,
func_summaries: summaries,
global_summaries: None,

5
src/cfg_analysis/unreachable.rs
View file

@ -38,10 +38,6 @@ fn event_handler_callbacks(ctx: &AnalysisContext) -> HashSet<String> {
}
impl CfgAnalysis for UnreachableCode {
fn name(&self) -> &'static str {
"unreachable-code"
}
fn run(&self, ctx: &AnalysisContext) -> Vec<CfgFinding> {
let reachable = dominators::reachable_set(ctx.cfg, ctx.entry);
let handler_callbacks = event_handler_callbacks(ctx);
@ -122,7 +118,6 @@ impl CfgAnalysis for UnreachableCode {
findings.push(CfgFinding {
rule_id: rule_id.to_string(),
title: title.to_string(),
severity,
confidence: Confidence::High,
span: info.ast.span,