mirror of
https://github.com/elicpeter/nyx.git
synced 2026-07-06 20:42:10 +02:00
Feat/full cfg (#30)
* feat: Enhance control flow analysis with function summaries and taint analysis * feat: Update taint analysis to utilize function summaries for enhanced tracking * Refactor `walk.rs` batch processing and override handling: - Renamed `Batcher` to `BatchSender` for clarity. - Added `BatchSender::new` constructor for cleaner initialization. - Simplified batch size management in `BatchSender`. - Extracted `build_overrides` function for reusable override construction. - Improved error handling and validation in override building. - Enhanced performance with directory and file type filtering in `walk`. * Improve logging and streamline directory walk process: - Added detailed `tracing` logs for debugging batch flushes, override construction, and walk initialization/completion. - Optimized and simplified `filter_entry` logic for directory and file type filters. - Improved metadata checks and max file size enforcement during the scan. * Refactor and optimize taint tracking, label rules, and directory walk process: - Replaced `DefaultHasher` with `blake3::Hasher` for improved taint hashing. - Enhanced sorting and hashing logic in `taint.rs` for consistency and efficiency. - Removed unused `set_hash` function and redundant imports across files. - Improved batch sender logic in `walk.rs`, renaming key components for clarity. - Unified `spawn_senders` and `spawn_file_walker` with thread handling and channel tuple return. - Expanded label rules with additional matchers for sources, sanitizers, and sinks. - Deprecated `dump_cfg` and specific logging utilities in `cfg.rs` for code cleanup. * fix: fixed let chains error in walk.rs * fix: updated dependencies * fix: updated dependencies * chore: Remove standard error in scan.rs * feat: Introduce function summaries for enhanced taint and control flow analysis * feat: Enhance taint analysis with interop support and function summaries * feat: Add configuration analysis module and enhance matcher rules * feat: Add arity column to function_summaries and handle schema migration * fix: fixed clippy &PathBuf warnings * chore: Update dependencies and versioning in Cargo files * docs: Update README to enhance clarity and detail on features and analysis modes * chore: Update CHANGELOG for version 0.2.0 with new features, changes, and fixes * docs: Update SECURITY.md to clarify version support status --------- Co-authored-by: elipeter <eli.peter@es.fcm.travel>
This commit is contained in:
parent
8cbbec7d90
commit
f96a89e7c1
87 changed files with 11505 additions and 1099 deletions
75
src/cfg_analysis/unreachable.rs
Normal file
75
src/cfg_analysis/unreachable.rs
Normal file
|
|
@ -0,0 +1,75 @@
|
|||
use super::dominators;
|
||||
use super::{AnalysisContext, CfgAnalysis, CfgFinding, Confidence};
|
||||
use crate::cfg::StmtKind;
|
||||
use crate::labels::DataLabel;
|
||||
use crate::patterns::Severity;
|
||||
|
||||
pub struct UnreachableCode;
|
||||
|
||||
impl CfgAnalysis for UnreachableCode {
|
||||
fn name(&self) -> &'static str {
|
||||
"unreachable-code"
|
||||
}
|
||||
|
||||
fn run(&self, ctx: &AnalysisContext) -> Vec<CfgFinding> {
|
||||
let reachable = dominators::reachable_set(ctx.cfg, ctx.entry);
|
||||
let mut findings = Vec::new();
|
||||
|
||||
for idx in ctx.cfg.node_indices() {
|
||||
if reachable.contains(&idx) {
|
||||
continue;
|
||||
}
|
||||
|
||||
let info = &ctx.cfg[idx];
|
||||
|
||||
// Skip synthetic Entry/Exit nodes
|
||||
if matches!(info.kind, StmtKind::Entry | StmtKind::Exit) {
|
||||
continue;
|
||||
}
|
||||
|
||||
let (rule_id, title, severity) = match info.label {
|
||||
Some(DataLabel::Sanitizer(_)) => (
|
||||
"cfg-unreachable-sanitizer",
|
||||
"Unreachable sanitizer",
|
||||
Severity::Medium,
|
||||
),
|
||||
Some(DataLabel::Sink(_)) => {
|
||||
("cfg-unreachable-sink", "Unreachable sink", Severity::Medium)
|
||||
}
|
||||
Some(DataLabel::Source(_)) => (
|
||||
"cfg-unreachable-source",
|
||||
"Unreachable source",
|
||||
Severity::Low,
|
||||
),
|
||||
_ => {
|
||||
// Check if it's a guard/auth call
|
||||
if super::is_guard_call(info, ctx.lang) || super::is_auth_call(info, ctx.lang) {
|
||||
(
|
||||
"cfg-unreachable-guard",
|
||||
"Unreachable guard/auth check",
|
||||
Severity::Medium,
|
||||
)
|
||||
} else {
|
||||
// Plain unreachable code — low severity
|
||||
continue;
|
||||
}
|
||||
}
|
||||
};
|
||||
|
||||
let callee_desc = info.callee.as_deref().unwrap_or("(unknown)");
|
||||
|
||||
findings.push(CfgFinding {
|
||||
rule_id: rule_id.to_string(),
|
||||
title: title.to_string(),
|
||||
severity,
|
||||
confidence: Confidence::High,
|
||||
span: info.span,
|
||||
message: format!("{title}: `{callee_desc}` is unreachable and will never execute"),
|
||||
evidence: vec![idx],
|
||||
score: None,
|
||||
});
|
||||
}
|
||||
|
||||
findings
|
||||
}
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue