Comments (2)
For performance reasons I agree that we will likely want to avoid analyzing anything we don't have to, but if for whatever reason we have to analyze everything, we could just avoid producing reports for violations that are out of scope.
from go-flow-levee.
I think with the Exclude
field we now have adequate support for this feature.
from go-flow-levee.
Related Issues (20)
- go core.Sink(source) does not create report
- Handle methods on non-struct source types HOT 2
- Proposal for testdata convention - spoof source root with go.mod to assist IDEs HOT 6
- Improve error reporting when config is missing HOT 2
- Revisit tests involving source interface propagation HOT 3
- Enable exclusion of analysis by filename (rather than only package)
- Improve handling of suppression comments in nested calls
- Implement understanding of formatting verbs
- Support "reverse" propagation through Store instructions
- Determine how/whether we should explicitly enumerate functions that don't propagate taint
- Refine handling of Defer and Go instructions.
- false negative when analyze the url parameters about gin framework HOT 5
- Handle standard library functions in the analysis engine HOT 1
- handle the unify-by-value semantics in the EAR pointer analysis
- Use more advanced call graph in inter-procedural analysis
- Separate the unit-tests for the two taint analyses
- Stack Overflow in internal/pkg/sourcetype/sourcetype.go HOT 3
- `utils.Dereference` can get stuck in an infinite loop
- Generics are not supported by analyzers
- Crashes when analyzing Go 1.19 standard libraries
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from go-flow-levee.