Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add ability to load programs from GitHub with taint CLI #25

Merged
merged 2 commits into from
Jan 5, 2024
Merged

Add ability to load programs from GitHub with taint CLI #25

merged 2 commits into from
Jan 5, 2024

Conversation

picatz
Copy link
Owner

@picatz picatz commented Jan 4, 2024
edited
Loading

This PR allows for programs to be loaded from GitHub (automatically cloning them) with the taint CLI using the load command. It also now optionally allows for specific packages to be loaded, because a single repository target can contain multiple packages. For example, this repository currently contains 11 packages. With more packages comes more nodes.

Example

$ taint       
Commands (tab complete)

- exit exit the shell
- clear clear the screen
- load <target> [pattern] load a program
- pkgs list loaded packages
- cg print the callgraph
- root print the callgraph's root
- nodes print the callgraph nodes
- callpath <function> find callpaths to a function
- check <source> <sink> perform a taint analysis check

> exit
> load https://github.com/picatz/taint
cloned https://github.com/picatz/taint to ... at 8a457f3f5b9cf519eec1e51934e5c54aaedab8cd
loaded 11 packages
> pkgs
github.com/picatz/taint/callgraphutil 9 imports
github.com/picatz/taint 4 imports
github.com/picatz/taint/log/injection 6 imports
github.com/picatz/taint/cmd/logi 2 imports
github.com/picatz/taint/sql/injection 7 imports
github.com/picatz/taint/cmd/sqli 2 imports
github.com/picatz/taint/cmd/ssadump 10 imports
github.com/picatz/taint/cmd/taint 22 imports
github.com/picatz/taint/cmd/taint/example 2 imports
github.com/picatz/taint/xss 7 imports
github.com/picatz/taint/cmd/xss 2 imports
> nodes
...
n163:github.com/picatz/taint/cmd/xss.main
> load https://github.com/picatz/taint github.com/picatz/taint/cmd/taint/example
cloned https://github.com/picatz/taint to ... at 8a457f3f5b9cf519eec1e51934e5c54aaedab8cd
loaded 1 packages
> nodes
n0:github.com/picatz/taint/cmd/taint/example.main
n1:github.com/picatz/taint/cmd/taint/example.handle
n2:github.com/picatz/taint/cmd/taint/example.business
n3:(*database/sql.DB).Query
n4:database/sql.Open
n5:net/http.NewServeMux
n6:(*net/http.ServeMux).HandleFunc
n7:github.com/picatz/taint/cmd/taint/example.main$1
n8:net/http.ListenAndServe
n9:(*net/url.URL).Query
> cg
n0:github.com/picatz/taint/cmd/taint/example.main
        → n4:database/sql.Open
        → n5:net/http.NewServeMux
        → n6:(*net/http.ServeMux).HandleFunc
        → n8:net/http.ListenAndServe

n3:(*database/sql.DB).Query

n5:net/http.NewServeMux

n7:github.com/picatz/taint/cmd/taint/example.main$1
        → n9:(*net/url.URL).Query
        → n2:github.com/picatz/taint/cmd/taint/example.business

n1:github.com/picatz/taint/cmd/taint/example.handle
        → n3:(*database/sql.DB).Query

n2:github.com/picatz/taint/cmd/taint/example.business
        → n1:github.com/picatz/taint/cmd/taint/example.handle

n4:database/sql.Open

n6:(*net/http.ServeMux).HandleFunc
        → n7:github.com/picatz/taint/cmd/taint/example.main$1

n8:net/http.ListenAndServe

n9:(*net/url.URL).Query

@picatz picatz marked this pull request as ready for review January 5, 2024 00:31
@picatz picatz merged commit 4cea4d7 into main Jan 5, 2024
1 check passed
@picatz picatz deleted the load-from-github branch January 5, 2024 00:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@picatz