Skip to content

v0.6.0 — Cross-file taint analysis

Choose a tag to compare

View all tags
@peaktwilight peaktwilight released this 12 Apr 14:53
· 659 commits to main since this release
v0.6.0
130e981
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Cross-file taint analysis

foxguard now traces taint across file boundaries — the first open-source security scanner to do this at sub-second speed.

# views.py
from . import queries
def search(request):
    name = request.GET["name"]
    return queries.run_query(name)   # ← py/taint-sql-injection fires here

# queries.py  
def run_query(name):
    cur.execute("SELECT * FROM users WHERE name = '" + name + "'")

How it works

Two-pass parallel scan: pass 1 builds function-level taint summaries for every file, pass 2 resolves imported calls against those summaries. The Django shop fixture scans in 0.03s.

Supported patterns

  • Python: from .module import func, from module import func, sibling file resolution
  • JavaScript: require('./services'), import { fn } from './services' with extensionless path probing (.js/.ts/.mjs/.cjs/.jsx/.tsx)
  • Go: same-package resolution (all .go files in a directory share exported functions)

Also in this release

  • Kotlin — 10th supported language with 10 security rules
  • 9 new taint rules: SSTI, XPath injection, LDAP injection for Python, JS, and Go
  • Python taint improvements: % formatting, .format(), tuple/list propagation, os.environ.get() source
  • Fix suggestions on all taint findings with concrete code examples
  • --explain flag showing source-to-sink dataflow traces
  • --max-file-size flag for memory safety on large files
  • Lock-free parallel scanner (Mutex eliminated)
  • Iterative AST walker (stack overflow prevention)

Totals

  • 153 built-in rules across 10 languages
  • 276 tests all passing
  • Cross-file taint for Python, JavaScript, and Go

Upgrading

npx foxguard@0.6.0 .
Assets 2
Loading