Skip to content

[engine] Implement Data Flow and Taint Analysis for precise variable tracking #401

Open
Open
[engine] Implement Data Flow and Taint Analysis for precise variable tracking#401
Labels
component: analysis-enginesanctifier-core static analysis librarydifficulty: expertRequires deep expertise, ~2+ weekspriority: p1High value, near-termtype: featureNew capability or enhancement
Milestone
v2.0.0 – Deep Verification Ecosystem
@Gbangbolaoluwagbemiga

Description

@Gbangbolaoluwagbemiga
Gbangbolaoluwagbemiga
opened on Mar 28, 2026

Context

Currently, Sanctifier uses AST-based pattern matching. This fails if variables are passed through intermediate functions or aliased.

What to build

Implement an intra-procedural Control Flow Graph (CFG) and taint analysis pass.

  1. Identify "sources" (untrusted user input).
  2. Identify "sinks" (privileged operations).
  3. Trace data flow between them.

Acceptance Criteria

  • CFG generation module in sanctifier-core.
  • Taint engine tracks variable assignments.

Metadata

Metadata

Assignees

No one assigned

    Labels

    component: analysis-enginesanctifier-core static analysis librarydifficulty: expertRequires deep expertise, ~2+ weekspriority: p1High value, near-termtype: featureNew capability or enhancement

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions