v0.5.5 - Cross-Function Taint Analysis
v0.5.5 - Cross-Function Taint Analysis
New: Interprocedural Taint Tracking (ASI01-INTERPROCEDURAL)
Tracks tainted data across function boundaries - the first interprocedural analysis rule for AI agent code.
What it detects:
- Tainted user input passed to wrapper functions that call LLM APIs
- Multi-hop taint chains (input -> process -> call_llm -> sink)
- Functions with taint-suggesting parameter names that contain LLM sinks
Why it matters: Simple single-function taint analysis misses the most common real-world pattern - wrapper functions around LLM calls. This rule closes that gap.
Changes
- New rule: ASI01-INTERPROCEDURAL (Cross-Function Taint Flow)
- New module: agentguard/rules/interprocedural.py
- 6 new tests (56 total, all pass)
Benchmark
- 32/32 samples detected (100%)
- 0 false positives
Install
pip install dfx-agentguard==0.5.5
Full Changelog: v1...v0.5.5