feat: Support for adding taint analysis engine

[ravisastryk]

Taint Analysis Engine for gosec

Implements a minimal, zero-dependency taint analysis engine for gosec that tracks data flow from sources (user input) to sinks (dangerous functions) to detect security vulnerabilities.

Issue: #1160 - Request for taint analysis support in gosec

New Security Rules

Rule ID	Vulnerability	CWE	Severity
G701	SQL Injection	CWE-89	HIGH
G702	Command Injection	CWE-78	CRITICAL
G703	Path Traversal	CWE-22	HIGH
G704	SSRF	CWE-918	HIGH
G705	XSS	CWE-79	MEDIUM
G706	Log Injection	CWE-117	LOW

Changes

• Uses only golang.org/x/tools packages that gosec already depends on
• Leverages Static Single Assignment form for precise data flow tracking
• Uses Class Hierarchy Analysis (CHA) for sound call graph construction
• Easy to add new sources and sinks via configuration

Example Detection

SQL Injection (G701):

func handler(db *sql.DB, r *http.Request) {
    name := r.URL.Query().Get("name")  // SOURCE: user input
    query := "SELECT * FROM users WHERE name = '" + name + "'"
    db.Query(query)  // SINK: G701 detected here
}

Command Injection (G702):

func handler(w http.ResponseWriter, r *http.Request) {
    cmd := r.URL.Query().Get("cmd")  // SOURCE: user input
    exec.Command("sh", "-c", cmd).Run()  // SINK: G702 detected here
}

[codecov-commenter]

⚠️ Please install the to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

❌ Patch coverage is 67.22689% with 117 lines in your changes missing coverage. Please review.
✅ Project coverage is 69.36%. Comparing base (1216c9b) to head (bf684e2).
⚠️ Report is 177 commits behind head on master.

Files with missing lines	Patch %	Lines
analyzers/taint/taint.go	54.45%	68 Missing and 19 partials ⚠️
analyzers/taint/analyzer.go	43.39%	29 Missing and 1 partial ⚠️
❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #1486      +/-   ##
==========================================
+ Coverage   68.49%   69.36%   +0.86%     
==========================================
  Files          75       88      +13     
  Lines        4384     7089    +2705     
==========================================
+ Hits         3003     4917    +1914     
- Misses       1233     1924     +691     
- Partials      148      248     +100     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[ravisastryk]

@ccojocar Please review when you get a chance. TIA

[ccojocar]

Thanks for submitting this. I will need some time to review it. Which AI code generator are you using?

[ravisastryk]

Thanks for submitting this. I will need some time to review it. Which AI code generator are you using?

Thank you for asking @ccojocar. Claude helped with initial scaffolding, and I handled the refinements and final implementation to improve further. Please take your time reviewing. I am interested to see this reach a wider audience and encourage broader gosec adoption. Thank you for your time again.

[ccojocar]

Can you add a go doc comment on each field?

[ccojocar]

Is this function/method name? Can you make the name more clear?

[ccojocar]

Please add go doc on each field.

[ccojocar]

Please add a go doc on each field.

[ccojocar]

I would use a pointer for config.

[ccojocar]

http.NewRequest missing

[ccojocar]

net.Dial, net.DialTImeout, net.LookupHost

[ccojocar]

net/http/httputil.ReverseProxy:

[ccojocar]

net/http/httputil NewSingleHostReverseProxy

[ccojocar]

see sources above for a more complete list

[ccojocar]

template.HTML, template.HTMLAttr, template.JS, template.CSS missing

[ccojocar]

see above for a more complete list of sources

[ccojocar]

log.Panic, log/slog.Info, Error, Warn