/** * @fileoverview DFG Adapter - Integrate musubix-dfg with taint analysis * @module @nahisaho/musubix-security/analysis/interprocedural/dfg-adapter * @trace REQ-SEC-001 (EARS: THE system SHALL integrate with DFG for enhanced taint tracking) */ import type { DataFlowGraph, DFGNode } from '@nahisaho/musubix-dfg'; import type { TaintLocation, TaintFlowEdge } from './taint-propagator.js'; import type { TaintSinkCategory } from '../../types/taint.js'; import type { SourceDefinition } from '../sources/types.js'; import type { SinkDefinition } from '../sinks/types.js'; /** * Options for DFG-based taint analysis */ export interface DFGTaintOptions { /** Include aliasing analysis */ trackAliasing?: boolean; /** Include control flow dependencies */ trackControlDependencies?: boolean; /** Maximum propagation depth */ maxDepth?: number; /** Minimum confidence threshold */ minConfidence?: number; } /** * DFG node with taint information */ export interface TaintedDFGNode extends DFGNode { /** Whether node is tainted */ isTainted: boolean; /** Taint confidence */ taintConfidence: number; /** Source of taint */ taintSource?: TaintLocation; /** Sanitizers applied */ sanitizers: string[]; /** Remaining vulnerable categories */ vulnerableCategories: TaintSinkCategory[]; } /** * Result of DFG taint analysis */ export interface DFGTaintResult { /** Original DFG */ dfg: DataFlowGraph; /** Tainted nodes */ taintedNodes: Map; /** Taint flow edges */ taintFlowEdges: TaintFlowEdge[]; /** Detected sources */ sources: TaintLocation[]; /** Detected sinks */ sinks: TaintLocation[]; /** Source to sink paths */ vulnerablePaths: TaintPath[]; } /** * Path from taint source to sink */ export interface TaintPath { /** Source location */ source: TaintLocation; /** Sink location */ sink: TaintLocation; /** Intermediate nodes */ path: string[]; /** Flow edges */ edges: TaintFlowEdge[]; /** Sanitizers in path */ sanitizers: string[]; /** Whether path is fully sanitized */ isSanitized: boolean; /** Confidence */ confidence: number; } /** * DFG Adapter for taint analysis * Converts DFG data flow information to taint tracking * @trace REQ-SEC-001 */ export declare class DFGTaintAdapter { private sources; private sinks; private options; constructor(sources: SourceDefinition[], sinks: SinkDefinition[], options?: DFGTaintOptions); /** * Analyze DFG for taint flows */ analyzeTaint(dfg: DataFlowGraph): DFGTaintResult; /** * Propagate taint through DFG */ private propagateTaint; /** * Check if DFG node is a taint source */ private isSource; /** * Check if DFG node is a taint sink */ private isSink; /** * Check if DFG node is a sanitizer */ private checkSanitizer; /** * Check if edge type propagates taint */ private propagatesTaint; /** * Get all sink categories */ private getAllSinkCategories; /** * Update vulnerable categories after sanitization */ private updateVulnerableCategories; /** * Calculate taint confidence after propagation */ private calculateConfidence; /** * Convert DFG location to taint location */ private dfgLocationToTaintLocation; /** * Create taint flow edge from DFG edge */ private createFlowEdge; /** * Build complete taint path from source to sink */ private buildTaintPath; /** * Get sink category for a node */ getSinkCategory(node: DFGNode): TaintSinkCategory | null; /** * Get statistics about taint analysis */ getStatistics(result: DFGTaintResult): DFGTaintStatistics; /** * Get all edges with a specific source node */ private getEdgesWithSource; /** * Get all edges with a specific target node */ private getEdgesWithTarget; /** * Get all edges with a specific source and type */ private getEdgesWithSourceAndType; } /** * Statistics from DFG taint analysis */ export interface DFGTaintStatistics { totalNodes: number; taintedNodes: number; sources: number; sinks: number; vulnerablePaths: number; sanitizedPaths: number; avgConfidence: number; } //# sourceMappingURL=dfg-adapter.d.ts.map