Static Analysis with Go - A Practitioner's Guide

Overview

Static Analysis with Go - A Practitioner's Guide

made-with-Go PRs Welcome

Hi, and welcome to Static Analysis with Go - A Practitioner's Guide. This is a workshop about writing static code analyzers in Go for Go. In this lecture you will learn about how to write a static code analysis in Go, and implement one yourself.

By the end of this workshop, you'll have a better understanding of the Go packages related to writing static code analyzers and you'll also know how to write a code analyzer yourself.

I will start the lecture by giving an overview of static analyzers and how compilers work. Afterwards, you will learn about 2 different representations of the code (AST and SSA), and write an analyzer in each of those. You will also learn about the analysis API making writing analyzers easier and then we'll finish with a discussion.

Requirements:

Install the repo:

git clone https://github.com/amit-davidson/GopherCon2021IsraelStaticAnalysisWorkshop.git

Install Go tools:

go get -u golang.org/x/tools/...

Validate the installation by running

ssadump -h

and making sure you get a help message that starts with: Usage of ssadump:

Contents:

  1. Introduction to compilers and program analysis
  2. Compiler front end and static analysis with AST In Go
  3. Compiler middle end and static analysis with SSA In Go
  4. The analysis API
  5. Conclusion
You might also like...
Reduce debugging time while programming Go. Use static and stack-trace analysis to determine which func call causes the error.
Reduce debugging time while programming Go. Use static and stack-trace analysis to determine which func call causes the error.

Errlog: reduce debugging time while programming Introduction Use errlog to improve error logging and speed up debugging while you create amazing code

Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

Lightweight static analysis for many languages. Find bugs and enforce code standards. Semgrep is a fast, open-source, static analysis tool that finds

bodyclose is a static analysis tool which checks whether res.Body is correctly closed.

bodyclose is a static analysis tool which checks whether res.Body is correctly closed. Install You can get bodyclose by go get command. $ go

This static analysis tool works to ensure your program's data flow does not spill beyond its banks.

Go Flow Levee This static analysis tool works to ensure your program's data flow does not spill beyond its banks. An input program's data flow is expl

A Golang tool that does static analysis, unit testing, code review and generate code quality report.
A Golang tool that does static analysis, unit testing, code review and generate code quality report.

goreporter A Golang tool that does static analysis, unit testing, code review and generate code quality report. This is a tool that concurrently runs

Vulnerability Static Analysis for Containers
Vulnerability Static Analysis for Containers

Clair Note: The main branch may be in an unstable or even broken state during development. Please use releases instead of the main branch in order to

Fast Static File Analysis Framework
Fast Static File Analysis Framework

Florentino; Fast Static File Analysis Framework Story Florentino is named after a fiction warrior. Flarentino: "I'd wear a fedora but they haven't inv

gqlanalysis makes easy to develop static analysis tools for GraphQL in Go.
gqlanalysis makes easy to develop static analysis tools for GraphQL in Go.

gqlanalysis gqlanalysis defines the interface between a modular static analysis for GraphQL in Go. gqlanalysis is inspired by go/analysis. gqlanalysis

gqlanalysis makes easy to develop static analysis tools for GraphQL in Go.
gqlanalysis makes easy to develop static analysis tools for GraphQL in Go.

gqlanalysis gqlanalysis defines the interface between a modular static analysis for GraphQL in Go. gqlanalysis is inspired by go/analysis. gqlanalysis

Go fearless SQL. Sqlvet performs static analysis on raw SQL queries in your Go code base.

Sqlvet Sqlvet performs static analysis on raw SQL queries in your Go code base to surface potential runtime errors at build time. Feature highlights:

A source code analyzer built for surfacing features of interest and other characteristics to answer the question 'What's in the code?' quickly using static analysis with a json based rules engine. Ideal for scanning components before use or detecting feature level changes.
Analyzer: zapvet is static analysis tool for zap

zapvet zapvet is static analysis tool for zap. fieldtype: fieldtype finds confliction type of field Install You can get zapvet by go install command (

 GoKart - Go Security Static Analysis
GoKart - Go Security Static Analysis

GoKart is a static analysis tool for Go that finds vulnerabilities using the SSA (single static assignment) form of Go source code.

Retnilnil is a static analysis tool to detect `return nil, nil`

retnilnil retnilnil is a static analysis tool for Golang that detects return nil, nil in functions with (*T, error) as the return type. func f() (*T,

Static analysis for CloudFormation templates to identify common misconfigurations
Static analysis for CloudFormation templates to identify common misconfigurations

cfsec What is it? cfsec scans your yaml or json CloudFormation configuration files for common security misconfigurations. Installation Home Brew - Mac

Bodyclose: a static analysis tool which checks whether res.Body is correctly closed

bodyclose bodyclose is a static analysis tool which checks whether res.Body is correctly closed. Install You can get bodyclose by go get command. $ go

Static binary analysis tool to compute shared strings references between binaries and output in JSON, YAML and YARA

StrTwins StrTwins is a binary analysis tool, powered by radare, that is capable to find shared code string references between executables and output i

Go programming language secure coding practices guide

You can download this book in the following formats: PDF, Mobi and ePub. Introduction Go Language - Web Application Secure Coding Practices is a guide

Learning Vim and Vimscript doesn't have to be hard. This is the guide that you're looking for.
Learning Vim and Vimscript doesn't have to be hard. This is the guide that you're looking for.

Learn Vim (the Smart Way) What's This? Learn Vim (the Smart Way) is a guide to learn the good parts of Vim. There are many places to learn Vim: the vi

Owner
Amit Davidson
Gopher, Distributed Systems, Computer Science Student
Amit Davidson
A complete guide to undersatnd golang programming language, web requests, JSON and creating web APIs with mongodb

Golang series A complete guide to undersatnd golang programming language, web requests, JSON and creating web APIs with mongodb LearnCodeonline.in 01

HItesh Choudhary 88 Nov 20, 2022
This is from the udemy course: Go: The Complete Developer's Guide (Golang)

Go Udemy course - "Go: The Complete Developer's Guide (Golang)" How to run the file: go run hello-world.go go run <filename>.go GO CLI commands: go ru

null 1 Oct 22, 2021
📖 A little guide book on Ethereum Development with Go (golang)

?? A little guide book on Ethereum Development with Go (golang)

Miguel Mota 1.5k Nov 25, 2022
Go: The Complete Developer's Guide (Golang) Udemy Course by Stephen Grider

Go-The-Complete-Developers-Guide Go Command line tools 1. go build - compiles a bunch of go source code files go build

PramodRawate 0 Dec 29, 2021
Go-beginners-guide-project - golang beginners project from tutorialedge.net

Go Beginner's Project Running Locally If you want to run this application locally then run the following commands: $ go run cmd/cli/main.go Build Appl

Heriyanto 0 Jan 2, 2022
Practical concurrency guide in Go, communication by channels, patterns

Go Concurrency Guide This guide is built on top of the some examples of the book Go Concurrency in Go and Go Programming Language Race Condition and D

Lucas Alves 1.9k Nov 27, 2022
Repo Tugas Basic Programming Part 4(Complexity Analysis, Array, Slice, Function) ALTA Immersive BE5

Cara mengerjakan tugas hari ke 4 clone project ini dengan cara git clone https://github.com/ALTA-Immersive-BE5/Basic-Programming-Part4.git setelah cl

null 0 Dec 15, 2021
Tugas Alta Immersive Backend Golang Basic Programming Part 4(Complexity Analysis, Array, Slice, Function)

Tatacara Melakukan Setup Tugas clone project ini dengan cara git clone https://github.com/Immersive-Backend-Resource/Basic-Programming-Part4.git sete

null 0 Jan 9, 2022