Skip to content

Improve tainting code#546

Merged
maciejpirog merged 4 commits intomainfrom
mpir/improve-tainting-code-quality
Jan 20, 2026
Merged

Improve tainting code#546
maciejpirog merged 4 commits intomainfrom
mpir/improve-tainting-code-quality

Conversation

@maciejpirog
Copy link
Contributor

@maciejpirog maciejpirog commented Jan 19, 2026

A few superficial improvements to the tainting code

Unused lets, formatting

...in various places

Tiny fixes

Function_call_graph.ml

  • in build_call_graph: List.length xs > 0 ===> not (List.is_empty xs)

  • in build_call_graph: remove unused func_ranges ref

  • in find_functions_containing_ranges: remove matching_funcs ref and replace it with a pure fold

  • in find_functions_containing_ranges: funcs_list <> 0 ===> not (List.is_empty funcs_list)

  • extract deduplication of fun_ids as a separate function (dedup_fn_ids)

  • in identify_callee: refactor match rev xs with | h::t -> ... rev t ... by introducing a function List_.init_and_tail_opt that splits a list into its "liat" and the last element.

  • in nested_match: as above

  • in extract_hof_callbacks_from_call: refactor current_class to reuse more std functions

Dataflow_tainting.ml

  • in unify_mavar_sets: refactor ifs in RHSs of pattern matching to when clauses

Sig_inst.ml

  • in add_call_to_token_trace: refactor to avoid List.rev

  • in add_lval_update_to_token_trace: as above

Remove signature db functions from taint sig extractor

Remove the following functions from Taint_signature_extractor.ml

let empty_signature_database = Shape_and_sig.empty_signature_database
let lookup_signature = Shape_and_sig.lookup_signature
let show_signature_database = Shape_and_sig.show_signature_database

Not used anywhere (and potentially confusing)

More fixes

Shape_and_sig.ml

  • refactor get_fn_name to avoid building the reversed list

Sig_inst.ml

  • refactor instantiate_taints to use bind instead of fold

Taint_lval_env.ml

  • in normalize_lval use List_.init_and_last_opt to avoid reversing lists

@maciejpirog maciejpirog changed the title Mpir/improve tainting code quality Improve tainting code Jan 19, 2026
@maciejpirog maciejpirog force-pushed the mpir/improve-tainting-code-quality branch from 76c7d78 to 089bd92 Compare January 19, 2026 18:32
dimitris-m
dimitris-m approved these changes Jan 20, 2026
View reviewed changes
Copy link
Collaborator

@dimitris-m dimitris-m left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@dimitris-m
Copy link
Collaborator

dimitris-m commented Jan 20, 2026

Maybe squash the commits as some are not very informative?

@maciejpirog maciejpirog merged commit 56b80a8 into main Jan 20, 2026
6 checks passed
@maciejpirog maciejpirog deleted the mpir/improve-tainting-code-quality branch January 20, 2026 10:30
@maciejpirog maciejpirog mentioned this pull request Feb 4, 2026
Merged
tmeijn pushed a commit to tmeijn/dotfiles that referenced this pull request Feb 15, 2026
@tmeijn
build(deps): update opengrep/opengrep to v1.16.0
58a1789 
This MR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [opengrep/opengrep](https://github.com/opengrep/opengrep) | minor | `v1.15.1` → `v1.16.0` |

MR created with the help of [el-capitano/tools/renovate-bot](https://gitlab.com/el-capitano/tools/renovate-bot).

**Proposed changes to behavior should be submitted there as MRs.**

---

### Release Notes

<details>
<summary>opengrep/opengrep (opengrep/opengrep)</summary>

### [`v1.16.0`](https://github.com/opengrep/opengrep/releases/tag/v1.16.0): Opengrep 1.16.0

[Compare Source](opengrep/opengrep@v1.15.1...v1.16.0)

#### Improvements

- Dart: Add typed metavariabless by [@&#8203;maciejpirog](https://github.com/maciejpirog) in [#&#8203;551](opengrep/opengrep#551)
- Dart: Use case of identifier to guess call vs new by [@&#8203;maciejpirog](https://github.com/maciejpirog) in [#&#8203;555](opengrep/opengrep#555)
- Go: Enable goroutines in taint tracking by [@&#8203;maciejpirog](https://github.com/maciejpirog) in [#&#8203;559](opengrep/opengrep#559)
- Add taint propagation via "for" comprehensions by [@&#8203;maciejpirog](https://github.com/maciejpirog) in [#&#8203;564](opengrep/opengrep#564)

#### Bug Fixes

- Rust: Missing Rust type alias translation by [@&#8203;smith-xyz](https://github.com/smith-xyz) in [#&#8203;549](opengrep/opengrep#549)
- Fix: Ensure that linux binaries have 8mb stack size (musl) by [@&#8203;dimitris-m](https://github.com/dimitris-m) in [#&#8203;563](opengrep/opengrep#563)
- Fixed a perf regression by removing system calls and improving the reachability graph and the callee lookup by [@&#8203;corneliuhoffman](https://github.com/corneliuhoffman) in [#&#8203;556](opengrep/opengrep#556)
- Fixed intrafile bug introduced by a superfluous fallback by [@&#8203;corneliuhoffman](https://github.com/corneliuhoffman) in [#&#8203;567](opengrep/opengrep#567)
- Ruby: Always translate `or` and `and` to expression by [@&#8203;maciejpirog](https://github.com/maciejpirog) in [#&#8203;562](opengrep/opengrep#562)
- Bash: Allow redirects before command arguments by [@&#8203;maciejpirog](https://github.com/maciejpirog) in [#&#8203;548](opengrep/opengrep#548)

#### Internal Improvements

- Add `show dump-intrafile-graph` and `show dump-taint-signatures` commands by [@&#8203;corneliuhoffman](https://github.com/corneliuhoffman) in [#&#8203;552](opengrep/opengrep#552)
- Improve tainting code by [@&#8203;maciejpirog](https://github.com/maciejpirog) in [#&#8203;546](opengrep/opengrep#546)
- Graph refactoring by [@&#8203;corneliuhoffman](https://github.com/corneliuhoffman) in [#&#8203;553](opengrep/opengrep#553)

#### New Contributors

- [@&#8203;smith-xyz](https://github.com/smith-xyz) made their first contribution in [#&#8203;549](opengrep/opengrep#549)

**Full Changelog**: <opengrep/opengrep@v1.15.1...v1.16.0>

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this MR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this MR, check this box

---

This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi45Ni4yIiwidXBkYXRlZEluVmVyIjoiNDIuOTYuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiUmVub3ZhdGUgQm90IiwiYXV0b21hdGlvbjpib3QtYXV0aG9yZWQiLCJkZXBlbmRlbmN5LXR5cGU6Om1pbm9yIl19-->
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dimitris-m dimitris-m dimitris-m approved these changes

@willem-delbare willem-delbare Awaiting requested review from willem-delbare willem-delbare is a code owner

@corneliuhoffman corneliuhoffman Awaiting requested review from corneliuhoffman corneliuhoffman is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@maciejpirog @dimitris-m