EvalConst attempts to take a value, and simplify it down to a single constant it returns a tuple of (the constant, whether or not it successfully simplified).

LoadGenericAnalyzers creates generic taint analyzers from custom Sources and Sinks defined in analyzers.yaml converts all variables to SSA form to construct a call graph and performs recursive taint analysis to search for input sources of user-controllable data.

CommandInjectionAnalyzer constructs Sinks from a set of functions known to be vulnerable to command injection, converts all variables to SSA form to construct a call graph and performs recursive taint analysis to search for input sources of user-controllable data.

PathTraversalAnalyzer constructs Sinks from a set of functions known to be vulnerable to path injection all variables are converted to SSA form and a call graph is constructed recursive taint analysis is then used to search from a given Sink up the callgraph for Sources of user-controllable data.

RSAKeyLenAnalyzer is used to resolve constant values used for RSA key generation in order to more accurately detect use of an insecure RSA key length constructed all variables are converted to SSA form and a call graph is constructed recursive analysis is then used to resolve variables used as a key length to a final constant value at the callsite.

SQLInjectionAnalyzer constructs Sinks from a set of functions known to be vulnerable to SQL injection all variables are converted to SSA form and a call graph is constructed recursive taint analysis is then used to search from a given Sink up the callgraph for Sources of user-controllable data.

SSRF Analyzer constructs Sinks from a set of functions known to be vulnerable to Server Side Request Forgery, converts all variables to SSA form to construct a call graph and performs recursive taint analysis to search for input sources of user-controllable data.