- Go 78.6%
- JavaScript 16.3%
- HTML 4.5%
- Shell 0.6%
| Filename | Latest commit message | Latest commit date |
|---|---|---|
|
|
||
| .opencode/plans | ||
| client | ||
| cmd | ||
| internal | ||
| js | ||
| .gitignore | ||
| go.mod | ||
| go.sum | ||
| README.md | ||
Phish
Phish is a tool for doing taint analysis on your code. The program takes a git repo as input and delivers a report on value flow vulnerabilities in your code.
Supported languages
- Go
Definitions
Given a repo R, Phish extracts a directed value flow graph G=\{V,E\}, where V is the set of vertices representing expressions and statements, while E\subseteq V\times V is the set of edges representing the value flow between them. Then, we can define a vertex v as a source v_{source} if it has no incoming edges, a sink v_{sink} if it has no outgoing edges, or neutral v_{neutral} if it has both incoming and outgoing edges. Further on, we define a set of tainted sinks V_{sink}^T and a set of tainted sources V_{source}^T . Finding a vulnerability then becomes a question of finding a path between a source-sink pair (v_{source}\in V_{source}^T,v_{sink}\in V_{sink}^T). If such a path exists, we have a vulnerability.
Discovering these paths is done by using a depth-first search starting in each tainted source. Upon discovering a tainted sink, the whole path is saved and given to an LLM for verification, explanation and mitigation. Traversal is done by iterating through all edges and creating an adjacency list for each vertex. Then, depth first search is applied, giving O(V+E) complexity.
How to use
- Run
go run ./cmdin the terminal - Navigate to the specified host
- To submit a git repo, go to the submit pane, paste a link to a repo and press submit
- To view reports, press the reports pane, and press the report you want to view