forked from NVIDIA-AI-Blueprints/vulnerability-analysis
-
Notifications
You must be signed in to change notification settings - Fork 15
CCA pre-filters (Java import, C arg-count, Go sub-package), Java CCA cycle detection & perf, RPM version guard, ~40 bug fixes, ~200 new tests #261
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Open
tmihalac
wants to merge
25
commits into
RHEcosystemAppEng:main
Choose a base branch
from
tmihalac:CCA-Argument-Count-Pre-filter
base: main
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Changes from all commits
Commits
Show all changes
25 commits
Select commit
Hold shift + click to select a range
ce4e69c
Rewrite JS parser and Segmenter:
tmihalac 56bde63
Remove parser_threshold parameter from ExtendedLanguageParser creation
tmihalac d9054f2
Add CCA import-based pre-filter, cycle detection, and log lazy
tmihalac f96338a
Fix CCA tree dedup, Rule 8 Go subpackage matching, FCF regex
tmihalac a733aec
Source bugs:
tmihalac 4f44a85
Source bugs:
tmihalac 7af1213
Removed a test
tmihalac 15ee1eb
Added debug logging
tmihalac 3702027
Added debug logging
tmihalac a220084
Added debug logging
tmihalac b7ec881
Performance fixes for JS
tmihalac c5bafb8
- Reorder direct_parents in __find_caller_function_dfs so root-level
tmihalac 8418adf
Fixed tests
tmihalac bde7996
C CCA argument-count pre-filter, Maven parallelism, checklist
tmihalac e0cc7c5
Increase cores to 3
tmihalac e1c04bd
Removed AVOID UNANSWERABLE QUESTIONS from the prompt
tmihalac d230632
RPM checker Case B: emit TARGET_IN_VULNERABLE_RANGE and add VERSION
tmihalac 8ada59d
Config scanner: allowlist extension filter for config-dir files, add
tmihalac b808e16
Consolidate 9 duplicate test files into tests/, config scanner
tmihalac 09c0f22
Increased uber-jar threshold to 1000
tmihalac 9e3bdce
Go CCA sub-package granularity fixes, GOCACHE env var, revert
tmihalac 6bebe70
Removed debug logging
tmihalac d267ff2
Removed logging and set maven local repo in lint-test
tmihalac 2b5d772
Fix Go FL short_name dict collision preserving all packages
tmihalac 8346bbe
Remove task reference labels from all test files
tmihalac File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit: Pre-index doesn't achieve algorithmic speedup — still O(unique_paths) linear scan
This iterates all unique source paths doing a substring match — same algorithmic complexity as the old linear scan over all documents. The reduction from N (total docs) to U (unique paths) is a constant-factor improvement when files yield many functions, but it's not the O(1) lookup the pre-indexing pattern suggests.
Not a blocker — the constant-factor improvement plus the reordered
search_tokencheck before expensiveis_function/_is_doc_excludedcalls is a net positive. But if this becomes a bottleneck, an inverted index on path segments (mapping each package name to matching paths) would give true O(1) lookup.