package-analysis icon indicating copy to clipboard operation
package-analysis copied to clipboard
verified publisher icon ossf

Improve code coverages using different technique in analyzers

Open Alik-Kold opened this issue 3 years ago • 2 comments

The currently implemented package analyzers provide a limited coverage of the code when the payload is hiding in non setup/import phase

Suggesting to improve coverage with a best-effort approach to reflect and dynamically instantiate objects inside the package to increase the analysis coverage.

From my experience with this approach implemented in another similar project, I can share this is doable in a reasonable time for the following languages:

Javascript Python  Java Groovy C# Clojure Scala Kotlin

I'm planning to contribute it to this project, let me know WDYT

Alik-Kold avatar Jan 19 '23 11:01 Alik-Kold

This sounds very cool! Of the languages you listed, we currently only have support for JavaScript and Python, but even for those two we would love to have your contribution.

Are you able to share more details about the approach you're proposing? Just so we can understand it fully - it sounds super interesting.

maxfisher-g avatar Jan 20 '23 04:01 maxfisher-g

Indeed, big +1 to this! This has been on our wishlist for a while.

oliverchang avatar Jan 23 '23 03:01 oliverchang