dataflow-analysislisted

# Dataflow Analysis Perform intra-procedural dataflow analysis to track how data flows within functions. ## When to use - Track if a function parameter flows to a function call argument - Track if a function call's output flows to another function call's argument - Find taint propagation paths (e.g., user input reaching dangerous functions) - Detect vulnerabilities like command injection, buffer overflows ## Instructions Using the VulHunt MCP tools, open the project (`open_project`) and run the following Lua query (`query_project`). To perform dataflow analysis, use `project:calls_matching{}`: ```lua local calls = project:calls_matching({ to = <target_call>, where = function(caller) return caller:named("<function_name>") and caller:has_call(<target_call>) end, using = { -- Annotate caller parameters parameters = {var:named "first_param", _}, -- Annotate callees callees = { ["malloc"] = {inputs = {var:named "size"}}, ["strlen"] = {output = var:named "len", inputs = {_}}, ["check_len"] = {inputs = {var:sanitised()}} } } }) local results = {} for _, c in ipairs(calls) do local entry = { caller_name = c.caller.name, call_address = c.call_address, } if c.inputs[1] and c.inputs[1].annotation then entry.arg1_annotation = c.inputs[1].annotation entry.arg1_source = c.inputs[1].origin.source_address end if c.inputs[2] and c.inputs[2].annotation then entry.arg2_annotation = c.inputs[2].annotatio