GLP – Golang/Golang Inter-procedural taint analysis

Name: GLP – Golang/Golang Inter-procedural taint analysis
Availability: InStock
Author: Horos

by Horos·Mar 16, 2026·2 points·0 comments

Visit Project View on HN

AI Analysis

●●SolidBig BrainNiche Gem

Whole-program SSA with VTA callgraph beats go vet's per-package limits.

Strengths

•217-line recursive DFS follows tainted values across function boundaries.
•VTA callgraph resolves interface dispatch and closures standard tools miss.
•Seven MCP tools expose sinks, SQL extraction, and dead exports to Claude.

Weaknesses

•Zero stars and forks suggests very early stage with no community validation.
•Niche audience: only Go devs doing security work will find this useful.

Post Description

glp traces data flows across function boundaries in Go programs. Standard Go tools (go vet, staticcheck, gopls) analyze one package at a time. glp loads the entire program into SSA, builds a VTA callgraph that resolves interface dispatch and closures, then walks it.

The core is a 217-line recursive DFS that follows a tainted value through SSA instructions, jumping across functions via the VTA callgraph.

Four jump cases: Call (args→params via VTA), MakeClosure (bindings→freevars), MakeInterface (interface casts), Store (struct taint poisoning).

Standard Go tools glp ───────────────── ─────────────────────── per-package analysis → whole-program SSA direct calls only → VTA (interfaces + closures) no data flow → inter-procedural taint DFS no sink detection → bottom-up from database/sql

7 MCP tools: load, callgraph (static/VTA), taint, sinks, sql extraction, dead exports, err-check. Runs as an MCP server for Claude Code or any MCP agent. Also usable as a Go library.

Same class of analysis as commercial SAST tools, in 1462 lines with zero deps beyond golang.org/x/tools. Pure Go, CGO_ENABLED=0, MIT.