{"id":41173883,"url":"https://github.com/akwick/gotcha","last_synced_at":"2026-01-22T19:50:39.077Z","repository":{"id":57519120,"uuid":"76479898","full_name":"akwick/gotcha","owner":"akwick","description":" Go Taint CHeck Analyser","archived":false,"fork":false,"pushed_at":"2019-06-25T11:24:37.000Z","size":561,"stargazers_count":43,"open_issues_count":2,"forks_count":11,"subscribers_count":4,"default_branch":"master","last_synced_at":"2024-06-19T04:23:10.571Z","etag":null,"topics":["dataflow","golang","gotcha","static-analysis","static-code-analysis","taint-analysis"],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/akwick.png","metadata":{"files":{"readme":"Readme.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2016-12-14T17:03:50.000Z","updated_at":"2023-10-16T09:38:58.000Z","dependencies_parsed_at":"2022-09-26T21:20:19.546Z","dependency_job_id":null,"html_url":"https://github.com/akwick/gotcha","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/akwick/gotcha","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/akwick%2Fgotcha","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/akwick%2Fgotcha/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/akwick%2Fgotcha/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/akwick%2Fgotcha/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/akwick","download_url":"https://codeload.github.com/akwick/gotcha/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/akwick%2Fgotcha/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28669724,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-22T19:36:09.361Z","status":"ssl_error","status_checked_at":"2026-01-22T19:36:05.567Z","response_time":144,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dataflow","golang","gotcha","static-analysis","static-code-analysis","taint-analysis"],"created_at":"2026-01-22T19:50:38.395Z","updated_at":"2026-01-22T19:50:39.070Z","avatar_url":"https://github.com/akwick.png","language":"Go","readme":"# Gotcha - **Go T**aint **Ch**eck **A**nalysis\n\n![](./images/gotcha_400x303.png)\n[0 ]\n\n\nSome theoretical background about this repository is available in our paper:\n[Information Flow Analysis for Go](http://link.springer.com/chapter/10.1007/978-3-319-47166-2_30).\nFor more information about the project, also check the Acknowledgments.\n\n## Requirements and Installation of gotcha on your local machine\n\n0. [Installation of Go](https://golang.org/doc/install)\n1. Go version below 1.8\n   - Ensure that you have set the `$GOPATH`\n   - Set the `$GOPATH` e.g. with `export GOPATH=$HOME/go` on a unix machine \n1. `go get github.com/akwick/gotcha`\n\nAnother variant is to install gotcha in a docker image. \nThis can be done in a similar way: start a golang container and within this container execute the go get command (step 2). \n\n\n## Build the analysis\n\n0. cd $GOPATH/src/github.com/akwick/gotcha\n1. go build\n\n### Working in your own fork\n\nWorking with your own fork of a Go-project is _exciting_ because Go packages\nalways have fully qualified imports of the form \"github.com/akwick/gotcha/foo\".\nTo avoid renaming imports (and having to patch them back before merging), the\nfollowing should work:\n\n0. Have $GOPATH configured\n1. cd $GOPATH\n2. mkdir -p src/github.com/akwick\n3. cd src/github.com/akwick\n4. git clone your:repo/gotcha (or ln -s path/to/gotcha .)\n\n## Run the analysis\n\n0. ./gotcha -path=\"path to go-files as relative part from $GOPATH/src\" -src=\"path to source code file which should analyzed\" -ssf=\"path to the sources and sinks file\"\n`./analysis -src=\"tests/exampleCode/hello.go\"`\n1. The -src flag is mandatory, the path, ssf, allpkgs, pkgs and ptrflag are optional.\n2. The default parameter are:\n  - path = github.com/akwick/gotcha\n    - It is important to change the path if you are not running our examples.   \n  - ssf = ./sourcesAndSinks.txt\n    - Adopt this parameter if you want to use your own souces and sinks file\n  - allpkgs = false\n    - Analyse all packages \n  - pkgs = \"\"  \n    - Only analyse the defined packages\n  - ptr = true  \n    - Analyse the program with the additional pointer analysis\n3. `./analysis -h` prints a short help for the flags.  \n\n\n# Test Results\n\nWe have several tests which ensure some functionality of our analysis.\nThe results are available via [Jenkins](https://envisage.ifi.uio.no:8080/jenkins/view/Vs-dev/job/GoRETech/)\nAre more detailed descriptions about running tests on your machine are in the file [*tests.md*](https://github.com/akwick/gotcha/blob/master/tests.md)\n\n# Debug the program\n\nThe repository has a small shell script which can build a debug file.\nA reference for the commands is in the [repository of godebug](https://github.com/mailgun/godebug).\n\n```\n$ ./debug.sh\n$ ./analysis.debug -src=\"fileyouwanttodebug\"\n```\n\n# Acknowledgments\n\nThis analysis is part of my master thesis.\nI want to thank all the people who were involved in this process: Eric Bodden, Michael Eichberg, Ka I Pun, Martin Steffen and Volker Stolz.\n\nThe work was partially supported by the Norwegian-German bilateral PPP project\nGoRETech (GoRuntime Enforcement Techniques), the EU COST Action IC1402\n“ARVI—Runtime Verification Beyond Monitoring” and the EU project FP7-610582\nEnvisage: Engineering Virtualized Services.\n\nLast but not least I want to thank [women who Go Berlin](https://www.meetup.com/de-DE/Women-Who-Go-Berlin/) for giving me the chance to visit the dotgo 2016. Thanks Vanesa for this great day full of awesome talks.\n\n[0 ] This image is created by Anna-Katharina Wickert under [Creative Commons 3.0 license](https://creativecommons.org/licenses/by/3.0/) based on Renee French under Creative Commons 3.0 Attributions. \n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fakwick%2Fgotcha","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fakwick%2Fgotcha","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fakwick%2Fgotcha/lists"}