Description:
Currently, the syntax tree construction process does not take into account that multiple functions can share the same name (e.g., overloads or same-named functions in different scopes).
As a result, during scanning and data flow construction, the analysis may incorrectly include functions that should not participate in the same data flow solely because they share the same name.
This behavior leads to:
- A large number of false positive detections (FPs)
- Unnecessary token consumption during analysis and report generation
Expected behavior:
The syntax tree builder and data flow analyzer should correctly differentiate functions with the same name based on their signature, scope, or context, avoiding incorrect merging of data flow paths.
Steps to reproduce:
- Create multiple functions with the same name but different signatures or in different scopes.
- Run the scanner and observe that data flow connections are incorrectly constructed across unrelated functions.
Impact:
- Increased false positives
- Increased token usage and slower processing
Suggested solution:
Add proper handling of function identification during syntax tree building — for example, include signature, namespace, or object context in the function’s unique identifier.
Description:
Currently, the syntax tree construction process does not take into account that multiple functions can share the same name (e.g., overloads or same-named functions in different scopes).
As a result, during scanning and data flow construction, the analysis may incorrectly include functions that should not participate in the same data flow solely because they share the same name.
This behavior leads to:
Expected behavior:
The syntax tree builder and data flow analyzer should correctly differentiate functions with the same name based on their signature, scope, or context, avoiding incorrect merging of data flow paths.
Steps to reproduce:
Impact:
Suggested solution:
Add proper handling of function identification during syntax tree building — for example, include signature, namespace, or object context in the function’s unique identifier.