alt Hacker NewsWould be neat if the call graph could be asserted easily.. As you could not only validate what vulnerabilities you are / aren't exposed to, but also choose to blacklist some API calls as a form of mitigation. Ensuring you don't accidentally start using something that's proven unsafe.
Replies
chii • today at 6:25 AM
but then if you could assert the call graph (easily, or even provably correctly), then why not just cull the unused code that led to vulnerability in the first place?
➕ show 1 reply
viraptor • yesterday at 11:58 PM
https://bandit.readthedocs.io/en/latest/ can do that for python.
It’s easier to just update the package and not have to worry.