Summary
TaintAnalyzer._check_sink calls ast.walk(stmt) for every statement and then performs name resolution and taint checks. Combined with repeated _is_expression_tainted recursion, this creates high overhead in large functions.
Suggested direction
- Build a lightweight per-statement call index (or pre-filter call-containing statements) before full traversal.
- Memoize expression taint checks within a statement/context to avoid repeated recursion on identical subtrees.
- Keep vulnerability output and de-dup semantics unchanged.
Acceptance
- No regression in detected vulnerabilities on current tests.
- Measurable reduction in taint-analysis runtime on larger fixture(s).
Code
refactron/analysis/taint.py — _check_sink, _is_expression_tainted
Summary
TaintAnalyzer._check_sinkcallsast.walk(stmt)for every statement and then performs name resolution and taint checks. Combined with repeated_is_expression_taintedrecursion, this creates high overhead in large functions.Suggested direction
Acceptance
Code
refactron/analysis/taint.py—_check_sink,_is_expression_tainted