Bun Call Graph Extractor

Module

Scanner

Status

IMPLEMENTED

Description

Static call graph extraction for Bun runtime JavaScript/TypeScript codebases, extending the multi-language extractor framework with Bun-specific entrypoint detection and sink matching.

Implementation Details

Call Graph Extractor:
- src/Scanner/__Libraries/StellaOps.Scanner.CallGraph/Extraction/Bun/BunCallGraphExtractor.cs - Static call graph extraction for Bun runtime codebases
Entrypoint Detection:
- src/Scanner/__Libraries/StellaOps.Scanner.CallGraph/Extraction/Bun/BunEntrypointClassifier.cs - Classifies Bun-specific entrypoints (e.g., Bun.serve, macros, plugins)
Sink Matching:
- src/Scanner/__Libraries/StellaOps.Scanner.CallGraph/Extraction/Bun/BunSinkMatcher.cs - Matches Bun-specific security-sensitive sinks (file I/O, shell exec, FFI, etc.)
DI Registration:
- src/Scanner/__Libraries/StellaOps.Scanner.CallGraph/DependencyInjection/CallGraphServiceCollectionExtensions.cs

E2E Test Plan

Scan a container image containing a Bun application with Bun.serve entrypoints
Verify call graph extraction produces nodes for Bun-specific entrypoints (HTTP handlers, macros, plugins)
Verify BunSinkMatcher identifies Bun-specific sinks (e.g., Bun.file, Bun.spawn, Bun.ffi)
Verify the extracted call graph links entrypoints to sinks through the application code
Verify call graph data is available in reachability analysis via GET /api/v1/scans/{scanId}/reachability
Verify TypeScript and JavaScript files are both analyzed correctly in mixed Bun projects

1.6 KiB Raw Blame History