Skill: Create Dataflow Approximation

Write a code-based approximation for a library method whose taint propagation depends on lambdas, callbacks, or async chains, then test it against the prepared test project and fix until the approximation sample passes

Inputs

From the caller; if omitted, fall back to the default. Ask only when a required input is missing and has no sensible default

• Methods to model <methods> — the target method(s) and how taint flows through them, from the tracking file's methods (all type: dataflow)
• Tracking file <tracking-file> — the dataflow approximation unit (<package-kebab>-dataflow, e.g. reactor-core-publisher-dataflow). Default: .opentaint/tracking/approximations/<name>.yaml
• Approximation sources <approx-src> — this package's own directory for the .java approximation files. Default: .opentaint/dataflow/<name>
• Compiled test project <test-compiled> — the per-package compiled model to test against. Default: .opentaint/test-compiled/<name>

Workflow

1. Write the approximation source

Create Java files in <approx-src>. Target the EXACT class named in dropped-external-methods.yaml — @Approximate matches only that class (unlike passThrough's overrides: true), and the dropped FQN reflects how the analyzer resolved the call: an interface-typed receiver (Map m = ...; m.computeIfAbsent(...)) drops java.util.Map#computeIfAbsent; a concrete one (new HashMap<>()) drops java.util.HashMap#computeIfAbsent. Don't substitute a supertype or subtype. Model the real propagation — never leave the body empty (it silently drops taint); when unsure how taint flows through the method, read the library source rather than guessing: