feat: Add support for analysis in checkers

[maharshi-deepsource]

Checkers need support for analyzers to enhance their analysis. While a checker can identify vulnerable patterns based on code patterns, additional analysis may sometimes be required to accurately filter out false positives.

For example, analysis for hardcoded tokens in code will require an entropy analyzer.

This is a valid vulnerable pattern that should be detected by globstar

a = some_function(token="hqd#18ey283y28wdbbcwbd1ueh1ue2h")

However, using only regex based matching will also detect false positives like this

a = some_function(token="fake_token_as_placeholder")

An entropy analyzer will help differentiate between them more effectively. Here’s an overview of how the workflow might look after integrating the analyzer feature.

language: py
name: hardcoded-tokens
message: Look for hardcoded tokens
category: security

pattern: |
   (assignment
       left: (identifier)
       right: (call
             function: (identifier) @func_name
            arguments: (argument_list
                (keyword_argument:
                    name: (identifier)
                    value: (string
                        (string_start)
                        (string_content) @token_val
                        (string_end))))
         (#match? @token_val "^[A-Za-z0-9/+=]+$")) @hardcoded-tokens

analyzers: |
    entropy @token_val

description: |
   Do not provide hardcoded token values in functions.

[burntcarrot]

@maharshi-deepsource #129 should probably help, please close if I misunderstood the context behind the analyzers.