Module TaintTrackingUtil

DEPRECATED: Use semmle.code.cpp.dataflow.new.DataFlow instead.

Provides classes for performing local (intra-procedural) and global (inter-procedural) taint-tracking analyses.

We define taint propagation informally to mean that a substantial part of the information from the source is preserved at the sink. For example, taint propagates from x to x + 100, but it does not propagate from x to x > 100 since we consider a single bit of information to be too little.

Import path

import semmle.code.cpp.dataflow.internal.TaintTrackingUtil

Predicates

defaultAdditionalTaintStep	Holds if the additional step from `src` to `sink` should be included in all global taint flow configurations.
defaultImplicitTaintRead	Holds if default `TaintTracking::Configuration`s should allow implicit reads of `c` at sinks and inputs to additional taint steps.
defaultTaintSanitizer	Holds if `node` should be a sanitizer in all global taint flow configurations but not in local taint.
localAdditionalTaintStep	Holds if taint can flow in one local step from `nodeFrom` to `nodeTo` excluding local data flow steps. That is, `nodeFrom` and `nodeTo` are likely to represent different objects.
localExprTaint	Holds if taint can flow from `e1` to `e2` in zero or more local (intra-procedural) steps.
localTaint	Holds if taint may propagate from `source` to `sink` in zero or more local (intra-procedural) steps.
localTaintStep	Holds if taint propagates from `nodeFrom` to `nodeTo` in exactly one local (intra-procedural) step.