Functions that we should only allow taint to flow through (to the return value) if all but the source argument are ‘predictable’. This is done to emulate the old security library’s implementation rather than due to any strong belief that this is the right approach.
Note that the list itself is not very principled; it consists of all the
functions listed in the old security library’s [default]
that have more than one argument, but are not in the old taint tracking