Module TaintTracking
Provides classes for performing local (intra-procedural) and global (inter-procedural) taint-tracking analyses.
We define taint propagation informally to mean that a substantial part of
the information from the source is preserved at the sink. For example, taint
propagates from x
to x + 100
, but it does not propagate from x
to x > 100
since we consider a single bit of information to be too little.
To use global (interprocedural) taint tracking, extend the class
TaintTracking::Configuration
as documented on that class. To use local
(intraprocedural) taint tracking between expressions, call
TaintTracking::localExprTaint
. For more general cases of local taint
tracking, call TaintTracking::localTaint
or
TaintTracking::localTaintStep
with arguments of type DataFlow::Node
.
Import path
import semmle.code.cpp.ir.dataflow.TaintTracking
Imports
DataFlow | Provides a library for local (intra-procedural) and global (inter-procedural) data flow analysis: deciding whether data can flow from a source to a sink. This library differs from the one in |
DataFlow2 | Provides a |