Module TaintTracking

Construct the modules for taint-tracking analyses.

Holds if the additional step from src to sink should be included in all global taint flow configurations.

Holds if default TaintTracking::Configurations should allow implicit reads of c at sinks and inputs to additional taint steps.

Holds if node should be a sanitizer in all global taint flow configurations but not in local taint.

Holds if taint can flow in one local step from src to sink excluding local data flow steps. That is, src and sink are likely to represent different objects.

Holds if taint can flow from src to sink in zero or more local (intra-procedural) steps.

Holds if taint can flow from src to sink in zero or more local (intra-procedural) steps.

Holds if taint can flow in one local step from src to sink.

A unit class for adding additional taint steps.

A unit class for adding additional value steps.

A configuration of interprocedural taint tracking analysis. This defines sources, sinks, and any other configurable aspect of the analysis. Each use of the taint tracking library must define its own unique extension of this abstract class.

A method that returns the exact value of its qualifier (e.g., return this;)

A local variable that is assigned an ObjectOutputStream. Writing tainted data to such a stream causes the underlying OutputStream to be tainted.

A Content that should be implicitly regarded as tainted whenever an object with such Content is itself tainted.

A method or constructor that preserves taint.

A method that returns the exact value of one of its parameters or the qualifier.

Provides local taint flow restricted to a given set of sources and sinks.

Holds if node is an endpoint for local taint flow.