Documentation
¶
Overview ¶
Package taint provides intra-procedural taint analysis for detecting data flow from sources to sinks.
This package implements forward data flow analysis to track taint propagation within a single function, identifying potential security vulnerabilities where untrusted input reaches sensitive operations.
Example:
summary := taint.AnalyzeIntraProceduralTaint(
"myapp.views.handler",
statements,
defUseChain,
[]string{"request.GET"}, // Sources
[]string{"eval", "exec"}, // Sinks
[]string{"sanitize"}, // Sanitizers
)
for _, detection := range summary.Detections {
fmt.Printf("Taint flow detected: %s\n", detection.Variable)
}
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AnalyzeIntraProceduralTaint ¶
func AnalyzeIntraProceduralTaint( functionFQN string, statements []*core.Statement, defUseChain *core.DefUseChain, sources []string, sinks []string, sanitizers []string, ) *core.TaintSummary
AnalyzeIntraProceduralTaint performs forward taint analysis on a function. Returns a TaintSummary with detections of taint flows.
Types ¶
type TaintState ¶
type TaintState struct {
Variables map[string]*variableTaintInfo
}
TaintState tracks taint information for all variables in a function.
func (*TaintState) GetTaintInfo ¶
func (ts *TaintState) GetTaintInfo(varName string) *variableTaintInfo
GetTaintInfo returns taint information for a variable. Returns nil if variable has no taint information.
func (*TaintState) IsTainted ¶
func (ts *TaintState) IsTainted(varName string) bool
IsTainted returns true if the variable is tainted.
func (*TaintState) SetTainted ¶
func (ts *TaintState) SetTainted(varName, source string, confidence float64, sourceLine uint32)
SetTainted marks a variable as tainted.
func (*TaintState) SetUntainted ¶
func (ts *TaintState) SetUntainted(varName string)
SetUntainted marks a variable as untainted (sanitized).
Source Files