-
I am trying to use SVF to build analysis, but I am not sure what SVF's component better fits my needs.
First, I describe my problem along with a couple of examples.
Then, I discuss the approaches …
-
Does the tool support implicit flow?
-
Let's collect the remaining blockers for taint analysis here – false positives, UI issues, but not false negatives / feature requests. We can extract them into sub-issues later if we find that valuabl…
-
Is there a taint analysis algorithm implemented by c or c++?And it supports backward and forward analysis.
-
With the following `psalm.xml`:
```xml
```
...and the following `file.php`:
```php
-
After upgrading from psalm 4.30.0 to psalm 5.13.1, I noticed that adding custom taint source via a psalm plugin is broken.
Even the example at https://psalm.dev/docs/security_analysis/custom_taint_so…
-
-
I wrote a simple tutorial to use the phasar-cli tool for a taint analysis. If you want, you can use it somewhere. I upload the markdown file here.
[Simple Taint Analysis Tutorial.md](https://github.…
-
### Description
Hi,
When I test some cases that return type is array and as transfer, such as String.split. I doubt how to correct config the rule.
My test sample:
```
class ArgToResultStri…
-
Hi,
it turns out that Amandroid doesn't write partial results for Taint Analysis.
I see in the output that some data flows have been discovered, but TaintResults.txt file doesn't exists until analys…