-
**Describe the bug**
The taint analysis for C++ inheritance doesn't find the sink call if the $SRC is propagated in a superclass and the sink function is called in the subclass
**To Reproduce**
…
-
I've snooped around taint analysis, which I found to be useful in very legacy projects that heavily on superglobals like `$_GET`, `$_SESSION`, etc.
In more recent / modern projects:
* most DB i…
-
https://psalm.dev/r/0eddd75e6b (not reproducible as it's not possible to enable taint-analysis)
Affected versions: 5.4.0, master 11942d7
```
Uncaught Exception: AssertionError assert(!$this…
-
In the following screenshot, we can see the variable at `rbp-0x8` is NOT annotated with `var_10`, which is the stack variable associated with the offset.
![image](https://github.com/Vector35/binar…
-
**Is your feature request related to a problem? Please describe.**
Need to add a taint feature to detect tainted input being passed to various functions.
**Describe the solution you'd like**
Rath…
-
**Is your feature request related to a problem? Please describe.**
Tracking which registers depend on unknown or varying input values (e.g. passed arguments, mutable system registers or writable me…
-
Hash map? Binary tree? of memory regions annotating their last influenced address or syscall.
When memory is loaded into a register, mark that register with the region. When it's moved to another reg…
-
romac updated
4 years ago
-
Puma gives false positives at times. In the following example:
string sq = "select * from tab";
SqlCommand sqll = new SqlCommand(sq);
SqlDataAdapter sqa = new SqlDataAdapter(sqll);
I tried …
-
**Description of the issue**
## Use Case
We are trying to use the dataflow analysis to get the explicitly accessed fields in a struct in Golang. To do that, we use the TaintTracking module, wi…