This introduces some small improvements to the taint analysis:
the default strategy is to pre-summarize user-space functions (as defined by all the config parameters) and then summarize on demand the functions that have not been summarized but are required during taint analysis. A new option IgnoreNonSummarized is introduced to enforce the previous default behaviour, which was to report non-summarized functions as errors. This new default strategy performs better than full on-demand summarization (~100s vs 180s on large codebase) with the same benefits.
Add an option SourceTaintsArgs to inform the analysis that source functions also taint their arguments, not just the returned value. Future improvements on that would be to let the user specify which arguments are tainted.
some refactoring in the taint analysis dataflow visitor to implement the new default behaviour.
This introduces some small improvements to the taint analysis:
IgnoreNonSummarized
is introduced to enforce the previous default behaviour, which was to report non-summarized functions as errors. This new default strategy performs better than full on-demand summarization (~100s vs 180s on large codebase) with the same benefits.SourceTaintsArgs
to inform the analysis that source functions also taint their arguments, not just the returned value. Future improvements on that would be to let the user specify which arguments are tainted.