mavasani
commented
4 years ago @pavanupb Is your unit test based on TaintedDataAnalysis in the repo? Tagging @dotpaul
Open pavanupb opened 4 years ago
mavasani
commented
4 years ago @pavanupb Is your unit test based on TaintedDataAnalysis in the repo? Tagging @dotpaul
pavanupb
commented
4 years ago @mavasani It is based on the PropertySetAnalysisTests. I wrote a test similar to https://github.com/dotnet/roslyn-analyzers/blob/master/src/Utilities.UnitTests/FlowAnalysis/Analysis/PropertySetAnalysis/PropertySetAnalysisTests.cs
mavasani
commented
4 years ago Ah got it, thanks!
I am performing a points-to analysis on a sample code: https://github.com/pavanupb/SecureCodeAnalyzer/blob/master/Example-Code-3/AliasAnalysisTest/Program.cs. There is a procedure call at https://github.com/pavanupb/SecureCodeAnalyzer/blob/6c4dffa71960b806b25b3c8081d1fb7ffdcf8d1e/Example-Code-3/AliasAnalysisTest/Program.cs#L17. The callee procedure can be found at: https://github.com/pavanupb/SecureCodeAnalyzer/blob/master/Example-Code-3/AliasAnalysisTest/GetValues.cs. After an interprocedural analysis the receiver at https://github.com/pavanupb/SecureCodeAnalyzer/blob/6c4dffa71960b806b25b3c8081d1fb7ffdcf8d1e/Example-Code-3/AliasAnalysisTest/Program.cs#L17 should be present in the points-to set of "ByteValue" property of DemoClass object but I do not see it in the points-to analysis result. I have written a small unit test with the expected points-to result at https://github.com/pavanupb/SecureCodeAnalyzer/blob/master/Example-Code-3/AliasAnalysisTest/UnitTest.cs