Open hillwangsec opened 3 months ago
Set the pointer analysis option only-app
to false
to process ArrayList
related methods.
thanks a lot.
if active the only-app flag, the analysis time is increased more. I just temp resolve it through taint Obj propagation when taint propagate to method param (set/list/map.. type) and translate it to the PARAMETER_PASSING source. maybe it's not make sense.
When only-app=true
, the analysis is not sound, and unable to benifit from various plugins of Tai-e.
In your case, this problem can be naturally resolved through a sound/complete whole program analysis without the need for using Taint Transfer (another form of code modeling); Otherwise, I am worried that the modeling will be endless.
Description
Hi,
I saw the test cases in resources, including TaintParam, CSBackPropagation, but not found case for back taint propagation.
One case I test shown below:
Also configured the rules:
In pta-results.txt, I found the second param has tainted in the method interfunc, but the caller point (interfunc(taint, aa);), the var aa is not tainted now.
Here have any propose suggestion to resolve. Thanks.