Closed shyngys-aitkazinov closed 3 years ago
AnHaechan
commented
3 years ago As far as I know, tainted value analysis is to determine certain value is from outside (in this homework, from source()) or not. If we're to build an sound analyzer to check that semantic property, sum of two untainted value has to be untainted,
For example, if the code is
a = 3
b = 2
sink(a+b)3 and 2 is not from outside, so it is very natural to think a+b is not tainted.
Lim-Sangho
commented
3 years ago Hi. I have similar questions. What if we compare, or filter them?
a = source()
b = 3
sink(a == b)Should we get an alarm for the last line?
a = source()
b = 3
if (a == b) {
sink(a)
}How about this case?
In both cases, are they tainted? Actually, the sinks can be controlled by the sources but there are only few candidates sinks can be.
KihongHeo
commented
3 years ago For brevity, assume that only sanitizer can filter out tainted values, not if conditions.
From the lecture I understood that the value becomes untainted only if it was called by
sanitizer. Then what happens if we add two Untainted values? The result is tainted, right?