Does secucheck support inter-procedure analysis?

secure-software-engineering / secucheck

Soot-based taint analysis with internal Java fluent interface for security specifications in fluentTQL implemented with MagpieBridge to support multiple IDEs.

MIT License

16 stars 7 forks source link

Does secucheck support inter-procedure analysis? #7

Open dyd1024 opened 2 years ago

dyd1024 commented 2 years ago

Hello, I want to confirm whether secucheck supports interprocedural analysis? Thanks!

ranjithkris commented 2 years ago

Hello, I want to confirm whether secucheck supports interprocedural analysis? Thanks!

Yes, SecuCheck performs interprocedural analysis. We also tested this by keeping source and sink in different functions. You can check those examples in Secucheck catalog: https://github.com/secure-software-engineering/secucheck-catalog/tree/v1.2.0