Is your feature request related to a problem? Please describe.
Need to add a taint feature to detect tainted input being passed to various functions.
Describe the solution you'd like
Rather than showing results of various calls that indicate possible injection, the analysis needs to be smarter about the confidence in the injection by inspecting the potential taint from outsider input.
Describe alternatives you've considered
Each call to a injection vulnerable function can be flagged as a result, but this can be very unreliable.
Additional context
Example functions that could benefit from taint analysis:
Warning - The pseudo-random generators of this module should not be used for security purposes. For security or cryptographic uses, see the secrets module.
A form of taint source. Use as tainted input for security calls
Is your feature request related to a problem? Please describe. Need to add a taint feature to detect tainted input being passed to various functions.
Describe the solution you'd like Rather than showing results of various calls that indicate possible injection, the analysis needs to be smarter about the confidence in the injection by inspecting the potential taint from outsider input.
Describe alternatives you've considered Each call to a injection vulnerable function can be flagged as a result, but this can be very unreliable.
Additional context Example functions that could benefit from taint analysis:
Also, see "taint": Value obtained from user input. In SARIF 3.38.8
Love this idea? Give it a 👍. We prioritize fulfilling features with the most 👍.