Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

Commit d06fb76

Browse files
authored
Add default taint configuration file (#2280)
1 parent 228072f commit d06fb76

File tree

1 file changed

+117
-4
lines changed

1 file changed

+117
-4
lines changed

‎utbot-framework/src/main/resources/taint/config.yaml

Lines changed: 117 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -2,10 +2,123 @@ sources:
22
- java.util.Scanner.next:
33
add-to: return
44
marks: user-input
5+
- java.io.BufferedReader.readLine:
6+
add-to: return
7+
marks: user-input
8+
- javax.servlet.http.HttpServletRequest.getParameter:
9+
add-to: return
10+
marks: user-input
11+
- java.util.Properties.getProperty:
12+
add-to: return
13+
marks: user-input
14+
- java.sql.ResultSet.getString:
15+
add-to: return
16+
marks: user-input
17+
- javax.servlet.http.HttpServletRequest.getQueryString:
18+
add-to: return
19+
marks: user-input
520

6-
sinks:
7-
- java.lang.RuntimeException.<init>:
8-
check: arg1
9-
marks: []
21+
cleaners:
22+
- java.lang.String.isEmpty:
23+
remove-from: this
24+
marks: [ ]
25+
conditions:
26+
return: true
27+
28+
passes:
29+
- java.lang.String.getBytes:
30+
get-from: this
31+
add-to: return
32+
marks: [ ]
33+
conditions:
34+
this: { not: "" }
35+
- java.lang.String.split:
36+
get-from: this
37+
add-to: return
38+
marks: [ ]
39+
conditions:
40+
this: { not: "" }
41+
- java.lang.String.concat:
42+
get-from: this
43+
add-to: return
44+
marks: [ ]
45+
conditions:
46+
this: { not: "" }
47+
- java.lang.String.concat:
48+
get-from: arg1
49+
add-to: return
50+
marks: [ ]
1051
conditions:
1152
arg1: { not: "" }
53+
- java.lang.StringBuilder.append:
54+
get-from: arg1
55+
add-to: this
56+
marks: [ ]
57+
conditions:
58+
arg1: { not: "" }
59+
- java.lang.StringBuilder.toString:
60+
get-from: this
61+
add-to: return
62+
marks: [ ]
63+
64+
- java.sql.Connection.prepareStatement:
65+
get-from: arg1
66+
add-to: [ this, return ]
67+
marks: [ ]
68+
- java.sql.PreparedStatement.setString:
69+
get-from: arg2
70+
add-to: this
71+
marks: [ ]
72+
73+
- java.sql.Statement.addBatch:
74+
get-from: arg1
75+
add-to: this
76+
marks: [ ]
77+
78+
- java.io.ByteArrayOutputStream.writeData:
79+
get-from: arg1
80+
add-to: this
81+
marks: [ ]
82+
- java.io.ByteArrayOutputStream.toByteArray:
83+
get-from: this
84+
add-to: return
85+
marks: [ ]
86+
- java.io.ByteArrayInputStream.<init>:
87+
get-from: arg1
88+
add-to: [ this, return ]
89+
marks: [ ]
90+
- java.io.ObjectInputStream.<init>:
91+
get-from: arg1
92+
add-to: [ this, return ]
93+
marks: [ ]
94+
- java.io.ObjectInputStream.readObject:
95+
get-from: this
96+
add-to: return
97+
marks: [ ]
98+
99+
sinks:
100+
- java.sql.Statement.execute:
101+
check: arg1
102+
marks: user-input
103+
- java.sql.Statement.executeUpdate:
104+
check: arg1
105+
marks: user-input
106+
- java.sql.Statement.executeBatch:
107+
check: this
108+
marks: user-input
109+
- java.sql.Statement.executeQuery:
110+
check: arg1
111+
marks: user-input
112+
113+
- java.sql.PreparedStatement.execute:
114+
check: this
115+
marks: user-input
116+
- java.sql.PreparedStatement.executeUpdate:
117+
check: this
118+
marks: user-input
119+
- java.sql.PreparedStatement.executeBatch:
120+
check: this
121+
marks: user-input
122+
- java.sql.PreparedStatement.executeQuery:
123+
check: this
124+
marks: user-input

0 commit comments

Comments
(0)

AltStyle によって変換されたページ (->オリジナル) /