reference, declarationdefinition
definition → references, declarations, derived classes, virtual overrides
reference to multiple definitions → definitions
unreferenced
    1
    2
    3
    4
    5
    6
    7
    8
    9
   10
   11
   12
   13
   14
   15
   16
   17
   18
   19
   20
   21
   22
   23
   24
   25
   26
   27
   28
   29
   30
   31
   32
   33
   34
   35
   36
   37
   38
   39
   40
   41
   42
   43
   44
   45
   46
   47
   48
   49
   50
# A list of source/propagation function
Propagations:
  # int x = mySource1(); // x is tainted
  - Name:     mySource1
    DstArgs:  [-1] # Index for return value

  # int x;
  # mySource2(&x); // x is tainted
  - Name:     mySource2
    DstArgs:  [0]

  # int x, y;
  # myScanf("%d %d", &x, &y); // x and y are tainted
  - Name:          myScanf
    VariadicType:  Dst
    VariadicIndex: 1

  # int x; // x is tainted
  # int y;
  # myPropagator(x, &y); // y is tainted
  - Name:     myPropagator
    SrcArgs:  [0]
    DstArgs:  [1]

  # constexpr unsigned size = 100;
  # char buf[size];
  # int x, y;
  # int n = mySprintf(buf, size, "%d %d", x, y); // If size, x or y is tainted
  # // the return value and the buf will be tainted
  - Name:          mySnprintf
    SrcArgs:       [1]
    DstArgs:       [0, -1]
    VariadicType:  Src
    VariadicIndex: 3

# A list of filter functions
Filters:
  # int x; // x is tainted
  # myFilter(&x); // x is not tainted anymore
  - Name: myFilter
    Args: [0]

# A list of sink functions
Sinks:
  # int x, y; // x and y are tainted
  # mySink(x, 0, 1); // It will warn
  # mySink(0, 1, y); // It will warn
  # mySink(0, x, 1); // It won't warn
  - Name: mySink
    Args: [0, 2]