Struct fields should be taintable #228

mlevesquedion · 2020-12-15T15:14:29Z

The following test case was introduced by #195 and is currently failing:

func TestTaintFieldOnNonSourceStruct(s core.Source, i *core.Innocuous) {
	i.Data = s.Data
	core.Sink(i)      // TODO want "a source has reached a sink"
	core.Sink(i.Data) // TODO want "a source has reached a sink"
}

This behavior is inadequate: It should be possible to taint a field on a non-Source struct, and tainting this field should taint the struct.

The following test case is also failing:

func TestTaintNonSourceFieldOnSourceType(s core.Source, i *core.Innocuous) {
	s.ID, _ = strconv.Atoi(s.Data)
	core.Sink(s.ID) // TODO want "a source has reached a sink"
}

It should be possible to taint a non-source field on a source type.

This is related to this piece of propagation code:

		if !prop.config.IsSourceField(typPath, typName, fieldName) && !prop.taggedFields.IsSourceFieldAddr(t) {
			return
		}

Currently, we stop traversing when we reach a field unless the field is a Source.

See #195 for additional discussion.

mlevesquedion changed the title ~~Structs should be taintable via their fields~~ Struct fields should be taintable Dec 15, 2020

mlevesquedion added the bug Something isn't working label Dec 15, 2020

mlevesquedion mentioned this issue Dec 16, 2020

Refactor: Unify traversal through Field and FieldAddr instructions #201

Merged

1 task

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Struct fields should be taintable #228

Struct fields should be taintable #228

mlevesquedion commented Dec 15, 2020 •

edited

Loading

Struct fields should be taintable #228

Struct fields should be taintable #228

Comments

mlevesquedion commented Dec 15, 2020 • edited Loading

mlevesquedion commented Dec 15, 2020 •

edited

Loading