You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The following test cases were introduced by #195 and are currently failing:
funcTestCallWithStructReferenceTaintsEveryField(hHeaders) {
fooByPtr(&h) // without interprocedural assessment, foo can do anything, so this call should taint every field on hcore.Sink(h.Name) // TODO want "a source has reached a sink"core.Sink(h.Other) // TODO want "a source has reached a sink"
}
funcTestCallWithStructValueDoesNotTaintNonReferenceFields(hHeaders) {
foo(h) // h is passed by value, so only its reference-like fields should be taintedcore.Sink(h.Name)
core.Sink(h.Other) // TODO want "a source has reached a sink"
}
typeHeadersstruct {
NamestringAuthmap[string]string`levee:"source"`Othermap[string]string
}
funcfooByPtr(h*Headers) {}
funcfoo(hHeaders) {}
The crux of the issue here is that since one of Headers's fields is a source, that source will be in scope inside the caller and so in theory it could taint every other field. Without interprocedural analysis, we have to assume that every field will be tainted.
In fact, we have to do this inference whenever a struct with a tainted field is passed to a call, not just when a field is a source.
The following test cases were introduced by #195 and are currently failing:
The crux of the issue here is that since one of
Headers's fields is a source, that source will be in scope inside the caller and so in theory it could taint every other field. Without interprocedural analysis, we have to assume that every field will be tainted.In fact, we have to do this inference whenever a struct with a tainted field is passed to a call, not just when a field is a source.
See #195 for additional discussion.
The text was updated successfully, but these errors were encountered: