Module cwe_checker_lib::analysis::taint

source ·
Expand description

Taint Analysis.

This module provides general-purpose infrastructure for performing inter- or intraprocedural Taint Analyses. In general, a Taint Analysis is a special case of a forward “may” data flow analysis, where “may” means that merging of flows is performed by taking unions, i.e., a value is tainted at a point P iff there is some flow to P where it is tainted.

A user defines the specific instance of a Taint Analyses that they want to perform by implementing the TaintAnalysis trait. See its documentation for further information.

Modules

  • state
    Property space of a taint analysis.

Enums

  • Taint
    An abstract domain representing a value that is either tainted or not.

Traits

  • TaintAnalysis
    Trait representing the definition of a Taint Analysis.