[cfe-dev] General query : Alpha security checkers and taint analysis

[Ashwin Ganesh via cfe-dev]

I figured out how to add debugging checkers. I just need some help
regarding the first questions. Thanks.

Regards,
Ashwin

On Mon, Apr 4, 2016 at 1:46 PM, Ashwin Ganesh <ashwingane at gmail.com> wrote:

> 1) I went through GenericTaintChecker.cpp and I am not sure which part of
> the code propagates the taint.For example,
> x = getchar();
> char y = x + 1;
> Which part of the code taints y? Every part of the code i see seem to deal
> with functions.
>
> 2) Secondly , how do i use the debugging checkers like TainTesterChecker?
> I can't quite seem to locate this in the documentation
>
> Regards,
> Ashwin
>
> On Fri, Apr 1, 2016 at 10:31 PM, Artem Dergachev via cfe-dev <
> cfe-dev at lists.llvm.org> wrote:
>
>> Source for pretty much everything is available. To see what code
>> corresponds to what checker, consult the Checkers.td file; for the
>> TaintPropagation checker, GenericTaintChecker.cpp is the correct code file.
>>
>> With clang static analyzer, you don't need to (though you may) implement
>> taint propagation manually in every checker - the TaintPropagation checker
>> already does a pretty good job, just enable it and code parts that it
>> doesn't support out of the box.
>>
>> The static analyzer works only with the source code in C/C++/Objective-C.
>>
>> You should have no problem dumping all accesses to the tainted values,
>> similarly to TaintTester, though the current diagnostic engine isn't very
>> suitable for massive dumps of big data for further analysis - it was
>> designed to report small numbers of actual bug reports and provides useful
>> facilities for that.
>> _______________________________________________
>> cfe-dev mailing list
>> cfe-dev at lists.llvm.org
>> http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20160404/24bca1f7/attachment.html>