<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css" style="display:none;"><!-- P {margin-top:0;margin-bottom:0;} --></style>
</head>
<body dir="ltr">
<div id="divtagdefaultwrapper" style="font-size:12pt;color:#000000;background-color:#FFFFFF;font-family:Calibri,Arial,Helvetica,sans-serif;">
<p><span id="ms-rterangepaste-start"></span><span style="font-family: Verdana, Geneva, Helvetica, Arial, sans-serif; font-size: 13.44px;">I'm looking to build a static <span class="bold highlight search-highlight" style="font-weight: bold; background: rgb(255, 255, 153);">taint</span> analyzer
 before I found that it is already available in GenericTaintChecker. </span><br style="font-family: Verdana, Geneva, Helvetica, Arial, sans-serif; font-size: 13.44px;">
<span style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 16px;"></span><br style="font-family: Verdana, Geneva, Helvetica, Arial, sans-serif; font-size: 13.44px;">
<span style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 16px;"></span><span style="font-family: Verdana, Geneva, Helvetica, Arial, sans-serif; font-size: 13.44px;">However, I'm unsure of how to go about doing that. What I'm trying to achieve
 is to check if any <span class="bold highlight search-highlight" style="font-weight: bold; background: rgb(255, 255, 153);">tainted</span> variables has been passed into sensitive functions.</span><br style="font-family: Verdana, Geneva, Helvetica, Arial, sans-serif; font-size: 13.44px;">
<span style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 16px;"></span><br style="font-family: Verdana, Geneva, Helvetica, Arial, sans-serif; font-size: 13.44px;">
<span style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 16px;"></span><span style="font-family: Verdana, Geneva, Helvetica, Arial, sans-serif; font-size: 13.44px;">My assumption is that one have to write additional code for: </span><br style="font-family: Verdana, Geneva, Helvetica, Arial, sans-serif; font-size: 13.44px;">
<span style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 16px;"></span><span style="font-family: Verdana, Geneva, Helvetica, Arial, sans-serif; font-size: 13.44px;">1. Adding <span class="bold highlight search-highlight" style="font-weight: bold; background: rgb(255, 255, 153);">taint</span> to
 sources that are not defined in GenericTaintChecker through "addTaint" </span><br style="font-family: Verdana, Geneva, Helvetica, Arial, sans-serif; font-size: 13.44px;">
<span style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 16px;"></span><span style="font-family: Verdana, Geneva, Helvetica, Arial, sans-serif; font-size: 13.44px;">2. Write additional checks in checkPostStmt to see if any <span class="bold highlight search-highlight" style="font-weight: bold; background: rgb(255, 255, 153);">tainted</span> sources
 are passed into sensitive functions by performing string matches on function name and check if the parameters passed in are <span class="bold highlight search-highlight" style="font-weight: bold; background: rgb(255, 255, 153);">tainted</span> through "isTainted" </span><br style="font-family: Verdana, Geneva, Helvetica, Arial, sans-serif; font-size: 13.44px;">
<span style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 16px;"></span><br style="font-family: Verdana, Geneva, Helvetica, Arial, sans-serif; font-size: 13.44px;">
<span style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 16px;"></span><span style="font-family: Verdana, Geneva, Helvetica, Arial, sans-serif; font-size: 13.44px;">I'm really confused about what was the idea of the GenericTaintChecker and
 how is it meant to be used. Is it supposed to be used with other checkers that we have to write ourselves? </span><br style="font-family: Verdana, Geneva, Helvetica, Arial, sans-serif; font-size: 13.44px;">
<span style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 16px;"></span><br style="font-family: Verdana, Geneva, Helvetica, Arial, sans-serif; font-size: 13.44px;">
<span style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 16px;"></span><span style="font-family: Verdana, Geneva, Helvetica, Arial, sans-serif; font-size: 13.44px;">Below are the sources that I've read from but still do not fully understand
 them </span><br style="font-family: Verdana, Geneva, Helvetica, Arial, sans-serif; font-size: 13.44px;">
<span style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 16px;"></span><a href="http://clang-developers.42468.n3.nabble.com/General-query-Alpha-security-checkers-and-taint-analysis-td4050858.html" target="_top" rel="nofollow" link="external" id="LPlnk457599" style="font-size: 13.44px; color: rgb(85, 26, 139); font-family: Verdana, Geneva, Helvetica, Arial, sans-serif;"><span style="color: inherit;">http://clang-developers.42468.n3.nabble.com/General-query-Alpha-security-checkers-and-<span class="bold highlight search-highlight" style="font-weight: bold; color: inherit; background: rgb(255, 255, 153);">taint</span>-analysis-td4050858.html</span></a><br style="font-family: Verdana, Geneva, Helvetica, Arial, sans-serif; font-size: 13.44px;">
<span style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 16px;"></span><a href="http://clang-developers.42468.n3.nabble.com/Using-Alpha-taint-checker-in-Clang-static-analyzer-td4050851.html#a4050856" target="_top" rel="nofollow" link="external" style="font-size: 13.44px; color: rgb(85, 26, 139); font-family: Verdana, Geneva, Helvetica, Arial, sans-serif;"><span style="color: inherit;">http://clang-developers.42468.n3.nabble.com/Using-Alpha-<span class="bold highlight search-highlight" style="font-weight: bold; color: inherit; background: rgb(255, 255, 153);">taint</span>-checker-in-Clang-static-analyzer-td4050851.html#a4050856</span></a><br style="font-family: Verdana, Geneva, Helvetica, Arial, sans-serif; font-size: 13.44px;">
<span style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 16px;"></span><a href="http://clang-developers.42468.n3.nabble.com/Adding-taint-sources-to-GenericTaintChecker-td4050972.html" target="_top" rel="nofollow" link="external" title="http://clang-developers.42468.n3.nabble.com/Adding-taint-sources-to-GenericTaintChecker-td4050972.html
Ctrl+Click or tap to follow the link" style="font-size: 13.44px; color: rgb(85, 26, 139); font-family: Verdana, Geneva, Helvetica, Arial, sans-serif;"><span style="color: inherit;">http://clang-developers.42468.n3.nabble.com/Adding-<span class="bold highlight search-highlight" style="font-weight: bold; color: inherit; background: rgb(255, 255, 153);">taint</span>-sources-to-GenericTaintChecker-td4050972.html</span></a><span id="ms-rterangepaste-end"></span><br>
</p>
</div>
</body>
</html>