Skip to content

Commit d06fb76

Browse files
mmvpmmmvpm
authored
Add default taint configuration file (#2280)
1 parent 228072f commit d06fb76

File tree

1 file changed

+117
-4
lines changed

1 file changed

+117
-4
lines changed

utbot-framework/src/main/resources/taint/config.yaml

Lines changed: 117 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -2,10 +2,123 @@ sources:
22
- java.util.Scanner.next:
33
add-to: return
44
marks: user-input
5+
- java.io.BufferedReader.readLine:
6+
add-to: return
7+
marks: user-input
8+
- javax.servlet.http.HttpServletRequest.getParameter:
9+
add-to: return
10+
marks: user-input
11+
- java.util.Properties.getProperty:
12+
add-to: return
13+
marks: user-input
14+
- java.sql.ResultSet.getString:
15+
add-to: return
16+
marks: user-input
17+
- javax.servlet.http.HttpServletRequest.getQueryString:
18+
add-to: return
19+
marks: user-input
520

6-
sinks:
7-
- java.lang.RuntimeException.<init>:
8-
check: arg1
9-
marks: []
21+
cleaners:
22+
- java.lang.String.isEmpty:
23+
remove-from: this
24+
marks: [ ]
25+
conditions:
26+
return: true
27+
28+
passes:
29+
- java.lang.String.getBytes:
30+
get-from: this
31+
add-to: return
32+
marks: [ ]
33+
conditions:
34+
this: { not: "" }
35+
- java.lang.String.split:
36+
get-from: this
37+
add-to: return
38+
marks: [ ]
39+
conditions:
40+
this: { not: "" }
41+
- java.lang.String.concat:
42+
get-from: this
43+
add-to: return
44+
marks: [ ]
45+
conditions:
46+
this: { not: "" }
47+
- java.lang.String.concat:
48+
get-from: arg1
49+
add-to: return
50+
marks: [ ]
1051
conditions:
1152
arg1: { not: "" }
53+
- java.lang.StringBuilder.append:
54+
get-from: arg1
55+
add-to: this
56+
marks: [ ]
57+
conditions:
58+
arg1: { not: "" }
59+
- java.lang.StringBuilder.toString:
60+
get-from: this
61+
add-to: return
62+
marks: [ ]
63+
64+
- java.sql.Connection.prepareStatement:
65+
get-from: arg1
66+
add-to: [ this, return ]
67+
marks: [ ]
68+
- java.sql.PreparedStatement.setString:
69+
get-from: arg2
70+
add-to: this
71+
marks: [ ]
72+
73+
- java.sql.Statement.addBatch:
74+
get-from: arg1
75+
add-to: this
76+
marks: [ ]
77+
78+
- java.io.ByteArrayOutputStream.writeData:
79+
get-from: arg1
80+
add-to: this
81+
marks: [ ]
82+
- java.io.ByteArrayOutputStream.toByteArray:
83+
get-from: this
84+
add-to: return
85+
marks: [ ]
86+
- java.io.ByteArrayInputStream.<init>:
87+
get-from: arg1
88+
add-to: [ this, return ]
89+
marks: [ ]
90+
- java.io.ObjectInputStream.<init>:
91+
get-from: arg1
92+
add-to: [ this, return ]
93+
marks: [ ]
94+
- java.io.ObjectInputStream.readObject:
95+
get-from: this
96+
add-to: return
97+
marks: [ ]
98+
99+
sinks:
100+
- java.sql.Statement.execute:
101+
check: arg1
102+
marks: user-input
103+
- java.sql.Statement.executeUpdate:
104+
check: arg1
105+
marks: user-input
106+
- java.sql.Statement.executeBatch:
107+
check: this
108+
marks: user-input
109+
- java.sql.Statement.executeQuery:
110+
check: arg1
111+
marks: user-input
112+
113+
- java.sql.PreparedStatement.execute:
114+
check: this
115+
marks: user-input
116+
- java.sql.PreparedStatement.executeUpdate:
117+
check: this
118+
marks: user-input
119+
- java.sql.PreparedStatement.executeBatch:
120+
check: this
121+
marks: user-input
122+
- java.sql.PreparedStatement.executeQuery:
123+
check: this
124+
marks: user-input

0 commit comments

Comments
 (0)