| # A list of source/propagation function |
| Propagations: |
| # int x = mySource1(); // x is tainted |
| - Name: mySource1 |
| DstArgs: [-1] # Index for return value |
| |
| # int x; |
| # mySource2(&x); // x is tainted |
| - Name: mySource2 |
| DstArgs: [0] |
| |
| # int x, y; |
| # myScanf("%d %d", &x, &y); // x and y are tainted |
| - Name: myScanf |
| VariadicType: Dst |
| VariadicIndex: 1 |
| |
| # int x; // x is tainted |
| # int y; |
| # myPropagator(x, &y); // y is tainted |
| - Name: myPropagator |
| SrcArgs: [0] |
| DstArgs: [1] |
| |
| # constexpr unsigned size = 100; |
| # char buf[size]; |
| # int x, y; |
| # int n = mySprintf(buf, size, "%d %d", x, y); // If size, x or y is tainted |
| # // the return value and the buf will be tainted |
| - Name: mySnprintf |
| SrcArgs: [1] |
| DstArgs: [0, -1] |
| VariadicType: Src |
| VariadicIndex: 3 |
| |
| # A list of filter functions |
| Filters: |
| # int x; // x is tainted |
| # myFilter(&x); // x is not tainted anymore |
| - Name: myFilter |
| Args: [0] |
| |
| # A list of sink functions |
| Sinks: |
| # int x, y; // x and y are tainted |
| # mySink(x, 0, 1); // It will warn |
| # mySink(0, 1, y); // It will warn |
| # mySink(0, x, 1); // It won't warn |
| - Name: mySink |
| Args: [0, 2] |