| # A list of source/propagation function |
| Propagations: |
| # int x = mySource1(); // x is tainted |
| - Name: mySource1 |
| DstArgs: [-1] # Index for return value |
| |
| # int x; |
| # mySource2(&x); // x is tainted |
| - Name: mySource2 |
| DstArgs: [0] |
| |
| # int x = myNamespace::mySource3(); // x is tainted |
| - Name: mySource3 |
| Scope: "myNamespace::" |
| DstArgs: [-1] |
| |
| # int x = myAnotherNamespace::mySource3(); // x is tainted |
| - Name: mySource3 |
| Scope: "myAnotherNamespace::" |
| DstArgs: [-1] |
| |
| # int x, y; |
| # myScanf("%d %d", &x, &y); // x and y are tainted |
| - Name: myScanf |
| VariadicType: Dst |
| VariadicIndex: 1 |
| |
| # int x, y; |
| # Foo::myScanf("%d %d", &x, &y); // x and y are tainted |
| - Name: myMemberScanf |
| Scope: "Foo::" |
| VariadicType: Dst |
| VariadicIndex: 1 |
| |
| # int x; // x is tainted |
| # int y; |
| # myPropagator(x, &y); // y is tainted |
| - Name: myPropagator |
| SrcArgs: [0] |
| DstArgs: [1] |
| |
| # constexpr unsigned size = 100; |
| # char buf[size]; |
| # int x, y; |
| # int n = mySprintf(buf, size, "%d %d", x, y); // If size, x or y is tainted |
| # // the return value and the buf will be tainted |
| - Name: mySnprintf |
| SrcArgs: [1] |
| DstArgs: [0, -1] |
| VariadicType: Src |
| VariadicIndex: 3 |
| |
| # A list of filter functions |
| Filters: |
| # int x; // x is tainted |
| # isOutOfRange(&x); // x is not tainted anymore |
| - Name: isOutOfRange |
| Args: [0] |
| |
| # int x; // x is tainted |
| # myNamespace::isOutOfRange(&x); // x is not tainted anymore |
| - Name: isOutOfRange2 |
| Scope: "myNamespace::" |
| Args: [0] |
| |
| # int x; // x is tainted |
| # myAnotherNamespace::isOutOfRange(&x); // x is not tainted anymore |
| - Name: isOutOfRange2 |
| Scope: "myAnotherNamespace::" |
| Args: [0] |
| |
| # A list of sink functions |
| Sinks: |
| # int x, y; // x and y are tainted |
| # mySink(x, 0, 1); // It will warn |
| # mySink(0, 1, y); // It will warn |
| # mySink(0, x, 1); // It won't warn |
| - Name: mySink |
| Args: [0, 2] |
| |
| # int x; // x is tainted |
| # myNamespace::mySink(x); // It will warn |
| - Name: mySink2 |
| Scope: "myNamespace::" |
| Args: [0] |
| |
| # int x; // x is tainted |
| # myAnotherNamespace::mySink(x); // It will warn |
| - Name: mySink2 |
| Scope: "myAnotherNamespace::" |
| Args: [0] |