This is the first time I have learn a similar project, i'm try use taint tracking int type,like following code
public class Main {
public static int taint() { return 5; }
public static void sink(int o) { }
public static void maintest() {
int a = taint();
int b=a+1;
sink(b);
}
}
but it doesn't taint b
Is this normal?
The ql file code I used is as follows
import java
import semmle.code.java.dataflow.TaintTracking
class Conf extends TaintTracking::Configuration {
Conf() { this = "qqconf" }
override predicate isSource(DataFlow::Node n) {
n.asExpr().(MethodAccess).getMethod().hasName("taint")
}
override predicate isSink(DataFlow::Node n) {
n.asExpr().(Argument).getCall().getCallee().hasName("sink")
}
}
from DataFlow::Node src, DataFlow::Node sink, Conf conf
where conf.hasFlow(src, sink)
select src, sink
This is the first time I have learn a similar project, i'm try use taint tracking int type,like following code
but it doesn't taint b
Is this normal?
The ql file code I used is as follows