NoQ requested changes to this revision.
NoQ added a comment.
This revision now requires changes to proceed.
> Describing value constraints in the taint config file is unfeasible.
This is the only correct way to go, because, as you yourself point out, every
sink function (or other use of tainted value) does indeed have different
constraint requirements. Checking the wrong requirements is a very common
source of security issues and we cannot afford destroying our ability to catch
them.
Like, checking that the tainted value is non-zero is a good idea before
dividing by that value, but it's clearly not sufficient before using the same
value as an array index.
What exactly is preventing you from describing value constraints in the config
file? Like, i get it that the generic case may get pretty rough (given that
constraints may be potentially arbitrary algebraic expressions over function
argument values and possibly other values), and i guess you could do a "poor
man's" wildcard suppression for some sinks ("the constraint for this sink is so
complicated that let's see if it was checked at all and think of it as fine if
it was), but we definitely should be able to try harder when it matters.
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D73536/new/
https://reviews.llvm.org/D73536
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
