New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How to detect data casting #57
Comments
If I'm understanding the question correctly, a propagation model like this might be what you are looking for: This specifies that any taint that flows through the first argument of And if I've misunderstood the question, could you provide code examples to go along with it just for clarification? Thanks! |
Hi @yuhshin-oss, I was thinking more along the lines of detecting something specific like this:
while excluding instances like this:
when my initial source is aimed at getParcelableExtra or getExtras. Basically, something that would allow me the ability to stop the flow and deem it as a false positive if it was data casted into a class that I do not want. |
@yuhshin-oss this might be a bit out of scope I realise, but would like to know how to ensure that taint is propogated only through specific data type castings like above, but unsure of how to write it out |
Hi @chuayupeng, thanks for the example! Assuming the
This type of casting is done explicitly with
|
Hi @yuhshin-oss, what if the data casting is done like this?
That way, there is no method invocation, so was unsure of how to detect for cases like this |
Could you give another example? |
Hi @arthaud, I want to differentiate between these 2 lines of code, so I can reduce false positives when detecting intent redirections. Is there any way to detect what the data is casted into?
and
|
Apparently, this generates a |
That should be solved with a87023d |
Is it possible for mariana trench to detect if the data is being casted into (Intent) for example? How would the source definition look like in that case?
The text was updated successfully, but these errors were encountered: