Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
taint_assume_safe_functions
to assume that function calls do not propagate taint from their arguments to their result.taint_assume_safe_indexes
to assume that a tainted index does not cause an access expression to be tainted.Both should help reducing FPs. Also,
taint_assume_safe_functions
is meant to replace thenot_conflicting
option inpattern-sanitizers
, but is not enough by itself. This e.g.sink(not_tainted(tainted('a')))
will still be flagged due to how sinks work right now (anything within the range of the sink is considered a sink, alsotainted('a')
). We may also need to generalizepattern-propagators
so you can enumerate the functions that propagate taint.Closes PA-1541
test plan:
make test # added two tests
PR checklist:
If you're unsure on any of this, please see: