Stack Overflow
Stack Overflow

Questions tagged [taint]

Taint checking is a security-related software analysis technique.

Taint checking asumes that any variable that can be modified by an external user poses a potential security risk. A taint checking tool compiles a list of all variables which are potentially influenced by outside input. If any of these variables is used to execute dangerous commands (such as direct commands to a SQL database or the host computer operating system), the taint checker warns that the program is using a potentially dangerous tainted variable.

70 questions
2
votes
0 answers

inter procedural taint analysis

The taint analyser provided by roslynsecurityguard(C#) supports only intra procedural taint analysis. Can any one suggest any other tool that can do inter procedural taint analysis for C#? Thanks in advance!
Meghana Rachamadugu
  • 21
  • 3
2
votes
1 answer

Install Perl with TAINT as the default for an app's private Perl

I recently converted an application to use its own version of Perl using Perlbrew, rather than the system Perl, and I am never going back to using the system Perl again! I'm about to start a clean slate application in which all of the scripts will…
KillerRabbit
  • 173
  • 1
  • 8
2
votes
2 answers

showing error Insecure dependency in parameter 3 of DBI::db=HASH(0xa32bd40)->do method call while running with -T switch

i got the error Insecure dependency in parameter 3 of DBI::db=HASH(0xa32bd40)->do method call while running with -T switch while i modified the file show_bug.cgi what is the reason?
Jenifer_justin
  • 167
  • 1
  • 20
2
votes
2 answers

Error reading file in tainted mode

I am a trying to use taint mode. I want to open a file based on user input and open a file to read data. Below is my code #!/usr/bin/perl -w use strict; use warnings; my $name = $ARGV[0]; my $file = "/Desktop/data/$name"; open MYFILE, "$file" or…
user1247412
  • 647
  • 7
  • 16
  • 29
2
votes
2 answers

What's a good Perl regex to untaint an absolute path?

Well, I tried and failed so, here I am again. I need to match my abs path pattern. /public_html/mystuff/10000001/001/10/01.cnt I am in taint mode etc.. #!/usr/bin/perl -Tw use CGI::Carp qw(fatalsToBrowser); use strict; use warnings; $ENV{PATH} =…
Jim_Bo
  • 317
  • 5
  • 17
2
votes
1 answer

splint how to perform taint analysis

How to perform Taint Analysis using Splint? I have installed Splint on my Ubuntu 12.04. Created a small test case as below: #include #include int main(int argc, char *argv[]) { char a[10]; strncpy(a,argv[1],10); …
Romaan
  • 2,645
  • 5
  • 32
  • 63
1
vote
3 answers

Is there an open source tainting tool?

is there an open source tainting tool? I am trying to analyze a Java project and it's java source code. Therefore I can see where and which purpose are parameters used for. For instance, is it used in an if statement or is it assigned to another…
Ekin
  • 407
  • 1
  • 6
  • 17
1
vote
2 answers

Why doesn't a pipe open work under Perl's taint mode?

My original script is as follows: my $cmd = "dir"; open (H, "$cmd |"); my @result = ; close (H); print STDERR @result,"\n"; This scripts works fine. If I add following line to the script, it fails to work: $ENV{"LD_LIBRARY_PATH"} =…
Avinash
  • 12,851
  • 32
  • 116
  • 186
1
vote
1 answer

Is there a `use` equivalent of `-T` (taint) used in shebang?

In the past I placed the Perl options in the "shebang line", like #!/usr/bin/perl -w, but then I discovered that the options will be ignored when the program is run via perl your_perl_file there is use warnings; that does not have the disadvantage…
U. Windl
  • 3,480
  • 26
  • 54
1
vote
1 answer

What is the possible reason that the taint and tolerations not work as I expect in EKS

I am working with EKS 1.24 version, and created 2 node groups in EKS: groupA and groupB. GroupB is with taint "dedicated:druid:NoSchedule", but the pods without tolerations "dedicated Equal druid NoSchedule" are also scheduled to groupB, what is the…
Kaojun Song
  • 21
  • 3
1
vote
3 answers

Laundering tainted data

When I do laundering tainted data with checking whether it has any bad characters are there unicode-properties which will filter the bad characters?
sid_com
  • 24,137
  • 26
  • 96
  • 187
1
vote
2 answers

Are pysa users expected to copy configuration files?

Facebook's Pysa tool looks useful, in the Pysa tutorial exercises they refer to files that are provided in the pyre-check repository using a relative path to include a path outside of the exercise…
Stephen Paulger
  • 5,204
  • 3
  • 28
  • 46
1
vote
1 answer

kubernetes taint on master allows pods

The kubernetes master have the taint which will not schedlue the normal workloads on the master. But it schedules the pods on the master though it has the taint applied as noschedule. How is this possible, is the k8s environment behaving differently…
intechops6
  • 1,007
  • 4
  • 22
  • 43
1
vote
1 answer

canvas is throw error of tainted after LoadFromJson

I am using fabric js version 1.7.22 when image set in a repetitive manner in a rectangle of fabric js, at the first time it will be loaded and saved into JSON using toJSON() and save an image using todataUrl() method, but when cal canvas a…
Mayur Kukadiya
  • 2,461
  • 1
  • 25
  • 58
1
vote
0 answers

HTML Canvas Tainted when all images are originating form my site?

I've been researching about canvas and I know security protocol denies outputting/saving the canvas if it has been tainted. what I can't seem to get an explanation on is what precisely triggers it to be tainted on my end. I have a div with a…
DissTech
  • 21
  • 1
1 2
3
4 5