Stack Overflow
Stack Overflow

Questions tagged [taint]

Taint checking is a security-related software analysis technique.

Taint checking asumes that any variable that can be modified by an external user poses a potential security risk. A taint checking tool compiles a list of all variables which are potentially influenced by outside input. If any of these variables is used to execute dangerous commands (such as direct commands to a SQL database or the host computer operating system), the taint checker warns that the program is using a potentially dangerous tainted variable.

70 questions
0
votes
1 answer

How to remove "taint" for Findbugs "Find Security Bugs"

I am using the "Find Security Bugs" plugin for Findbugs: https://find-sec-bugs.github.io/ Many of the detectors use "Taint analysis" to raise their warnings. Is there any documentation on how to remove "taint" from a value? I can't find any docs…
Rich
  • 15,048
  • 2
  • 66
  • 119
0
votes
2 answers

How can I invoke /sbin/iptables from a Perl CGI under taint mode?

When I invoke "sudo /sbin/iptables ..." in my Perl CGI scripts, I get the error: Insecure dependency in system while running with -T switch at usr/lib/perl5/vendor_perl/5.8.8/IPC/Run3.pm line 403 I tried to add "/sbin:/etc/sysconf:/etc/init.d" in…
Gelin Luo
  • 14,035
  • 27
  • 86
  • 139
0
votes
1 answer

Identifying taint sources in a program for taint propagation

In taint analysis, a taint source is a program location or statement that may produce an untrusted or external input. My Goal : Identify all external user inputs to the program such as cmdline-input , file reading , environment and network…
G Ashwin
  • 23
  • 1
  • 6
0
votes
3 answers

Escaping string to be quoted in Perl

I'm writing a quick Perl script which takes user input and uses it as a MySQL regex. I'd like to ensure that I can pass it without any of the Bobby tables nonsense. In particular, I want to allow all kinds of special characters, while rejecting…
Charles
  • 11,269
  • 13
  • 67
  • 105
0
votes
1 answer

the soot-based flowdroid with an exception error when test an APK

I am trying to test the broadcast receiver component in an android application based on the taint analysis. However, when i am using the frowdroid to test the related application, it shows: Exception in thread "main" java.lang.NoSuchMethodError:…
Field.D
  • 158
  • 1
  • 1
  • 9
0
votes
1 answer

Perl Untaint Variable By Passing Through Perl Module Subroutine

When untainting variables in Perl does all the untainting have to be done locally to the Perl (.pl) file or can it be passed through a Perl Module (.pm) to untaint? For example, untainting may look something like this: $string =~…
SpenserAD
  • 3
  • 4
0
votes
1 answer

Taint verification of a string

I developed an application that extract the IMEI of the android and stores it in a string.To verify if this string is tainted or not by using eclipse,i used "getTaintString" as following: import dalvik.system.*; import…
user1945197
  • 1
  • 1
0
votes
1 answer

perl cgi::param error with single plus sign in Taint mode

I work on a website based on Perl CGI. It's run with Perl -T (Taint mode). I noticed that a text input contains just a plus sign and nothing else ("+") causes CGI::param() to give this error: Insecure dependency in require while running with -T…
yjl101
  • 17
  • 7
-1
votes
1 answer

How do I force a perl variable to always be tainted?

I'm looking for a 100% reliable solution, not dependent on input or environment or anything - I just want to 100%-for-certain make a scalar variable tainted :-)
cnd
  • 1,689
  • 16
  • 14
-2
votes
1 answer

Perl setting value of a variable in strict -T mode errors

I have a script running strict with the -T parameter or 'taint' mode. If I try to set the value of a variable already defined, it craps out. I didn't make much of it, I'm just trying to modify it and don't know why it's breaking. Here's the gist…
user3066571
  • 1,381
  • 4
  • 14
  • 37
1 2 3 4
5