-
Updated
Apr 8, 2022 - OCaml
taint-analysis
Here are 59 public repositories matching this topic...
-
Updated
Apr 8, 2022 - C++
I wrote some of the code to do this in a branch https://github.com/python-security/pyt/compare/class_based_views, but since I'm working on other things and this feature seems cool and important I'm making this issue
Let me know if you would like any help in implementing.
Description
BeanUtils is a library that is doing automatic mapping to Java object.
It can cause arm when the attack controls part of the list of properties being sets. BeanUtils does not blacklist properties like class, classloader or other objects that are likely to load arbitrary classes and possibly run code.
Code
import org.apache.commons.beanutils.BeanUtils;
public-
Updated
Apr 7, 2022 - OCaml
-
Updated
Mar 1, 2022 - OCaml
-
Updated
Mar 22, 2022 - C++
-
Updated
Feb 18, 2021 - C
-
Updated
Feb 15, 2022 - LLVM
Polybuild was taken by the other team and improved into a new standalone tool called blight. It has all of polybuilds features and more, we should swap to it when we get a chance.
-
Updated
Nov 19, 2021 - C
-
Updated
Apr 6, 2022 - C++
-
Updated
Jun 1, 2017 - C
-
Updated
Apr 6, 2022 - Shell
With the recent news on attacks leveraging the non-ascii characters, implement a new analyzer that would flag such characters as suspicious, namely:
- strings containing non-ascii characters
- variable names and attribute names containing non-ascii characters
This should be preferably configurable in a config file as it can produce a lot of false-positives or uninteresting results in some cod
-
Updated
Oct 23, 2017 - C++
-
Updated
Feb 24, 2022 - C++
-
Updated
Jul 17, 2020 - C
-
Updated
Jun 25, 2019 - Go
-
Updated
Mar 30, 2020 - C
-
Updated
Mar 30, 2020 - C++
-
Updated
Dec 30, 2021 - C++
-
Updated
Jul 9, 2019 - C++
-
Updated
Jul 1, 2017 - C++
-
Updated
Mar 6, 2022 - PHP
-
Updated
Apr 1, 2018 - C
-
Updated
Feb 15, 2022 - Shell
-
Updated
Sep 5, 2018 - JavaScript
-
Updated
Feb 15, 2022 - JavaScript
Improve this page
Add a description, image, and links to the taint-analysis topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the taint-analysis topic, visit your repo's landing page and select "manage topics."
per phpstan/phpstan-src#914 (comment)
fileis optionalOriginally posted by @staabm in vimeo/psalm#7798 (comment)
@staabm staabm 4 days ago
and class can be narrowed to class-string.
let me steal this more precise t