STATE)List of taint names
SIGNAL)Signal for state taintNames
GET)Getter for state taintNames
input
::=null
output
::=string[]
STATE)Names of the currently selected taints, if any
SIGNAL)Signal for state currentTaints
GET)Getter for state currentTaints
input
::=null
output
::=string[]
SET)Setter for state currentTaints
input
::=string[]
output
::=null
DATA)Taint status of logical properties
taintStatus::=tags…
| Tags | Value | Description |
|---|---|---|
"not_computed" |
Not computed: the Eva taint domain has not been enabled, or the Eva analysis has not been run | |
| Error | "error" |
Error: the memory zone on which this property depends could not be computed |
| — | "not_applicable" |
Not applicable: no taint for this kind of property |
| Tainted (direct) | "direct_taint" |
Direct taint: this property is related to a memory location that can be affected by an attacker |
| Tainted (indirect) | "indirect_taint" |
Indirect taint: this property is related to a memory location whose assignment depends on path conditions that can be affected by an attacker |
| Untainted | "not_tainted" |
Untainted property: this property is safe |
GET)Registered tags for the above type.
input
::=null
output
::=tag[]
DATA)Lvalue taint status
LvalueTaints::= {fields…}
| Field | Format | Description |
|---|---|---|
"lval" |
marker |
tainted lvalue |
"taint" |
taintStatus |
taint status |
GET)Get the tainted lvalues of a given function
input
::=decl
output
::=LvalueTaints[]
signals
plugins.eva.taint.signalCurrentTaintsplugins.eva.signals.computationStateplugins.eva.signals.currentCallstacks