diff --git a/.gitignore b/.gitignore index 77c409f5ec..6b1c703679 100644 --- a/.gitignore +++ b/.gitignore @@ -32,5 +32,6 @@ autoconf/autom4te.cache/ autom4te.cache/ .vscode/ +.idea/ .cache/ .helix/ diff --git a/configs/annotations.json b/configs/annotations.json index 685f60c2a6..8245d7eb45 100644 --- a/configs/annotations.json +++ b/configs/annotations.json @@ -1,997 +1,12685 @@ { - "atof": { - "name": "atof", + "__builtin_clz": { + "name": "__builtin_clz", "annotation": [ [], - [ - "Deref" - ] + [] ], "properties": [] }, - "atoi": { - "name": "atoi", + "__builtin_clzl": { + "name": "__builtin_clzl", "annotation": [ [], - [ - "Deref" - ] + [] ], "properties": [] }, - "atol": { - "name": "atol", + "__builtin_clzll": { + "name": "__builtin_clzll", "annotation": [ [], - [ - "Deref" - ] + [] ], "properties": [] }, - "atoll": { - "name": "atoll", + "__builtin_ffs": { + "name": "__builtin_ffs", "annotation": [ [], - [ - "Deref" - ] + [] ], "properties": [] }, - "bcmp": { - "name": "bcmp", + "__builtin_ffsll": { + "name": "__builtin_ffsll", "annotation": [ [], - [ - "Deref" - ], - [ - "Deref" - ], [] ], "properties": [] }, - "calloc": { - "name": "calloc", + "__builtin_va_end": { + "name": "__builtin_va_end", "annotation": [ - [ - "AllocSource::1", - "InitNull" - ], - [], [] ], "properties": [] }, - "fclose": { - "name": "fclose", + "__builtin_va_start": { + "name": "__builtin_va_start", "annotation": [ [], [ - "Deref" - ] + "TaintPropagation::UntrustedSource:1" + ], + [] ], "properties": [] }, - "fcvt": { - "name": "fcvt", + "_ZNSt8__detail12__int_limitsIiLb1EE3maxEv": { + "name": "__int_limits::max", "annotation": [ - [], - [], - [], - [ - "Deref" - ], - [ - "Deref" - ] + [] ], "properties": [] }, - "feof": { - "name": "feof", + "_ZNSt8__detail12__int_limitsIiLb1EE3minEv": { + "name": "__int_limits::min", + "annotation": [ + [] + ], + "properties": [] + }, + "_execl": { + "name": "_execl", "annotation": [ [], [ - "Deref" + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" ] ], "properties": [] }, - "ferror": { - "name": "ferror", + "_execle": { + "name": "_execle", "annotation": [ [], [ - "Deref" + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" ] ], "properties": [] }, - "fgetc": { - "name": "fgetc", + "_execlp": { + "name": "_execlp", "annotation": [ [], [ - "Deref" + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" ] ], "properties": [] }, - "fgetpos": { - "name": "fgetpos", + "_execlpe": { + "name": "_execlpe", "annotation": [ [], [ - "Deref" + "TaintSink::Execute" ], [ - "Deref" + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" ] ], "properties": [] }, - "fgetpos64": { - "name": "fgetpos64", + "_execv": { + "name": "_execv", "annotation": [ [], [ - "Deref" + "TaintSink::Execute" ], [ - "Deref" + "TaintSink::Execute" ] ], "properties": [] }, - "fgets": { - "name": "fgets", + "_execve": { + "name": "_execve", "annotation": [ + [], [ - "InitNull" + "TaintSink::Execute" ], [ - "Deref" + "TaintSink::Execute" ], - [], [ - "Deref" + "TaintSink::Execute" ] ], "properties": [] }, - "fgetwc": { - "name": "fgetwc", + "_execvp": { + "name": "_execvp", "annotation": [ [], [ - "Deref" + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" ] ], "properties": [] }, - "fgetws": { - "name": "fgetws", + "_execvpe": { + "name": "_execvpe", "annotation": [ + [], [ - "InitNull" + "TaintSink::Execute" ], [ - "Deref" + "TaintSink::Execute" ], - [], [ - "Deref" + "TaintSink::Execute" ] ], "properties": [] }, - "fileno": { - "name": "fileno", + "_ZNSt14_Fnv_hash_impl4hashEPKvyy": { + "name": "_Fnv_hash_impl::hash", "annotation": [ [], - [ - "Deref" - ] + [], + [], + [] ], "properties": [] }, - "fopen": { - "name": "fopen", + "_ZNSt10_Hash_impl4hashEPKvyy": { + "name": "_Hash_impl::hash", "annotation": [ - [ - "InitNull" - ], + [], + [], [], [] ], "properties": [] }, - "fopen64": { - "name": "fopen64", + "_ZNSt10_Hash_impl4hashIdEEyRKT_": { + "name": "_Hash_impl::hash", "annotation": [ - [ - "InitNull" - ], [], [] ], "properties": [] }, - "fopen_s": { - "name": "fopen_s", + "_ZNSt10_Hash_impl4hashIfEEyRKT_": { + "name": "_Hash_impl::hash", "annotation": [ [], - [ - "InitNull:*:!=0" - ], - [], - [ - "FreeSink::4" - ] + [] ], "properties": [] }, - "fprintf": { - "name": "fprintf", + "_ZNSt10_Hash_impl4hashIiEEyRKT_": { + "name": "_Hash_impl::hash", "annotation": [ - [], - [ - "Deref" - ], [], [] ], "properties": [] }, - "fputc": { - "name": "fputc", + "_popen": { + "name": "_popen", "annotation": [ - [], [], [ - "Deref" - ] + "TaintSink::Execute" + ], + [] ], "properties": [] }, - "fputs": { - "name": "fputs", + "_spawnl": { + "name": "_spawnl", "annotation": [ + [], [], [ - "Deref" + "TaintSink::Execute" ], [ - "Deref" + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" ] ], "properties": [] }, - "fputwc": { - "name": "fputwc", + "_spawnle": { + "name": "_spawnle", "annotation": [ [], [], [ - "Deref" + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" ] ], "properties": [] }, - "fputws": { - "name": "fputws", + "_spawnlp": { + "name": "_spawnlp", "annotation": [ + [], [], [ - "Deref" + "TaintSink::Execute" ], [ - "Deref" + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" ] ], "properties": [] }, - "fread": { - "name": "fread", + "_spawnlpe": { + "name": "_spawnlpe", "annotation": [ + [], [], [ - "Deref" + "TaintSink::Execute" ], - [], - [], [ - "Deref" + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" ] ], "properties": [] }, - "free": { - "name": "free", + "_spawnv": { + "name": "_spawnv", "annotation": [ + [], [], [ - "FreeSink::1" + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" ] ], "properties": [] }, - "freopen": { - "name": "freopen", + "_spawnve": { + "name": "_spawnve", "annotation": [ - [ - "InitNull" - ], [], [], [ - "Deref" + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" ] ], "properties": [] }, - "freopen64": { - "name": "freopen64", + "_spawnvp": { + "name": "_spawnvp", "annotation": [ - [ - "InitNull" - ], [], [], [ - "Deref" + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" ] ], "properties": [] }, - "freopen_s": { - "name": "freopen_s", + "_spawnvpe": { + "name": "_spawnvpe", "annotation": [ + [], [], [ - "InitNull:*:!=0" + "TaintSink::Execute" ], - [], - [], [ - "FreeSink::4" + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" ] ], "properties": [] }, - "fscanf": { - "name": "fscanf", + "_stricmp": { + "name": "_stricmp", "annotation": [ - [], [ - "Deref" + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" ], [], [] ], "properties": [] }, - "fscanf_s": { - "name": "fscanf_s", + "_strnicmp": { + "name": "_strnicmp", "annotation": [ - [], [ - "Deref" + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" ], [], + [], [] ], "properties": [] }, - "fseek": { - "name": "fseek", + "_texecl": { + "name": "_texecl", "annotation": [ [], [ - "Deref" + "TaintSink::Execute" ], - [], - [] + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ] ], "properties": [] }, - "fsetpos": { - "name": "fsetpos", + "_texecle": { + "name": "_texecle", "annotation": [ [], [ - "Deref" + "TaintSink::Execute" ], [ - "Deref" + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" ] ], "properties": [] }, - "fsetpos64": { - "name": "fsetpos64", + "_texeclp": { + "name": "_texeclp", "annotation": [ [], [ - "Deref" + "TaintSink::Execute" ], [ - "Deref" + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" ] ], "properties": [] }, - "ftell": { - "name": "ftell", + "_texeclpe": { + "name": "_texeclpe", "annotation": [ [], [ - "Deref" - ] - ], - "properties": [] - }, - "fwide": { - "name": "fwide", - "annotation": [ - [], + "TaintSink::Execute" + ], [ - "Deref" + "TaintSink::Execute" ], - [] - ], - "properties": [] - }, - "fwprintf": { - "name": "fwprintf", - "annotation": [ - [], [ - "Deref" + "TaintSink::Execute" ], - [], - [] + [ + "TaintSink::Execute" + ] ], "properties": [] }, - "fwrite": { - "name": "fwrite", + "_texecv": { + "name": "_texecv", "annotation": [ [], [ - "Deref" + "TaintSink::Execute" ], - [], - [], [ - "Deref" + "TaintSink::Execute" ] ], "properties": [] }, - "fwscanf": { - "name": "fwscanf", + "_texecve": { + "name": "_texecve", "annotation": [ [], [ - "Deref" + "TaintSink::Execute" ], - [], - [] + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ] ], "properties": [] }, - "getc": { - "name": "getc", + "_texecvp": { + "name": "_texecvp", "annotation": [ [], [ - "Deref" + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" ] ], "properties": [] }, - "getenv": { - "name": "getenv", + "_texecvpe": { + "name": "_texecvpe", "annotation": [ [], [ - "Deref" + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" ] ], "properties": [] }, - "getenv_s": { - "name": "getenv_s", + "_tolower": { + "name": "_tolower", "annotation": [ - [], - [ - "Deref" - ], [ - "Deref" + "TaintPropagation::UntrustedSource:1" ], - [], [] ], "properties": [] }, - "gets": { - "name": "gets", + "_toupper": { + "name": "_toupper", "annotation": [ - [], [ - "Deref" - ] + "TaintPropagation::UntrustedSource:1" + ], + [] ], "properties": [] }, - "gets_s": { - "name": "gets_s", + "_tpopen": { + "name": "_tpopen", "annotation": [ [], [ - "Deref" + "TaintSink::Execute" ], [] ], "properties": [] }, - "getw": { - "name": "getw", + "_tspawnl": { + "name": "_tspawnl", "annotation": [ + [], [], [ - "Deref" + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" ] ], "properties": [] }, - "getwc": { - "name": "getwc", + "_tspawnle": { + "name": "_tspawnle", "annotation": [ + [], [], [ - "Deref" + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" ] ], "properties": [] }, - "itoa": { - "name": "itoa", + "_tspawnlp": { + "name": "_tspawnlp", "annotation": [ [], [], [ - "Deref" + "TaintSink::Execute" ], - [] + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ] ], "properties": [] }, - "localtime": { - "name": "localtime", + "_tspawnlpe": { + "name": "_tspawnlpe", "annotation": [ + [], + [], [ - "InitNull::Must" + "TaintSink::Execute" ], - [] + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ] ], "properties": [] }, - "malloc": { - "name": "malloc", + "_tspawnv": { + "name": "_tspawnv", "annotation": [ + [], + [], [ - "AllocSource::1", - "InitNull" + "TaintSink::Execute" ], - [] + [ + "TaintSink::Execute" + ] ], "properties": [] }, - "memccpy": { - "name": "memccpy", + "_tspawnve": { + "name": "_tspawnve", "annotation": [ + [], [], [ - "Deref" + "TaintSink::Execute" ], [ - "Deref" + "TaintSink::Execute" ], - [], - [] + [ + "TaintSink::Execute" + ] ], "properties": [] }, - "memchr": { - "name": "memchr", + "_tspawnvp": { + "name": "_tspawnvp", "annotation": [ + [], + [], [ - "InitNull" + "TaintSink::Execute" ], [ - "Deref" - ], - [], - [] + "TaintSink::Execute" + ] ], "properties": [] }, - "memcmp": { - "name": "memcmp", + "_tspawnvpe": { + "name": "_tspawnvpe", "annotation": [ + [], [], [ - "Deref" + "TaintSink::Execute" ], [ - "Deref" + "TaintSink::Execute" ], - [] + [ + "TaintSink::Execute" + ] ], "properties": [] }, - "memcpy": { - "name": "memcpy", + "_tsystem": { + "name": "_tsystem", "annotation": [ [], [ - "Deref" + "TaintSink::Execute" + ] + ], + "properties": [] + }, + "_wexecl": { + "name": "_wexecl", + "annotation": [ + [], + [ + "TaintSink::Execute" ], [ - "Deref" + "TaintSink::Execute" ], - [] + [ + "TaintSink::Execute" + ] ], "properties": [] }, - "memcpy_s": { - "name": "memcpy_s", + "_wexecle": { + "name": "_wexecle", "annotation": [ [], [ - "Deref" + "TaintSink::Execute" ], - [], [ - "Deref" + "TaintSink::Execute" ], - [] + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ] ], "properties": [] }, - "memicmp": { - "name": "memicmp", + "_wexeclp": { + "name": "_wexeclp", "annotation": [ [], [ - "Deref" + "TaintSink::Execute" ], [ - "Deref" + "TaintSink::Execute" ], - [], - [] + [ + "TaintSink::Execute" + ] ], "properties": [] }, - "memmem": { - "name": "memmem", + "_wexeclpe": { + "name": "_wexeclpe", "annotation": [ + [], [ - "InitNull" + "TaintSink::Execute" ], [ - "Deref" + "TaintSink::Execute" ], - [], [ - "Deref" + "TaintSink::Execute" ], - [] + [ + "TaintSink::Execute" + ] ], "properties": [] }, - "memmove": { - "name": "memmove", + "_wexecv": { + "name": "_wexecv", "annotation": [ [], [ - "Deref" + "TaintSink::Execute" ], [ - "Deref" - ], - [] + "TaintSink::Execute" + ] ], "properties": [] }, - "memmove_s": { - "name": "memmove_s", + "_wexecve": { + "name": "_wexecve", "annotation": [ [], [ - "Deref" + "TaintSink::Execute" ], - [], [ - "Deref" + "TaintSink::Execute" ], - [] + [ + "TaintSink::Execute" + ] ], "properties": [] }, - "mempcpy": { - "name": "mempcpy", + "_wexecvp": { + "name": "_wexecvp", "annotation": [ [], [ - "Deref" + "TaintSink::Execute" ], [ - "Deref" - ], - [] + "TaintSink::Execute" + ] ], "properties": [] }, - "memset": { - "name": "memset", + "_wexecvpe": { + "name": "_wexecvpe", "annotation": [ [], [ - "Deref" + "TaintSink::Execute" ], - [], - [] + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ] ], "properties": [] }, - "memset_s": { - "name": "memset_s", + "_wpopen": { + "name": "_wpopen", "annotation": [ [], [ - "Deref" + "TaintSink::Execute" ], - [], - [], [] ], "properties": [] }, - "pthread_mutex_lock": { - "name": "pthread_mutex_lock", + "_wspawnl": { + "name": "_wspawnl", "annotation": [ + [], [], [ - "InitNull::!=0" + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" ] ], "properties": [] }, - "pthread_mutex_trylock": { - "name": "pthread_mutex_trylock", + "_wspawnle": { + "name": "_wspawnle", "annotation": [ + [], [], [ - "InitNull::!=0" + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" ] ], "properties": [] }, - "putc": { - "name": "putc", + "_wspawnlp": { + "name": "_wspawnlp", "annotation": [ [], [], [ - "Deref" + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" ] ], "properties": [] }, - "puts": { - "name": "puts", + "_wspawnlpe": { + "name": "_wspawnlpe", "annotation": [ + [], [], [ - "Deref" + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" ] ], "properties": [] }, - "qsort": { - "name": "qsort", + "_wspawnv": { + "name": "_wspawnv", "annotation": [ + [], [], [ - "Deref" + "TaintSink::Execute" ], - [], - [], - [] + [ + "TaintSink::Execute" + ] ], "properties": [] }, - "rawmemchr": { - "name": "rawmemchr", + "_wspawnve": { + "name": "_wspawnve", "annotation": [ + [], + [], [ - "InitNull" + "TaintSink::Execute" ], [ - "Deref" + "TaintSink::Execute" ], + [ + "TaintSink::Execute" + ] + ], + "properties": [] + }, + "_wspawnvp": { + "name": "_wspawnvp", + "annotation": [ + [], + [], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ] + ], + "properties": [] + }, + "_wspawnvpe": { + "name": "_wspawnvpe", + "annotation": [ + [], + [], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ] + ], + "properties": [] + }, + "_wsystem": { + "name": "_wsystem", + "annotation": [ + [], + [ + "TaintSink::Execute" + ] + ], + "properties": [] + }, + "abort": { + "name": "abort", + "annotation": [ + [] + ], + "properties": [] + }, + "abs": { + "name": "abs", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "acos": { + "name": "acos", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "acosf": { + "name": "acosf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "acosh": { + "name": "acosh", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "acoshf": { + "name": "acoshf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "acoshl": { + "name": "acoshl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "acosl": { + "name": "acosl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "asin": { + "name": "asin", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "asinf": { + "name": "asinf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "asinh": { + "name": "asinh", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "asinhf": { + "name": "asinhf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "asinhl": { + "name": "asinhl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "asinl": { + "name": "asinl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "atan": { + "name": "atan", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "atan2": { + "name": "atan2", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "atan2l": { + "name": "atan2l", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "atanf": { + "name": "atanf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "atanh": { + "name": "atanh", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "atanhf": { + "name": "atanhf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "atanhl": { + "name": "atanhl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "atanl": { + "name": "atanl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "atexit": { + "name": "atexit", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "atof": { + "name": "atof", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ] + ], + "properties": [] + }, + "atoi": { + "name": "atoi", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ] + ], + "properties": [] + }, + "atol": { + "name": "atol", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ] + ], + "properties": [] + }, + "atoll": { + "name": "atoll", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ] + ], + "properties": [] + }, + "_ZSt13back_inserterINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEESt20back_insert_iteratorIT_ERS7_": { + "name": "back_inserter", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "_ZNKSt9bad_alloc4whatEv": { + "name": "bad_alloc::what", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt20bad_array_new_length4whatEv": { + "name": "bad_array_new_length::what", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt8bad_cast4whatEv": { + "name": "bad_cast::what", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt13bad_exception4whatEv": { + "name": "bad_exception::what", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt10bad_typeid4whatEv": { + "name": "bad_typeid::what", + "annotation": [ + [] + ], + "properties": [] + }, + "basename": { + "name": "basename", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "_ZNSi6ignoreEx": { + "name": "basic_istream::ignore", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSi6ignoreExi": { + "name": "basic_istream::ignore", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt13basic_istreamIwSt11char_traitsIwEE6ignoreEx": { + "name": "basic_istream::ignore", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt13basic_istreamIwSt11char_traitsIwEE6ignoreExt": { + "name": "basic_istream::ignore", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEC1EOS4_": { + "name": "basic_string::basic_string", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEC1EPKcRKS3_": { + "name": "basic_string::basic_string", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:2" + ], + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEEC1EPKwRKS3_": { + "name": "basic_string::basic_string", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:2" + ], + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE5c_strEv": { + "name": "basic_string::c_str", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "_ZNKSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEE5c_strEv": { + "name": "basic_string::c_str", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE5clearEv": { + "name": "basic_string::clear", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE4dataEv": { + "name": "basic_string::data", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt7__cxx1112basic_stringIDiSt11char_traitsIDiESaIDiEE4dataEv": { + "name": "basic_string::data", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt7__cxx1112basic_stringIDsSt11char_traitsIDsESaIDsEE4dataEv": { + "name": "basic_string::data", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEE4dataEv": { + "name": "basic_string::data", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE6lengthEv": { + "name": "basic_string::length", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt7__cxx1112basic_stringIDiSt11char_traitsIDiESaIDiEE6lengthEv": { + "name": "basic_string::length", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt7__cxx1112basic_stringIDsSt11char_traitsIDsESaIDsEE6lengthEv": { + "name": "basic_string::length", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEE6lengthEv": { + "name": "basic_string::length", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEpLEc": { + "name": "basic_string::operator+=", + "annotation": [ + [], + [ + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEpLERKS4_": { + "name": "basic_string::operator+=", + "annotation": [ + [], + [ + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEixEy": { + "name": "basic_string::operator[]", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE7reserveEy": { + "name": "basic_string::reserve", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE4sizeEv": { + "name": "basic_string::size", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt17basic_string_viewIcSt11char_traitsIcEE4dataEv": { + "name": "basic_string_view::data", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt17basic_string_viewIDiSt11char_traitsIDiEE4dataEv": { + "name": "basic_string_view::data", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt17basic_string_viewIDsSt11char_traitsIDsEE4dataEv": { + "name": "basic_string_view::data", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt17basic_string_viewIwSt11char_traitsIwEE4dataEv": { + "name": "basic_string_view::data", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt17basic_string_viewIcSt11char_traitsIcEE6lengthEv": { + "name": "basic_string_view::length", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt17basic_string_viewIDiSt11char_traitsIDiEE6lengthEv": { + "name": "basic_string_view::length", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt17basic_string_viewIDsSt11char_traitsIDsEE6lengthEv": { + "name": "basic_string_view::length", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt17basic_string_viewIwSt11char_traitsIwEE6lengthEv": { + "name": "basic_string_view::length", + "annotation": [ + [] + ], + "properties": [] + }, + "bcmp": { + "name": "bcmp", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [ + "Deref" + ], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "_ZSt9boolalphaRSt8ios_base": { + "name": "boolalpha", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "bsearch": { + "name": "bsearch", + "annotation": [ + [], + [], + [], + [], + [], + [] + ], + "properties": [] + }, + "btowc": { + "name": "btowc", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "cabf": { + "name": "cabf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "cabl": { + "name": "cabl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "cabs": { + "name": "cabs", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "cacos": { + "name": "cacos", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "cacosf": { + "name": "cacosf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "cacosh": { + "name": "cacosh", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "cacoshf": { + "name": "cacoshf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "cacoshl": { + "name": "cacoshl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "cacosl": { + "name": "cacosl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "calloc": { + "name": "calloc", + "annotation": [ + [ + "AllocSource::1", + "InitNull" + ], + [], + [] + ], + "properties": [] + }, + "canonicalize": { + "name": "canonicalize", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "canonicalizef": { + "name": "canonicalizef", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "canonicalizel": { + "name": "canonicalizel", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "carg": { + "name": "carg", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "cargf": { + "name": "cargf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "cargl": { + "name": "cargl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "casin": { + "name": "casin", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "casinf": { + "name": "casinf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "casinh": { + "name": "casinh", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "casinhf": { + "name": "casinhf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "casinhl": { + "name": "casinhl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "casinl": { + "name": "casinl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "catan": { + "name": "catan", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "catanf": { + "name": "catanf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "catanh": { + "name": "catanh", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "catanhf": { + "name": "catanhf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "catanhl": { + "name": "catanhl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "catanl": { + "name": "catanl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "cbrt": { + "name": "cbrt", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "cbrtf": { + "name": "cbrtf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "cbrtl": { + "name": "cbrtl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "ccosh": { + "name": "ccosh", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "ccoshf": { + "name": "ccoshf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "ccoshl": { + "name": "ccoshl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "ceil": { + "name": "ceil", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "ceilf": { + "name": "ceilf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "ceill": { + "name": "ceill", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "cexp": { + "name": "cexp", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "cexpf": { + "name": "cexpf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "cexpl": { + "name": "cexpl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIcE6assignEPcyc": { + "name": "char_traits::assign", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIcE6assignERcRKc": { + "name": "char_traits::assign", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIDiE6assignEPDiyDi": { + "name": "char_traits::assign", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIDiE6assignERDiRKDi": { + "name": "char_traits::assign", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIDsE6assignEPDsyDs": { + "name": "char_traits::assign", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIDsE6assignERDsRKDs": { + "name": "char_traits::assign", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIwE6assignEPwyw": { + "name": "char_traits::assign", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIwE6assignERwRKw": { + "name": "char_traits::assign", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZN9__gnu_cxx11char_traitsIcE7compareEPKcS3_y": { + "name": "char_traits::compare", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZN9__gnu_cxx11char_traitsIwE7compareEPKwS3_y": { + "name": "char_traits::compare", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIcE7compareEPKcS2_y": { + "name": "char_traits::compare", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIDiE7compareEPKDiS2_y": { + "name": "char_traits::compare", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIDsE7compareEPKDsS2_y": { + "name": "char_traits::compare", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIwE7compareEPKwS2_y": { + "name": "char_traits::compare", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIcE4copyEPcPKcy": { + "name": "char_traits::copy", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIDiE4copyEPDiPKDiy": { + "name": "char_traits::copy", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIDsE4copyEPDsPKDsy": { + "name": "char_traits::copy", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIwE4copyEPwPKwy": { + "name": "char_traits::copy", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIcE3eofEv": { + "name": "char_traits::eof", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIDiE3eofEv": { + "name": "char_traits::eof", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIDsE3eofEv": { + "name": "char_traits::eof", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIwE3eofEv": { + "name": "char_traits::eof", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIcE2eqERKcS2_": { + "name": "char_traits::eq", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIDiE2eqERKDiS2_": { + "name": "char_traits::eq", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIDsE2eqERKDsS2_": { + "name": "char_traits::eq", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIwE2eqERKwS2_": { + "name": "char_traits::eq", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIcE11eq_int_typeERKiS2_": { + "name": "char_traits::eq_int_type", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIDiE11eq_int_typeERKjS2_": { + "name": "char_traits::eq_int_type", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIDsE11eq_int_typeERKtS2_": { + "name": "char_traits::eq_int_type", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIwE11eq_int_typeERKtS2_": { + "name": "char_traits::eq_int_type", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZN9__gnu_cxx11char_traitsIcE4findEPKcyRS2_": { + "name": "char_traits::find", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZN9__gnu_cxx11char_traitsIwE4findEPKwyRS2_": { + "name": "char_traits::find", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIcE4findEPKcyRS1_": { + "name": "char_traits::find", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIDiE4findEPKDiyRS1_": { + "name": "char_traits::find", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIDsE4findEPKDsyRS1_": { + "name": "char_traits::find", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIwE4findEPKwyRS1_": { + "name": "char_traits::find", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZN9__gnu_cxx11char_traitsIcE6lengthEPKc": { + "name": "char_traits::length", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZN9__gnu_cxx11char_traitsIwE6lengthEPKw": { + "name": "char_traits::length", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIcE6lengthEPKc": { + "name": "char_traits::length", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIDiE6lengthEPKDi": { + "name": "char_traits::length", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIDsE6lengthEPKDs": { + "name": "char_traits::length", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIwE6lengthEPKw": { + "name": "char_traits::length", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIcE2ltERKcS2_": { + "name": "char_traits::lt", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIDiE2ltERKDiS2_": { + "name": "char_traits::lt", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIDsE2ltERKDsS2_": { + "name": "char_traits::lt", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIwE2ltERKwS2_": { + "name": "char_traits::lt", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIcE4moveEPcPKcy": { + "name": "char_traits::move", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIDiE4moveEPDiPKDiy": { + "name": "char_traits::move", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIDsE4moveEPDsPKDsy": { + "name": "char_traits::move", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIwE4moveEPwPKwy": { + "name": "char_traits::move", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIcE7not_eofERKi": { + "name": "char_traits::not_eof", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIDiE7not_eofERKj": { + "name": "char_traits::not_eof", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIDsE7not_eofERKt": { + "name": "char_traits::not_eof", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIwE7not_eofERKt": { + "name": "char_traits::not_eof", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIcE12to_char_typeERKi": { + "name": "char_traits::to_char_type", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIDiE12to_char_typeERKj": { + "name": "char_traits::to_char_type", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIDsE12to_char_typeERKt": { + "name": "char_traits::to_char_type", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIwE12to_char_typeERKt": { + "name": "char_traits::to_char_type", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIcE11to_int_typeERKc": { + "name": "char_traits::to_int_type", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIDiE11to_int_typeERKDi": { + "name": "char_traits::to_int_type", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIDsE11to_int_typeERKDs": { + "name": "char_traits::to_int_type", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIwE11to_int_typeERKw": { + "name": "char_traits::to_int_type", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "cimag": { + "name": "cimag", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "cimagf": { + "name": "cimagf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "cimagl": { + "name": "cimagl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "clearerr": { + "name": "clearerr", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "clearerr_s": { + "name": "clearerr_s", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "clog": { + "name": "clog", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "clog10": { + "name": "clog10", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "clog10f": { + "name": "clog10f", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "clog10l": { + "name": "clog10l", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "clogf": { + "name": "clogf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "clogl": { + "name": "clogl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "close": { + "name": "close", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "conj": { + "name": "conj", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "conjf": { + "name": "conjf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "conjl": { + "name": "conjl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "copysign": { + "name": "copysign", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "copysignf": { + "name": "copysignf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "copysignl": { + "name": "copysignl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "cosh": { + "name": "cosh", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "coshf": { + "name": "coshf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "coshl": { + "name": "coshl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "cpow": { + "name": "cpow", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "cpowf": { + "name": "cpowf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "cpowl": { + "name": "cpowl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "cproj": { + "name": "cproj", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "cprojf": { + "name": "cprojf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "cprojl": { + "name": "cprojl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "creal": { + "name": "creal", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "crealf": { + "name": "crealf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "creall": { + "name": "creall", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "CreateProcessA": { + "name": "CreateProcessA", + "annotation": [ + [], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [], + [], + [], + [], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [], + [] + ], + "properties": [] + }, + "CreateProcessAsUserA": { + "name": "CreateProcessAsUserA", + "annotation": [ + [], + [], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [], + [], + [], + [], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [], + [] + ], + "properties": [] + }, + "CreateProcessAsUserW": { + "name": "CreateProcessAsUserW", + "annotation": [ + [], + [], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [], + [], + [], + [], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [], + [] + ], + "properties": [] + }, + "CreateProcessW": { + "name": "CreateProcessW", + "annotation": [ + [], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [], + [], + [], + [], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [], + [] + ], + "properties": [] + }, + "CreateProcessWithLogonW": { + "name": "CreateProcessWithLogonW", + "annotation": [ + [], + [], + [], + [], + [], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [], + [] + ], + "properties": [] + }, + "CreateProcessWithTokenW": { + "name": "CreateProcessWithTokenW", + "annotation": [ + [], + [], + [], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [], + [] + ], + "properties": [] + }, + "csinh": { + "name": "csinh", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "csinhf": { + "name": "csinhf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "csinhl": { + "name": "csinhl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "csqrt": { + "name": "csqrt", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "csqrtf": { + "name": "csqrtf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "csqrtl": { + "name": "csqrtl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "ctanh": { + "name": "ctanh", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "ctanhf": { + "name": "ctanhf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "ctanhl": { + "name": "ctanhl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "_ZNSt5ctypeIcE13classic_tableEv": { + "name": "ctype::classic_table", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIwE5do_isEPKwS2_Pt": { + "name": "ctype::do_is", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIwE5do_isEtw": { + "name": "ctype::do_is", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIcE9do_narrowEcc": { + "name": "ctype::do_narrow", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIcE9do_narrowEPKcS2_cPc": { + "name": "ctype::do_narrow", + "annotation": [ + [], + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIwE9do_narrowEPKwS2_cPc": { + "name": "ctype::do_narrow", + "annotation": [ + [], + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIwE9do_narrowEwc": { + "name": "ctype::do_narrow", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIwE10do_scan_isEtPKwS2_": { + "name": "ctype::do_scan_is", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIwE11do_scan_notEtPKwS2_": { + "name": "ctype::do_scan_not", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIcE10do_tolowerEc": { + "name": "ctype::do_tolower", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIcE10do_tolowerEPcPKc": { + "name": "ctype::do_tolower", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIwE10do_tolowerEPwPKw": { + "name": "ctype::do_tolower", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIwE10do_tolowerEw": { + "name": "ctype::do_tolower", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIcE10do_toupperEc": { + "name": "ctype::do_toupper", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIcE10do_toupperEPcPKc": { + "name": "ctype::do_toupper", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIwE10do_toupperEPwPKw": { + "name": "ctype::do_toupper", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIwE10do_toupperEw": { + "name": "ctype::do_toupper", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIcE8do_widenEc": { + "name": "ctype::do_widen", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIcE8do_widenEPKcS2_Pc": { + "name": "ctype::do_widen", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIwE8do_widenEc": { + "name": "ctype::do_widen", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIwE8do_widenEPKcS2_Pw": { + "name": "ctype::do_widen", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIcE2isEPKcS2_Pt": { + "name": "ctype::is", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIcE2isEtc": { + "name": "ctype::is", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIcE6narrowEcc": { + "name": "ctype::narrow", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIcE6narrowEPKcS2_cPc": { + "name": "ctype::narrow", + "annotation": [ + [], + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIcE7scan_isEtPKcS2_": { + "name": "ctype::scan_is", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIcE8scan_notEtPKcS2_": { + "name": "ctype::scan_not", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIcE5tableEv": { + "name": "ctype::table", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIcE7tolowerEc": { + "name": "ctype::tolower", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIcE7tolowerEPcPKc": { + "name": "ctype::tolower", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIcE7toupperEc": { + "name": "ctype::toupper", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIcE7toupperEPcPKc": { + "name": "ctype::toupper", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIcE5widenEc": { + "name": "ctype::widen", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIcE5widenEPKcS2_Pc": { + "name": "ctype::widen", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZSt17current_exceptionv": { + "name": "current_exception", + "annotation": [ + [] + ], + "properties": [] + }, + "cwait": { + "name": "cwait", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "daddl": { + "name": "daddl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "ddivl": { + "name": "ddivl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "_ZSt3decRSt8ios_base": { + "name": "dec", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZSt12defaultfloatRSt8ios_base": { + "name": "defaultfloat", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "dfmal": { + "name": "dfmal", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "dirname": { + "name": "dirname", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "_ZN9__gnu_cxx3divExx": { + "name": "div", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZSt3divll": { + "name": "div", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "div": { + "name": "div", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "dmull": { + "name": "dmull", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "dpax_popen_s": { + "name": "dpax_popen_s", + "annotation": [ + [], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [] + ], + "properties": [] + }, + "dpax_system_s": { + "name": "dpax_system_s", + "annotation": [ + [], + [ + "TaintSink::Execute" + ], + [] + ], + "properties": [] + }, + "drem": { + "name": "drem", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "dremf": { + "name": "dremf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "dreml": { + "name": "dreml", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "dsqrtl": { + "name": "dsqrtl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "dsubl": { + "name": "dsubl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "ecvt": { + "name": "ecvt", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2", + "TaintPropagation::UntrustedSource:3", + "TaintPropagation::UntrustedSource:4" + ], + [], + [], + [], + [] + ], + "properties": [] + }, + "erf": { + "name": "erf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "erfc": { + "name": "erfc", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "erfcf": { + "name": "erfcf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "erfcl": { + "name": "erfcl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "erff": { + "name": "erff", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "erfl": { + "name": "erfl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "_ZNKSt3_V214error_category23default_error_conditionEi": { + "name": "error_category::default_error_condition", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt3_V214error_category10equivalentEiRKSt15error_condition": { + "name": "error_category::equivalent", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt3_V214error_category10equivalentERKSt10error_codei": { + "name": "error_category::equivalent", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt3_V214error_category7messageB5cxx11Ei": { + "name": "error_category::message", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt3_V214error_category4nameEv": { + "name": "error_category::name", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt3_V214error_categoryneERKS0_": { + "name": "error_category::operator!=", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt3_V214error_categoryltERKS0_": { + "name": "error_category::operator<", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt3_V214error_categoryeqERKS0_": { + "name": "error_category::operator==", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt10error_code6assignEiRKNSt3_V214error_categoryE": { + "name": "error_code::assign", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt10error_code8categoryEv": { + "name": "error_code::category", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNSt10error_code5clearEv": { + "name": "error_code::clear", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt10error_code23default_error_conditionEv": { + "name": "error_code::default_error_condition", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt10error_code7messageB5cxx11Ev": { + "name": "error_code::message", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt10error_code5valueEv": { + "name": "error_code::value", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNSt15error_condition6assignEiRKNSt3_V214error_categoryE": { + "name": "error_condition::assign", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt15error_condition8categoryEv": { + "name": "error_condition::category", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNSt15error_condition5clearEv": { + "name": "error_condition::clear", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt15error_condition7messageB5cxx11Ev": { + "name": "error_condition::message", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt15error_condition5valueEv": { + "name": "error_condition::value", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt9exception4whatEv": { + "name": "exception::what", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNSt15__exception_ptr13exception_ptr4swapERS0_": { + "name": "exception_ptr::swap", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "execl": { + "name": "execl", + "annotation": [ + [], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ] + ], + "properties": [] + }, + "execle": { + "name": "execle", + "annotation": [ + [], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ] + ], + "properties": [] + }, + "execlp": { + "name": "execlp", + "annotation": [ + [], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ] + ], + "properties": [] + }, + "execlpe": { + "name": "execlpe", + "annotation": [ + [], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ] + ], + "properties": [] + }, + "execv": { + "name": "execv", + "annotation": [ + [], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ] + ], + "properties": [] + }, + "execve": { + "name": "execve", + "annotation": [ + [], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ] + ], + "properties": [] + }, + "execvp": { + "name": "execvp", + "annotation": [ + [], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ] + ], + "properties": [] + }, + "execvpe": { + "name": "execvpe", + "annotation": [ + [], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ] + ], + "properties": [] + }, + "exit": { + "name": "exit", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "exp": { + "name": "exp", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "exp10": { + "name": "exp10", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "exp10f": { + "name": "exp10f", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "exp10l": { + "name": "exp10l", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "exp2": { + "name": "exp2", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "exp2f": { + "name": "exp2f", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "exp2l": { + "name": "exp2l", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "expf": { + "name": "expf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "expl": { + "name": "expl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "expm1": { + "name": "expm1", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "expm1f": { + "name": "expm1f", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "expm1l": { + "name": "expm1l", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "fabs": { + "name": "fabs", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "fabsf": { + "name": "fabsf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "fabsl": { + "name": "fabsl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "fadd": { + "name": "fadd", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "faddl": { + "name": "faddl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fclose": { + "name": "fclose", + "annotation": [ + [], + [ + "Deref" + ] + ], + "properties": [] + }, + "fcloseall": { + "name": "fcloseall", + "annotation": [ + [] + ], + "properties": [] + }, + "fcvt": { + "name": "fcvt", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2", + "TaintPropagation::UntrustedSource:3", + "TaintPropagation::UntrustedSource:4" + ], + [], + [], + [ + "Deref" + ], + [ + "Deref" + ] + ], + "properties": [] + }, + "fdim": { + "name": "fdim", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fdimf": { + "name": "fdimf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fdiml": { + "name": "fdiml", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fdiv": { + "name": "fdiv", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fdivl": { + "name": "fdivl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fdopen": { + "name": "fdopen", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "feof": { + "name": "feof", + "annotation": [ + [], + [ + "Deref" + ] + ], + "properties": [] + }, + "ferror": { + "name": "ferror", + "annotation": [ + [], + [ + "Deref" + ] + ], + "properties": [] + }, + "fflush": { + "name": "fflush", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "ffma": { + "name": "ffma", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "ffmal": { + "name": "ffmal", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fgetc": { + "name": "fgetc", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [ + "Deref" + ] + ], + "properties": [] + }, + "fgetchar": { + "name": "fgetchar", + "annotation": [ + [] + ], + "properties": [] + }, + "fgetpos": { + "name": "fgetpos", + "annotation": [ + [], + [ + "Deref" + ], + [ + "Deref" + ] + ], + "properties": [] + }, + "fgetpos64": { + "name": "fgetpos64", + "annotation": [ + [], + [ + "Deref" + ], + [ + "Deref" + ] + ], + "properties": [] + }, + "fgets": { + "name": "fgets", + "annotation": [ + [ + "InitNull", + "TaintOutput::UntrustedSource" + ], + [ + "Deref", + "TaintOutput::UntrustedSource" + ], + [], + [ + "Deref" + ] + ], + "properties": [] + }, + "fgetwc": { + "name": "fgetwc", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [ + "Deref" + ] + ], + "properties": [] + }, + "fgetws": { + "name": "fgetws", + "annotation": [ + [ + "InitNull", + "TaintOutput::UntrustedSource" + ], + [ + "Deref", + "TaintOutput::UntrustedSource" + ], + [], + [ + "Deref" + ] + ], + "properties": [] + }, + "fileno": { + "name": "fileno", + "annotation": [ + [], + [ + "Deref" + ] + ], + "properties": [] + }, + "_ZSt5fixedRSt8ios_base": { + "name": "fixed", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "floor": { + "name": "floor", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "floorf": { + "name": "floorf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "floorl": { + "name": "floorl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "flushall": { + "name": "flushall", + "annotation": [ + [] + ], + "properties": [] + }, + "fma": { + "name": "fma", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fmaf": { + "name": "fmaf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fmal": { + "name": "fmal", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fmax": { + "name": "fmax", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fmaxf": { + "name": "fmaxf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fmaximum": { + "name": "fmaximum", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fmaximum_mag": { + "name": "fmaximum_mag", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fmaximum_mag_num": { + "name": "fmaximum_mag_num", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fmaximum_mag_numf": { + "name": "fmaximum_mag_numf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fmaximum_mag_numl": { + "name": "fmaximum_mag_numl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fmaximum_magf": { + "name": "fmaximum_magf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fmaximum_magl": { + "name": "fmaximum_magl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fmaximum_num": { + "name": "fmaximum_num", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fmaximum_numf": { + "name": "fmaximum_numf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fmaximum_numl": { + "name": "fmaximum_numl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fmaximumf": { + "name": "fmaximumf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fmaximuml": { + "name": "fmaximuml", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fmaxl": { + "name": "fmaxl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fmaxmag": { + "name": "fmaxmag", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fmaxmagf": { + "name": "fmaxmagf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fmaxmagl": { + "name": "fmaxmagl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fmemopen": { + "name": "fmemopen", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "fmin": { + "name": "fmin", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fminf": { + "name": "fminf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fminimum": { + "name": "fminimum", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fminimum_mag": { + "name": "fminimum_mag", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fminimum_mag_num": { + "name": "fminimum_mag_num", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fminimum_mag_numf": { + "name": "fminimum_mag_numf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fminimum_mag_numl": { + "name": "fminimum_mag_numl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fminimum_magf": { + "name": "fminimum_magf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fminimum_magl": { + "name": "fminimum_magl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fminimum_num": { + "name": "fminimum_num", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fminimum_numf": { + "name": "fminimum_numf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fminimum_numl": { + "name": "fminimum_numl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fminimumf": { + "name": "fminimumf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fminimuml": { + "name": "fminimuml", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fminl": { + "name": "fminl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fminmag": { + "name": "fminmag", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fminmagf": { + "name": "fminmagf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fminmagl": { + "name": "fminmagl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fmod": { + "name": "fmod", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fmodf": { + "name": "fmodf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fmodl": { + "name": "fmodl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fmul": { + "name": "fmul", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fmull": { + "name": "fmull", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fopen": { + "name": "fopen", + "annotation": [ + [ + "InitNull" + ], + [ + "TaintSink::PathString" + ], + [] + ], + "properties": [] + }, + "fopen64": { + "name": "fopen64", + "annotation": [ + [ + "InitNull" + ], + [ + "TaintSink::PathString" + ], + [] + ], + "properties": [] + }, + "fopen_s": { + "name": "fopen_s", + "annotation": [ + [], + [ + "InitNull:*:!=0" + ], + [ + "TaintSink::PathString" + ], + [ + "FreeSink::4" + ] + ], + "properties": [] + }, + "_Z7fprintfP6_iobufPKcz": { + "name": "fprintf", + "annotation": [ + [], + [ + "Deref" + ], + [ + "TaintSink::FormatString", + "TaintSink::SensitiveDataLeak" + ], + [ + "TaintSink::SensitiveDataLeak" + ] + ], + "properties": [] + }, + "fprintf": { + "name": "fprintf", + "annotation": [ + [], + [ + "Deref" + ], + [ + "TaintSink::FormatString", + "TaintSink::SensitiveDataLeak" + ], + [ + "TaintSink::SensitiveDataLeak" + ] + ], + "properties": [] + }, + "fprintf_s": { + "name": "fprintf_s", + "annotation": [ + [], + [], + [ + "TaintSink::FormatString", + "TaintSink::SensitiveDataLeak" + ], + [ + "TaintSink::SensitiveDataLeak" + ] + ], + "properties": [] + }, + "fputc": { + "name": "fputc", + "annotation": [ + [], + [], + [ + "Deref" + ] + ], + "properties": [] + }, + "fputchar": { + "name": "fputchar", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "fputs": { + "name": "fputs", + "annotation": [ + [], + [ + "Deref" + ], + [ + "Deref" + ] + ], + "properties": [] + }, + "fputwc": { + "name": "fputwc", + "annotation": [ + [], + [], + [ + "Deref" + ] + ], + "properties": [] + }, + "fputws": { + "name": "fputws", + "annotation": [ + [], + [ + "Deref" + ], + [ + "Deref" + ] + ], + "properties": [] + }, + "fread": { + "name": "fread", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [ + "Deref", + "TaintOutput::UntrustedSource" + ], + [], + [], + [ + "Deref" + ] + ], + "properties": [] + }, + "fread_s": { + "name": "fread_s", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [ + "TaintOutput::UntrustedSource" + ], + [], + [], + [], + [] + ], + "properties": [] + }, + "free": { + "name": "free", + "annotation": [ + [], + [ + "FreeSink::1" + ] + ], + "properties": [] + }, + "freopen": { + "name": "freopen", + "annotation": [ + [ + "InitNull" + ], + [], + [], + [ + "Deref" + ] + ], + "properties": [] + }, + "freopen64": { + "name": "freopen64", + "annotation": [ + [ + "InitNull" + ], + [], + [], + [ + "Deref" + ] + ], + "properties": [] + }, + "freopen_s": { + "name": "freopen_s", + "annotation": [ + [], + [ + "InitNull:*:!=0" + ], + [], + [], + [ + "FreeSink::4" + ] + ], + "properties": [] + }, + "fromfp": { + "name": "fromfp", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "fromfpf": { + "name": "fromfpf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "fromfpl": { + "name": "fromfpl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "fromfpx": { + "name": "fromfpx", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "fromfpxf": { + "name": "fromfpxf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "fromfpxl": { + "name": "fromfpxl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "fscanf": { + "name": "fscanf", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [ + "Deref" + ], + [ + "TaintSink::FormatString" + ], + [ + "TaintOutput::UntrustedSource" + ] + ], + "properties": [] + }, + "fscanf_s": { + "name": "fscanf_s", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [ + "Deref" + ], + [ + "TaintSink::FormatString" + ], + [ + "TaintOutput::UntrustedSource" + ] + ], + "properties": [] + }, + "fseek": { + "name": "fseek", + "annotation": [ + [], + [ + "Deref" + ], + [], + [] + ], + "properties": [] + }, + "fseeko": { + "name": "fseeko", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "fseeko64": { + "name": "fseeko64", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "fsetpos": { + "name": "fsetpos", + "annotation": [ + [], + [ + "Deref" + ], + [ + "Deref" + ] + ], + "properties": [] + }, + "fsetpos64": { + "name": "fsetpos64", + "annotation": [ + [], + [ + "Deref" + ], + [ + "Deref" + ] + ], + "properties": [] + }, + "fsqrt": { + "name": "fsqrt", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fsqrtl": { + "name": "fsqrtl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fstat": { + "name": "fstat", + "annotation": [ + [], + [], + [ + "TaintPropagation::UntrustedSource:1" + ] + ], + "properties": [] + }, + "fsub": { + "name": "fsub", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fsubl": { + "name": "fsubl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "ftell": { + "name": "ftell", + "annotation": [ + [], + [ + "Deref" + ] + ], + "properties": [] + }, + "ftello": { + "name": "ftello", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "ftello64": { + "name": "ftello64", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "ftime": { + "name": "ftime", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "fwide": { + "name": "fwide", + "annotation": [ + [], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "fwprintf": { + "name": "fwprintf", + "annotation": [ + [], + [ + "Deref" + ], + [ + "TaintSink::FormatString", + "TaintSink::SensitiveDataLeak" + ], + [ + "TaintSink::SensitiveDataLeak" + ] + ], + "properties": [] + }, + "fwprintf_s": { + "name": "fwprintf_s", + "annotation": [ + [], + [], + [ + "TaintSink::FormatString", + "TaintSink::SensitiveDataLeak" + ], + [ + "TaintSink::SensitiveDataLeak" + ] + ], + "properties": [] + }, + "fwrite": { + "name": "fwrite", + "annotation": [ + [], + [ + "Deref", + "TaintSink::SensitiveDataLeak" + ], + [], + [], + [ + "Deref" + ] + ], + "properties": [] + }, + "fwscanf": { + "name": "fwscanf", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [ + "Deref" + ], + [ + "TaintSink::FormatString" + ], + [ + "TaintOutput::UntrustedSource" + ] + ], + "properties": [] + }, + "g_spawn_async": { + "name": "g_spawn_async", + "annotation": [ + [], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [], + [], + [], + [], + [] + ], + "properties": [] + }, + "g_spawn_command_line_async": { + "name": "g_spawn_command_line_async", + "annotation": [ + [], + [ + "TaintSink::Execute" + ], + [] + ], + "properties": [] + }, + "g_spawn_command_line_sync": { + "name": "g_spawn_command_line_sync", + "annotation": [ + [], + [ + "TaintSink::Execute" + ], + [] + ], + "properties": [] + }, + "g_spawn_sync": { + "name": "g_spawn_sync", + "annotation": [ + [], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [], + [], + [], + [], + [], + [], + [] + ], + "properties": [] + }, + "gamma": { + "name": "gamma", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "gammaf": { + "name": "gammaf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "gammal": { + "name": "gammal", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "gcvt": { + "name": "gcvt", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt3_V216generic_categoryEv": { + "name": "generic_category", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZSt15get_new_handlerv": { + "name": "get_new_handler", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZSt13get_terminatev": { + "name": "get_terminate", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZSt14get_unexpectedv": { + "name": "get_unexpected", + "annotation": [ + [] + ], + "properties": [] + }, + "getc": { + "name": "getc", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [ + "Deref" + ] + ], + "properties": [] + }, + "getchar": { + "name": "getchar", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ] + ], + "properties": [] + }, + "getenv": { + "name": "getenv", + "annotation": [ + [ + "TaintOutput::UntrustedSource", + "TaintOutput::SensitiveDataSource" + ], + [ + "Deref" + ] + ], + "properties": [] + }, + "getenv_s": { + "name": "getenv_s", + "annotation": [ + [], + [ + "Deref" + ], + [ + "Deref", + "TaintOutput::UntrustedSource", + "TaintOutput::SensitiveDataSource" + ], + [], + [] + ], + "properties": [] + }, + "getpid": { + "name": "getpid", + "annotation": [ + [] + ], + "properties": [] + }, + "gets": { + "name": "gets", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [ + "TaintOutput::UntrustedSource", + "Deref" + ] + ], + "properties": [] + }, + "gets_s": { + "name": "gets_s", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [ + "TaintOutput::UntrustedSource", + "Deref" + ], + [] + ], + "properties": [] + }, + "getw": { + "name": "getw", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [ + "Deref" + ] + ], + "properties": [] + }, + "getwc": { + "name": "getwc", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [ + "Deref" + ] + ], + "properties": [] + }, + "getwchar": { + "name": "getwchar", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ] + ], + "properties": [] + }, + "_ZNKSt7greaterIPVKvEclES1_S1_": { + "name": "greater::operator()", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt13greater_equalIPVKvEclES1_S1_": { + "name": "greater_equal::operator()", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashIaEclEa": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashIbEclEb": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashIcEclEc": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashIdEclEd": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashIDiEclEDi": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashIDnEclEDn": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashIDsEclEDs": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashIeEclEe": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashIfEclEf": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashIhEclEh": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashIiEclEi": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashIjEclEj": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashIlEclEl": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashImEclEm": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashInEclEn": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEEclERKS5_": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashINSt7__cxx1112basic_stringIDiSt11char_traitsIDiESaIDiEEEEclERKS5_": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashINSt7__cxx1112basic_stringIDsSt11char_traitsIDsESaIDsEEEEclERKS5_": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashINSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEEEEclERKS5_": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashIoEclEo": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashIsEclEs": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashISt10error_codeEclERKS0_": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashISt15error_conditionEclERKS0_": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashISt17basic_string_viewIcSt11char_traitsIcEEEclERKS3_": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashISt17basic_string_viewIDiSt11char_traitsIDiEEEclERKS3_": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashISt17basic_string_viewIDsSt11char_traitsIDsEEEclERKS3_": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashISt17basic_string_viewIwSt11char_traitsIwEEEclERKS3_": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashItEclEt": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashIwEclEw": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashIxEclEx": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashIyEclEy": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZSt3hexRSt8ios_base": { + "name": "hex", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZSt8hexfloatRSt8ios_base": { + "name": "hexfloat", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "htonl": { + "name": "htonl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "htons": { + "name": "htons", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "hypot": { + "name": "hypot", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "hypotf": { + "name": "hypotf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "hypotl": { + "name": "hypotl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "ilogb": { + "name": "ilogb", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "ilogbf": { + "name": "ilogbf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "ilogbl": { + "name": "ilogbl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "_ZSt8internalRSt8ios_base": { + "name": "internal", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt8ios_base5flagsEv": { + "name": "ios_base::flags", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNSt8ios_base5flagsESt13_Ios_Fmtflags": { + "name": "ios_base::flags", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt8ios_base6getlocEv": { + "name": "ios_base::getloc", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNSt8ios_base5imbueERKSt6locale": { + "name": "ios_base::imbue", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt8ios_base5iwordEi": { + "name": "ios_base::iword", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt8ios_base9precisionEv": { + "name": "ios_base::precision", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNSt8ios_base9precisionEx": { + "name": "ios_base::precision", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt8ios_base5pwordEi": { + "name": "ios_base::pword", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt8ios_base17register_callbackEPFvNS_5eventERS_iEi": { + "name": "ios_base::register_callback", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt8ios_base4setfESt13_Ios_Fmtflags": { + "name": "ios_base::setf", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt8ios_base4setfESt13_Ios_FmtflagsS0_": { + "name": "ios_base::setf", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt8ios_base15sync_with_stdioEb": { + "name": "ios_base::sync_with_stdio", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt8ios_base6unsetfESt13_Ios_Fmtflags": { + "name": "ios_base::unsetf", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt8ios_base5widthEv": { + "name": "ios_base::width", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNSt8ios_base5widthEx": { + "name": "ios_base::width", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt8ios_base6xallocEv": { + "name": "ios_base::xalloc", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZSt17iostream_categoryv": { + "name": "iostream_category", + "annotation": [ + [] + ], + "properties": [] + }, + "is_wctype": { + "name": "is_wctype", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "isalnum": { + "name": "isalnum", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "isalpha": { + "name": "isalpha", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "isblank": { + "name": "isblank", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "iscntrl": { + "name": "iscntrl", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "isdigit": { + "name": "isdigit", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "isgraph": { + "name": "isgraph", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "isleadbyte": { + "name": "isleadbyte", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "islower": { + "name": "islower", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "isprint": { + "name": "isprint", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "ispunct": { + "name": "ispunct", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "isspace": { + "name": "isspace", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "isupper": { + "name": "isupper", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "iswalnum": { + "name": "iswalnum", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "iswalpha": { + "name": "iswalpha", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "iswascii": { + "name": "iswascii", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "iswblank": { + "name": "iswblank", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "iswcntrl": { + "name": "iswcntrl", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "iswctype": { + "name": "iswctype", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "iswdigit": { + "name": "iswdigit", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "iswgraph": { + "name": "iswgraph", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "iswlower": { + "name": "iswlower", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "iswprint": { + "name": "iswprint", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "iswpunct": { + "name": "iswpunct", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "iswspace": { + "name": "iswspace", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "iswupper": { + "name": "iswupper", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "iswxdigit": { + "name": "iswxdigit", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "isxdigit": { + "name": "isxdigit", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "itoa": { + "name": "itoa", + "annotation": [ + [], + [], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "j0": { + "name": "j0", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "j0f": { + "name": "j0f", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "j0l": { + "name": "j0l", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "j1": { + "name": "j1", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "j1f": { + "name": "j1f", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "j1l": { + "name": "j1l", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "jn": { + "name": "jn", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "jnf": { + "name": "jnf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "jnl": { + "name": "jnl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "labs": { + "name": "labs", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "_ZSt7launderPKv": { + "name": "launder", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZSt7launderPv": { + "name": "launder", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZSt7launderPVKv": { + "name": "launder", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZSt7launderPVv": { + "name": "launder", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "ldiv": { + "name": "ldiv", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZSt4leftRSt8ios_base": { + "name": "left", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4lessIPKNSt3_V214error_categoryEEclES3_S3_": { + "name": "less::operator()", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt4lessIPVKvEclES1_S1_": { + "name": "less::operator()", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt10less_equalIPVKvEclES1_S1_": { + "name": "less_equal::operator()", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "lgamma": { + "name": "lgamma", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "lgamma_r": { + "name": "lgamma_r", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "lgammaf": { + "name": "lgammaf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "lgammaf_r": { + "name": "lgammaf_r", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "lgammal": { + "name": "lgammal", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "lgammal_r": { + "name": "lgammal_r", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "llabs": { + "name": "llabs", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "lldiv": { + "name": "lldiv", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "llogb": { + "name": "llogb", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "llogbf": { + "name": "llogbf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "llogbl": { + "name": "llogbl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "llrint": { + "name": "llrint", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "llrintf": { + "name": "llrintf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "llrintl": { + "name": "llrintl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "llround": { + "name": "llround", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "llroundf": { + "name": "llroundf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "llroundl": { + "name": "llroundl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "lltoa": { + "name": "lltoa", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "lltow": { + "name": "lltow", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt6locale7classicEv": { + "name": "locale::classic", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNSt6locale6globalERKS_": { + "name": "locale::global", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt6locale4nameB5cxx11Ev": { + "name": "locale::name", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt6localeneERKS_": { + "name": "locale::operator!=", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt6localeeqERKS_": { + "name": "locale::operator==", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "localeconv": { + "name": "localeconv", + "annotation": [ + [] + ], + "properties": [] + }, + "log": { + "name": "log", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "log10f": { + "name": "log10f", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "log10l": { + "name": "log10l", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "log1p": { + "name": "log1p", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "log1pf": { + "name": "log1pf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "log1pl": { + "name": "log1pl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "log2": { + "name": "log2", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "log2f": { + "name": "log2f", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "log2l": { + "name": "log2l", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "logb": { + "name": "logb", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "logbf": { + "name": "logbf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "logbl": { + "name": "logbl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "logf": { + "name": "logf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "_ZNKSt11logic_error4whatEv": { + "name": "logic_error::what", + "annotation": [ + [] + ], + "properties": [] + }, + "logl": { + "name": "logl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "LogonUserA": { + "name": "LogonUserA", + "annotation": [ + [], + [], + [], + [ + "TaintOutput::SensitiveDataSource" + ], + [], + [], + [] + ], + "properties": [] + }, + "LogonUserW": { + "name": "LogonUserW", + "annotation": [ + [], + [], + [], + [ + "TaintOutput::SensitiveDataSource" + ], + [], + [], + [] + ], + "properties": [] + }, + "lrint": { + "name": "lrint", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "lrintf": { + "name": "lrintf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "lrintl": { + "name": "lrintl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "lround": { + "name": "lround", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "lroundf": { + "name": "lroundf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "lroundl": { + "name": "lroundl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "lseek": { + "name": "lseek", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:2" + ], + [], + [], + [] + ], + "properties": [] + }, + "ltoa": { + "name": "ltoa", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "main": { + "name": "main", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZSt15make_error_codeSt4errc": { + "name": "make_error_code", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZSt15make_error_codeSt7io_errc": { + "name": "make_error_code", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZSt20make_error_conditionSt4errc": { + "name": "make_error_condition", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZSt20make_error_conditionSt7io_errc": { + "name": "make_error_condition", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "malloc": { + "name": "malloc", + "annotation": [ + [ + "AllocSource::1", + "InitNull" + ], + [ + "TaintSink::Execute" + ] + ], + "properties": [] + }, + "mblen": { + "name": "mblen", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "mbrlen": { + "name": "mbrlen", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "mbrtowc": { + "name": "mbrtowc", + "annotation": [ + [], + [], + [], + [], + [] + ], + "properties": [] + }, + "mbsinit": { + "name": "mbsinit", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "mbsnrtowcs": { + "name": "mbsnrtowcs", + "annotation": [ + [], + [ + "TaintPropagation::UntrustedSource:2" + ], + [], + [], + [] + ], + "properties": [] + }, + "mbsrtowcs": { + "name": "mbsrtowcs", + "annotation": [ + [], + [ + "TaintPropagation::UntrustedSource:2" + ], + [], + [], + [] + ], + "properties": [] + }, + "mbsrtowcs_s": { + "name": "mbsrtowcs_s", + "annotation": [ + [], + [ + "TaintPropagation::UntrustedSource:2" + ], + [], + [], + [], + [], + [] + ], + "properties": [] + }, + "mbstowcs": { + "name": "mbstowcs", + "annotation": [ + [], + [ + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "mbstowcs_s": { + "name": "mbstowcs_s", + "annotation": [ + [], + [ + "TaintPropagation::UntrustedSource:2" + ], + [], + [], + [], + [] + ], + "properties": [] + }, + "mbtowc": { + "name": "mbtowc", + "annotation": [ + [], + [ + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "memccpy": { + "name": "memccpy", + "annotation": [ + [], + [ + "Deref", + "TaintPropagation::UntrustedSource:2" + ], + [ + "Deref" + ], + [], + [] + ], + "properties": [] + }, + "memchr": { + "name": "memchr", + "annotation": [ + [ + "InitNull", + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [], + [] + ], + "properties": [] + }, + "memcmp": { + "name": "memcmp", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [ + "Deref" + ], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "memcpy": { + "name": "memcpy", + "annotation": [ + [], + [ + "Deref", + "TaintPropagation::UntrustedSource:2" + ], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "memcpy_s": { + "name": "memcpy_s", + "annotation": [ + [], + [ + "Deref", + "TaintPropagation::UntrustedSource:3" + ], + [], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "memicmp": { + "name": "memicmp", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [ + "Deref" + ], + [ + "Deref" + ], + [], + [] + ], + "properties": [] + }, + "memmem": { + "name": "memmem", + "annotation": [ + [ + "InitNull", + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "memmove": { + "name": "memmove", + "annotation": [ + [], + [ + "Deref", + "TaintPropagation::UntrustedSource:2" + ], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "memmove_s": { + "name": "memmove_s", + "annotation": [ + [], + [ + "Deref", + "TaintPropagation::UntrustedSource:3" + ], + [], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "mempcpy": { + "name": "mempcpy", + "annotation": [ + [], + [ + "Deref", + "TaintPropagation::UntrustedSource:2" + ], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "memset": { + "name": "memset", + "annotation": [ + [], + [ + "Deref", + "TaintPropagation::UntrustedSource:1" + ], + [], + [] + ], + "properties": [] + }, + "memset_s": { + "name": "memset_s", + "annotation": [ + [], + [ + "Deref", + "TaintPropagation::UntrustedSource:1" + ], + [], + [], + [] + ], + "properties": [] + }, + "_ZSt3minIxERKT_S2_S2_": { + "name": "min", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZSt3minIyERKT_S2_S2_": { + "name": "min", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "mkstemp": { + "name": "mkstemp", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "modf": { + "name": "modf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "modff": { + "name": "modff", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "modfl": { + "name": "modfl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "nearbyint": { + "name": "nearbyint", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "nearbyintf": { + "name": "nearbyintf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "nearbyintl": { + "name": "nearbyintl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "_ZNKSt16nested_exception10nested_ptrEv": { + "name": "nested_exception::nested_ptr", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt16nested_exception14rethrow_nestedEv": { + "name": "nested_exception::rethrow_nested", + "annotation": [ + [] + ], + "properties": [] + }, + "nextafter": { + "name": "nextafter", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "nextafterf": { + "name": "nextafterf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "nextafterl": { + "name": "nextafterl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "nextdown": { + "name": "nextdown", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [], + [] + ], + "properties": [] + }, + "nextdownf": { + "name": "nextdownf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [], + [] + ], + "properties": [] + }, + "nextdownl": { + "name": "nextdownl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [], + [] + ], + "properties": [] + }, + "nexttoward": { + "name": "nexttoward", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "nexttowardf": { + "name": "nexttowardf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "nexttowardl": { + "name": "nexttowardl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "nextup": { + "name": "nextup", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [], + [] + ], + "properties": [] + }, + "nextupf": { + "name": "nextupf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [], + [] + ], + "properties": [] + }, + "nextupl": { + "name": "nextupl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [], + [] + ], + "properties": [] + }, + "_ZSt11noboolalphaRSt8ios_base": { + "name": "noboolalpha", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZSt10noshowbaseRSt8ios_base": { + "name": "noshowbase", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZSt11noshowpointRSt8ios_base": { + "name": "noshowpoint", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZSt9noshowposRSt8ios_base": { + "name": "noshowpos", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZSt8noskipwsRSt8ios_base": { + "name": "noskipws", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZSt9nounitbufRSt8ios_base": { + "name": "nounitbuf", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZSt11nouppercaseRSt8ios_base": { + "name": "nouppercase", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "ntohl": { + "name": "ntohl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "ntohs": { + "name": "ntohs", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "_ZSt3octRSt8ios_base": { + "name": "oct", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "onexit": { + "name": "onexit", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "open": { + "name": "open", + "annotation": [ + [], + [ + "TaintSink::PathString" + ], + [] + ], + "properties": [] + }, + "open64": { + "name": "open64", + "annotation": [ + [], + [ + "TaintSink::PathString" + ], + [] + ], + "properties": [] + }, + "open_memstream": { + "name": "open_memstream", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZdlPv": { + "name": "operator delete", + "annotation": [ + [], + [ + "FreeSink::2" + ] + ], + "properties": [] + }, + "_ZdlPvRKSt9nothrow_t": { + "name": "operator delete", + "annotation": [ + [], + [], + [ + "FreeSink::2" + ] + ], + "properties": [] + }, + "_ZdlPvS_": { + "name": "operator delete", + "annotation": [ + [], + [], + [ + "FreeSink::2" + ] + ], + "properties": [] + }, + "_ZdaPv": { + "name": "operator delete[]", + "annotation": [ + [], + [ + "FreeSink::3" + ] + ], + "properties": [] + }, + "_ZdaPvRKSt9nothrow_t": { + "name": "operator delete[]", + "annotation": [ + [], + [], + [ + "FreeSink::3" + ] + ], + "properties": [] + }, + "_ZdaPvS_": { + "name": "operator delete[]", + "annotation": [ + [], + [], + [ + "FreeSink::3" + ] + ], + "properties": [] + }, + "_Znwm": { + "name": "operator new", + "annotation": [ + [ + "AllocSource::2" + ], + [] + ], + "properties": [] + }, + "_Znwy": { + "name": "operator new", + "annotation": [ + [ + "AllocSource::2" + ], + [] + ], + "properties": [] + }, + "_ZnwyPv": { + "name": "operator new", + "annotation": [ + [ + "AllocSource::2" + ], + [], + [] + ], + "properties": [] + }, + "_ZnwyRKSt9nothrow_t": { + "name": "operator new", + "annotation": [ + [ + "AllocSource::2" + ], + [], + [] + ], + "properties": [] + }, + "_Znam": { + "name": "operator new[]", + "annotation": [ + [ + "AllocSource::3" + ], + [], + [] + ], + "properties": [] + }, + "_Znay": { + "name": "operator new[]", + "annotation": [ + [ + "AllocSource::3" + ], + [] + ], + "properties": [] + }, + "_ZnayPv": { + "name": "operator new[]", + "annotation": [ + [ + "AllocSource::3" + ], + [], + [] + ], + "properties": [] + }, + "_ZnayRKSt9nothrow_t": { + "name": "operator new[]", + "annotation": [ + [ + "AllocSource::3" + ], + [], + [] + ], + "properties": [] + }, + "_ZNSt15__exception_ptrneERKNS_13exception_ptrES2_": { + "name": "operator!=", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZStneRKSt10error_codeRKSt15error_condition": { + "name": "operator!=", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZStneRKSt10error_codeS1_": { + "name": "operator!=", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZStneRKSt15error_conditionRKSt10error_code": { + "name": "operator!=", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZStneRKSt15error_conditionS1_": { + "name": "operator!=", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZStanSt12_Ios_IostateS_": { + "name": "operator&", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZStanSt13_Ios_FmtflagsS_": { + "name": "operator&", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZStanSt13_Ios_OpenmodeS_": { + "name": "operator&", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZStaNRSt12_Ios_IostateS_": { + "name": "operator&=", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZStaNRSt13_Ios_FmtflagsS_": { + "name": "operator&=", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZStaNRSt13_Ios_OpenmodeS_": { + "name": "operator&=", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZStplIcSt11char_traitsIcESaIcEENSt7__cxx1112basic_stringIT_T0_T1_EEOS8_PKS5_": { + "name": "operator+", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "_ZStplIcSt11char_traitsIcESaIcEENSt7__cxx1112basic_stringIT_T0_T1_EEOS8_RKS8_": { + "name": "operator+", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "_ZStplIcSt11char_traitsIcESaIcEENSt7__cxx1112basic_stringIT_T0_T1_EEOS8_S9_": { + "name": "operator+", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "_ZStplIcSt11char_traitsIcESaIcEENSt7__cxx1112basic_stringIT_T0_T1_EEPKS5_OS8_": { + "name": "operator+", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "_ZStplIcSt11char_traitsIcESaIcEENSt7__cxx1112basic_stringIT_T0_T1_EERKS8_PKS5_": { + "name": "operator+", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "_ZStplIcSt11char_traitsIcESaIcEENSt7__cxx1112basic_stringIT_T0_T1_EERKS8_SA_": { + "name": "operator+", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "_ZStltRKSt10error_codeS1_": { + "name": "operator<", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZStltRKSt15error_conditionS1_": { + "name": "operator<", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt15__exception_ptreqERKNS_13exception_ptrES2_": { + "name": "operator==", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZSteqRKSt10error_codeRKSt15error_condition": { + "name": "operator==", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZSteqRKSt10error_codeS1_": { + "name": "operator==", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZSteqRKSt15error_conditionRKSt10error_code": { + "name": "operator==", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZSteqRKSt15error_conditionS1_": { + "name": "operator==", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZStrsIcSt11char_traitsIcEERSt13basic_istreamIT_T0_ES6_PS3_": { + "name": "operator>>", + "annotation": [ + [], + [], + [ + "TaintOutput::UntrustedSource" + ] + ], + "properties": [] + }, + "_ZStrsIcSt11char_traitsIcESaIcEERSt13basic_istreamIT_T0_ES7_RNSt7__cxx1112basic_stringIS4_S5_T1_EE": { + "name": "operator>>", + "annotation": [ + [], + [], + [ + "TaintOutput::UntrustedSource" + ] + ], + "properties": [] + }, + "_ZSteoSt12_Ios_IostateS_": { + "name": "operator^", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZSteoSt13_Ios_FmtflagsS_": { + "name": "operator^", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZSteoSt13_Ios_OpenmodeS_": { + "name": "operator^", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZSteORSt12_Ios_IostateS_": { + "name": "operator^=", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZSteORSt13_Ios_FmtflagsS_": { + "name": "operator^=", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZSteORSt13_Ios_OpenmodeS_": { + "name": "operator^=", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZStorSt12_Ios_IostateS_": { + "name": "operator|", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZStorSt13_Ios_FmtflagsS_": { + "name": "operator|", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZStorSt13_Ios_OpenmodeS_": { + "name": "operator|", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZStoRRSt12_Ios_IostateS_": { + "name": "operator|=", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZStoRRSt13_Ios_FmtflagsS_": { + "name": "operator|=", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZStoRRSt13_Ios_OpenmodeS_": { + "name": "operator|=", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZStcoSt12_Ios_Iostate": { + "name": "operator~", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZStcoSt13_Ios_Fmtflags": { + "name": "operator~", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZStcoSt13_Ios_Openmode": { + "name": "operator~", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "perror": { + "name": "perror", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "popen": { + "name": "popen", + "annotation": [ + [], + [ + "TaintSink::Execute" + ], + [] + ], + "properties": [] + }, + "popen_s": { + "name": "popen_s", + "annotation": [ + [], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [] + ], + "properties": [] + }, + "posix_spawn": { + "name": "posix_spawn", + "annotation": [ + [], + [ + "TaintSink::Execute" + ], + [], + [], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ] + ], + "properties": [] + }, + "posix_spawnp": { + "name": "posix_spawnp", + "annotation": [ + [], + [ + "TaintSink::Execute" + ], + [], + [], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ] + ], + "properties": [] + }, + "pow": { + "name": "pow", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "powf": { + "name": "powf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "powl": { + "name": "powl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "printf": { + "name": "printf", + "annotation": [ + [], + [ + "TaintSink::FormatString", + "TaintSink::SensitiveDataLeak" + ], + [ + "TaintSink::SensitiveDataLeak" + ] + ], + "properties": [] + }, + "printf_s": { + "name": "printf_s", + "annotation": [ + [], + [ + "TaintSink::FormatString", + "TaintSink::SensitiveDataLeak" + ], + [ + "TaintSink::SensitiveDataLeak" + ] + ], + "properties": [] + }, + "pthread_attr_destroy": { + "name": "pthread_attr_destroy", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_attr_getdetachstate": { + "name": "pthread_attr_getdetachstate", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_attr_getinheritsched": { + "name": "pthread_attr_getinheritsched", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_attr_getschedparam": { + "name": "pthread_attr_getschedparam", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_attr_getschedpolicy": { + "name": "pthread_attr_getschedpolicy", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_attr_getscope": { + "name": "pthread_attr_getscope", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_attr_getstackaddr": { + "name": "pthread_attr_getstackaddr", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_attr_getstacksize": { + "name": "pthread_attr_getstacksize", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_attr_init": { + "name": "pthread_attr_init", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_attr_setdetachstate": { + "name": "pthread_attr_setdetachstate", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_attr_setinheritsched": { + "name": "pthread_attr_setinheritsched", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_attr_setschedparam": { + "name": "pthread_attr_setschedparam", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_attr_setschedpolicy": { + "name": "pthread_attr_setschedpolicy", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_attr_setscope": { + "name": "pthread_attr_setscope", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_attr_setstackaddr": { + "name": "pthread_attr_setstackaddr", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_attr_setstacksize": { + "name": "pthread_attr_setstacksize", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_barrier_destroy": { + "name": "pthread_barrier_destroy", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_barrier_init": { + "name": "pthread_barrier_init", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "pthread_barrier_wait": { + "name": "pthread_barrier_wait", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_barrierattr_destroy": { + "name": "pthread_barrierattr_destroy", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_barrierattr_getpshared": { + "name": "pthread_barrierattr_getpshared", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_barrierattr_init": { + "name": "pthread_barrierattr_init", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_barrierattr_setpshared": { + "name": "pthread_barrierattr_setpshared", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_cancel": { + "name": "pthread_cancel", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_cond_broadcast": { + "name": "pthread_cond_broadcast", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_cond_destroy": { + "name": "pthread_cond_destroy", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_cond_init": { + "name": "pthread_cond_init", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_cond_signal": { + "name": "pthread_cond_signal", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_cond_timedwait": { + "name": "pthread_cond_timedwait", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "pthread_cond_timedwait_relative_np": { + "name": "pthread_cond_timedwait_relative_np", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "pthread_cond_wait": { + "name": "pthread_cond_wait", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_condattr_destroy": { + "name": "pthread_condattr_destroy", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_condattr_getclock": { + "name": "pthread_condattr_getclock", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_condattr_getpshared": { + "name": "pthread_condattr_getpshared", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_condattr_init": { + "name": "pthread_condattr_init", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_condattr_setclock": { + "name": "pthread_condattr_setclock", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_condattr_setpshared": { + "name": "pthread_condattr_setpshared", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_create": { + "name": "pthread_create", + "annotation": [ + [], + [], + [], + [], + [] + ], + "properties": [] + }, + "pthread_create_wrapper": { + "name": "pthread_create_wrapper", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_delay_np": { + "name": "pthread_delay_np", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_detach": { + "name": "pthread_detach", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_equal": { + "name": "pthread_equal", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_exit": { + "name": "pthread_exit", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_get_concurrency": { + "name": "pthread_get_concurrency", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_getclean": { + "name": "pthread_getclean", + "annotation": [ + [] + ], + "properties": [] + }, + "pthread_getconcurrency": { + "name": "pthread_getconcurrency", + "annotation": [ + [] + ], + "properties": [] + }, + "pthread_getevent": { + "name": "pthread_getevent", + "annotation": [ + [] + ], + "properties": [] + }, + "pthread_gethandle": { + "name": "pthread_gethandle", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_getname_np": { + "name": "pthread_getname_np", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "pthread_getschedparam": { + "name": "pthread_getschedparam", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "pthread_getspecific": { + "name": "pthread_getspecific", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_join": { + "name": "pthread_join", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_key_create": { + "name": "pthread_key_create", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_key_delete": { + "name": "pthread_key_delete", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_kill": { + "name": "pthread_kill", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_mutex_destroy": { + "name": "pthread_mutex_destroy", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_mutex_init": { + "name": "pthread_mutex_init", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_mutex_lock": { + "name": "pthread_mutex_lock", + "annotation": [ + [], + [ + "InitNull::!=0" + ] + ], + "properties": [] + }, + "pthread_mutex_timedlock": { + "name": "pthread_mutex_timedlock", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_mutex_trylock": { + "name": "pthread_mutex_trylock", + "annotation": [ + [], + [ + "InitNull::!=0" + ] + ], + "properties": [] + }, + "pthread_mutex_unlock": { + "name": "pthread_mutex_unlock", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_mutexattr_destroy": { + "name": "pthread_mutexattr_destroy", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_mutexattr_getprioceiling": { + "name": "pthread_mutexattr_getprioceiling", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_mutexattr_getprotocol": { + "name": "pthread_mutexattr_getprotocol", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_mutexattr_getpshared": { + "name": "pthread_mutexattr_getpshared", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_mutexattr_gettype": { + "name": "pthread_mutexattr_gettype", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_mutexattr_init": { + "name": "pthread_mutexattr_init", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_mutexattr_setprioceiling": { + "name": "pthread_mutexattr_setprioceiling", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_mutexattr_setprotocol": { + "name": "pthread_mutexattr_setprotocol", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_mutexattr_setpshared": { + "name": "pthread_mutexattr_setpshared", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_mutexattr_settype": { + "name": "pthread_mutexattr_settype", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_num_processors_np": { + "name": "pthread_num_processors_np", + "annotation": [ + [] + ], + "properties": [] + }, + "pthread_once": { + "name": "pthread_once", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_rwlock_destroy": { + "name": "pthread_rwlock_destroy", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_rwlock_init": { + "name": "pthread_rwlock_init", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_rwlock_rdlock": { + "name": "pthread_rwlock_rdlock", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_rwlock_timedrdlock": { + "name": "pthread_rwlock_timedrdlock", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_rwlock_timedwrlock": { + "name": "pthread_rwlock_timedwrlock", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_rwlock_tryrdlock": { + "name": "pthread_rwlock_tryrdlock", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_rwlock_trywrlock": { + "name": "pthread_rwlock_trywrlock", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_rwlock_unlock": { + "name": "pthread_rwlock_unlock", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_rwlock_wrlock": { + "name": "pthread_rwlock_wrlock", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_rwlockattr_destroy": { + "name": "pthread_rwlockattr_destroy", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_rwlockattr_getpshared": { + "name": "pthread_rwlockattr_getpshared", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_rwlockattr_init": { + "name": "pthread_rwlockattr_init", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_rwlockattr_setpshared": { + "name": "pthread_rwlockattr_setpshared", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_self": { + "name": "pthread_self", + "annotation": [ + [] + ], + "properties": [] + }, + "pthread_set_concurrency": { + "name": "pthread_set_concurrency", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_set_num_processors_np": { + "name": "pthread_set_num_processors_np", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_setcancelstate": { + "name": "pthread_setcancelstate", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_setcanceltype": { + "name": "pthread_setcanceltype", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_setconcurrency": { + "name": "pthread_setconcurrency", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_setname_np": { + "name": "pthread_setname_np", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_setschedparam": { + "name": "pthread_setschedparam", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "pthread_setspecific": { + "name": "pthread_setspecific", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_spin_destroy": { + "name": "pthread_spin_destroy", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_spin_init": { + "name": "pthread_spin_init", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_spin_lock": { + "name": "pthread_spin_lock", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_spin_trylock": { + "name": "pthread_spin_trylock", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_spin_unlock": { + "name": "pthread_spin_unlock", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_testcancel": { + "name": "pthread_testcancel", + "annotation": [ + [] + ], + "properties": [] + }, + "pthread_timechange_handler_np": { + "name": "pthread_timechange_handler_np", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_tls_init": { + "name": "pthread_tls_init", + "annotation": [ + [] + ], + "properties": [] + }, + "putc": { + "name": "putc", + "annotation": [ + [], + [], + [ + "Deref" + ] + ], + "properties": [] + }, + "putchar": { + "name": "putchar", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "putenv": { + "name": "putenv", + "annotation": [ + [], + [ + "TaintSink::Execute" + ] + ], + "properties": [] + }, + "puts": { + "name": "puts", + "annotation": [ + [], + [ + "Deref" + ] + ], + "properties": [] + }, + "putw": { + "name": "putw", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "putwc": { + "name": "putwc", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "putwchar": { + "name": "putwchar", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "qsort": { + "name": "qsort", + "annotation": [ + [], + [ + "Deref" + ], + [], + [], + [] + ], + "properties": [] + }, + "qsort_s": { + "name": "qsort_s", + "annotation": [ + [], + [], + [], + [], + [], + [] + ], + "properties": [] + }, + "raise": { + "name": "raise", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "rand": { + "name": "rand", + "annotation": [ + [] + ], + "properties": [] + }, + "rawmemchr": { + "name": "rawmemchr", + "annotation": [ + [ + "InitNull", + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [], + [] + ], + "properties": [] + }, + "read": { + "name": "read", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "readlink": { + "name": "readlink", + "annotation": [ + [], + [], + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "realloc": { + "name": "realloc", + "annotation": [ + [ + "AllocSource::1", + "InitNull" + ], + [], + [] + ], + "properties": [] + }, + "realpath": { + "name": "realpath", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "remainder": { + "name": "remainder", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "remainderf": { + "name": "remainderf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "remainderl": { + "name": "remainderl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "remove": { + "name": "remove", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "rename": { + "name": "rename", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZSt17rethrow_exceptionNSt15__exception_ptr13exception_ptrE": { + "name": "rethrow_exception", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "rewind": { + "name": "rewind", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZSt5rightRSt8ios_base": { + "name": "right", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "rint": { + "name": "rint", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "rintf": { + "name": "rintf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "rintl": { + "name": "rintl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "rmtmp": { + "name": "rmtmp", + "annotation": [ + [] + ], + "properties": [] + }, + "round": { + "name": "round", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "roundeven": { + "name": "roundeven", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "roundevenf": { + "name": "roundevenf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "roundevenl": { + "name": "roundevenl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "roundf": { + "name": "roundf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "roundl": { + "name": "roundl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "_ZNKSt13runtime_error4whatEv": { + "name": "runtime_error::what", + "annotation": [ + [] + ], + "properties": [] + }, + "scanf": { + "name": "scanf", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [ + "TaintSink::FormatString" + ], + [ + "TaintOutput::UntrustedSource" + ] + ], + "properties": [] + }, + "scanf_s": { + "name": "scanf_s", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [ + "TaintSink::FormatString" + ], + [ + "TaintOutput::UntrustedSource" + ] + ], + "properties": [] + }, + "sched_get_priority_max": { + "name": "sched_get_priority_max", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "sched_get_priority_min": { + "name": "sched_get_priority_min", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "sched_getscheduler": { + "name": "sched_getscheduler", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "sched_setscheduler": { + "name": "sched_setscheduler", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "sched_yield": { + "name": "sched_yield", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZSt10scientificRSt8ios_base": { + "name": "scientific", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZSt15set_new_handlerPFvvE": { + "name": "set_new_handler", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZSt13set_terminatePFvvE": { + "name": "set_terminate", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZSt14set_unexpectedPFvvE": { + "name": "set_unexpected", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "setbuf": { + "name": "setbuf", + "annotation": [ + [], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "setlocale": { + "name": "setlocale", + "annotation": [ + [ + "InitNull" + ], + [], + [] + ], + "properties": [] + }, + "setvbuf": { + "name": "setvbuf", + "annotation": [ + [], + [], + [], + [], + [] + ], + "properties": [] + }, + "ShellExecuteA": { + "name": "ShellExecuteA", + "annotation": [ + [], + [], + [], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [] + ], + "properties": [] + }, + "ShellExecuteExA": { + "name": "ShellExecuteExA", + "annotation": [ + [], + [ + "TaintSink::Execute" + ] + ], + "properties": [] + }, + "ShellExecuteExW": { + "name": "ShellExecuteExW", + "annotation": [ + [], + [ + "TaintSink::Execute" + ] + ], + "properties": [] + }, + "ShellExecuteW": { + "name": "ShellExecuteW", + "annotation": [ + [], + [], + [], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [] + ], + "properties": [] + }, + "_ZSt8showbaseRSt8ios_base": { + "name": "showbase", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZSt9showpointRSt8ios_base": { + "name": "showpoint", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZSt7showposRSt8ios_base": { + "name": "showpos", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "signal": { + "name": "signal", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "sinh": { + "name": "sinh", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "sinhf": { + "name": "sinhf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "sinhl": { + "name": "sinhl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [], + [] + ], + "properties": [] + }, + "_ZSt6skipwsRSt8ios_base": { + "name": "skipws", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_Z8snprintfPcyPKcz": { + "name": "snprintf", + "annotation": [ + [], + [ + "Deref", + "TaintPropagation::UntrustedSource:4" + ], + [], + [ + "TaintSink::FormatString" + ] + ], + "properties": [] + }, + "snprintf": { + "name": "snprintf", + "annotation": [ + [], + [ + "Deref", + "TaintPropagation::UntrustedSource:4" + ], + [], + [ + "TaintSink::FormatString" + ] + ], + "properties": [] + }, + "snprintf_s": { + "name": "snprintf_s", + "annotation": [ + [], + [ + "Deref", + "TaintPropagation::UntrustedSource:4" + ], + [], + [ + "TaintSink::FormatString" + ] + ], + "properties": [] + }, + "snwprintf": { + "name": "snwprintf", + "annotation": [ + [], + [ + "Deref" + ], + [], + [ + "TaintSink::FormatString" + ] + ], + "properties": [] + }, + "spawnl": { + "name": "spawnl", + "annotation": [ + [], + [], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ] + ], + "properties": [] + }, + "spawnle": { + "name": "spawnle", + "annotation": [ + [], + [], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ] + ], + "properties": [] + }, + "spawnlp": { + "name": "spawnlp", + "annotation": [ + [], + [], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ] + ], + "properties": [] + }, + "spawnlpe": { + "name": "spawnlpe", + "annotation": [ + [], + [], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ] + ], + "properties": [] + }, + "spawnv": { + "name": "spawnv", + "annotation": [ + [], + [], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ] + ], + "properties": [] + }, + "spawnve": { + "name": "spawnve", + "annotation": [ + [], + [], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ] + ], + "properties": [] + }, + "spawnvp": { + "name": "spawnvp", + "annotation": [ + [], + [], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ] + ], + "properties": [] + }, + "spawnvpe": { + "name": "spawnvpe", + "annotation": [ + [], + [], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ] + ], + "properties": [] + }, + "sprintf": { + "name": "sprintf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref", + "TaintPropagation::UntrustedSource:3" + ], + [ + "TaintSink::FormatString" + ] + ], + "properties": [] + }, + "sprintf_s": { + "name": "sprintf_s", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref", + "TaintPropagation::UntrustedSource:4" + ], + [], + [ + "TaintSink::FormatString" + ] + ], + "properties": [] + }, + "sqrt": { + "name": "sqrt", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "sqrtf": { + "name": "sqrtf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "sqrtl": { + "name": "sqrtl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "srand": { + "name": "srand", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "sscanf": { + "name": "sscanf", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [ + "Deref" + ], + [ + "TaintSink::FormatString" + ], + [ + "TaintPropagation::UntrustedSource:1" + ] + ], + "properties": [] + }, + "sscanf_s": { + "name": "sscanf_s", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [ + "Deref" + ], + [ + "TaintSink::FormatString" + ], + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "std::basic_ios::fill": { + "name": "std::basic_ios::fill", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [], + [] + ], + "properties": [] + }, + "std::basic_ios::narrow": { + "name": "std::basic_ios::narrow", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [], + [], + [] + ], + "properties": [] + }, + "std::basic_ios::widen": { + "name": "std::basic_ios::widen", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [], + [] + ], + "properties": [] + }, + "std::basic_istream::gcount": { + "name": "std::basic_istream::gcount", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ] + ], + "properties": [] + }, + "std::basic_istream::get": { + "name": "std::basic_istream::get", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [], + [ + "TaintOutput::UntrustedSource" + ], + [], + [] + ], + "properties": [] + }, + "std::basic_istream::getline": { + "name": "std::basic_istream::getline", + "annotation": [ + [], + [], + [ + "TaintOutput::UntrustedSource" + ], + [] + ], + "properties": [] + }, + "std::basic_istream::operator<<": { + "name": "std::basic_istream::operator<<", + "annotation": [ + [], + [], + [ + "TaintSink::SensitiveDataLeak" + ] + ], + "properties": [] + }, + "std::basic_istream::operator>>": { + "name": "std::basic_istream::operator>>", + "annotation": [ + [], + [], + [ + "TaintOutput::UntrustedSource" + ] + ], + "properties": [] + }, + "std::basic_istream::peek": { + "name": "std::basic_istream::peek", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ] + ], + "properties": [] + }, + "std::basic_istream::read": { + "name": "std::basic_istream::read", + "annotation": [ + [], + [], + [ + "TaintOutput::UntrustedSource" + ], + [] + ], + "properties": [] + }, + "std::basic_istream::readsome": { + "name": "std::basic_istream::readsome", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [], + [ + "TaintOutput::UntrustedSource" + ], + [] + ], + "properties": [] + }, + "std::basic_istream::tellg": { + "name": "std::basic_istream::tellg", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [] + ], + "properties": [] + }, + "std::basic_string::copy": { + "name": "std::basic_string::copy", + "annotation": [ + [], + [], + [ + "TaintPropagation::UntrustedSource:1" + ], + [], + [] + ], + "properties": [] + }, + "std::deque::deque<_Tp, _Alloc>": { + "name": "std::deque::deque<_Tp, _Alloc>", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "std::deque::resize": { + "name": "std::deque::resize", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "std::forward_list::forward_list<_Tp, _Alloc>": { + "name": "std::forward_list::forward_list<_Tp, _Alloc>", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "std::forward_list::resize": { + "name": "std::forward_list::resize", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "std::fpos::operator long": { + "name": "std::fpos::operator long", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ] + ], + "properties": [] + }, + "std::fpos::operator long long": { + "name": "std::fpos::operator long long", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ] + ], + "properties": [] + }, + "std::from_chars": { + "name": "std::from_chars", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:4" + ], + [ + "Deref" + ], + [], + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:4" + ], + [] + ], + "properties": [] + }, + "std::list::list<_Tp, _Alloc>": { + "name": "std::list::list<_Tp, _Alloc>", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "std::list::resize": { + "name": "std::list::resize", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "std::make_shared": { + "name": "std::make_shared", + "annotation": [ + [] + ], + "properties": [] + }, + "std::make_unique": { + "name": "std::make_unique", + "annotation": [ + [] + ], + "properties": [] + }, + "std::max": { + "name": "std::max", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "std::min": { + "name": "std::min", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "std::shared_ptr::get": { + "name": "std::shared_ptr::get", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "std::shared_ptr::shared_ptr<_Tp>": { + "name": "std::shared_ptr::shared_ptr<_Tp>", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "std::to_chars": { + "name": "std::to_chars", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:3", + "TaintPropagation::UntrustedSource:4" + ], + [ + "Deref", + "TaintPropagation::UntrustedSource:3", + "TaintPropagation::UntrustedSource:4" + ], + [], + [], + [] + ], + "properties": [] + }, + "std::unique_ptr::get": { + "name": "std::unique_ptr::get", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "std::unique_ptr::unique_ptr<_Tp, _Dp>": { + "name": "std::unique_ptr::unique_ptr<_Tp, _Dp>", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "std::vector::reserve": { + "name": "std::vector::reserve", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "std::vector::resize": { + "name": "std::vector::resize", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "std::vector::vector<_Tp, _Alloc>": { + "name": "std::vector::vector<_Tp, _Alloc>", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx114stodERKNS_12basic_stringIcSt11char_traitsIcESaIcEEEPy": { + "name": "stod", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx114stodERKNS_12basic_stringIwSt11char_traitsIwESaIwEEEPy": { + "name": "stod", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx114stofERKNS_12basic_stringIcSt11char_traitsIcESaIcEEEPy": { + "name": "stof", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx114stofERKNS_12basic_stringIwSt11char_traitsIwESaIwEEEPy": { + "name": "stof", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx114stoiERKNS_12basic_stringIcSt11char_traitsIcESaIcEEEPyi": { + "name": "stoi", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx114stoiERKNS_12basic_stringIwSt11char_traitsIwESaIwEEEPyi": { + "name": "stoi", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx114stolERKNS_12basic_stringIcSt11char_traitsIcESaIcEEEPyi": { + "name": "stol", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx114stolERKNS_12basic_stringIwSt11char_traitsIwESaIwEEEPyi": { + "name": "stol", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx115stoldERKNS_12basic_stringIcSt11char_traitsIcESaIcEEEPy": { + "name": "stold", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx115stoldERKNS_12basic_stringIwSt11char_traitsIwESaIwEEEPy": { + "name": "stold", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx115stollERKNS_12basic_stringIcSt11char_traitsIcESaIcEEEPyi": { + "name": "stoll", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx115stollERKNS_12basic_stringIwSt11char_traitsIwESaIwEEEPyi": { + "name": "stoll", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx115stoulERKNS_12basic_stringIcSt11char_traitsIcESaIcEEEPyi": { + "name": "stoul", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx115stoulERKNS_12basic_stringIwSt11char_traitsIwESaIwEEEPyi": { + "name": "stoul", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx116stoullERKNS_12basic_stringIcSt11char_traitsIcESaIcEEEPyi": { + "name": "stoull", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx116stoullERKNS_12basic_stringIwSt11char_traitsIwESaIwEEEPyi": { + "name": "stoull", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [], + [] + ], + "properties": [] + }, + "stpcpy": { + "name": "stpcpy", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:2" + ], + [ + "Deref", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "strcasecmp": { + "name": "strcasecmp", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "strcasestr": { + "name": "strcasestr", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [], + [] + ], + "properties": [] + }, + "strcat": { + "name": "strcat", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [ + "Deref", + "TaintPropagation::UntrustedSource:2" + ], + [ + "Deref" + ] + ], + "properties": [] + }, + "strcat_s": { + "name": "strcat_s", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:3" + ], + [ + "Deref", + "TaintPropagation::UntrustedSource:3" + ], + [], + [ + "Deref" + ] + ], + "properties": [] + }, + "strchr": { + "name": "strchr", + "annotation": [ + [ + "InitNull", + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "strchrnul": { + "name": "strchrnul", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "strcmp": { + "name": "strcmp", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [ + "Deref" + ], + [ + "Deref" + ] + ], + "properties": [] + }, + "strcoll": { + "name": "strcoll", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "strcpy": { + "name": "strcpy", + "annotation": [ + [], + [ + "Deref", + "TaintPropagation::UntrustedSource:2" + ], + [ + "Deref" + ] + ], + "properties": [] + }, + "strcpy_s": { + "name": "strcpy_s", + "annotation": [ + [], + [ + "Deref", + "TaintPropagation::UntrustedSource:3" + ], + [], + [ + "Deref" + ] + ], + "properties": [] + }, + "strcspn": { + "name": "strcspn", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [], + [] + ], + "properties": [] + }, + "strdup": { + "name": "strdup", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ] + ], + "properties": [] + }, + "strfromd": { + "name": "strfromd", + "annotation": [ + [], + [ + "TaintPropagation::UntrustedSource:4" + ], + [] + ], + "properties": [] + }, + "strfromf": { + "name": "strfromf", + "annotation": [ + [], + [ + "TaintPropagation::UntrustedSource:4" + ], + [] + ], + "properties": [] + }, + "strfroml": { + "name": "strfroml", + "annotation": [ + [], + [ + "TaintPropagation::UntrustedSource:4" + ], + [] + ], + "properties": [] + }, + "strlen": { + "name": "strlen", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ] + ], + "properties": [] + }, + "strncasecmp": { + "name": "strncasecmp", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [ + "Deref" + ], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "strncat": { + "name": "strncat", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [ + "Deref", + "TaintPropagation::UntrustedSource:2" + ], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "strncat_s": { + "name": "strncat_s", + "annotation": [ + [], + [ + "Deref" + ], + [], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "strncmp": { + "name": "strncmp", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [ + "Deref" + ], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "strncpy": { + "name": "strncpy", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:2", + "TaintPropagation::UntrustedSource:1" + ], + [ + "TaintPropagation::UntrustedSource:2", + "Deref" + ], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "strncpy_s": { + "name": "strncpy_s", + "annotation": [ + [], + [ + "TaintPropagation::UntrustedSource:3", + "Deref" + ], + [], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "strndup": { + "name": "strndup", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ] + ], + "properties": [] + }, + "strnlen": { + "name": "strnlen", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ] + ], + "properties": [] + }, + "strnset": { + "name": "strnset", + "annotation": [ + [], + [ + "Deref" + ], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "strpbrk": { + "name": "strpbrk", + "annotation": [ + [ + "InitNull", + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "strrchr": { + "name": "strrchr", + "annotation": [ + [ + "InitNull", + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "strsep": { + "name": "strsep", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [], + [] + ], + "properties": [] + }, + "strset": { + "name": "strset", + "annotation": [ + [], + [ + "Deref" + ], + [ + "Deref" + ] + ], + "properties": [] + }, + "strspn": { + "name": "strspn", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [ + "Deref" + ] + ], + "properties": [] + }, + "strstr": { + "name": "strstr", + "annotation": [ + [ + "InitNull", + "TaintPropagation::UntrustedSource:1" + ], + [], + [] + ], + "properties": [] + }, + "_ZL6strtodPKcPPc": { + "name": "strtod", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "strtod": { + "name": "strtod", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "_ZL6strtofPKcPPc": { + "name": "strtof", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "strtok": { + "name": "strtok", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [], + [] + ], + "properties": [] + }, + "strtok_r": { + "name": "strtok_r", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [], + [] + ], + "properties": [] + }, + "strtok_s": { + "name": "strtok_s", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [ + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "strtol": { + "name": "strtol", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [], + [] + ], + "properties": [] + }, + "strtold": { + "name": "strtold", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "strtoll": { + "name": "strtoll", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [], + [] + ], + "properties": [] + }, + "strtoul": { + "name": "strtoul", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [], + [] + ], + "properties": [] + }, + "strtoull": { + "name": "strtoull", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [], + [] + ], + "properties": [] + }, + "strverscmp": { + "name": "strverscmp", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "strxfrm": { + "name": "strxfrm", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:2", + "TaintPropagation::UntrustedSource:1" + ], + [ + "TaintPropagation::UntrustedSource:2", + "Deref" + ], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "swab": { + "name": "swab", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt15__exception_ptr4swapERNS_13exception_ptrES1_": { + "name": "swap", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZL8swprintfPwPKwz": { + "name": "swprintf", + "annotation": [ + [], + [ + "Deref", + "TaintPropagation::UntrustedSource:3" + ], + [ + "TaintSink::FormatString" + ] + ], + "properties": [] + }, + "_ZL8swprintfPwyPKwz": { + "name": "swprintf", + "annotation": [ + [], + [ + "Deref", + "TaintPropagation::UntrustedSource:3" + ], + [ + "TaintSink::FormatString" + ] + ], + "properties": [] + }, + "swprintf": { + "name": "swprintf", + "annotation": [ + [], + [ + "Deref", + "TaintPropagation::UntrustedSource:3" + ], + [ + "TaintSink::FormatString" + ] + ], + "properties": [] + }, + "swprintf_s": { + "name": "swprintf_s", + "annotation": [ + [], + [ + "Deref", + "TaintPropagation::UntrustedSource:3" + ], + [], + [ + "TaintSink::FormatString" + ] + ], + "properties": [] + }, + "swscanf": { + "name": "swscanf", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [ + "Deref" + ], + [ + "TaintSink::FormatString" + ], + [ + "TaintPropagation::UntrustedSource:1" + ] + ], + "properties": [] + }, + "swscanf_s": { + "name": "swscanf_s", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [ + "Deref" + ], + [ + "TaintSink::FormatString" + ], + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "system": { + "name": "system", + "annotation": [ + [], + [ + "TaintSink::Execute" + ] + ], + "properties": [] + }, + "_ZNSt3_V215system_categoryEv": { + "name": "system_category", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt12system_error4codeEv": { + "name": "system_error::code", + "annotation": [ + [] + ], + "properties": [] + }, + "system_s": { + "name": "system_s", + "annotation": [ + [], + [ + "TaintSink::Execute" + ], + [] + ], + "properties": [] + }, + "tanh": { + "name": "tanh", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "tanhf": { + "name": "tanhf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "tanhl": { + "name": "tanhl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [], + [] + ], + "properties": [] + }, + "tempnam": { + "name": "tempnam", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZSt9terminatev": { + "name": "terminate", + "annotation": [ + [] + ], + "properties": [] + }, + "tgamma": { + "name": "tgamma", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "tgammaf": { + "name": "tgammaf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "tgammal": { + "name": "tgammal", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "tmpfile": { + "name": "tmpfile", + "annotation": [ + [] + ], + "properties": [] + }, + "tmpnam": { + "name": "tmpnam", + "annotation": [ + [ + "InitNull" + ], + [] + ], + "properties": [] + }, + "tmpnam_s": { + "name": "tmpnam_s", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx119to_stringEd": { + "name": "to_string", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx119to_stringEe": { + "name": "to_string", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx119to_stringEf": { + "name": "to_string", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx119to_stringEi": { + "name": "to_string", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx119to_stringEj": { + "name": "to_string", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx119to_stringEl": { + "name": "to_string", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx119to_stringEm": { + "name": "to_string", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx119to_stringEx": { + "name": "to_string", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx119to_stringEy": { + "name": "to_string", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx1110to_wstringEd": { + "name": "to_wstring", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx1110to_wstringEe": { + "name": "to_wstring", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx1110to_wstringEf": { + "name": "to_wstring", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx1110to_wstringEi": { + "name": "to_wstring", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx1110to_wstringEj": { + "name": "to_wstring", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx1110to_wstringEl": { + "name": "to_wstring", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx1110to_wstringEm": { + "name": "to_wstring", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx1110to_wstringEx": { + "name": "to_wstring", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx1110to_wstringEy": { + "name": "to_wstring", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "toascii": { + "name": "toascii", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "tolower": { + "name": "tolower", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "toupper": { + "name": "toupper", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "towctrans": { + "name": "towctrans", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [], + [] + ], + "properties": [] + }, + "towlower": { + "name": "towlower", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "towupper": { + "name": "towupper", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "trunc": { + "name": "trunc", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "truncf": { + "name": "truncf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "truncl": { + "name": "truncl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "_ZNKSt9type_info6beforeERKS_": { + "name": "type_info::before", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt9type_info9hash_codeEv": { + "name": "type_info::hash_code", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt9type_info4nameEv": { + "name": "type_info::name", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt9type_infoneERKS_": { + "name": "type_info::operator!=", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt9type_infoeqERKS_": { + "name": "type_info::operator==", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "ufromfp": { + "name": "ufromfp", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "ufromfpf": { + "name": "ufromfpf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "ufromfpl": { + "name": "ufromfpl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "ulltoa": { + "name": "ulltoa", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "ulltow": { + "name": "ulltow", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "ultoa": { + "name": "ultoa", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZSt18uncaught_exceptionv": { + "name": "uncaught_exception", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZSt19uncaught_exceptionsv": { + "name": "uncaught_exceptions", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZSt10unexpectedv": { + "name": "unexpected", + "annotation": [ + [] + ], + "properties": [] + }, + "ungetc": { + "name": "ungetc", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "ungetwc": { + "name": "ungetwc", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZSt7unitbufRSt8ios_base": { + "name": "unitbuf", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "unlink": { + "name": "unlink", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZSt9uppercaseRSt8ios_base": { + "name": "uppercase", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_Z8vfprintfP6_iobufPKcPc": { + "name": "vfprintf", + "annotation": [ + [], + [ + "Deref" + ], + [ + "TaintSink::FormatString" + ] + ], + "properties": [] + }, + "vfprintf_s": { + "name": "vfprintf_s", + "annotation": [ + [], + [ + "Deref" + ], + [], + [ + "TaintSink::FormatString" + ] + ], + "properties": [] + }, + "vfscanf": { + "name": "vfscanf", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [ + "Deref" + ], + [ + "TaintSink::FormatString" + ], + [ + "TaintOutput::UntrustedSource" + ] + ], + "properties": [] + }, + "_Z7vfscanfP6_iobufPKcPc": { + "name": "vfscanf", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [ + "Deref" + ], + [ + "TaintSink::FormatString" + ], + [ + "TaintOutput::UntrustedSource" + ] + ], + "properties": [] + }, + "vfscanf_s": { + "name": "vfscanf_s", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [], + [ + "TaintSink::FormatString" + ], + [ + "TaintOutput::UntrustedSource" + ], + [] + ], + "properties": [] + }, + "vfwprintf": { + "name": "vfwprintf", + "annotation": [ + [], + [ + "Deref" + ], + [ + "TaintSink::FormatString" + ] + ], + "properties": [] + }, + "vfwprintf_s": { + "name": "vfwprintf_s", + "annotation": [ + [], + [ + "Deref" + ], + [], + [ + "TaintSink::FormatString" + ] + ], + "properties": [] + }, + "vfwscanf": { + "name": "vfwscanf", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [ + "Deref" + ], + [ + "TaintSink::FormatString" + ], + [ + "TaintOutput::UntrustedSource" + ] + ], + "properties": [] + }, + "_Z7vprintfPKcPc": { + "name": "vprintf", + "annotation": [ + [], + [], + [ + "TaintSink::FormatString" + ] + ], + "properties": [] + }, + "vprintf": { + "name": "vprintf", + "annotation": [ + [], + [], + [ + "TaintSink::FormatString" + ] + ], + "properties": [] + }, + "vprintf_s": { + "name": "vprintf_s", + "annotation": [ [], + [], + [ + "TaintSink::FormatString" + ] + ], + "properties": [] + }, + "vscanf": { + "name": "vscanf", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [ + "TaintSink::FormatString" + ], + [ + "TaintOutput::UntrustedSource" + ] + ], + "properties": [] + }, + "vscanf_s": { + "name": "vscanf_s", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [ + "TaintSink::FormatString" + ], + [ + "TaintOutput::UntrustedSource" + ], [] ], "properties": [] }, - "realloc": { - "name": "realloc", + "_Z9vsnprintfPcyPKcS_": { + "name": "vsnprintf", + "annotation": [ + [], + [ + "Deref", + "TaintPropagation::UntrustedSource:4" + ], + [], + [ + "TaintSink::FormatString" + ] + ], + "properties": [] + }, + "vsnprintf_s": { + "name": "vsnprintf_s", + "annotation": [ + [], + [ + "Deref", + "TaintPropagation::UntrustedSource:5" + ], + [], + [], + [ + "TaintSink::FormatString" + ] + ], + "properties": [] + }, + "vsnwprintf": { + "name": "vsnwprintf", "annotation": [ + [], [ - "AllocSource::1", - "InitNull" + "Deref", + "TaintPropagation::UntrustedSource:4" ], [], - [] + [ + "TaintSink::FormatString" + ] ], "properties": [] }, - "setbuf": { - "name": "setbuf", + "_Z8vsprintfPcPKcS_": { + "name": "vsprintf", "annotation": [ - [], [ - "Deref" + "TaintPropagation::UntrustedSource:1" ], - [] + [ + "Deref", + "TaintPropagation::UntrustedSource:3" + ], + [ + "TaintSink::FormatString" + ] ], "properties": [] }, - "setlocale": { - "name": "setlocale", + "vsprintf": { + "name": "vsprintf", "annotation": [ [ - "InitNull" + "TaintPropagation::UntrustedSource:1" ], - [], - [] + [ + "Deref", + "TaintPropagation::UntrustedSource:3" + ], + [ + "TaintSink::FormatString" + ] ], "properties": [] }, - "snprintf": { - "name": "snprintf", + "vsprintf_s": { + "name": "vsprintf_s", "annotation": [ - [], [ - "Deref" + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref", + "TaintPropagation::UntrustedSource:4" ], [], - [] + [ + "TaintSink::FormatString" + ] ], "properties": [] }, - "snprintf_s": { - "name": "snprintf_s", + "vsscanf": { + "name": "vsscanf", "annotation": [ - [], + [ + "TaintOutput::UntrustedSource" + ], [ "Deref" ], - [], - [] + [ + "TaintSink::FormatString" + ], + [ + "Deref", + "TaintPropagation::UntrustedSource:1" + ] ], "properties": [] }, - "snwprintf": { - "name": "snwprintf", + "vsscanf_s": { + "name": "vsscanf_s", "annotation": [ - [], [ - "Deref" + "TaintOutput::UntrustedSource" ], [], + [ + "TaintSink::FormatString" + ], + [ + "TaintOutput::UntrustedSource" + ], [] ], "properties": [] }, - "sprintf": { - "name": "sprintf", + "_ZL9vswprintfPwPKwPc": { + "name": "vswprintf", "annotation": [ [], [ - "Deref" + "TaintPropagation::UntrustedSource:4" ], - [] + [], + [ + "TaintSink::FormatString" + ] ], "properties": [] }, - "sprintf_s": { - "name": "sprintf_s", + "_ZL9vswprintfPwyPKwPc": { + "name": "vswprintf", "annotation": [ [], - [ - "Deref" - ], [], - [] + [], + [], + [ + "TaintSink::FormatString" + ] ], "properties": [] }, - "sscanf": { - "name": "sscanf", + "vswprintf_s": { + "name": "vswprintf_s", "annotation": [ [], [ - "Deref" + "TaintPropagation::UntrustedSource:4" ], [], - [] + [ + "TaintSink::FormatString" + ] ], "properties": [] }, - "sscanf_s": { - "name": "sscanf_s", + "vswscanf": { + "name": "vswscanf", "annotation": [ - [], + [ + "TaintOutput::UntrustedSource" + ], [ "Deref" ], + [ + "TaintSink::FormatString" + ], + [ + "Deref", + "TaintPropagation::UntrustedSource:1" + ] + ], + "properties": [] + }, + "vwprintf": { + "name": "vwprintf", + "annotation": [ [], [], - [] + [ + "TaintSink::FormatString" + ] ], "properties": [] }, - "std::from_chars": { - "name": "std::from_chars", + "vwprintf_s": { + "name": "vwprintf_s", "annotation": [ + [], [], [ - "Deref" + "TaintSink::FormatString" + ] + ], + "properties": [] + }, + "vwscanf": { + "name": "vwscanf", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [ + "TaintSink::FormatString" + ], + [ + "TaintOutput::UntrustedSource" + ] + ], + "properties": [] + }, + "wcpcpy": { + "name": "wcpcpy", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:2" + ], + [ + "TaintPropagation::UntrustedSource:2" ], + [] + ], + "properties": [] + }, + "wcrtomb": { + "name": "wcrtomb", + "annotation": [ + [], [], [], [] ], "properties": [] }, - "std::to_chars": { - "name": "std::to_chars", + "wcrtomb_s": { + "name": "wcrtomb_s", "annotation": [ [], - [ - "Deref" - ], + [], + [], [], [], [] ], "properties": [] }, - "stpcpy": { - "name": "stpcpy", + "wcscasecmp": { + "name": "wcscasecmp", "annotation": [ - [], [ - "Deref" + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" ], + [], [] ], "properties": [] }, - "strcat": { - "name": "strcat", + "wcscat": { + "name": "wcscat", "annotation": [ - [], + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], [ "Deref" ], @@ -1001,10 +12689,13 @@ ], "properties": [] }, - "strcat_s": { - "name": "strcat_s", + "wcscat_s": { + "name": "wcscat_s", "annotation": [ - [], + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], [ "Deref" ], @@ -1015,11 +12706,12 @@ ], "properties": [] }, - "strchr": { - "name": "strchr", + "_ZSt6wcschrPww": { + "name": "wcschr", "annotation": [ [ - "InitNull" + "InitNull", + "TaintPropagation::UntrustedSource:1" ], [ "Deref" @@ -1028,10 +12720,13 @@ ], "properties": [] }, - "strchrnul": { - "name": "strchrnul", + "wcschr": { + "name": "wcschr", "annotation": [ - [], + [ + "InitNull", + "TaintPropagation::UntrustedSource:1" + ], [ "Deref" ], @@ -1039,8 +12734,38 @@ ], "properties": [] }, - "strcmp": { - "name": "strcmp", + "wcschrnul": { + "name": "wcschrnul", + "annotation": [ + [ + "InitNull", + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "wcscmp": { + "name": "wcscmp", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [ + "Deref" + ], + [ + "Deref" + ] + ], + "properties": [] + }, + "wcscoll": { + "name": "wcscoll", "annotation": [ [], [ @@ -1052,8 +12777,8 @@ ], "properties": [] }, - "strcpy": { - "name": "strcpy", + "wcscpy": { + "name": "wcscpy", "annotation": [ [], [ @@ -1065,8 +12790,8 @@ ], "properties": [] }, - "strcpy_s": { - "name": "strcpy_s", + "wcscpy_s": { + "name": "wcscpy_s", "annotation": [ [], [ @@ -1079,30 +12804,87 @@ ], "properties": [] }, - "strdup": { - "name": "strdup", + "wcscspn": { + "name": "wcscspn", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [ + "Deref" + ] + ], + "properties": [] + }, + "wcsdup": { + "name": "wcsdup", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "wcsftime": { + "name": "wcsftime", + "annotation": [ + [], + [], + [], + [], + [ + "Deref" + ] + ], + "properties": [] + }, + "wcsicmp": { + "name": "wcsicmp", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "wcsicoll": { + "name": "wcsicoll", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "wcslen": { + "name": "wcslen", "annotation": [ - [], [ - "Deref" - ] + "TaintPropagation::UntrustedSource:1" + ], + [] ], "properties": [] }, - "strlen": { - "name": "strlen", + "wcslwr": { + "name": "wcslwr", "annotation": [ [], - [ - "Deref" - ] + [] ], "properties": [] }, - "strncasecmp": { - "name": "strncasecmp", + "wcsncasecmp": { + "name": "wcsncasecmp", "annotation": [ - [], + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], [ "Deref" ], @@ -1113,10 +12895,13 @@ ], "properties": [] }, - "strncat": { - "name": "strncat", + "wcsncat": { + "name": "wcsncat", "annotation": [ - [], + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], [ "Deref" ], @@ -1127,10 +12912,13 @@ ], "properties": [] }, - "strncat_s": { - "name": "strncat_s", + "wcsncat_s": { + "name": "wcsncat_s", "annotation": [ - [], + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], [ "Deref" ], @@ -1142,10 +12930,13 @@ ], "properties": [] }, - "strncmp": { - "name": "strncmp", + "wcsncmp": { + "name": "wcsncmp", "annotation": [ - [], + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], [ "Deref" ], @@ -1156,11 +12947,15 @@ ], "properties": [] }, - "strncpy": { - "name": "strncpy", + "wcsncpy": { + "name": "wcsncpy", "annotation": [ - [], [ + "TaintPropagation::UntrustedSource:2", + "TaintPropagation::UntrustedSource:1" + ], + [ + "TaintPropagation::UntrustedSource:2", "Deref" ], [ @@ -1170,11 +12965,15 @@ ], "properties": [] }, - "strncpy_s": { - "name": "strncpy_s", + "wcsncpy_s": { + "name": "wcsncpy_s", "annotation": [ - [], [ + "TaintPropagation::UntrustedSource:2", + "TaintPropagation::UntrustedSource:1" + ], + [ + "TaintPropagation::UntrustedSource:2", "Deref" ], [], @@ -1185,70 +12984,64 @@ ], "properties": [] }, - "strndup": { - "name": "strndup", + "wcsnicmp": { + "name": "wcsnicmp", "annotation": [ [], - [ - "Deref" - ] + [], + [], + [] ], "properties": [] }, - "strnlen": { - "name": "strnlen", + "wcsnlen": { + "name": "wcsnlen", "annotation": [ [], - [ - "Deref" - ] + [], + [] ], "properties": [] }, - "strnset": { - "name": "strnset", + "wcsnlen_s": { + "name": "wcsnlen_s", "annotation": [ [], - [ - "Deref" - ], - [ - "Deref" - ], + [], [] ], "properties": [] }, - "strpbrk": { - "name": "strpbrk", + "wcsnrtombs": { + "name": "wcsnrtombs", "annotation": [ + [], [ - "InitNull" - ], - [ - "Deref" + "TaintPropagation::UntrustedSource:2" ], + [], + [], [] ], "properties": [] }, - "strrchr": { - "name": "strrchr", + "wcsnset": { + "name": "wcsnset", "annotation": [ - [ - "InitNull" - ], - [ - "Deref" - ], + [], + [], + [], [] ], "properties": [] }, - "strset": { - "name": "strset", + "_ZSt7wcspbrkPwPKw": { + "name": "wcspbrk", "annotation": [ - [], + [ + "TaintPropagation::UntrustedSource:1", + "InitNull" + ], [ "Deref" ], @@ -1258,10 +13051,13 @@ ], "properties": [] }, - "strspn": { - "name": "strspn", + "wcspbrk": { + "name": "wcspbrk", "annotation": [ - [], + [ + "TaintPropagation::UntrustedSource:1", + "InitNull" + ], [ "Deref" ], @@ -1271,21 +13067,13 @@ ], "properties": [] }, - "strstr": { - "name": "strstr", + "_ZSt7wcsrchrPww": { + "name": "wcsrchr", "annotation": [ [ + "TaintPropagation::UntrustedSource:1", "InitNull" ], - [], - [] - ], - "properties": [] - }, - "strtod": { - "name": "strtod", - "annotation": [ - [], [ "Deref" ], @@ -1293,163 +13081,125 @@ ], "properties": [] }, - "strtol": { - "name": "strtol", + "wcsrchr": { + "name": "wcsrchr", "annotation": [ - [], + [ + "TaintPropagation::UntrustedSource:1", + "InitNull" + ], [ "Deref" ], - [], [] ], "properties": [] }, - "strtold": { - "name": "strtold", + "wcsrev": { + "name": "wcsrev", "annotation": [ [], - [ - "Deref" - ], [] ], "properties": [] }, - "strtoll": { - "name": "strtoll", + "wcsrtombs": { + "name": "wcsrtombs", "annotation": [ [], [ - "Deref" + "TaintPropagation::UntrustedSource:2" ], [], + [], [] ], "properties": [] }, - "strtoul": { - "name": "strtoul", + "wcsrtombs_s": { + "name": "wcsrtombs_s", "annotation": [ [], [ - "Deref" + "TaintPropagation::UntrustedSource:2" ], [], + [], + [], + [], [] ], "properties": [] }, - "strtoull": { - "name": "strtoull", + "wcsset": { + "name": "wcsset", "annotation": [ [], - [ - "Deref" - ], [], [] ], "properties": [] }, - "strxfrm": { - "name": "strxfrm", + "wcsspn": { + "name": "wcsspn", "annotation": [ - [], [ - "Deref" + "TaintPropagation::UntrustedSource:1" ], [ "Deref" ], - [] - ], - "properties": [] - }, - "swprintf": { - "name": "swprintf", - "annotation": [ - [], [ "Deref" - ], - [] + ] ], "properties": [] }, - "swprintf_s": { - "name": "swprintf_s", + "_ZSt6wcsstrPwPKw": { + "name": "wcsstr", "annotation": [ - [], [ - "Deref" + "TaintPropagation::UntrustedSource:1", + "InitNull" ], - [], - [] - ], - "properties": [] - }, - "swscanf": { - "name": "swscanf", - "annotation": [ - [], [ "Deref" ], - [], - [] - ], - "properties": [] - }, - "swscanf_s": { - "name": "swscanf_s", - "annotation": [ - [], [ "Deref" - ], - [], - [], - [] + ] ], "properties": [] }, - "tmpnam": { - "name": "tmpnam", + "wcsstr": { + "name": "wcsstr", "annotation": [ [ + "TaintPropagation::UntrustedSource:1", "InitNull" ], - [] - ], - "properties": [] - }, - "vfprintf_s": { - "name": "vfprintf_s", - "annotation": [ - [], [ "Deref" ], - [], - [] + [ + "Deref" + ] ], "properties": [] }, - "vfscanf": { - "name": "vfscanf", + "_ZL6wcstodPKwPPw": { + "name": "wcstod", "annotation": [ [], [ "Deref" ], - [], [] ], "properties": [] }, - "vfwprintf": { - "name": "vfwprintf", + "_ZL6wcstofPKwPPw": { + "name": "wcstof", "annotation": [ [], [ @@ -1459,139 +13209,127 @@ ], "properties": [] }, - "vfwprintf_s": { - "name": "vfwprintf_s", + "wcstok": { + "name": "wcstok", "annotation": [ - [], [ - "Deref" + "TaintPropagation::UntrustedSource:1" ], [], [] ], "properties": [] }, - "vfwscanf": { - "name": "vfwscanf", + "wcstok_s": { + "name": "wcstok_s", "annotation": [ - [], [ - "Deref" + "TaintPropagation::UntrustedSource:1" ], [], + [], [] ], "properties": [] }, - "vsnprintf_s": { - "name": "vsnprintf_s", + "wcstol": { + "name": "wcstol", "annotation": [ [], [ "Deref" ], [], - [], [] ], "properties": [] }, - "vsnwprintf": { - "name": "vsnwprintf", + "wcstold": { + "name": "wcstold", "annotation": [ [], [ "Deref" ], - [], [] ], "properties": [] }, - "vsprintf": { - "name": "vsprintf", + "wcstoll": { + "name": "wcstoll", "annotation": [ [], [ "Deref" ], + [], [] ], "properties": [] }, - "vsprintf_s": { - "name": "vsprintf_s", + "wcstombs": { + "name": "wcstombs", "annotation": [ [], [ - "Deref" + "TaintPropagation::UntrustedSource:2" ], [], [] ], "properties": [] }, - "vsscanf": { - "name": "vsscanf", + "wcstombs_s": { + "name": "wcstombs_s", "annotation": [ [], [ - "Deref" + "TaintPropagation::UntrustedSource:2" ], [], - [ - "Deref" - ] + [], + [], + [] ], "properties": [] }, - "vswscanf": { - "name": "vswscanf", + "wcstoul": { + "name": "wcstoul", "annotation": [ [], [ "Deref" ], [], - [ - "Deref" - ] + [] ], "properties": [] }, - "wcscat": { - "name": "wcscat", + "wcstoull": { + "name": "wcstoull", "annotation": [ [], [ "Deref" ], - [ - "Deref" - ] + [], + [] ], "properties": [] }, - "wcscat_s": { - "name": "wcscat_s", + "wcsupr": { + "name": "wcsupr", "annotation": [ [], - [ - "Deref" - ], - [], - [ - "Deref" - ] + [] ], "properties": [] }, - "wcschr": { - "name": "wcschr", + "wcsxfrm": { + "name": "wcsxfrm", "annotation": [ - [ - "InitNull" - ], + [], + [], [ "Deref" ], @@ -1599,102 +13337,95 @@ ], "properties": [] }, - "wcschrnul": { - "name": "wcschrnul", + "wctob": { + "name": "wctob", "annotation": [ [ - "InitNull" - ], - [ - "Deref" + "TaintPropagation::UntrustedSource:1" ], [] ], "properties": [] }, - "wcscmp": { - "name": "wcscmp", + "wctomb": { + "name": "wctomb", "annotation": [ [], [ - "Deref" + "TaintPropagation::UntrustedSource:2" ], - [ - "Deref" - ] + [] ], "properties": [] }, - "wcscoll": { - "name": "wcscoll", + "wctrans": { + "name": "wctrans", "annotation": [ [], - [ - "Deref" - ], [ "Deref" ] ], "properties": [] }, - "wcscpy": { - "name": "wcscpy", + "wctype": { + "name": "wctype", "annotation": [ [], - [ - "Deref" - ], [ "Deref" ] ], "properties": [] }, - "wcscpy_s": { - "name": "wcscpy_s", + "WinExec": { + "name": "WinExec", "annotation": [ [], [ - "Deref" + "TaintSink::Execute" ], - [], - [ - "Deref" - ] + [] ], "properties": [] }, - "wcscspn": { - "name": "wcscspn", + "_ZSt7wmemchrPwwy": { + "name": "wmemchr", "annotation": [ - [], [ - "Deref" + "InitNull", + "TaintPropagation::UntrustedSource:1" ], [ "Deref" - ] + ], + [], + [] ], "properties": [] }, - "wcsftime": { - "name": "wcsftime", + "wmemchr": { + "name": "wmemchr", "annotation": [ - [], - [], - [], - [], + [ + "InitNull", + "TaintPropagation::UntrustedSource:1" + ], [ "Deref" - ] + ], + [], + [] ], "properties": [] }, - "wcsncasecmp": { - "name": "wcsncasecmp", + "wmemcmp": { + "name": "wmemcmp", "annotation": [ - [], + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], [ "Deref" ], @@ -1705,12 +13436,13 @@ ], "properties": [] }, - "wcsncat": { - "name": "wcsncat", + "wmemcpy": { + "name": "wmemcpy", "annotation": [ [], [ - "Deref" + "Deref", + "TaintPropagation::UntrustedSource:2" ], [ "Deref" @@ -1719,12 +13451,13 @@ ], "properties": [] }, - "wcsncat_s": { - "name": "wcsncat_s", + "wmemcpy_s": { + "name": "wmemcpy_s", "annotation": [ [], [ - "Deref" + "Deref", + "TaintPropagation::UntrustedSource:3" ], [], [ @@ -1734,12 +13467,13 @@ ], "properties": [] }, - "wcsncmp": { - "name": "wcsncmp", + "wmemmove": { + "name": "wmemmove", "annotation": [ [], [ - "Deref" + "Deref", + "TaintPropagation::UntrustedSource:2" ], [ "Deref" @@ -1748,13 +13482,15 @@ ], "properties": [] }, - "wcsncpy": { - "name": "wcsncpy", + "wmemmove_s": { + "name": "wmemmove_s", "annotation": [ [], [ - "Deref" + "Deref", + "TaintPropagation::UntrustedSource:3" ], + [], [ "Deref" ], @@ -1762,14 +13498,14 @@ ], "properties": [] }, - "wcsncpy_s": { - "name": "wcsncpy_s", + "wmempcpy": { + "name": "wmempcpy", "annotation": [ [], [ - "Deref" + "Deref", + "TaintPropagation::UntrustedSource:2" ], - [], [ "Deref" ], @@ -1777,251 +13513,206 @@ ], "properties": [] }, - "wcspbrk": { - "name": "wcspbrk", + "wmemset": { + "name": "wmemset", "annotation": [ + [], [ - "InitNull" - ], - [ - "Deref" + "TaintPropagation::UntrustedSource:2" ], - [ - "Deref" - ] + [], + [] ], "properties": [] }, - "wcsrchr": { - "name": "wcsrchr", + "wprintf": { + "name": "wprintf", "annotation": [ + [], [ - "InitNull" + "TaintSink::FormatString", + "TaintSink::SensitiveDataLeak" ], [ - "Deref" - ], - [] + "TaintSink::SensitiveDataLeak" + ] ], "properties": [] }, - "wcsspn": { - "name": "wcsspn", + "wprintf_s": { + "name": "wprintf_s", "annotation": [ [], [ - "Deref" + "TaintSink::FormatString", + "TaintSink::SensitiveDataLeak" ], [ - "Deref" + "TaintSink::SensitiveDataLeak" ] ], "properties": [] }, - "wcsstr": { - "name": "wcsstr", + "wscanf": { + "name": "wscanf", "annotation": [ [ - "InitNull" + "TaintOutput::UntrustedSource" ], [ - "Deref" + "TaintSink::FormatString" ], [ - "Deref" + "TaintOutput::UntrustedSource" ] ], "properties": [] }, - "wcstol": { - "name": "wcstol", + "wtoll": { + "name": "wtoll", "annotation": [ - [], - [ - "Deref" - ], [], [] ], "properties": [] }, - "wcstold": { - "name": "wcstold", + "y0": { + "name": "y0", "annotation": [ - [], [ - "Deref" + "TaintPropagation::UntrustedSource:1" ], [] ], "properties": [] }, - "wcstoll": { - "name": "wcstoll", + "y0f": { + "name": "y0f", "annotation": [ - [], [ - "Deref" + "TaintPropagation::UntrustedSource:1" ], - [], [] ], "properties": [] }, - "wcstoul": { - "name": "wcstoul", + "y0l": { + "name": "y0l", "annotation": [ - [], [ - "Deref" + "TaintPropagation::UntrustedSource:1" ], - [], [] ], "properties": [] }, - "wcstoull": { - "name": "wcstoull", + "y1": { + "name": "y1", "annotation": [ - [], [ - "Deref" + "TaintPropagation::UntrustedSource:1" ], - [], [] ], "properties": [] }, - "wcsxfrm": { - "name": "wcsxfrm", + "y1f": { + "name": "y1f", "annotation": [ - [], - [], [ - "Deref" + "TaintPropagation::UntrustedSource:1" ], [] ], "properties": [] }, - "wctrans": { - "name": "wctrans", - "annotation": [ - [], - [ - "Deref" - ] - ], - "properties": [] - }, - "wctype": { - "name": "wctype", + "y1l": { + "name": "y1l", "annotation": [ - [], [ - "Deref" - ] + "TaintPropagation::UntrustedSource:1" + ], + [] ], "properties": [] }, - "wmemchr": { - "name": "wmemchr", + "yn": { + "name": "yn", "annotation": [ [ - "InitNull" - ], - [ - "Deref" + "TaintPropagation::UntrustedSource:1" ], - [], [] ], "properties": [] }, - "wmemcmp": { - "name": "wmemcmp", + "ynf": { + "name": "ynf", "annotation": [ - [], - [ - "Deref" - ], [ - "Deref" + "TaintPropagation::UntrustedSource:1" ], [] ], "properties": [] }, - "wmemcpy": { - "name": "wmemcpy", + "ynl": { + "name": "ynl", "annotation": [ - [], - [ - "Deref" - ], [ - "Deref" + "TaintPropagation::UntrustedSource:1" ], [] ], "properties": [] }, - "wmemcpy_s": { - "name": "wmemcpy_s", + "recv": { + "name": "recv", "annotation": [ [], - [ - "Deref" - ], [], [ - "Deref" + "TaintOutput::UntrustedSource" ], + [], [] ], "properties": [] }, - "wmemmove": { - "name": "wmemmove", + "_ZNSt14basic_ifstreamIcSt11char_traitsIcEE4openEPKcSt13_Ios_Openmode": { + "name": "basic_ifstream::char_traits::open", "annotation": [ + [], [], [ - "Deref" - ], - [ - "Deref" + "TaintSink::PathString" ], [] ], "properties": [] }, - "wmemmove_s": { - "name": "wmemmove_s", + "_ZNSt14basic_ofstreamIcSt11char_traitsIcEE4openEPKcSt13_Ios_Openmode": { + "name": "basic_ofstream::char_traits::open", "annotation": [ [], - [ - "Deref" - ], [], [ - "Deref" + "TaintSink::PathString" ], [] ], "properties": [] }, - "wmempcpy": { - "name": "wmempcpy", + "_ZNSt14basic_fstreamIcSt11char_traitsIcEE4openEPKcSt13_Ios_Openmode": { + "name": "basic_fstream::char_traits::open", "annotation": [ + [], [], [ - "Deref" - ], - [ - "Deref" + "TaintSink::PathString" ], [] ], "properties": [] } -} +} \ No newline at end of file diff --git a/configs/taint-annotations.json b/configs/taint-annotations.json new file mode 100644 index 0000000000..58f99ce08a --- /dev/null +++ b/configs/taint-annotations.json @@ -0,0 +1,26 @@ +{ + "SensitiveDataLeak": [ + { + "source": "SensitiveDataSource", + "rule": "TAINT.SDE" + } + ], + "FormatString": [ + { + "source": "UntrustedSource", + "rule": "SV.STR.FMT.TAINT" + } + ], + "Execute": [ + { + "source": "UntrustedSource", + "rule": "TAINT.STRING.CLI" + } + ], + "PathString": [ + { + "source": "UntrustedSource", + "rule": "TAINT.STRING.PATH" + } + ] +} diff --git a/include/klee/Core/BranchTypes.h b/include/klee/Core/BranchTypes.h index 1c8af978c4..0a695b3ca8 100644 --- a/include/klee/Core/BranchTypes.h +++ b/include/klee/Core/BranchTypes.h @@ -25,7 +25,8 @@ BTYPE(Realloc, 8U) \ BTYPE(Free, 9U) \ BTYPE(GetVal, 10U) \ - BMARK(END, 10U) + BTYPE(Taint, 11U) \ + BMARK(END, 11U) /// \endcond /** @enum BranchType diff --git a/include/klee/Core/Interpreter.h b/include/klee/Core/Interpreter.h index aceb78dcfc..f63c47e62a 100644 --- a/include/klee/Core/Interpreter.h +++ b/include/klee/Core/Interpreter.h @@ -10,8 +10,8 @@ #define KLEE_INTERPRETER_H #include "TerminationTypes.h" -#include "klee/Module/Annotation.h" +#include "klee/Module/AnnotationsData.h" #include "klee/Module/SarifReport.h" #include @@ -110,6 +110,7 @@ class Interpreter { std::string MainCurrentName; std::string MainNameAfterMock; std::string AnnotationsFile; + std::string TaintAnnotationsFile; bool Optimize; bool Simplify; bool CheckDivZero; @@ -121,15 +122,13 @@ class Interpreter { ModuleOptions(const std::string &_LibraryDir, const std::string &_EntryPoint, const std::string &_OptSuffix, const std::string &_MainCurrentName, - const std::string &_MainNameAfterMock, - const std::string &_AnnotationsFile, bool _Optimize, + const std::string &_MainNameAfterMock, bool _Optimize, bool _Simplify, bool _CheckDivZero, bool _CheckOvershift, bool _AnnotateOnlyExternal, bool _WithFPRuntime, bool _WithPOSIXRuntime) : LibraryDir(_LibraryDir), EntryPoint(_EntryPoint), OptSuffix(_OptSuffix), MainCurrentName(_MainCurrentName), - MainNameAfterMock(_MainNameAfterMock), - AnnotationsFile(_AnnotationsFile), Optimize(_Optimize), + MainNameAfterMock(_MainNameAfterMock), Optimize(_Optimize), Simplify(_Simplify), CheckDivZero(_CheckDivZero), CheckOvershift(_CheckOvershift), AnnotateOnlyExternal(_AnnotateOnlyExternal), @@ -154,6 +153,8 @@ class Interpreter { MockPolicy Mock; MockStrategyKind MockStrategy; MockMutableGlobalsPolicy MockMutableGlobals; + std::string AnnotationsFile; + std::string TaintAnnotationsFile; InterpreterOptions(std::optional Paths) : MakeConcreteSymbolic(false), Guidance(GuidanceKind::NoGuidance), diff --git a/include/klee/Core/MockBuilder.h b/include/klee/Core/MockBuilder.h index da5d0ea198..b224254267 100644 --- a/include/klee/Core/MockBuilder.h +++ b/include/klee/Core/MockBuilder.h @@ -10,7 +10,7 @@ #define KLEE_MOCKBUILDER_H #include "klee/Core/Interpreter.h" -#include "klee/Module/Annotation.h" +#include "klee/Module/AnnotationsData.h" #include "llvm/IR/IRBuilder.h" #include "llvm/IR/Module.h" @@ -38,7 +38,7 @@ class MockBuilder { std::set &mainModuleFunctions; std::set &mainModuleGlobals; - AnnotationsMap annotations; + const AnnotationsData &annotationsData; void initMockModule(); void buildMockMain(); @@ -48,6 +48,23 @@ class MockBuilder { buildCallKleeMakeSymbolic(const std::string &kleeMakeSymbolicFunctionName, llvm::Value *source, llvm::Type *type, const std::string &symbolicName); + void buildCallKleeMakeMockAll(llvm::Value *source, + const std::string &symbolicName); + llvm::CallInst *buildCallKleeTaintFunction(const std::string &functionName, + llvm::Value *source, size_t taint, + llvm::Type *returnType); + void buildCallKleeTaintHit(llvm::Value *taintHits, size_t taintSink); + + void buildAnnotationTaintOutput(llvm::Value *elem, + const Statement::Ptr &statement); + void buildAnnotationTaintPropagation(llvm::Value *elem, + const Statement::Ptr &statement, + llvm::Function *func, + const std::string &target); + void buildAnnotationTaintSink(llvm::Value *elem, + const Statement::Ptr &statement, + llvm::Function *func, + const std::string &target); void buildAnnotationForExternalFunctionArgs( llvm::Function *func, @@ -71,7 +88,8 @@ class MockBuilder { std::vector> &redefinitions, InterpreterHandler *interpreterHandler, std::set &mainModuleFunctions, - std::set &mainModuleGlobals); + std::set &mainModuleGlobals, + const AnnotationsData &annotationsData); std::unique_ptr build(); void buildAllocSource(llvm::Value *prev, llvm::Type *elemType, diff --git a/include/klee/Core/TerminationTypes.h b/include/klee/Core/TerminationTypes.h index 9dc67be69a..0d531c8e2a 100644 --- a/include/klee/Core/TerminationTypes.h +++ b/include/klee/Core/TerminationTypes.h @@ -75,7 +75,8 @@ enum class StateTerminationClass : std::uint8_t { TTMARK(EARLYALGORITHM, 72U) \ TTYPE(SilentExit, 80U, "") \ TTMARK(EARLYUSER, 80U) \ - TTMARK(END, 80U) + TTMARK(END, 80U) \ + TTYPE(Taint, 90U, "taint.err") ///@brief Reason an ExecutionState got terminated. enum class StateTerminationType : std::uint8_t { diff --git a/include/klee/Expr/Expr.h b/include/klee/Expr/Expr.h index 080c0f90a4..8f683b16c7 100644 --- a/include/klee/Expr/Expr.h +++ b/include/klee/Expr/Expr.h @@ -183,6 +183,8 @@ class Expr { static const Width Fl80 = 80; + static const Width TaintWidth = 64; + enum States { Undefined, True, False }; enum Kind { @@ -394,6 +396,7 @@ class Expr { ref hasOrderedReads(bool stride) const; ref hasOrderedReads() const; ref getValue() const; + ref getTaint() const; /* Static utility methods */ @@ -413,6 +416,11 @@ class Expr { static ref createTrue(); static ref createFalse(); + static ref createEmptyTaint(); + static ref createTaintBySource(uint64_t source); + static ref combineTaints(const ref &taintL, + const ref &taintR); + /// Create a little endian read of the given type at offset 0 of the /// given object. static ref createTempRead(const Array *array, Expr::Width w, @@ -1676,25 +1684,32 @@ class ConstantExpr : public Expr { class PointerExpr : public NonConstantExpr { public: static const Kind kind = Expr::Pointer; - static const unsigned numKids = 2; + static const unsigned numKids = 3; + ref base; ref value; - static ref alloc(const ref &b, const ref &v) { - ref r(new PointerExpr(b, v)); + ref taint; + + static ref alloc(const ref &b, const ref &v, + const ref &t = createEmptyTaint()) { + ref r(new PointerExpr(b, v, t)); r->computeHash(); r->computeHeight(); return r; } - static ref create(const ref &b, const ref &o); - static ref create(const ref &v); + static ref create(const ref &b, const ref &v, + const ref &t = createEmptyTaint()); + static ref create(const ref &expr); static ref createSymbolic(const ref &expr, const ref &pointer, const ref &off); Width getWidth() const { return value->getWidth(); } Kind getKind() const { return Expr::Pointer; } + ref getBase() const { return base; } ref getValue() const { return value; } + ref getTaint() const { return taint; } ref getOffset() const { assert(value->getWidth() == base->getWidth() && "Invalid getOffset() call!"); @@ -1707,12 +1722,14 @@ class PointerExpr : public NonConstantExpr { return base; if (i == 1) return value; + if (i == 2) + return taint; return 0; } int compareContents(const Expr &b) const { return 0; } virtual ref rebuild(ref kids[]) const { - return create(kids[0], kids[1]); + return create(kids[0], kids[1], kids[2]); } static bool classof(const Expr *E) { return E->getKind() == Expr::Pointer || @@ -1722,6 +1739,10 @@ class PointerExpr : public NonConstantExpr { bool isKnownValue() const { return getBase()->isZero(); } + ref combineTaints(const ref &RHS) { + return Expr::combineTaints(getTaint(), RHS->getTaint()); + } + ref Add(const ref &RHS); ref Sub(const ref &RHS); ref Mul(const ref &RHS); @@ -1750,24 +1771,29 @@ class PointerExpr : public NonConstantExpr { ref Not(); protected: - PointerExpr(const ref &b, const ref &v) : base(b), value(v) {} + PointerExpr(const ref &b, const ref &v, const ref &t) + : base(b), value(v), taint(t) {} }; class ConstantPointerExpr : public PointerExpr { public: static const Kind kind = Expr::ConstantPointer; - static const unsigned numKids = 2; - static ref alloc(const ref &b, - const ref &o) { - ref r = new ConstantPointerExpr(b, o); + static const unsigned numKids = 3; + + static ref + alloc(const ref &b, const ref &v, + const ref &t = createEmptyTaint()) { + ref r = new ConstantPointerExpr(b, v, t); r->computeHash(); r->computeHeight(); return r; } static ref create(const ref &b, - const ref &o); + const ref &v, + const ref &t = createEmptyTaint()); Kind getKind() const { return Expr::ConstantPointer; } + ref getConstantBase() const { return cast(base); } ref getConstantOffset() const { return getConstantValue()->Sub(getConstantBase()); @@ -1775,6 +1801,9 @@ class ConstantPointerExpr : public PointerExpr { ref getConstantValue() const { return cast(value); } + ref getConstantTaint() const { + return cast(taint); + } static bool classof(const Expr *E) { return E->getKind() == Expr::ConstantPointer; @@ -1782,8 +1811,9 @@ class ConstantPointerExpr : public PointerExpr { static bool classof(const ConstantPointerExpr *) { return true; } private: - ConstantPointerExpr(const ref &b, const ref &v) - : PointerExpr(b, v) {} + ConstantPointerExpr(const ref &b, const ref &v, + const ref &t) + : PointerExpr(b, v, t) {} }; // Implementations diff --git a/include/klee/Module/Annotation.h b/include/klee/Module/Annotation.h index 20ee34f0a9..0fdd6fd65e 100644 --- a/include/klee/Module/Annotation.h +++ b/include/klee/Module/Annotation.h @@ -15,6 +15,12 @@ #include #include #include +#include "klee/Config/config.h" +#include "klee/Config/config.h" + +#include "llvm/IR/Module.h" + +#include using json = nlohmann::json; @@ -29,7 +35,11 @@ enum class Kind { MaybeInitNull, // TODO: rename to alloc AllocSource, - Free + Free, + + TaintOutput, + TaintPropagation, + TaintSink }; enum class Property { @@ -112,6 +122,39 @@ struct Free final : public Unknown { [[nodiscard]] Kind getKind() const override; }; +struct Taint : public Unknown { +protected: + std::string taintType; + +public: + explicit Taint(const std::string &str = "Unknown"); + + [[nodiscard]] Kind getKind() const override; + + [[nodiscard]] std::string getTaintType() const; + [[nodiscard]] std::string getTaintTypeAsLower() const; +}; + +struct TaintOutput final : public Taint { + explicit TaintOutput(const std::string &str = "TaintOutput"); + + [[nodiscard]] Kind getKind() const override; +}; + +struct TaintPropagation final : public Taint { + size_t propagationParameterIndex; + + explicit TaintPropagation(const std::string &str = "TaintPropagation"); + + [[nodiscard]] Kind getKind() const override; +}; + +struct TaintSink final : public Taint { + explicit TaintSink(const std::string &str = "TaintSink"); + + [[nodiscard]] Kind getKind() const override; +}; + using Ptr = std::shared_ptr; bool operator==(const Ptr &first, const Ptr &second); } // namespace Statement diff --git a/include/klee/Module/AnnotationsData.h b/include/klee/Module/AnnotationsData.h new file mode 100644 index 0000000000..1ee13a1e69 --- /dev/null +++ b/include/klee/Module/AnnotationsData.h @@ -0,0 +1,21 @@ +#ifndef KLEE_ANNOTATIONS_DATA_H +#define KLEE_ANNOTATIONS_DATA_H + +#include "klee/Module/Annotation.h" +#include "klee/Module/TaintAnnotation.h" + +namespace klee { + +struct AnnotationsData final { + AnnotationsMap annotations; + TaintAnnotation taintAnnotation; + + explicit AnnotationsData( + const std::string &annotationsFile = std::string(), + const std::string &taintAnnotationsFile = std::string()); + virtual ~AnnotationsData(); +}; + +} // namespace klee + +#endif // KLEE_ANNOTATIONS_DATA_H diff --git a/include/klee/Module/SarifReport.h b/include/klee/Module/SarifReport.h index 7f80b7ed82..9df1c78a1c 100644 --- a/include/klee/Module/SarifReport.h +++ b/include/klee/Module/SarifReport.h @@ -43,7 +43,7 @@ template struct adl_serializer> { } // namespace nlohmann namespace klee { -enum ReachWithError { +enum ReachWithErrorType { DoubleFree = 0, UseAfterFree, MayBeNullPointerException, // void f(int *x) { *x = 42; } - should it error? @@ -51,8 +51,23 @@ enum ReachWithError { NullCheckAfterDerefException, Reachable, None, + MaybeTaint, }; +struct ReachWithError { + ReachWithErrorType type; + std::optional data; + + explicit ReachWithError(ReachWithErrorType type, + std::optional data = std::nullopt); + + bool operator==(const ReachWithError &other) const; + bool operator!=(const ReachWithError &other) const; + bool operator<(const ReachWithError &other) const; +}; + +using ReachWithErrors = std::vector; + const char *getErrorString(ReachWithError error); std::string getErrorsString(const std::vector &errors); diff --git a/include/klee/Module/TaintAnnotation.h b/include/klee/Module/TaintAnnotation.h new file mode 100644 index 0000000000..ab06ea9874 --- /dev/null +++ b/include/klee/Module/TaintAnnotation.h @@ -0,0 +1,32 @@ +#ifndef KLEE_TAINT_ANNOTATION_H +#define KLEE_TAINT_ANNOTATION_H + +#include "nlohmann/json.hpp" + +#include +#include + +using json = nlohmann::json; + +namespace klee { + +using source_ty = size_t; +using sink_ty = size_t; +using rule_ty = size_t; + +struct TaintAnnotation final { + using TaintHitsSink = std::map; + using TaintHitsMap = std::map; + + TaintHitsMap hits; + + std::unordered_map sources; + std::unordered_map sinks; + std::vector rules; + + explicit TaintAnnotation(const std::string &path); +}; + +} // namespace klee + +#endif // KLEE_TAINT_ANNOTATION_H diff --git a/include/klee/klee.h b/include/klee/klee.h index 3323fb7151..7470493c24 100644 --- a/include/klee/klee.h +++ b/include/klee/klee.h @@ -10,6 +10,7 @@ #ifndef KLEE_H #define KLEE_H +#include "stdbool.h" #include "stddef.h" #include "stdint.h" @@ -36,6 +37,45 @@ void *klee_define_fixed_object(void *addr, size_t nbytes); */ void klee_make_symbolic(void *addr, size_t nbytes, const char *name); +/* klee_add_taint - Add taint \arg taint_source for the contents + * of the object pointer to \arg addr. + * + * \arg addr - The start of the object. + * \arg taint_source - Taint source. + */ +void klee_add_taint(void *array, size_t taint_source); + +/* klee_clear_taint - Clear the contents of the object pointer to \arg addr + * of the taint \arg taint_source. + * + * \arg addr - The start of the object. + * \arg taint_source - Taint source. + */ +void klee_clear_taint(void *array, size_t taint_source); + +/* klee_check_taint_source - Check that the contents of the object pointer + * to \arg addr has a \arg taint_source. + * + * \arg addr - The start of the object. + * \arg taint_source - Taint source. + */ +bool klee_check_taint_source(void *array, size_t taint_source); + +/* klee_get_taint_hits - Return taint hits if contents of the object pointer + * to \arg addr causes a taint sink \arg taint_sink hit. + * + * \arg addr - The start of the object. + * \arg taint_sink - Taint sink. + */ +uint64_t klee_get_taint_hits(void *array, size_t taint_sink); + +/* klee_taint_hit - Execute taint hits. + * + * \arg taint_hits - Actual taint hits. + * \arg taint_sink - Taint sink. + */ +void klee_taint_hit(uint64_t taint_hits, size_t taint_sink); + /* klee_range - Construct a symbolic value in the signed interval * [begin,end). * diff --git a/lib/Core/AddressSpace.cpp b/lib/Core/AddressSpace.cpp index d92c5bc094..d283539092 100644 --- a/lib/Core/AddressSpace.cpp +++ b/lib/Core/AddressSpace.cpp @@ -9,6 +9,8 @@ #include "AddressSpace.h" +#include + #include "ExecutionState.h" #include "Memory.h" #include "TimingSolver.h" @@ -80,19 +82,21 @@ ObjectPair AddressSpace::findObject(const MemoryObject *mo) const { : ObjectPair(nullptr, nullptr); } -RefObjectPair AddressSpace::lazyInitializeObject(const MemoryObject *mo) const { - return RefObjectPair(mo, new ObjectState(mo, mo->content, mo->type)); +RefObjectPair AddressSpace::lazyInitializeObject(const MemoryObject *mo, + ref taint) const { + return RefObjectPair( + mo, new ObjectState(mo, mo->content, mo->type, std::move(taint))); } -RefObjectPair -AddressSpace::findOrLazyInitializeObject(const MemoryObject *mo) const { +RefObjectPair AddressSpace::findOrLazyInitializeObject(const MemoryObject *mo, + ref taint) const { ObjectPair op = findObject(mo); if (op.first && op.second) { return RefObjectPair(op.first, op.second); } assert(!op.first && !op.second); if (mo->isLazyInitialized) { - return lazyInitializeObject(mo); + return lazyInitializeObject(mo, std::move(taint)); } return RefObjectPair(nullptr, nullptr); } diff --git a/lib/Core/AddressSpace.h b/lib/Core/AddressSpace.h index 6374950814..396c5f9edd 100644 --- a/lib/Core/AddressSpace.h +++ b/lib/Core/AddressSpace.h @@ -136,8 +136,11 @@ class AddressSpace { /// Lookup a binding from a MemoryObject. ObjectPair findObject(const MemoryObject *mo) const; - RefObjectPair lazyInitializeObject(const MemoryObject *mo) const; - RefObjectPair findOrLazyInitializeObject(const MemoryObject *mo) const; + RefObjectPair lazyInitializeObject(const MemoryObject *mo, + ref taint) const; + RefObjectPair + findOrLazyInitializeObject(const MemoryObject *mo, + ref taint = Expr::createEmptyTaint()) const; /// Copy the concrete values of all managed ObjectStates into the /// actual system memory location they were allocated at. diff --git a/lib/Core/ExecutionState.h b/lib/Core/ExecutionState.h index 613c376762..5fb5f7c956 100644 --- a/lib/Core/ExecutionState.h +++ b/lib/Core/ExecutionState.h @@ -421,7 +421,7 @@ class ExecutionState { ExprHashMap gepExprBases; - mutable ReachWithError error = ReachWithError::None; + mutable ReachWithError error = ReachWithError(ReachWithErrorType::None); std::atomic terminationReasonType{ HaltExecution::NotHalt}; diff --git a/lib/Core/Executor.cpp b/lib/Core/Executor.cpp index c6a395731c..8638c190b8 100644 --- a/lib/Core/Executor.cpp +++ b/lib/Core/Executor.cpp @@ -505,11 +505,13 @@ const std::unordered_set Executor::modelledFPIntrinsics = { Executor::Executor(LLVMContext &ctx, const InterpreterOptions &opts, InterpreterHandler *ih) - : Interpreter(opts), interpreterHandler(ih), searcher(nullptr), + : Interpreter(opts), + annotationsData(opts.AnnotationsFile, opts.TaintAnnotationsFile), + interpreterHandler(ih), searcher(nullptr), externalDispatcher(new ExternalDispatcher(ctx)), statsTracker(0), - pathWriter(0), symPathWriter(0), - specialFunctionHandler(0), timers{time::Span(TimerInterval)}, - guidanceKind(opts.Guidance), codeGraphInfo(new CodeGraphInfo()), + pathWriter(0), symPathWriter(0), specialFunctionHandler(0), + timers{time::Span(TimerInterval)}, guidanceKind(opts.Guidance), + codeGraphInfo(new CodeGraphInfo()), distanceCalculator(new DistanceCalculator(*codeGraphInfo)), targetCalculator(new TargetCalculator(*codeGraphInfo)), targetManager(new TargetManager(guidanceKind, *distanceCalculator, @@ -636,7 +638,8 @@ llvm::Module *Executor::setModule( !opts.AnnotationsFile.empty()) { MockBuilder mockBuilder(kmodule->module.get(), opts, interpreterOpts, ignoredExternals, redefinitions, interpreterHandler, - mainModuleFunctions, mainModuleGlobals); + mainModuleFunctions, mainModuleGlobals, + annotationsData); std::unique_ptr mockModule = mockBuilder.build(); std::vector> mockModules; @@ -1291,8 +1294,8 @@ bool mustVisitForkBranches(ref target, KInstruction *instr) { // fork branches here if (auto reprErrorTarget = dyn_cast(target)) { return reprErrorTarget->isTheSameAsIn(instr) && - reprErrorTarget->isThatError( - ReachWithError::NullCheckAfterDerefException); + reprErrorTarget->isThatError(ReachWithError( + ReachWithErrorType::NullCheckAfterDerefException)); } return false; } @@ -2671,8 +2674,9 @@ void Executor::checkNullCheckAfterDeref(ref cond, ExecutionState &state) { if (eqPointerCheck && eqPointerCheck->left->isZero() && state.resolvedPointers.count( makePointer(eqPointerCheck->right)->getBase())) { - reportStateOnTargetError(state, - ReachWithError::NullCheckAfterDerefException); + reportStateOnTargetError( + state, + ReachWithError(ReachWithErrorType::NullCheckAfterDerefException)); } } @@ -2684,10 +2688,11 @@ void Executor::executeInstruction(ExecutionState &state, KInstruction *ki) { auto target = kvp.first; if (target->shouldFailOnThisTarget() && cast(target)->isThatError( - ReachWithError::Reachable) && + ReachWithError(ReachWithErrorType::Reachable)) && target->getBlock() == ki->parent && cast(target)->isTheSameAsIn(ki)) { - terminateStateOnTargetError(state, ReachWithError::Reachable); + terminateStateOnTargetError( + state, ReachWithError(ReachWithErrorType::Reachable)); return; } } @@ -4995,25 +5000,25 @@ void Executor::terminateStateOnTargetError(ExecutionState &state, // Proceed with normal `terminateStateOnError` call std::string messaget; StateTerminationType terminationType; - switch (error) { - case ReachWithError::MayBeNullPointerException: - case ReachWithError::MustBeNullPointerException: + switch (error.type) { + case ReachWithErrorType::MayBeNullPointerException: + case ReachWithErrorType::MustBeNullPointerException: messaget = "memory error: null pointer exception"; terminationType = StateTerminationType::Ptr; break; - case ReachWithError::DoubleFree: + case ReachWithErrorType::DoubleFree: messaget = "double free error"; terminationType = StateTerminationType::Ptr; break; - case ReachWithError::UseAfterFree: + case ReachWithErrorType::UseAfterFree: messaget = "use after free error"; terminationType = StateTerminationType::Ptr; break; - case ReachWithError::Reachable: + case ReachWithErrorType::Reachable: messaget = ""; terminationType = StateTerminationType::Reachable; break; - case ReachWithError::None: + case ReachWithErrorType::None: default: messaget = "unspecified error"; terminationType = StateTerminationType::User; @@ -5022,6 +5027,25 @@ void Executor::terminateStateOnTargetError(ExecutionState &state, state, new ErrorEvent(locationOf(state), terminationType, messaget)); } +void Executor::terminateStateOnTargetTaintError(ExecutionState &state, + uint64_t hits, size_t sink) { + std::string error = "Taint error:"; + const auto &sinkData = annotationsData.taintAnnotation.hits[sink]; + for (size_t source = 0; + source < annotationsData.taintAnnotation.sources.size(); source++) { + if ((hits >> source) & 1u) { + error += " " + annotationsData.taintAnnotation.rules[sinkData.at(source)]; + } + } + + reportStateOnTargetError( + state, ReachWithError(ReachWithErrorType::MaybeTaint, error)); + + terminateStateOnProgramError( + state, + new ErrorEvent(locationOf(state), StateTerminationType::Taint, error)); +} + void Executor::terminateStateOnError(ExecutionState &state, const llvm::Twine &messaget, StateTerminationType terminationType, @@ -5487,8 +5511,8 @@ void Executor::executeFree(ExecutionState &state, ref address, if (!resolveExact(*zeroPointer.second, address, typeSystemManager->getUnknownType(), rl, "free") && guidanceKind == GuidanceKind::ErrorGuidance) { - terminateStateOnTargetError(*zeroPointer.second, - ReachWithError::DoubleFree); + terminateStateOnTargetError( + *zeroPointer.second, ReachWithError(ReachWithErrorType::DoubleFree)); return; } @@ -5522,14 +5546,133 @@ void Executor::executeFree(ExecutionState &state, ref address, } } +void Executor::executeChangeTaintSource(ExecutionState &state, + klee::KInstruction *target, + ref address, + uint64_t source, bool isAdd) { + address = optimizer.optimizeExpr(address, true); + ref base = PointerExpr::create( + address->getBase(), address->getBase(), address->getTaint()); + ref isNullPointer = Expr::createIsZero(address->getValue()); + StatePair zeroPointer = + forkInternal(state, isNullPointer, BranchType::ResolvePointer); + if (zeroPointer.first) { + auto error = + (isReadFromSymbolicArray(address->getBase()) && zeroPointer.second) + ? ReachWithErrorType::MayBeNullPointerException + : ReachWithErrorType::MustBeNullPointerException; + terminateStateOnTargetError(*zeroPointer.first, ReachWithError(error)); + } + if (zeroPointer.second) { // address != 0 + ExactResolutionList rl; + resolveExact(*zeroPointer.second, base, typeSystemManager->getUnknownType(), + rl, "сhangeTaintSource"); + for (Executor::ExactResolutionList::iterator it = rl.begin(), ie = rl.end(); + it != ie; ++it) { + const MemoryObject *mo = it->first; + RefObjectPair op = + it->second->addressSpace.findOrLazyInitializeObject(mo); + ref os = op.second; + + ObjectState *wos = it->second->addressSpace.getWriteable(mo, os.get()); + if (wos->readOnly) { + terminateStateOnProgramError( + *(it->second), new ErrorEvent(locationOf(*(it->second)), + StateTerminationType::ReadOnly, + "memory error: object read only")); + } else { + wos->updateTaint(Expr::createTaintBySource(source), isAdd); + } + } + } +} + +void Executor::executeCheckTaintSource(ExecutionState &state, + klee::KInstruction *target, + ref address, + uint64_t source) { + address = optimizer.optimizeExpr(address, true); + ref base = PointerExpr::create( + address->getBase(), address->getBase(), address->getTaint()); + ref isNullPointer = Expr::createIsZero(address->getValue()); + StatePair zeroPointer = + forkInternal(state, isNullPointer, BranchType::ResolvePointer); + if (zeroPointer.first) { + auto error = + (isReadFromSymbolicArray(address->getBase()) && zeroPointer.second) + ? ReachWithErrorType::MayBeNullPointerException + : ReachWithErrorType::MustBeNullPointerException; + terminateStateOnTargetError(*zeroPointer.first, ReachWithError(error)); + } + if (zeroPointer.second) { + ExactResolutionList rl; + resolveExact(*zeroPointer.second, base, typeSystemManager->getUnknownType(), + rl, "checkTaintSource"); + + for (Executor::ExactResolutionList::iterator it = rl.begin(), ie = rl.end(); + it != ie; ++it) { + const MemoryObject *mo = it->first; + RefObjectPair op = + it->second->addressSpace.findOrLazyInitializeObject(mo); + ref os = op.second; + + ref taintSource = + ExtractExpr::create(os->readTaint(), source, Expr::Bool); + bindLocal(target, *it->second, taintSource); + } + } +} + +void Executor::executeGetTaintHits(ExecutionState &state, + klee::KInstruction *target, + ref address, uint64_t sink) { + const auto &hitsBySink = annotationsData.taintAnnotation.hits[sink]; + ref hitsBySinkTaint = Expr::createEmptyTaint(); + for (const auto [source, rule] : hitsBySink) { + hitsBySinkTaint = + OrExpr::create(hitsBySinkTaint, Expr::createTaintBySource(source)); + } + + address = optimizer.optimizeExpr(address, true); + ref base = PointerExpr::create( + address->getBase(), address->getBase(), address->getTaint()); + ref isNullPointer = Expr::createIsZero(address->getValue()); + StatePair zeroPointer = + forkInternal(state, isNullPointer, BranchType::ResolvePointer); + if (zeroPointer.first) { + auto error = + (isReadFromSymbolicArray(address->getBase()) && zeroPointer.second) + ? ReachWithErrorType::MayBeNullPointerException + : ReachWithErrorType::MustBeNullPointerException; + terminateStateOnTargetError(*zeroPointer.first, ReachWithError(error)); + } + if (zeroPointer.second) { + ExactResolutionList rl; + resolveExact(*zeroPointer.second, base, typeSystemManager->getUnknownType(), + rl, "getTaintHits"); + + for (Executor::ExactResolutionList::iterator it = rl.begin(), ie = rl.end(); + it != ie; ++it) { + const MemoryObject *mo = it->first; + RefObjectPair op = + it->second->addressSpace.findOrLazyInitializeObject(mo); + ref os = op.second; + + ref hits = AndExpr::create(os->readTaint(), hitsBySinkTaint); + bindLocal(target, *it->second, hits); + } + } +} + bool Executor::resolveExact(ExecutionState &estate, ref address, KType *type, ExactResolutionList &results, const std::string &name) { - ref pointer = - PointerExpr::create(address->getValue(), address->getValue()); + ref pointer = PointerExpr::create( + address->getValue(), address->getValue(), address->getTaint()); address = pointer->getValue(); ref base = pointer->getBase(); - ref basePointer = PointerExpr::create(base, base); + ref basePointer = + PointerExpr::create(base, base, address->getTaint()); ref zeroPointer = PointerExpr::create(Expr::createPointer(0)); if (SimplifySymIndices) { @@ -5553,9 +5696,9 @@ bool Executor::resolveExact(ExecutionState &estate, ref address, ExecutionState *bound = branches.first; if (bound) { auto error = isReadFromSymbolicArray(uniqueBase) - ? ReachWithError::MayBeNullPointerException - : ReachWithError::MustBeNullPointerException; - terminateStateOnTargetError(*bound, error); + ? ReachWithErrorType::MayBeNullPointerException + : ReachWithErrorType::MustBeNullPointerException; + terminateStateOnTargetError(*bound, ReachWithError(error)); } if (!branches.second) { address = @@ -5966,7 +6109,7 @@ bool Executor::resolveMemoryObjects( state, basePointer, target, baseTargetType, minObjectSize, sizeExpr, false, checkOutOfBounds, UseSymbolicSizeLazyInit); RefObjectPair op = state.addressSpace.findOrLazyInitializeObject( - idLazyInitialization.get()); + idLazyInitialization.get(), address->getTaint()); state.addressSpace.bindObject(op.first, op.second.get()); mayBeResolvedMemoryObjects.push_back(idLazyInitialization); } @@ -6235,9 +6378,9 @@ void Executor::executeMemoryOperation( ExecutionState *bound = branches.first; if (bound) { auto error = (isReadFromSymbolicArray(base) && branches.second) - ? ReachWithError::MayBeNullPointerException - : ReachWithError::MustBeNullPointerException; - terminateStateOnTargetError(*bound, error); + ? ReachWithErrorType::MayBeNullPointerException + : ReachWithErrorType::MustBeNullPointerException; + terminateStateOnTargetError(*bound, ReachWithError(error)); } if (!branches.second) return; @@ -6359,7 +6502,8 @@ void Executor::executeMemoryOperation( solver->setTimeout(time::Span()); if (!success) { - terminateStateOnTargetError(*state, ReachWithError::UseAfterFree); + terminateStateOnTargetError( + *state, ReachWithError(ReachWithErrorType::UseAfterFree)); return; } } @@ -6973,7 +7117,7 @@ void Executor::runFunctionAsMain(Function *f, int argc, char **argv, auto kCallBlock = kfIt->second->entryKBlock; forest = new TargetForest(kEntryFunction); forest->add(ReproduceErrorTarget::create( - {ReachWithError::Reachable}, "", + {ReachWithError(ReachWithErrorType::Reachable)}, "", ErrorLocation(kCallBlock->getFirstInstruction()), kCallBlock)); } } @@ -7448,9 +7592,9 @@ bool Executor::getSymbolicSolution(const ExecutionState &state, KTest &res) { // we cannot be sure that an irreproducible state proves the presence of an // error if (uninitObjects.size() > 0 || state.symbolics.size() != symbolics.size()) { - state.error = ReachWithError::None; + state.error = ReachWithError(ReachWithErrorType::None); } else if (FunctionCallReproduce != "" && - state.error == ReachWithError::Reachable) { + state.error.type == ReachWithErrorType::Reachable) { setHaltExecution(HaltExecution::ReachedTarget); } diff --git a/lib/Core/Executor.h b/lib/Core/Executor.h index eb769d1831..cac10ecab4 100644 --- a/lib/Core/Executor.h +++ b/lib/Core/Executor.h @@ -31,6 +31,7 @@ #include "klee/Expr/Constraints.h" #include "klee/Expr/SourceBuilder.h" #include "klee/Expr/SymbolicSource.h" +#include "klee/Module/AnnotationsData.h" #include "klee/Module/Cell.h" #include "klee/Module/KInstruction.h" #include "klee/Module/KModule.h" @@ -127,6 +128,8 @@ class Executor : public Interpreter { RNG theRNG; private: + AnnotationsData annotationsData; + int *errno_addr; size_t maxNewWriteableOSSize = 0; @@ -358,6 +361,18 @@ class Executor : public Interpreter { void executeFree(ExecutionState &state, ref address, KInstruction *target = 0); + void executeChangeTaintSource(ExecutionState &state, + klee::KInstruction *target, + ref address, uint64_t source, + bool isAdd); + + void executeCheckTaintSource(ExecutionState &state, + klee::KInstruction *target, + ref address, uint64_t source); + + void executeGetTaintHits(ExecutionState &state, klee::KInstruction *target, + ref address, uint64_t sink); + /// Serialize a landingpad instruction so it can be handled by the /// libcxxabi-runtime MemoryObject *serializeLandingpad(ExecutionState &state, @@ -631,6 +646,9 @@ class Executor : public Interpreter { /// Then just call `terminateStateOnError` void terminateStateOnTargetError(ExecutionState &state, ReachWithError error); + void terminateStateOnTargetTaintError(ExecutionState &state, uint64_t hits, + size_t sink); + /// Call error handler and terminate state in case of program errors /// (e.g. free()ing globals, out-of-bound accesses) void terminateStateOnProgramError(ExecutionState &state, diff --git a/lib/Core/Memory.cpp b/lib/Core/Memory.cpp index b27ad36eee..e7fb664ff6 100644 --- a/lib/Core/Memory.cpp +++ b/lib/Core/Memory.cpp @@ -41,6 +41,7 @@ DISABLE_WARNING_POP #include #include #include +#include namespace klee { llvm::cl::opt MemoryBackend( @@ -106,19 +107,25 @@ std::string MemoryObject::getAllocInfo() const { /***/ -ObjectState::ObjectState(const MemoryObject *mo, const Array *array, KType *dt) +ObjectState::ObjectState(const MemoryObject *mo, const Array *array, KType *dt, + ref defaultTaintValue) : copyOnWriteOwner(0), object(mo), valueOS(ObjectStage(array, nullptr)), baseOS(ObjectStage(array->size, Expr::createPointer(0), false, Context::get().getPointerWidth())), + taintOS(ObjectStage(array->size, std::move(defaultTaintValue), false, + Expr::TaintWidth)), lastUpdate(nullptr), size(array->size), dynamicType(dt), readOnly(false) { baseOS.initializeToZero(); } -ObjectState::ObjectState(const MemoryObject *mo, KType *dt) +ObjectState::ObjectState(const MemoryObject *mo, KType *dt, + ref defaultTaintValue) : copyOnWriteOwner(0), object(mo), valueOS(ObjectStage(mo->getSizeExpr(), nullptr)), baseOS(ObjectStage(mo->getSizeExpr(), Expr::createPointer(0), false, Context::get().getPointerWidth())), + taintOS(ObjectStage(mo->getSizeExpr(), std::move(defaultTaintValue), + false, Expr::TaintWidth)), lastUpdate(nullptr), size(mo->getSizeExpr()), dynamicType(dt), readOnly(false) { baseOS.initializeToZero(); @@ -126,8 +133,8 @@ ObjectState::ObjectState(const MemoryObject *mo, KType *dt) ObjectState::ObjectState(const ObjectState &os) : copyOnWriteOwner(0), object(os.object), valueOS(os.valueOS), - baseOS(os.baseOS), lastUpdate(os.lastUpdate), size(os.size), - dynamicType(os.dynamicType), readOnly(os.readOnly), + baseOS(os.baseOS), taintOS(os.taintOS), lastUpdate(os.lastUpdate), + size(os.size), dynamicType(os.dynamicType), readOnly(os.readOnly), wasWritten(os.wasWritten) {} /***/ @@ -135,15 +142,17 @@ ObjectState::ObjectState(const ObjectState &os) void ObjectState::initializeToZero() { valueOS.initializeToZero(); baseOS.initializeToZero(); + taintOS.initializeToZero(); } ref ObjectState::read8(unsigned offset) const { ref val = valueOS.readWidth(offset); ref base = baseOS.readWidth(offset); - if (base->isZero()) { + ref taint = taintOS.readWidth(offset); + if (base->isZero() && taint->isZero()) { return val; } else { - return PointerExpr::create(base, val); + return PointerExpr::create(base, val, taint); } } @@ -155,6 +164,10 @@ ref ObjectState::readBase8(unsigned offset) const { return baseOS.readWidth(offset); } +ref ObjectState::readTaint8(unsigned offset) const { + return taintOS.readWidth(offset); +} + ref ObjectState::read8(ref offset) const { assert(!isa(offset) && "constant offset passed to symbolic read8"); @@ -177,10 +190,11 @@ ref ObjectState::read8(ref offset) const { } ref val = valueOS.readWidth(offset); ref base = baseOS.readWidth(offset); - if (base->isZero()) { + ref taint = taintOS.readWidth(offset); + if (base->isZero() && taint->isZero()) { return val; } else { - return PointerExpr::create(base, val); + return PointerExpr::create(base, val, taint); } } @@ -230,10 +244,34 @@ ref ObjectState::readBase8(ref offset) const { return baseOS.readWidth(offset); } +ref ObjectState::readTaint8(ref offset) const { + assert(!isa(offset) && + "constant offset passed to symbolic read8"); + + if (object) { + if (ref sizeExpr = + dyn_cast(object->getSizeExpr())) { + auto moSize = sizeExpr->getZExtValue(); + if (object && moSize > 4096) { + std::string allocInfo = object->getAllocInfo(); + klee_warning_once(nullptr, + "Symbolic memory access will send the following " + "array of %lu bytes to " + "the constraint solver -- large symbolic arrays may " + "cause significant " + "performance issues: %s", + moSize, allocInfo.c_str()); + } + } + } + return taintOS.readWidth(offset); +} + void ObjectState::write8(unsigned offset, uint8_t value) { valueOS.writeWidth(offset, value); baseOS.writeWidth(offset, ConstantExpr::create(0, Context::get().getPointerWidth())); + taintOS.writeWidth(offset, Expr::createEmptyTaint()); } void ObjectState::write8(unsigned offset, ref value) { @@ -241,10 +279,12 @@ void ObjectState::write8(unsigned offset, ref value) { if (auto pointer = dyn_cast(value)) { valueOS.writeWidth(offset, pointer->getValue()); baseOS.writeWidth(offset, pointer->getBase()); + taintOS.writeWidth(offset, pointer->getTaint()); } else { valueOS.writeWidth(offset, value); baseOS.writeWidth( offset, ConstantExpr::create(0, Context::get().getPointerWidth())); + taintOS.writeWidth(offset, Expr::createEmptyTaint()); } } @@ -272,17 +312,22 @@ void ObjectState::write8(ref offset, ref value) { if (auto pointer = dyn_cast(value)) { valueOS.writeWidth(offset, pointer->getValue()); baseOS.writeWidth(offset, pointer->getBase()); + taintOS.writeWidth(offset, pointer->getTaint()); } else { valueOS.writeWidth(offset, value); baseOS.writeWidth( offset, ConstantExpr::create(0, Context::get().getPointerWidth())); + taintOS.writeWidth(offset, Expr::createEmptyTaint()); } } void ObjectState::write(ref os) { wasWritten = true; + valueOS.write(os->valueOS); baseOS.write(os->baseOS); + taintOS.write(os->taintOS); + lastUpdate = os->lastUpdate; } @@ -295,20 +340,22 @@ ref ObjectState::read(ref offset, Expr::Width width) const { ref val = readValue(offset, width); ref base = readBase(offset, width); - if (base->isZero()) { + ref taint = readTaint(offset, width); + if (base->isZero() && taint->isZero()) { return val; } else { - return PointerExpr::create(base, val); + return PointerExpr::create(base, val, taint); } } ref ObjectState::read(unsigned offset, Expr::Width width) const { ref val = readValue(offset, width); ref base = readBase(offset, width); - if (base->isZero()) { + ref taint = readTaint(offset, width); + if (base->isZero() && taint->isZero()) { return val; } else { - return PointerExpr::create(base, val); + return PointerExpr::create(base, val, taint); } } @@ -368,10 +415,6 @@ ref ObjectState::readBase(ref offset, Expr::Width width) const { if (width == Expr::Bool) return ExtractExpr::create(readBase8(offset), 0, Expr::Bool); - // Treat bool specially, it is the only non-byte sized write we allow. - if (width == Expr::Bool) - return ExtractExpr::create(readBase8(offset), 0, Expr::Bool); - // Otherwise, follow the slow general case. unsigned NumBytes = width / 8; assert(width == NumBytes * 8 && "Invalid read size!"); @@ -416,6 +459,50 @@ ref ObjectState::readBase(unsigned offset, Expr::Width width) const { return Res; } +ref ObjectState::readTaint(ref offset, Expr::Width width) const { + // Truncate offset to 32-bits. + offset = ZExtExpr::create(offset, Expr::Int32); + + // Check for reads at constant offsets. + if (ConstantExpr *CE = dyn_cast(offset)) + return readTaint(CE->getZExtValue(32), width); + + // Treat bool specially, it is the only non-byte sized write we allow. + if (width == Expr::Bool) + return ExtractExpr::create(readTaint8(offset), 0, Expr::Bool); + + // Otherwise, follow the slow general case. + unsigned NumBytes = width / 8; + assert(width == NumBytes * 8 && "Invalid read size!"); + ref Res = Expr::createEmptyTaint(); + for (unsigned i = 0; i != NumBytes; ++i) { + unsigned idx = Context::get().isLittleEndian() ? i : (NumBytes - i - 1); + ref Byte = readTaint8( + AddExpr::create(offset, ConstantExpr::create(idx, Expr::Int32))); + Res = i ? OrExpr::create(Byte, Res) : Byte; + } + + return Res; +} + +ref ObjectState::readTaint(unsigned offset, Expr::Width width) const { + // Treat bool specially, it is the only non-byte sized write we allow. + if (width == Expr::Bool) + return ExtractExpr::create(readTaint8(offset), 0, Expr::Bool); + + // Otherwise, follow the slow general case. + unsigned NumBytes = width / 8; + assert(width == NumBytes * 8 && "Invalid width for read size!"); + ref Res = Expr::createEmptyTaint(); + for (unsigned i = 0; i != NumBytes; ++i) { + unsigned idx = Context::get().isLittleEndian() ? i : (NumBytes - i - 1); + ref Byte = readTaint8(offset + idx); + Res = i ? OrExpr::create(Byte, Res) : Byte; + } + + return Res; +} + void ObjectState::write(ref offset, ref value) { // Truncate offset to 32-bits. offset = ZExtExpr::create(offset, Expr::Int32); @@ -516,6 +603,8 @@ void ObjectState::print() const { valueOS.print(); llvm::errs() << "\tOffset ObjectStage:\n"; baseOS.print(); + llvm::errs() << "\tTaint ObjectStage:\n"; + taintOS.print(); } KType *ObjectState::getDynamicType() const { return dynamicType; } @@ -721,3 +810,99 @@ void ObjectStage::print() const { llvm::errs() << "\t\t[" << un->index << "] = " << un->value << "\n"; } } + +/***/ + +void ObjectStage::reset(ref newDefault) { + knownSymbolics->reset(std::move(newDefault)); + unflushedMask->reset(false); + updates = UpdateList(nullptr, nullptr); +} + +void ObjectStage::reset(ref updateForDefault, bool isAdd) { + ref oldDefault = knownSymbolics->defaultV(); + ref newDefault = + isAdd ? OrExpr::create(oldDefault, updateForDefault) + : AndExpr::create(oldDefault, NotExpr::create(updateForDefault)); + knownSymbolics->reset(std::move(newDefault)); + unflushedMask->reset(false); + updates = UpdateList(nullptr, nullptr); +} + +ref ObjectStage::combineAll() const { + ref result = Expr::createEmptyTaint(); + if (knownSymbolics->defaultV()) { + result = knownSymbolics->defaultV(); + } + for (auto [index, value] : knownSymbolics->storage()) { + result = OrExpr::create(result, value); + } + if (updates.root) { + if (ref constantSource = + cast(updates.root->source)) { + for (const auto &[index, value] : + constantSource->constantValues->storage()) { + result = OrExpr::create(result, value); + } + } + } + for (const auto *un = updates.head.get(); un; un = un->next.get()) { + result = OrExpr::create(result, un->value); + } + return result; +} + +void ObjectStage::updateAll(const ref &updateExpr, bool isAdd) { + std::vector>> newKnownSymbolics; + for (auto [index, value] : knownSymbolics->storage()) { + ref newValue = + isAdd ? OrExpr::create(value, updateExpr) + : AndExpr::create(value, NotExpr::create(updateExpr)); + newKnownSymbolics.emplace_back(index, value); + } + + if (knownSymbolics->defaultV()) { + ref oldDefault = knownSymbolics->defaultV(); + ref newDefault = + isAdd ? OrExpr::create(oldDefault, updateExpr) + : AndExpr::create(oldDefault, NotExpr::create(updateExpr)); + knownSymbolics->reset(std::move(newDefault)); + } + + for (auto [index, value] : newKnownSymbolics) { + knownSymbolics->store(index, value); + } + + std::vector, ref>> newUpdates; + for (auto *un = updates.head.get(); un; un = un->next.get()) { + ref newValue = + isAdd ? OrExpr::create(un->value, updateExpr) + : AndExpr::create(un->value, NotExpr::create(updateExpr)); + newUpdates.emplace_back(un->index, newValue); + } + + const Array *array = nullptr; + if (updates.root) { + if (ref constantSource = + cast(updates.root->source)) { + SparseStorage> *newStorage = constructStorage( + size, ConstantExpr::create(0, width), MaxFixedSizeStructureSize); + + for (const auto &[index, value] : + constantSource->constantValues->storage()) { + ref newValue = + isAdd ? OrExpr::create(value, updateExpr) + : AndExpr::create(value, NotExpr::create(updateExpr)); + newStorage->store(index, newValue); + } + + array = Array::create(size, SourceBuilder::constant(newStorage), + Expr::Int32, width); + } + } + + updates = UpdateList(array, nullptr); + for (auto [index, value] : newUpdates) { + updates.extend(index, value); + } +} diff --git a/lib/Core/Memory.h b/lib/Core/Memory.h index 80127c399a..e813eaa147 100644 --- a/lib/Core/Memory.h +++ b/lib/Core/Memory.h @@ -267,6 +267,12 @@ class ObjectStage { } void initializeToZero(); + void reset(ref newDefault); + void reset(ref updateForDefault, bool isAdd); + + ref combineAll() const; + void updateAll(const ref &updateExpr, bool isAdd); + private: const UpdateList &getUpdates() const; @@ -291,6 +297,7 @@ class ObjectState { ObjectStage valueOS; ObjectStage baseOS; + ObjectStage taintOS; ref lastUpdate; @@ -304,8 +311,10 @@ class ObjectState { /// Create a new object state for the given memory // For objects in memory - ObjectState(const MemoryObject *mo, const Array *array, KType *dt); - ObjectState(const MemoryObject *mo, KType *dt); + ObjectState(const MemoryObject *mo, const Array *array, KType *dt, + ref defaultTaintValue = Expr::createEmptyTaint()); + ObjectState(const MemoryObject *mo, KType *dt, + ref defaultTaintValue = Expr::createEmptyTaint()); // For symbolic objects not in memory (hack) @@ -318,7 +327,8 @@ class ObjectState { void initializeToZero(); size_t getSparseStorageEntries() { - return valueOS.getSparseStorageEntries() + baseOS.getSparseStorageEntries(); + return valueOS.getSparseStorageEntries() + + baseOS.getSparseStorageEntries() + taintOS.getSparseStorageEntries(); } void swapObjectHack(MemoryObject *mo) { object = mo; } @@ -328,10 +338,13 @@ class ObjectState { ref read8(unsigned offset) const; ref readValue(ref offset, Expr::Width width) const; ref readBase(ref offset, Expr::Width width) const; + ref readTaint(ref offset, Expr::Width width) const; ref readValue(unsigned offset, Expr::Width width) const; ref readBase(unsigned offset, Expr::Width width) const; + ref readTaint(unsigned offset, Expr::Width width) const; ref readValue8(unsigned offset) const; ref readBase8(unsigned offset) const; + ref readTaint8(unsigned offset) const; void write(unsigned offset, ref value); void write(ref offset, ref value); @@ -347,12 +360,23 @@ class ObjectState { KType *getDynamicType() const; + ref readTaint() const { return taintOS.combineAll(); } + void updateTaint(const ref &updateForTaint, bool isAdd) { + taintOS.updateAll(updateForTaint, isAdd); + } + private: ref read8(ref offset) const; ref readValue8(ref offset) const; ref readBase8(ref offset) const; + ref readTaint8(ref offset) const; void write8(unsigned offset, ref value); void write8(ref offset, ref value); + + void resetTaint(ref newTaint) { taintOS.reset(std::move(newTaint)); } + void resetTaint(ref updateForTaint, bool isAdd) { + taintOS.reset(std::move(updateForTaint), isAdd); + } }; } // namespace klee diff --git a/lib/Core/MockBuilder.cpp b/lib/Core/MockBuilder.cpp index de06f5e463..bed5187d6e 100644 --- a/lib/Core/MockBuilder.cpp +++ b/lib/Core/MockBuilder.cpp @@ -16,6 +16,7 @@ #include "llvm/IR/IRBuilder.h" #include "llvm/IR/Module.h" #include "llvm/Support/raw_ostream.h" +#include "llvm/Transforms/Utils/BuildLibCalls.h" #include #include @@ -54,6 +55,21 @@ void MockBuilder::buildCallKleeMakeSymbolic( {bitCastInst, llvm::ConstantInt::get(ctx, sz), gep}); } +void MockBuilder::buildCallKleeMakeMockAll(llvm::Value *source, + const std::string &symbolicName) { + auto *kleeMakeSymbolicName = llvm::FunctionType::get( + llvm::Type::getVoidTy(ctx), + {llvm::Type::getInt8PtrTy(ctx), llvm::Type::getInt8PtrTy(ctx)}, false); + auto kleeMakeSymbolicCallee = mockModule->getOrInsertFunction( + "klee_make_mock_all", kleeMakeSymbolicName); + auto bitCastInst = + builder->CreateBitCast(source, llvm::Type::getInt8PtrTy(ctx)); + auto globalSymbolicName = builder->CreateGlobalString("@" + symbolicName); + auto gep = builder->CreateConstInBoundsGEP2_64( + globalSymbolicName->getValueType(), globalSymbolicName, 0, 0); + builder->CreateCall(kleeMakeSymbolicCallee, {bitCastInst, gep}); +} + std::map MockBuilder::getExternalFunctions() { std::map externals; @@ -88,15 +104,14 @@ MockBuilder::MockBuilder( std::vector> &redefinitions, InterpreterHandler *interpreterHandler, std::set &mainModuleFunctions, - std::set &mainModuleGlobals) + std::set &mainModuleGlobals, + const AnnotationsData &annotationsData) : userModule(initModule), ctx(initModule->getContext()), opts(opts), interpreterOptions(interpreterOptions), ignoredExternals(ignoredExternals), redefinitions(redefinitions), interpreterHandler(interpreterHandler), mainModuleFunctions(mainModuleFunctions), - mainModuleGlobals(mainModuleGlobals) { - annotations = parseAnnotations(opts.AnnotationsFile); -} + mainModuleGlobals(mainModuleGlobals), annotationsData(annotationsData) {} std::unique_ptr MockBuilder::build() { initMockModule(); @@ -242,7 +257,7 @@ void MockBuilder::buildExternalFunctionsDefinitions() { } if (!opts.AnnotateOnlyExternal) { - for (const auto &annotation : annotations) { + for (const auto &annotation : annotationsData.annotations) { llvm::Function *func = userModule->getFunction(annotation.first); if (func) { auto ext = externalFunctions.find(annotation.first); @@ -275,8 +290,8 @@ void MockBuilder::buildExternalFunctionsDefinitions() { auto *BB = llvm::BasicBlock::Create(ctx, "entry", func); builder->SetInsertPoint(BB); - const auto nameToAnnotations = annotations.find(extName); - if (nameToAnnotations != annotations.end()) { + const auto nameToAnnotations = annotationsData.annotations.find(extName); + if (nameToAnnotations != annotationsData.annotations.end()) { klee_message("Annotation function %s", extName.c_str()); const auto &annotation = nameToAnnotations->second; @@ -356,6 +371,8 @@ inline bool isCorrectStatements(const std::vector &statements, switch (statement->getKind()) { case Statement::Kind::Deref: case Statement::Kind::InitNull: + case Statement::Kind::TaintOutput: + case Statement::Kind::TaintPropagation: return argType->isPointerTy(); case Statement::Kind::AllocSource: assert(false); @@ -409,6 +426,168 @@ unifyByOffset(const std::vector &statements) { return res; } +void MockBuilder::buildAnnotationTaintOutput(llvm::Value *elem, + const Statement::Ptr &statement) { + auto taintOutputPtr = (Statement::TaintOutput *)statement.get(); + const auto source = annotationsData.taintAnnotation.sources.find( + taintOutputPtr->getTaintType()); + if (source == annotationsData.taintAnnotation.sources.end()) { + klee_warning("Annotation: unknown TaintOutput source %s", + taintOutputPtr->getTaintType().c_str()); + return; + } + buildCallKleeTaintFunction("klee_add_taint", elem, source->second, + llvm::Type::getVoidTy(mockModule->getContext())); +} + +void MockBuilder::buildAnnotationTaintPropagation( + llvm::Value *elem, const Statement::Ptr &statement, llvm::Function *func, + const std::string &target) { + auto taintPropagationPtr = (Statement::TaintPropagation *)statement.get(); + const std::string sourceTypeLower = + taintPropagationPtr->getTaintTypeAsLower(); + const auto source = annotationsData.taintAnnotation.sources.find( + taintPropagationPtr->getTaintType()); + if (source == annotationsData.taintAnnotation.sources.end()) { + klee_warning("Annotation: unknown TaintPropagation source %s", + taintPropagationPtr->getTaintType().c_str()); + return; + } + + // TODO: support variable arg list + if (taintPropagationPtr->propagationParameterIndex >= func->arg_size()) { + klee_warning( + "Annotation: ignore TaintPropagation because not support arg lists"); + return; + } + + const std::string propagateCondName = "condition_taint_propagate_" + + sourceTypeLower + target + + func->getName().str(); + + llvm::BasicBlock *fromIf = builder->GetInsertBlock(); + llvm::Function *curFunc = fromIf->getParent(); + + llvm::BasicBlock *propagateBB = llvm::BasicBlock::Create( + mockModule->getContext(), propagateCondName, curFunc); + llvm::BasicBlock *contBB = llvm::BasicBlock::Create( + mockModule->getContext(), "continue_" + propagateCondName); + + llvm::Value *propagationValue = + func->getArg(taintPropagationPtr->propagationParameterIndex); + auto brValuePropagate = buildCallKleeTaintFunction( + "klee_check_taint_source", propagationValue, source->second, + llvm::Type::getInt1Ty(mockModule->getContext())); + builder->CreateCondBr(brValuePropagate, propagateBB, contBB); + + builder->SetInsertPoint(propagateBB); + buildCallKleeTaintFunction("klee_add_taint", elem, source->second, + llvm::Type::getVoidTy(mockModule->getContext())); + builder->CreateBr(contBB); + + curFunc->getBasicBlockList().push_back(contBB); + builder->SetInsertPoint(contBB); +} + +void MockBuilder::buildAnnotationTaintSink(llvm::Value *elem, + const Statement::Ptr &statement, + llvm::Function *func, + const std::string &target) { + auto taintSinkPtr = (Statement::TaintSink *)statement.get(); + const std::string sinkTypeLower = taintSinkPtr->getTaintTypeAsLower(); + const auto sink = + annotationsData.taintAnnotation.sinks.find(taintSinkPtr->getTaintType()); + if (sink == annotationsData.taintAnnotation.sinks.end()) { + klee_warning("Annotation: unknown TaintSink sink %s", + taintSinkPtr->getTaintType().c_str()); + return; + } + + const std::string sinkCondName = + "condition_taint_sink_" + sinkTypeLower + target + func->getName().str(); + + llvm::BasicBlock *fromIf = builder->GetInsertBlock(); + llvm::Function *curFunc = fromIf->getParent(); + + llvm::BasicBlock *sinkBB = + llvm::BasicBlock::Create(mockModule->getContext(), sinkCondName, curFunc); + llvm::BasicBlock *contBB = llvm::BasicBlock::Create( + mockModule->getContext(), "continue_" + sinkCondName); + auto taintHits = buildCallKleeTaintFunction( + "klee_get_taint_hits", elem, sink->second, + llvm::Type::getInt64Ty(mockModule->getContext())); + const auto brValueSink = + builder->CreateCmp(llvm::CmpInst::Predicate::ICMP_NE, taintHits, + llvm::ConstantInt::get(mockModule->getContext(), + llvm::APInt(64, 0, false))); + builder->CreateCondBr(brValueSink, sinkBB, contBB); + + builder->SetInsertPoint(sinkBB); + std::string sinkHitCondName = "condition_taint_sink_hit_" + sinkTypeLower + + target + func->getName().str(); + + auto intType = llvm::IntegerType::get(mockModule->getContext(), 1); + auto *sinkHitCond = builder->CreateAlloca(intType, nullptr); + buildCallKleeMakeSymbolic("klee_make_mock", sinkHitCond, intType, + sinkHitCondName); + fromIf = builder->GetInsertBlock(); + curFunc = fromIf->getParent(); + llvm::BasicBlock *taintHitBB = llvm::BasicBlock::Create( + mockModule->getContext(), sinkHitCondName, curFunc); + auto brValueTaintHit = builder->CreateLoad(intType, sinkHitCond); + builder->CreateCondBr(brValueTaintHit, taintHitBB, contBB); + + builder->SetInsertPoint(taintHitBB); + buildCallKleeTaintHit(taintHits, sink->second); + builder->CreateBr(contBB); + + curFunc->getBasicBlockList().push_back(contBB); + builder->SetInsertPoint(contBB); +} + +llvm::CallInst * +MockBuilder::buildCallKleeTaintFunction(const std::string &functionName, + llvm::Value *source, size_t taint, + llvm::Type *returnType) { + auto *kleeTaintFunctionType = llvm::FunctionType::get( + returnType, + {llvm::Type::getInt8PtrTy(mockModule->getContext()), + llvm::Type::getInt64Ty(mockModule->getContext())}, + false); + auto kleeTaintFunctionCallee = + mockModule->getOrInsertFunction(functionName, kleeTaintFunctionType); + llvm::Value *beginPtr; + if (!source->getType()->isPointerTy() && !source->getType()->isArrayTy()) { + beginPtr = builder->CreateAlloca(source->getType()); + builder->CreateStore(source, beginPtr); + beginPtr = builder->CreateBitCast( + beginPtr, llvm::Type::getInt8PtrTy(mockModule->getContext())); + } else { + beginPtr = builder->CreateBitCast( + source, llvm::Type::getInt8PtrTy(mockModule->getContext())); + } + + return builder->CreateCall( + kleeTaintFunctionCallee, + {beginPtr, llvm::ConstantInt::get(mockModule->getContext(), + llvm::APInt(64, taint, false))}); +} + +void MockBuilder::buildCallKleeTaintHit(llvm::Value *taintHits, + size_t taintSink) { + auto *kleeTaintHitType = llvm::FunctionType::get( + llvm::Type::getVoidTy(mockModule->getContext()), + {llvm::Type::getInt64Ty(mockModule->getContext()), + llvm::Type::getInt64Ty(mockModule->getContext())}, + false); + auto kleeTaintSinkHitCallee = + mockModule->getOrInsertFunction("klee_taint_hit", kleeTaintHitType); + builder->CreateCall( + kleeTaintSinkHitCallee, + {taintHits, llvm::ConstantInt::get(mockModule->getContext(), + llvm::APInt(64, taintSink, false))}); +} + void MockBuilder::buildAnnotationForExternalFunctionArgs( llvm::Function *func, const std::vector> &statementsNotAlign) { @@ -417,14 +596,14 @@ void MockBuilder::buildAnnotationForExternalFunctionArgs( if (!flag) { klee_warning("Annotation: can't align function arguments %s", func->getName().str().c_str()); - return; } - for (size_t i = 0; i < statements.size(); i++) { + for (size_t i = 0; i < std::min(statements.size(), func->arg_size()); i++) { #if LLVM_VERSION_CODE >= LLVM_VERSION(10, 0) const auto arg = func->getArg(i); #else const auto arg = &func->arg_begin()[i]; #endif + size_t offsetIndex = 0; auto statementsMap = unifyByOffset(statements[i]); for (const auto &[offset, statementsOffset] : statementsMap) { auto [prev, elem] = goByOffset(arg, offset); @@ -433,6 +612,11 @@ void MockBuilder::buildAnnotationForExternalFunctionArgs( Statement::Free *freePtr = nullptr; Statement::InitNull *initNullPtr = nullptr; + bool isMocked = false; + std::string mockName = "klee_mock_" + func->getName().str() + "_arg_" + + std::to_string(i) + "_" + + std::to_string(offsetIndex); + for (const auto &statement : statementsOffset) { switch (statement->getKind()) { case Statement::Kind::Deref: { @@ -494,6 +678,36 @@ void MockBuilder::buildAnnotationForExternalFunctionArgs( } break; } + case Statement::Kind::TaintOutput: { + if (!elem->getType()->isPointerTy()) { + klee_error("Annotation: TaintOutput arg is not pointer"); + } + +// if (!isMocked) { +// buildCallKleeMakeMockAll(elem, mockName); +// isMocked = true; +// } + buildAnnotationTaintOutput(elem, statement); + break; + } + case Statement::Kind::TaintPropagation: { + if (!elem->getType()->isPointerTy()) { + klee_error("Annotation: TaintPropagation arg is not pointer"); + } + +// if (!isMocked) { +// buildCallKleeMakeMockAll(elem, mockName); +// isMocked = true; +// } + buildAnnotationTaintPropagation(elem, statement, func, + "_arg_" + std::to_string(i) + "_"); + break; + } + case Statement::Kind::TaintSink: { + buildAnnotationTaintSink(elem, statement, func, + "_arg_" + std::to_string(i) + "_"); + break; + } case Statement::Kind::Unknown: default: klee_message("Annotation: not implemented %s", @@ -505,6 +719,7 @@ void MockBuilder::buildAnnotationForExternalFunctionArgs( buildFree(elem, freePtr); } processingValue(prev, elem->getType(), allocSourcePtr, initNullPtr); + offsetIndex++; } } } @@ -588,6 +803,7 @@ void MockBuilder::buildAnnotationForExternalFunctionReturn( Statement::InitNull *mustInitNull = nullptr; Statement::MaybeInitNull *maybeInitNull = nullptr; + std::vector taintStatements; for (const auto &statement : statements) { switch (statement->getKind()) { case Statement::Kind::Deref: @@ -616,6 +832,12 @@ void MockBuilder::buildAnnotationForExternalFunctionReturn( klee_warning("Annotation: unused \"Free\" for return"); break; } + case Statement::Kind::TaintOutput: + case Statement::Kind::TaintPropagation: + case Statement::Kind::TaintSink: { + taintStatements.push_back(statement); + break; + } case Statement::Kind::Unknown: default: klee_message("Annotation: not implemented %s", @@ -639,7 +861,7 @@ void MockBuilder::buildAnnotationForExternalFunctionReturn( builder->CreateICmpNE(retValue, llvm::ConstantPointerNull::get( llvm::cast(returnType)), - "condition_init_null" + retName); + "condition_init_null_" + retName); auto *kleeAssumeType = llvm::FunctionType::get( llvm::Type::getVoidTy(ctx), {llvm::Type::getInt64Ty(ctx)}, false); @@ -651,6 +873,27 @@ void MockBuilder::buildAnnotationForExternalFunctionReturn( builder->CreateCall(kleeAssumeFunc, {cmpResult64}); } } + + for (const auto &statement : taintStatements) { + switch (statement->getKind()) { + case Statement::Kind::TaintOutput: { + buildAnnotationTaintOutput(retValuePtr, statement); + break; + } + case Statement::Kind::TaintPropagation: { + buildAnnotationTaintPropagation(retValuePtr, statement, func, "_ret_"); + break; + } + case Statement::Kind::TaintSink: { + klee_warning("Annotation: unused TaintSink for return function \"%s\"", + func->getName().str().c_str()); + break; + } + default: + __builtin_unreachable(); + } + } + llvm::Value *retValue = builder->CreateLoad(returnType, retValuePtr, retName); builder->CreateRet(retValue); } diff --git a/lib/Core/SpecialFunctionHandler.cpp b/lib/Core/SpecialFunctionHandler.cpp index cdbd00c84a..aca0f5029f 100644 --- a/lib/Core/SpecialFunctionHandler.cpp +++ b/lib/Core/SpecialFunctionHandler.cpp @@ -116,6 +116,7 @@ static SpecialFunctionHandler::HandlerInfo handlerInfo[] = { add("klee_is_symbolic", handleIsSymbolic, true), add("klee_make_symbolic", handleMakeSymbolic, false), add("klee_make_mock", handleMakeMock, false), + add("klee_make_mock_all", handleMakeMockAll, false), add("klee_mark_global", handleMarkGlobal, false), add("klee_prefer_cex", handlePreferCex, false), add("klee_posix_prefer_cex", handlePosixPreferCex, false), @@ -130,6 +131,12 @@ static SpecialFunctionHandler::HandlerInfo handlerInfo[] = { add("memalign", handleMemalign, true), add("realloc", handleRealloc, true), + add("klee_add_taint", handleAddTaint, false), + add("klee_clear_taint", handleClearTaint, false), + add("klee_check_taint_source", handleCheckTaintSource, true), + add("klee_get_taint_hits", handleGetTaintHits, true), + add("klee_taint_hit", handleTaintHit, false), + #ifdef SUPPORT_KLEE_EH_CXX add("_klee_eh_Unwind_RaiseException_impl", handleEhUnwindRaiseExceptionImpl, false), @@ -802,7 +809,8 @@ void SpecialFunctionHandler::handleRealloc(ExecutionState &state, if (zeroSize.first) { // size == 0 executor.executeFree(*zeroSize.first, PointerExpr::create(addressPointer->getValue(), - addressPointer->getValue()), + addressPointer->getValue(), + addressPointer->getTaint()), target); } if (zeroSize.second) { // size != 0 @@ -1070,6 +1078,71 @@ void SpecialFunctionHandler::handleMakeMock(ExecutionState &state, } } +void SpecialFunctionHandler::handleMakeMockAll( + ExecutionState &state, KInstruction *target, + std::vector> &arguments) { + std::string name; + + if (arguments.size() != 2) { + executor.terminateStateOnUserError(state, + "Incorrect number of arguments to " + "klee_make_mock_all(void*, char*)"); + return; + } + + name = arguments[1]->isZero() + ? "" + : readStringAtAddress(state, executor.makePointer(arguments[1])); + + if (name.empty()) { + executor.terminateStateOnUserError( + state, "Empty name of function in klee_make_mock_all"); + return; + } + + KFunction *kf = target->parent->parent; + + Executor::ExactResolutionList rl; + executor.resolveExact(state, arguments[0], + executor.typeSystemManager->getUnknownType(), rl, + "make_symbolic"); + + for (auto &it : rl) { + ObjectPair op = it.second->addressSpace.findObject(it.first); + const MemoryObject *mo = op.first; + mo->setName(name); + mo->updateTimestamp(); + + const ObjectState *old = op.second; + ExecutionState *s = it.second; + + if (old->readOnly) { + executor.terminateStateOnUserError( + *s, "cannot make readonly object symbolic"); + return; + } + + ref source; + switch (executor.interpreterOpts.MockStrategy) { + case MockStrategyKind::Naive: + source = + SourceBuilder::mockNaive(executor.kmodule.get(), *kf->function(), + executor.updateNameVersion(state, name)); + break; + case MockStrategyKind::Deterministic: + std::vector> args(kf->getNumArgs()); + for (size_t i = 0; i < kf->getNumArgs(); i++) { + args[i] = executor.getArgumentCell(state, kf, i).value; + } + source = SourceBuilder::mockDeterministic(executor.kmodule.get(), + *kf->function(), args); + break; + } + executor.executeMakeSymbolic(state, mo, old->getDynamicType(), source, + false); + } +} + void SpecialFunctionHandler::handleMarkGlobal( ExecutionState &state, KInstruction *target, std::vector> &arguments) { @@ -1214,3 +1287,106 @@ void SpecialFunctionHandler::handleFAbs(ExecutionState &state, ref result = FAbsExpr::create(arguments[0]); executor.bindLocal(target, state, result); } + +void SpecialFunctionHandler::handleAddTaint(klee::ExecutionState &state, + klee::KInstruction *target, + std::vector> &arguments) { + if (arguments.size() != 2) { + executor.terminateStateOnUserError(state, + "Incorrect number of arguments to " + "klee_add_taint(void*, size_t)"); + return; + } + + uint64_t taintSource = dyn_cast(arguments[1])->getZExtValue(); + + ref pointer = executor.makePointer(arguments[0]); + if (auto *p = dyn_cast(arguments[0])) { + if (p->isKnownValue()) { + pointer = + PointerExpr::create(p->getValue(), p->getValue(), p->getTaint()); + } + } + executor.executeChangeTaintSource(state, target, pointer, taintSource, true); +} + +void SpecialFunctionHandler::handleClearTaint( + klee::ExecutionState &state, klee::KInstruction *target, + std::vector> &arguments) { + if (arguments.size() != 2) { + executor.terminateStateOnUserError(state, + "Incorrect number of arguments to " + "klee_clear_taint(void*, size_t)"); + return; + } + + uint64_t taintSource = dyn_cast(arguments[1])->getZExtValue(); + + ref pointer = executor.makePointer(arguments[0]); + if (auto *p = dyn_cast(arguments[0])) { + if (p->isKnownValue()) { + pointer = + PointerExpr::create(p->getValue(), p->getValue(), p->getTaint()); + } + } + executor.executeChangeTaintSource(state, target, pointer, taintSource, false); +} + +void SpecialFunctionHandler::handleCheckTaintSource( + klee::ExecutionState &state, klee::KInstruction *target, + std::vector> &arguments) { + if (arguments.size() != 2) { + executor.terminateStateOnUserError( + state, "Incorrect number of arguments to " + "klee_check_taint_source(void*, size_t)"); + return; + } + + uint64_t taintSource = dyn_cast(arguments[1])->getZExtValue(); + + ref pointer = executor.makePointer(arguments[0]); + if (auto *p = dyn_cast(arguments[0])) { + if (p->isKnownValue()) { + pointer = + PointerExpr::create(p->getValue(), p->getValue(), p->getTaint()); + } + } + executor.executeCheckTaintSource(state, target, pointer, taintSource); +} + +void SpecialFunctionHandler::handleGetTaintHits( + klee::ExecutionState &state, klee::KInstruction *target, + std::vector> &arguments) { + if (arguments.size() != 2) { + executor.terminateStateOnUserError(state, + "Incorrect number of arguments to " + "klee_get_taint_hits(void*, size_t)"); + return; + } + + uint64_t taintSink = dyn_cast(arguments[1])->getZExtValue(); + + ref pointer = executor.makePointer(arguments[0]); + if (auto *p = dyn_cast(arguments[0])) { + if (p->isKnownValue()) { + pointer = + PointerExpr::create(p->getValue(), p->getValue(), p->getTaint()); + } + } + executor.executeGetTaintHits(state, target, pointer, taintSink); +} + +void SpecialFunctionHandler::handleTaintHit(klee::ExecutionState &state, + klee::KInstruction *target, + std::vector> &arguments) { + if (arguments.size() != 2) { + executor.terminateStateOnUserError( + state, + "Incorrect number of arguments to klee_taint_hit(uint64_t, size_t)"); + return; + } + + uint64_t taintHits = dyn_cast(arguments[0])->getZExtValue(); + size_t taintSink = dyn_cast(arguments[1])->getZExtValue(); + executor.terminateStateOnTargetTaintError(state, taintHits, taintSink); +} diff --git a/lib/Core/SpecialFunctionHandler.h b/lib/Core/SpecialFunctionHandler.h index d6a469eca6..301053f93a 100644 --- a/lib/Core/SpecialFunctionHandler.h +++ b/lib/Core/SpecialFunctionHandler.h @@ -130,6 +130,7 @@ class SpecialFunctionHandler { HANDLER(handleIsSymbolic); HANDLER(handleMakeSymbolic); HANDLER(handleMakeMock); + HANDLER(handleMakeMockAll); HANDLER(handleMalloc); HANDLER(handleMemalign); HANDLER(handleMarkGlobal); @@ -181,6 +182,11 @@ class SpecialFunctionHandler { HANDLER(handleNonnullArg); HANDLER(handleNullabilityArg); HANDLER(handlePointerOverflow); + HANDLER(handleAddTaint); + HANDLER(handleClearTaint); + HANDLER(handleCheckTaintSource); + HANDLER(handleGetTaintHits); + HANDLER(handleTaintHit); #undef HANDLER }; } // namespace klee diff --git a/lib/Core/TargetedExecutionManager.cpp b/lib/Core/TargetedExecutionManager.cpp index 2ede8edc64..8b5b9cdda1 100644 --- a/lib/Core/TargetedExecutionManager.cpp +++ b/lib/Core/TargetedExecutionManager.cpp @@ -552,7 +552,8 @@ bool TargetedExecutionManager::reportTruePositive(ExecutionState &state, atLeastOneReported = true; assert(!errorTarget->isReported); - if (errorTarget->isThatError(ReachWithError::Reachable)) { + if (errorTarget->isThatError( + ReachWithError(ReachWithErrorType::Reachable))) { klee_warning("100.00%% %s Reachable at trace %s", getErrorString(error), errorTarget->getId().c_str()); } else { diff --git a/lib/Expr/Expr.cpp b/lib/Expr/Expr.cpp index 15b836bd11..cbf43a0139 100644 --- a/lib/Expr/Expr.cpp +++ b/lib/Expr/Expr.cpp @@ -549,6 +549,19 @@ ref Expr::createFalse() { return ConstantExpr::create(0, Expr::Bool); } +ref Expr::createEmptyTaint() { + return ConstantExpr::create(0, Expr::Int64); +} + +ref Expr::createTaintBySource(uint64_t source) { + return ConstantExpr::create((1 << source), Expr::Int64); +} + +ref Expr::combineTaints(const ref &taintL, + const ref &taintR) { + return OrExpr::create(taintL, taintR); +} + Expr::ByteWidth Expr::getByteWidth() const { return (getWidth() + CHAR_BIT - 1) / CHAR_BIT; } @@ -1694,7 +1707,25 @@ ref SelectExpr::create(ref c, ref t, ref f) { SelectExpr::create(c, truePointer->getBase(), falsePointer->getBase()); ref value = SelectExpr::create(c, truePointer->getValue(), falsePointer->getValue()); - return PointerExpr::create(base, value); + ref taint = SelectExpr::create(c, truePointer->getTaint(), + falsePointer->getTaint()); + return PointerExpr::create(base, value, taint); + } else if (isa(t) && !isa(f)) { + ref truePointer = cast(t); + ref base = SelectExpr::create(c, truePointer->getBase(), + ConstantExpr::create(0, f->getWidth())); + ref value = SelectExpr::create(c, truePointer->getValue(), f); + ref taint = + SelectExpr::create(c, truePointer->getTaint(), createEmptyTaint()); + return PointerExpr::create(base, value, taint); + } else if (!isa(t) && isa(f)) { + ref falsePointer = cast(f); + ref base = SelectExpr::create( + c, ConstantExpr::create(0, t->getWidth()), falsePointer->getBase()); + ref value = SelectExpr::create(c, t, falsePointer->getValue()); + ref taint = + SelectExpr::create(c, createEmptyTaint(), falsePointer->getTaint()); + return PointerExpr::create(base, value, taint); } else if (!isa(t) && isa(f)) { return SelectExpr::alloc(Expr::createIsZero(c), f, t); } @@ -1768,6 +1799,11 @@ ref Expr::getValue() const { : const_cast(this); } +ref Expr::getTaint() const { + return isa(this) ? cast(this)->getTaint() + : cast(Expr::createEmptyTaint()); +} + ref convolution(const ref &l, const ref &r) { ref null = ConstantExpr::create(0, l->getWidth()); return SelectExpr::create(EqExpr::create(l, r), l, null); @@ -1797,7 +1833,8 @@ ref ConcatExpr::create(const ref &l, const ref &r) { if (PointerExpr *ee_right = dyn_cast(r)) { return PointerExpr::create( convolution(ee_left->getBase(), ee_right->getBase()), - ConcatExpr::create(ee_left->getValue(), ee_right->getValue())); + ConcatExpr::create(ee_left->getValue(), ee_right->getValue()), + ee_left->combineTaints(ee_right)); } } @@ -1849,7 +1886,8 @@ ref ExtractExpr::create(ref expr, unsigned off, Width w) { return CE->Extract(off, w); } else if (PointerExpr *pe = dyn_cast(expr)) { return PointerExpr::create(pe->getBase(), - ExtractExpr::create(pe->getValue(), off, w)); + ExtractExpr::create(pe->getValue(), off, w), + pe->getTaint()); } else { // Extract(Concat) if (ConcatExpr *ce = dyn_cast(expr)) { @@ -1916,8 +1954,8 @@ ref ZExtExpr::create(const ref &e, Width w) { } else if (ConstantExpr *CE = dyn_cast(e)) { return CE->ZExt(w); } else if (PointerExpr *pe = dyn_cast(e)) { - return PointerExpr::create(pe->getBase(), - ZExtExpr::create(pe->getValue(), w)); + return PointerExpr::create( + pe->getBase(), ZExtExpr::create(pe->getValue(), w), pe->getTaint()); } else if (SelectExpr *se = dyn_cast(e)) { if (isa(se->trueExpr)) { return SelectExpr::create(se->cond, ZExtExpr::create(se->trueExpr, w), @@ -1937,8 +1975,8 @@ ref SExtExpr::create(const ref &e, Width w) { } else if (ConstantExpr *CE = dyn_cast(e)) { return CE->SExt(w); } else if (PointerExpr *pe = dyn_cast(e)) { - return PointerExpr::create(pe->getBase(), - SExtExpr::create(pe->getValue(), w)); + return PointerExpr::create( + pe->getBase(), SExtExpr::create(pe->getValue(), w), pe->getTaint()); } else if (SelectExpr *se = dyn_cast(e)) { if (isa(se->trueExpr)) { return SelectExpr::create(se->cond, SExtExpr::create(se->trueExpr, w), @@ -2049,7 +2087,8 @@ static ref AddExpr_createPartial(Expr *l, const ref &cr) { } static ref AddExpr_createPointerR(const ref &pl, Expr *r) { - return PointerExpr::create(pl->getBase(), AddExpr::create(pl->getValue(), r)); + return PointerExpr::create(pl->getBase(), AddExpr::create(pl->getValue(), r), + pl->getTaint()); } static ref AddExpr_createPointer(Expr *l, const ref &pr) { @@ -2110,11 +2149,13 @@ static ref SubExpr_createPartial(Expr *l, const ref &cr) { } static ref SubExpr_createPointerR(const ref &pl, Expr *r) { - return PointerExpr::create(pl->getBase(), SubExpr::create(pl->getValue(), r)); + return PointerExpr::create(pl->getBase(), SubExpr::create(pl->getValue(), r), + pl->getTaint()); } static ref SubExpr_createPointer(Expr *l, const ref &pr) { - return PointerExpr::create(pr->getBase(), SubExpr::create(l, pr->getValue())); + return PointerExpr::create(pr->getBase(), SubExpr::create(l, pr->getValue()), + pr->getTaint()); } static ref SubExpr_create(Expr *l, Expr *r) { @@ -2174,7 +2215,8 @@ static ref MulExpr_createPartial(Expr *l, const ref &cr) { } static ref MulExpr_createPointerR(const ref &pl, Expr *r) { - return PointerExpr::create(pl->getBase(), MulExpr::create(pl->getValue(), r)); + return PointerExpr::create(pl->getBase(), MulExpr::create(pl->getValue(), r), + pl->getTaint()); } static ref MulExpr_createPointer(Expr *l, const ref &pr) { @@ -2205,7 +2247,8 @@ static ref AndExpr_createPartialR(const ref &cl, Expr *r) { } static ref AndExpr_createPointerR(const ref &pl, Expr *r) { - return PointerExpr::create(pl->getBase(), AndExpr::create(pl->getValue(), r)); + return PointerExpr::create(pl->getBase(), AndExpr::create(pl->getValue(), r), + pl->getTaint()); } static ref AndExpr_createPointer(Expr *l, const ref &pr) { @@ -2233,7 +2276,8 @@ static ref OrExpr_createPartialR(const ref &cl, Expr *r) { } static ref OrExpr_createPointerR(const ref &pl, Expr *r) { - return PointerExpr::create(pl->getBase(), OrExpr::create(pl->getValue(), r)); + return PointerExpr::create(pl->getBase(), OrExpr::create(pl->getValue(), r), + pl->getTaint()); } static ref OrExpr_createPointer(Expr *l, const ref &pr) { @@ -2262,7 +2306,8 @@ static ref XorExpr_createPartial(Expr *l, const ref &cr) { } static ref XorExpr_createPointerR(const ref &pl, Expr *r) { - return PointerExpr::create(pl->getBase(), XorExpr::create(pl->getValue(), r)); + return PointerExpr::create(pl->getBase(), XorExpr::create(pl->getValue(), r), + pl->getTaint()); } static ref XorExpr_createPointer(Expr *l, const ref &pr) { @@ -2424,9 +2469,11 @@ static ref AShrExpr_create(const ref &l, const ref &r) { if (PointerExpr *pl = dyn_cast(l)) { \ if (PointerExpr *pr = dyn_cast(r)) \ return pl->_op(pr); \ - return _e_op::create(pl->getValue(), r); \ + return PointerExpr::create( \ + pl->getBase(), _e_op::create(pl->getValue(), r), pl->getTaint()); \ } else if (PointerExpr *pr = dyn_cast(r)) { \ - return _e_op::create(l, pr->getValue()); \ + return PointerExpr::create( \ + pr->getBase(), _e_op::create(l, pr->getValue()), pr->getTaint()); \ } \ if (ConstantExpr *cl = dyn_cast(l)) \ if (ConstantExpr *cr = dyn_cast(r)) \ @@ -2864,14 +2911,17 @@ ref IsSubnormalExpr::either(const ref &e0, const ref &e1) { /***/ -ref PointerExpr::create(const ref &b, const ref &v) { +ref PointerExpr::create(const ref &b, const ref &v, + const ref &t) { assert(!isa(b)); assert(!isa(v)); - if (isa(b) && isa(v)) { - return ConstantPointerExpr::create(cast(b), - cast(v)); + assert(!isa(t)); + + if (isa(b) && isa(v) && isa(t)) { + return ConstantPointerExpr::create( + cast(b), cast(v), cast(t)); } else { - return PointerExpr::alloc(b, v); + return PointerExpr::alloc(b, v, t); } } @@ -2913,10 +2963,12 @@ ref PointerExpr::create(const ref &expr) { } ref ConstantPointerExpr::create(const ref &b, - const ref &v) { + const ref &v, + const ref &t) { assert(!isa(b)); assert(!isa(v)); - return ConstantPointerExpr::alloc(b, v); + assert(!isa(t)); + return ConstantPointerExpr::alloc(b, v, t); } #define BCREATE_P(_e_op, _op) \ @@ -2926,14 +2978,22 @@ ref ConstantPointerExpr::create(const ref &b, if (!RHS->isKnownValue()) { \ return _e_op::create(getValue(), RHS->getValue()); \ } else { \ - return PointerExpr::create( \ - getBase(), _e_op::create(getValue(), RHS->getValue())); \ + return PointerExpr::create(getBase(), \ + _e_op::create(getValue(), RHS->getValue()), \ + combineTaints(RHS)); \ } \ } else if (!RHS->isKnownValue()) { \ return PointerExpr::create(RHS->getBase(), \ - _e_op::create(getValue(), RHS->getValue())); \ + _e_op::create(getValue(), RHS->getValue()), \ + combineTaints(RHS)); \ } else { \ - return _e_op::create(getValue(), RHS->getValue()); \ + auto value = _e_op::create(getValue(), RHS->getValue()); \ + if (getTaint()->isZero() && RHS->getTaint()->isZero()) { \ + return value; \ + } else { \ + return PointerExpr::create(ConstantExpr::create(0, value->getWidth()), \ + value, combineTaints(RHS)); \ + } \ } \ } @@ -2952,7 +3012,8 @@ BCREATE_P(LShrExpr, LShr) BCREATE_P(AShrExpr, AShr) ref PointerExpr::Not() { - return PointerExpr::create(getBase(), NotExpr::create(getValue())); + return PointerExpr::create(getBase(), NotExpr::create(getValue()), + getTaint()); } ref PointerExpr::Eq(const ref &RHS) { diff --git a/lib/Module/Annotation.cpp b/lib/Module/Annotation.cpp index c4e5173410..ad9ab16c06 100644 --- a/lib/Module/Annotation.cpp +++ b/lib/Module/Annotation.cpp @@ -7,6 +7,7 @@ //===----------------------------------------------------------------------===// #include "klee/Module/Annotation.h" +#include "klee/Module/TaintAnnotation.h" #include "klee/Support/ErrorHandling.h" #include "klee/Support/CompilerWarning.h" @@ -19,6 +20,8 @@ DISABLE_WARNING_POP #include +#include + namespace klee { static inline std::string toLower(const std::string &str) { @@ -136,13 +139,80 @@ Free::Free(const std::string &str) : Unknown(str) { Kind Free::getKind() const { return Kind::Free; } +Taint::Taint(const std::string &str) : Unknown(str) { + taintType = rawValue.substr(0, rawValue.find(':')); + if (taintType.empty()) { + klee_error("Annotation Taint: Incorrect value format, must has taint type"); + } +} + +Kind Taint::getKind() const { return Unknown::getKind(); } + +std::string Taint::getTaintType() const { return taintType; } + +std::string Taint::getTaintTypeAsLower() const { return toLower(taintType); } + +/* + * Format: TaintOutput:{offset}:{type} + */ + +TaintOutput::TaintOutput(const std::string &str) : Taint(str) {} + +Kind TaintOutput::getKind() const { return Kind::TaintOutput; } + +/* + * Format: TaintPropagation:{offset}:{type}:{data} + */ + +TaintPropagation::TaintPropagation(const std::string &str) : Taint(str) { + const size_t colonPos = rawValue.find(':'); + const std::string rawData = + (colonPos == std::string::npos) + ? std::string() + : rawValue.substr(colonPos + 1, std::string::npos); + + if (rawData.empty()) { + klee_error("Annotation TaintPropagation: Incorrect value %s format, must " + "be :", + rawValue.c_str()); + } + + char *end = nullptr; + size_t propagationParameterData = strtoul(rawData.c_str(), &end, 10); + if (*end != '\0' || errno == ERANGE) { + klee_error("Annotation TaintPropagation: Incorrect value %s format, must " + "be :", + rawValue.c_str()); + } + + if (propagationParameterData == 0) { + klee_error("Annotation TaintPropagation: Incorrect value %s, data for " + "propagation must be >= 1", + rawValue.c_str()); + } + propagationParameterIndex = propagationParameterData - 1; +} + +Kind TaintPropagation::getKind() const { return Kind::TaintPropagation; } + +/* + * Format: TaintSink:{offset}:{type} + */ + +TaintSink::TaintSink(const std::string &str) : Taint(str) {} + +Kind TaintSink::getKind() const { return Kind::TaintSink; } + const std::map StringToKindMap = { {"deref", Statement::Kind::Deref}, {"initnull", Statement::Kind::InitNull}, {"maybeinitnull", Statement::Kind::MaybeInitNull}, {"allocsource", Statement::Kind::AllocSource}, {"freesource", Statement::Kind::Free}, - {"freesink", Statement::Kind::Free}}; + {"freesink", Statement::Kind::Free}, + {"taintoutput", Statement::Kind::TaintOutput}, + {"taintpropagation", Statement::Kind::TaintPropagation}, + {"taintsink", Statement::Kind::TaintSink}}; inline Statement::Kind stringToKind(const std::string &str) { auto it = StringToKindMap.find(toLower(str)); @@ -167,6 +237,12 @@ Ptr stringToKindPtr(const std::string &str) { return std::make_shared(str); case Statement::Kind::Free: return std::make_shared(str); + case Statement::Kind::TaintOutput: + return std::make_shared(str); + case Statement::Kind::TaintPropagation: + return std::make_shared(str); + case Statement::Kind::TaintSink: + return std::make_shared(str); } } diff --git a/lib/Module/AnnotationsData.cpp b/lib/Module/AnnotationsData.cpp new file mode 100644 index 0000000000..e560503df0 --- /dev/null +++ b/lib/Module/AnnotationsData.cpp @@ -0,0 +1,13 @@ +#include "klee/Module/AnnotationsData.h" + +namespace klee { + +klee::AnnotationsData::AnnotationsData(const std::string &annotationsFile, + const std::string &taintAnnotationsFile) + : taintAnnotation(taintAnnotationsFile) { + annotations = parseAnnotations(annotationsFile); +} + +AnnotationsData::~AnnotationsData() = default; + +} // namespace klee diff --git a/lib/Module/CMakeLists.txt b/lib/Module/CMakeLists.txt index 65cccdcc68..7e0383cf67 100644 --- a/lib/Module/CMakeLists.txt +++ b/lib/Module/CMakeLists.txt @@ -8,6 +8,7 @@ #===------------------------------------------------------------------------===# set(KLEE_MODULE_COMPONENT_SRCS Annotation.cpp + AnnotationsData.cpp CallSplitter.cpp CallRemover.cpp Checks.cpp @@ -30,6 +31,7 @@ set(KLEE_MODULE_COMPONENT_SRCS ReturnLocationFinderPass.cpp ReturnSplitter.cpp SarifReport.cpp + TaintAnnotation.cpp Target.cpp TargetHash.cpp TargetForest.cpp diff --git a/lib/Module/SarifReport.cpp b/lib/Module/SarifReport.cpp index 728e775c24..f3ac77966c 100644 --- a/lib/Module/SarifReport.cpp +++ b/lib/Module/SarifReport.cpp @@ -55,70 +55,78 @@ tryConvertRuleJson(const std::string &ruleId, const std::string &toolName, const std::optional &errorMessage) { if (toolName == "SecB") { if ("NullDereference" == ruleId) { - return {ReachWithError::MustBeNullPointerException}; + return {ReachWithError(ReachWithErrorType::MustBeNullPointerException)}; } else if ("CheckAfterDeref" == ruleId) { - return {ReachWithError::NullCheckAfterDerefException}; + return {ReachWithError(ReachWithErrorType::NullCheckAfterDerefException)}; } else if ("DoubleFree" == ruleId) { - return {ReachWithError::DoubleFree}; + return {ReachWithError(ReachWithErrorType::DoubleFree)}; } else if ("UseAfterFree" == ruleId) { - return {ReachWithError::UseAfterFree}; + return {ReachWithError(ReachWithErrorType::UseAfterFree)}; } else if ("Reached" == ruleId) { - return {ReachWithError::Reachable}; + return {ReachWithError(ReachWithErrorType::Reachable)}; } else { - return {}; + return {ReachWithError(ReachWithErrorType::MaybeTaint, ruleId)}; } } else if (toolName == "clang") { if ("core.NullDereference" == ruleId) { - return {ReachWithError::MayBeNullPointerException, - ReachWithError::MustBeNullPointerException}; + return {ReachWithError(ReachWithErrorType::MayBeNullPointerException), + ReachWithError(ReachWithErrorType::MustBeNullPointerException)}; } else if ("unix.Malloc" == ruleId) { if (errorMessage.has_value()) { if (errorMessage->text == "Attempt to free released memory") { - return {ReachWithError::DoubleFree}; + return {ReachWithError(ReachWithErrorType::DoubleFree)}; } else if (errorMessage->text == "Use of memory after it is freed") { - return {ReachWithError::UseAfterFree}; + return {ReachWithError(ReachWithErrorType::UseAfterFree)}; } else { return {}; } } else { - return {ReachWithError::UseAfterFree, ReachWithError::DoubleFree}; + return {ReachWithError(ReachWithErrorType::UseAfterFree), + ReachWithError(ReachWithErrorType::DoubleFree)}; } } else if ("core.Reach" == ruleId) { - return {ReachWithError::Reachable}; + return {ReachWithError(ReachWithErrorType::Reachable)}; } else { - return {}; + return {ReachWithError(ReachWithErrorType::MaybeTaint, ruleId)}; } } else if (toolName == "CppCheck") { if ("nullPointer" == ruleId || "ctunullpointer" == ruleId) { - return {ReachWithError::MayBeNullPointerException, - ReachWithError::MustBeNullPointerException}; // TODO: check it out + return { + ReachWithError(ReachWithErrorType::MayBeNullPointerException), + ReachWithError( + ReachWithErrorType::MustBeNullPointerException)}; // TODO: check + // it out } else if ("doubleFree" == ruleId) { - return {ReachWithError::DoubleFree}; + return {ReachWithError(ReachWithErrorType::DoubleFree)}; } else { - return {}; + return {ReachWithError(ReachWithErrorType::MaybeTaint, ruleId)}; } } else if (toolName == "Infer") { if ("NULL_DEREFERENCE" == ruleId || "NULLPTR_DEREFERENCE" == ruleId) { - return {ReachWithError::MayBeNullPointerException, - ReachWithError::MustBeNullPointerException}; // TODO: check it out + return { + ReachWithError(ReachWithErrorType::MayBeNullPointerException), + ReachWithError( + ReachWithErrorType::MustBeNullPointerException)}; // TODO: check + // it out } else if ("USE_AFTER_DELETE" == ruleId || "USE_AFTER_FREE" == ruleId) { - return {ReachWithError::UseAfterFree, ReachWithError::DoubleFree}; + return {ReachWithError(ReachWithErrorType::UseAfterFree), + ReachWithError(ReachWithErrorType::DoubleFree)}; } else { - return {}; + return {ReachWithError(ReachWithErrorType::MaybeTaint, ruleId)}; } } else if (toolName == "Cooddy") { if ("NULL.DEREF" == ruleId || "NULL.UNTRUSTED.DEREF" == ruleId) { - return {ReachWithError::MayBeNullPointerException, - ReachWithError::MustBeNullPointerException}; + return {ReachWithError(ReachWithErrorType::MayBeNullPointerException), + ReachWithError(ReachWithErrorType::MustBeNullPointerException)}; } else if ("MEM.DOUBLE.FREE" == ruleId) { - return {ReachWithError::DoubleFree}; + return {ReachWithError(ReachWithErrorType::DoubleFree)}; } else if ("MEM.USE.FREE" == ruleId) { - return {ReachWithError::UseAfterFree}; + return {ReachWithError(ReachWithErrorType::UseAfterFree)}; } else { - return {}; + return {ReachWithError(ReachWithErrorType::MaybeTaint, ruleId)}; } } else { - return {}; + return {ReachWithError(ReachWithErrorType::MaybeTaint, ruleId)}; } } @@ -127,7 +135,7 @@ std::optional tryConvertResultJson(const ResultJson &resultJson, const std::string &id) { std::vector errors = {}; if (!resultJson.ruleId.has_value()) { - errors = {ReachWithError::Reachable}; + errors = {ReachWithError(ReachWithErrorType::Reachable)}; } else { errors = tryConvertRuleJson(*resultJson.ruleId, toolName, resultJson.message); @@ -184,8 +192,27 @@ static const char *ReachWithErrorNames[] = { "None", }; +ReachWithError::ReachWithError(ReachWithErrorType type, + std::optional data) + : type(type), data(std::move(data)) {} + +bool ReachWithError::operator==(const ReachWithError &other) const { + if (type == other.type && ReachWithErrorType::MaybeTaint == type) { + return data == other.data; + } + return (type == other.type); +} + +bool ReachWithError::operator!=(const ReachWithError &other) const { + return !(*this == other); +} + +bool ReachWithError::operator<(const ReachWithError &other) const { + return type < other.type; +} + const char *getErrorString(ReachWithError error) { - return ReachWithErrorNames[error]; + return ReachWithErrorNames[error.type]; } std::string getErrorsString(const std::vector &errors) { diff --git a/lib/Module/TaintAnnotation.cpp b/lib/Module/TaintAnnotation.cpp new file mode 100644 index 0000000000..b019cca5cd --- /dev/null +++ b/lib/Module/TaintAnnotation.cpp @@ -0,0 +1,63 @@ +#include "klee/Module/TaintAnnotation.h" +#include "klee/Support/ErrorHandling.h" + +#include + +namespace klee { + +TaintAnnotation::TaintAnnotation(const std::string &path) { + if (path.empty()) { + return; + } + + std::ifstream taintAnnotationsFile(path); + if (!taintAnnotationsFile.good()) { + klee_error("Taint annotation: Opening %s failed.", path.c_str()); + } + json taintAnnotationsJson = json::parse(taintAnnotationsFile, nullptr, false); + if (taintAnnotationsJson.is_discarded()) { + klee_error("Taint annotation: Parsing JSON %s failed.", path.c_str()); + } + + std::set sourcesStr; + std::set rulesStr; + for (auto &item : taintAnnotationsJson.items()) { + if (!item.value().is_array()) { + klee_error("Taint annotations: Incorrect file format"); + } + for (auto &taintHitJson : item.value()) { + sourcesStr.insert(taintHitJson["source"]); + rulesStr.insert(taintHitJson["rule"]); + } + } + + rules = std::vector(rulesStr.begin(), rulesStr.end()); + std::map rulesMap; + for (size_t i = 0; i < rules.size(); ++i) { + rulesMap[rules[i]] = i; + } + + size_t sourcesCounter = 0; + for (auto &sourceStr : sourcesStr) { + sources[sourceStr] = sourcesCounter; + sourcesCounter++; + } + + size_t sinksCounter = 0; + for (auto &item : taintAnnotationsJson.items()) { + sinks[item.key()] = sinksCounter; + if (!item.value().is_array()) { + klee_error("Taint annotations: Incorrect file format"); + } + + std::map hitsForSink; + for (auto &taintHitJson : item.value()) { + hitsForSink[sources[taintHitJson["source"]]] = + rulesMap[taintHitJson["rule"]]; + } + hits[sinksCounter] = hitsForSink; + sinksCounter++; + } +} + +} // namespace klee diff --git a/runtime/Runtest/intrinsics.c b/runtime/Runtest/intrinsics.c index 16766ca91f..ee4822af44 100644 --- a/runtime/Runtest/intrinsics.c +++ b/runtime/Runtest/intrinsics.c @@ -11,12 +11,11 @@ #include #include +#include #include #include #include -#include #include -#include #include "klee/klee.h" @@ -165,6 +164,14 @@ void klee_make_mock(void *ret_array, size_t ret_nbytes, const char *fname) { klee_make_symbol(ret_array, ret_nbytes, fname); } +// TODO: add for tests +//void klee_make_mock_all(void *ret_array, const char *fname) {} +//void klee_add_taint(void *array, size_t taint_source) {} +//void klee_clear_taint(void *array, size_t taint_source) {} +//bool klee_check_taint_source(void *array, size_t taint_source) {} +//uint64_t klee_get_taint_hits(void *array, size_t taint_sink) {} +//void klee_taint_hit(uint64_t taint_hits, size_t taint_sink) {} + void klee_silent_exit(int x) { exit(x); } uintptr_t klee_choose(uintptr_t n) { diff --git a/scripts/cooddy_annotations.py b/scripts/cooddy_annotations.py new file mode 100755 index 0000000000..fb192a626d --- /dev/null +++ b/scripts/cooddy_annotations.py @@ -0,0 +1,95 @@ +#!/bin/python3 + +import json +import re +from argparse import ArgumentParser + +Cooddy_name_pattern = re.compile(r"^(?P.*)\((?P[^()]*)\)$") + + +def getNames(name: str): + m = Cooddy_name_pattern.fullmatch(name) + if m: + return m.group("name"), m.group("mangled_name") + return name, name + + +def transform_annotation_with_taint_statements(annotation, func_name): + transformed_annotation = [] + for i, annotation_for_param in enumerate(annotation): + transformed_annotation_for_param = [] + for st in annotation_for_param: + statement = st.split(':') + st_len = len(statement) + assert(st_len <= 3) + + transformed_statement = st + if statement[0] == "TaintOutput": + if st_len > 1: + print("For TaintOutput in {} annotation elem #{} " + + "ignore offset and data from cooddy annotations file".format(func_name, i)) + transformed_statement = "TaintOutput::UntrustedSource" + elif statement[0] == "TaintPropagation": + if st_len == 2: + print("TaintPropagation in {} annotation elem #{} misprint".format(func_name, i)) + transformed_statement = "TaintPropagation::UntrustedSource:{}".format(statement[1]) + elif st_len == 3: + if statement[1] != "": + print("For TaintPropagation in {} annotation elem #{} " + + "ignore offset from cooddy annotations file".format(func_name, i)) + transformed_statement = "TaintPropagation::UntrustedSource:{}".format(statement[2]) + elif statement[0] == "SensitiveDataSource": + if st_len != 1: + print("For SensitiveDataSource in {} annotation elem #{} " + + "ignore offset and data from cooddy annotations file".format(func_name, i)) + transformed_statement = "TaintOutput::SensitiveDataSource" + elif statement[0] == "Execute": + if st_len != 1: + print("For Execute in {} annotation elem #{} " + + "ignore offset and data from cooddy annotations file".format(func_name, i)) + transformed_statement = "TaintSink::Execute" + elif statement[0] == "FormatString": + if st_len != 1: + print("For FormatString in {} annotation elem #{} " + + "ignore offset and data from cooddy annotations file".format(func_name, i)) + transformed_statement = "TaintSink::FormatString" + elif statement[0] == "SensitiveDataLeak": + if st_len != 1: + print("For SensitiveDataLeak in {} annotation elem #{} " + + "ignore offset and data from cooddy annotations file".format(func_name, i)) + transformed_statement = "TaintSink::SensitiveDataLeak" + + transformed_annotation_for_param.append(transformed_statement) + transformed_annotation.append(transformed_annotation_for_param) + + return transformed_annotation + + +def transform(utbot_json, coody_json, with_taints): + for coody_name, annotation in coody_json.items(): + funcName, mangledName = getNames(coody_name) + if (with_taints): + annotation = transform_annotation_with_taint_statements(annotation, funcName) + utbot_json[mangledName] = {"name": funcName, "annotation": annotation, "properties": []} + + +def main(): + parser = ArgumentParser( + prog='cooddy_annotations.py', + description='This script transforms .json annotations used by Cooddy static analyzer into annotations understandable by KLEE') + parser.add_argument('filenames', metavar='Path', nargs='+', help="Cooddy annotation .json file path") + parser.add_argument('Output', help="Target file path for produced KLEE annotation") + parser.add_argument('--taint', action='store_true', help="Enable processing of annotations associated with taint analysis " + + "(needed if you want to use taint analysis)") + args = parser.parse_args() + utbot_json = dict() + for filename in args.filenames: + with open(filename) as file: + j = json.load(file) + transform(utbot_json, j, args.taint) + with open(args.Output, 'w') as file: + json.dump(utbot_json, file, indent=" ") + + +if __name__ == "__main__": + main() diff --git a/test/Feature/TaintTest.cpp b/test/Feature/TaintTest.cpp new file mode 100644 index 0000000000..9f7deb516a --- /dev/null +++ b/test/Feature/TaintTest.cpp @@ -0,0 +1,12 @@ +// RUN: %clangxx %s -emit-llvm %O0opt -c -o %t1.bc +// RUN: rm -rf %t.klee-out +// RUN: %klee --output-dir=%t.klee-out --cex-cache-validity-cores --solver-backend=z3 --check-out-of-memory --suppress-external-warnings --libc=klee --skip-not-lazy-initialized --external-calls=all --output-source=true --output-istats=false --output-stats=false --max-time=1200s --max-sym-size-alloc=32 --max-forks=6400 --max-solver-time=5s --smart-resolve-entry-function --extern-calls-can-return-null --align-symbolic-pointers=false --use-lazy-initialization=only --min-number-elements-li=18 --use-sym-size-li=false --rewrite-equalities=simple --symbolic-allocation-threshold=2048 --search=random-path --max-memory=16000 --mock-mutable-globals=all --mock-strategy=naive --mock-policy=all --annotate-only-external=false --annotations=%annotations --taint-annotations=%taint_annotations %t1.bc + +#include +#include + +int main() +{ + const char *libvar = std::getenv("PATH"); + printf(libvar); +} diff --git a/test/lit.cfg b/test/lit.cfg index 94c94e0059..91001edcda 100644 --- a/test/lit.cfg +++ b/test/lit.cfg @@ -189,6 +189,10 @@ config.substitutions.append( ('%annotations', os.path.join(klee_src_root, 'configs/annotations.json')) ) +config.substitutions.append( + ('%taint_annotations', os.path.join(klee_src_root, 'configs/taint-annotations.json')) +) + config.substitutions.append( ('%testcomp_defs', os.path.join(klee_src_root, 'include/klee-test-comp.c')) ) diff --git a/tools/klee/main.cpp b/tools/klee/main.cpp index 48d1f85c06..ece517e5eb 100644 --- a/tools/klee/main.cpp +++ b/tools/klee/main.cpp @@ -15,6 +15,7 @@ #include "klee/Core/Context.h" #include "klee/Core/Interpreter.h" #include "klee/Core/TargetedExecutionReporter.h" +#include "klee/Module/AnnotationsData.h" #include "klee/Module/LocationInfo.h" #include "klee/Module/SarifReport.h" #include "klee/Module/TargetForest.h" @@ -404,13 +405,19 @@ cl::opt MockMutableGlobals( cl::opt AnnotationsFile("annotations", cl::desc("Path to the annotation JSON file"), - cl::value_desc("path file"), cl::cat(MockCat)); + cl::init(std::string()), cl::value_desc("path file"), + cl::cat(MockCat)); cl::opt AnnotateOnlyExternal( "annotate-only-external", cl::desc("Ignore annotations for defined function (default=false)"), cl::init(false), cl::cat(MockCat)); +cl::opt + TaintAnnotationsFile("taint-annotations", cl::init(std::string()), + cl::desc("Path to the taint annotations JSON file"), + cl::value_desc("path file"), cl::cat(MockCat)); + enum class SAMultiplexKind { None, Traces, @@ -1080,6 +1087,8 @@ static const char *modelledExternals[] = { "klee_get_valuef", "klee_get_valued", "klee_get_valuel", "klee_get_valuell", "klee_get_value_i32", "klee_get_value_i64", "klee_get_obj_size", "klee_is_symbolic", "klee_make_symbolic", "klee_make_mock", + "klee_make_mock_all", "klee_add_taint", "klee_clear_taint", + "klee_check_taint_source", "klee_get_taint_hits", "klee_taint_hit", "klee_mark_global", "klee_open_merge", "klee_close_merge", "klee_prefer_cex", "klee_posix_prefer_cex", "klee_print_expr", "klee_print_range", "klee_report_error", "klee_set_forking", @@ -2172,7 +2181,6 @@ int main(int argc, char **argv, char **envp) { LibraryDir, EntryPoint, opt_suffix, /*MainCurrentName=*/EntryPoint, /*MainNameAfterMock=*/"__klee_mock_wrapped_main", - /*AnnotationsFile=*/AnnotationsFile, /*Optimize=*/OptimizeModule, /*Simplify*/ SimplifyModule, /*CheckDivZero=*/CheckDivZero, @@ -2382,6 +2390,8 @@ int main(int argc, char **argv, char **envp) { IOpts.Mock = Mock; IOpts.MockStrategy = MockStrategy; IOpts.MockMutableGlobals = MockMutableGlobals; + IOpts.AnnotationsFile = AnnotationsFile; + IOpts.TaintAnnotationsFile = TaintAnnotationsFile; std::unique_ptr interpreter( Interpreter::create(ctx, IOpts, handler.get()));