Example program:
x = random()
tainted = x.__taint__()
if tainted:
Taint().sink("foo")
else:
passExpected: Taint().sink("foo") to generate a report that there is a flow from the tainted variable to the sink.
Actual: nothing reported
The following does, strangely enough, work:
class A:
pass
x = random()
tainted = x.__taint__()
if tainted:
Taint().sink(A())
else:
passand so does:
x = random()
tainted = x.__taint__()
if tainted:
m = "foo"
Taint().sink(m)
else:
pass
Example program:
Expected:
Taint().sink("foo")to generate a report that there is a flow from thetaintedvariable to the sink.Actual: nothing reported
The following does, strangely enough, work:
and so does: