New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Interprocedural Taint Analysis #254

Open

jubnzv opened this issue Jan 24, 2025 · 0 comments

Assignees

Labels

area:ir enhancement

Milestone

Member

jubnzv commented Jan 24, 2025

We should define a path-sensitive interprocedural analysis suitable to be used in all the detectors and store it to the IR:

path-sensitivity is required since detectors like UnprotectedCall (New detector: UnprotectedCall #235) need access to paths in order to check if taints are guarded in conditions
consider receivers and their arguments as entry points and taints
track contract fields as a source of taint (without path sensitivity)
to handle loops I would use limited unrolling and approximate results (accepting partial loss of path information)

The suitable approach seems to be using IFDS as described in the original paper which should be extended with path-sensitive tracking where required.

The text was updated successfully, but these errors were encountered:

jubnzv added area:ir enhancement labels

jubnzv added this to the v0.8 milestone

jubnzv self-assigned this

jubnzv mentioned this issue

UnprotectedCall: Path-sensitive IPA #255

Open

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment