From 01970c7d28489b175fb895bbcd5d692f455cd4bb Mon Sep 17 00:00:00 2001 From: Maria Date: Fri, 1 Dec 2023 20:58:54 +0300 Subject: [PATCH 01/28] Add klee taint special function --- include/klee/klee.h | 37 +++++++++++++++++ lib/Core/SpecialFunctionHandler.cpp | 63 +++++++++++++++++++++++++++++ lib/Core/SpecialFunctionHandler.h | 4 ++ runtime/Runtest/intrinsics.c | 9 ++++- tools/klee/main.cpp | 1 + 5 files changed, 112 insertions(+), 2 deletions(-) diff --git a/include/klee/klee.h b/include/klee/klee.h index 3323fb7151..ecb449471d 100644 --- a/include/klee/klee.h +++ b/include/klee/klee.h @@ -12,6 +12,7 @@ #include "stddef.h" #include "stdint.h" +#include "stdbool.h" #ifdef __cplusplus extern "C" { @@ -36,6 +37,42 @@ void *klee_define_fixed_object(void *addr, size_t nbytes); */ void klee_make_symbolic(void *addr, size_t nbytes, const char *name); +/* klee_add_taint - Add taint \arg taint_type for the contents + * of the object pointer to \arg addr. + * + * \arg addr - The start of the object. + * \arg nbytes - The number of bytes to set taint type; currently this *must* + * be the entire contents of the object. + * \arg taint_type - Taint type. + */ +void klee_add_taint(void *array, size_t nbytes, size_t taint_type) {} + +/* klee_clear_taint - Clear the contents of the object pointer to \arg addr + * of the taint \arg taint_type. + * + * \arg addr - The start of the object. + * \arg nbytes - The number of bytes to set taint type; currently this *must* + * be the entire contents of the object. + * \arg taint_type - Taint type. + */ +void klee_clear_taint(void *array, size_t nbytes, size_t taint_type) {} + +/* klee_check_taint - Check that the contents of the object pointer + * to \arg addr causes a taint sink \arg taint_sink hit. + * + * \arg addr - The start of the object. + * \arg nbytes - The number of bytes to set taint type; currently this *must* + * be the entire contents of the object. + * \arg taint_sink - Taint sink. + */ +bool klee_check_taint(void *array, size_t nbytes, size_t taint_sink); + +/* klee_taint_sink_hit - Execute taint sink \arg taint_sink hit. + * + * \arg taint_sink - Taint sink. + */ +void klee_taint_sink_hit(size_t taint_sink); + /* klee_range - Construct a symbolic value in the signed interval * [begin,end). * diff --git a/lib/Core/SpecialFunctionHandler.cpp b/lib/Core/SpecialFunctionHandler.cpp index cdbd00c84a..0217eb73ef 100644 --- a/lib/Core/SpecialFunctionHandler.cpp +++ b/lib/Core/SpecialFunctionHandler.cpp @@ -130,6 +130,10 @@ static SpecialFunctionHandler::HandlerInfo handlerInfo[] = { add("memalign", handleMemalign, true), add("realloc", handleRealloc, true), + add("klee_add_taint", handleAddTaint, false), + add("klee_clear_taint", handleClearTaint, false), + add("klee_check_taint", handleCheckTaint, true), + add("klee_taint_sink_taint", handleTaintSinkHit, false), #ifdef SUPPORT_KLEE_EH_CXX add("_klee_eh_Unwind_RaiseException_impl", handleEhUnwindRaiseExceptionImpl, false), @@ -1214,3 +1218,62 @@ void SpecialFunctionHandler::handleFAbs(ExecutionState &state, ref result = FAbsExpr::create(arguments[0]); executor.bindLocal(target, state, result); } + +//TODO: update definitions after adding taint memory, now pure + +void SpecialFunctionHandler::handleAddTaint( + klee::ExecutionState &state, + klee::KInstruction *target, + std::vector> &arguments) { + if (arguments.size() != 3) { + executor.terminateStateOnUserError( + state, "Incorrect number of arguments to " + "klee_add_taint(void*, size_t, size_t)"); + return; + } + + // executor.executeMemoryOperation(state, true) +} + +void SpecialFunctionHandler::handleClearTaint( + klee::ExecutionState &state, + klee::KInstruction *target, + std::vector> &arguments) { + if (arguments.size() != 3) { + executor.terminateStateOnUserError( + state, "Incorrect number of arguments to " + "klee_clear_taint(void*, size_t, size_t)"); + return; + } + + // executor.executeMemoryOperation(state, true) +} + +void SpecialFunctionHandler::handleCheckTaint( + klee::ExecutionState &state, + klee::KInstruction *target, + std::vector> &arguments) { + if (arguments.size() != 3) { + executor.terminateStateOnUserError( + state, "Incorrect number of arguments to " + "klee_check_taint(void*, size_t, size_t)"); + return; + } + + // FIXME: this is a test version right now +// ref result = ConstantExpr::create(true, Expr::Bool); +// executor.bindLocal(target, state, result); +} + +void SpecialFunctionHandler::handleTaintSinkHit( + klee::ExecutionState &state, + klee::KInstruction *target, + std::vector> &arguments) { + if (arguments.size() != 1) { + executor.terminateStateOnUserError( + state, "Incorrect number of arguments to klee_taint_sink_hit(size_t)"); + return; + } + + // klee_error("") +} diff --git a/lib/Core/SpecialFunctionHandler.h b/lib/Core/SpecialFunctionHandler.h index d6a469eca6..a0da418e0f 100644 --- a/lib/Core/SpecialFunctionHandler.h +++ b/lib/Core/SpecialFunctionHandler.h @@ -181,6 +181,10 @@ class SpecialFunctionHandler { HANDLER(handleNonnullArg); HANDLER(handleNullabilityArg); HANDLER(handlePointerOverflow); + HANDLER(handleAddTaint); + HANDLER(handleClearTaint); + HANDLER(handleCheckTaint); + HANDLER(handleTaintSinkHit); #undef HANDLER }; } // namespace klee diff --git a/runtime/Runtest/intrinsics.c b/runtime/Runtest/intrinsics.c index 16766ca91f..85e3120048 100644 --- a/runtime/Runtest/intrinsics.c +++ b/runtime/Runtest/intrinsics.c @@ -14,9 +14,8 @@ #include #include #include -#include +#include #include -#include #include "klee/klee.h" @@ -165,6 +164,12 @@ void klee_make_mock(void *ret_array, size_t ret_nbytes, const char *fname) { klee_make_symbol(ret_array, ret_nbytes, fname); } +// TODO: add for tests +void klee_add_taint(void *array, size_t nbytes, size_t taint_type) {} +void klee_clear_taint(void *array, size_t nbytes, size_t taint_type) {} +bool klee_check_taint(void *array, size_t nbytes, size_t taint_sink) {} +void klee_taint_sink_hit(size_t taint_sink) {} + void klee_silent_exit(int x) { exit(x); } uintptr_t klee_choose(uintptr_t n) { diff --git a/tools/klee/main.cpp b/tools/klee/main.cpp index 48d1f85c06..00e5705b6a 100644 --- a/tools/klee/main.cpp +++ b/tools/klee/main.cpp @@ -1080,6 +1080,7 @@ static const char *modelledExternals[] = { "klee_get_valuef", "klee_get_valued", "klee_get_valuel", "klee_get_valuell", "klee_get_value_i32", "klee_get_value_i64", "klee_get_obj_size", "klee_is_symbolic", "klee_make_symbolic", "klee_make_mock", + "klee_add_taint", "klee_clear_taint", "klee_check_taint", "klee_taint_sink_hit", "klee_mark_global", "klee_open_merge", "klee_close_merge", "klee_prefer_cex", "klee_posix_prefer_cex", "klee_print_expr", "klee_print_range", "klee_report_error", "klee_set_forking", From 1104439bea37b3b32bff81956927978326f3a26c Mon Sep 17 00:00:00 2001 From: Maria Date: Fri, 1 Dec 2023 21:02:11 +0300 Subject: [PATCH 02/28] Add FormatString, TaintOutput annotations --- include/klee/Module/Annotation.h | 27 ++++++++++++++++++++++++++- lib/Module/Annotation.cpp | 20 +++++++++++++++++++- 2 files changed, 45 insertions(+), 2 deletions(-) diff --git a/include/klee/Module/Annotation.h b/include/klee/Module/Annotation.h index 20ee34f0a9..546dddbf95 100644 --- a/include/klee/Module/Annotation.h +++ b/include/klee/Module/Annotation.h @@ -29,7 +29,20 @@ enum class Kind { MaybeInitNull, // TODO: rename to alloc AllocSource, - Free + Free, + + // TODO: perhaps separate TaintSources and TaintSinks + // taint sources + TaintInput, + TaintPropagation, + TaintOutput, +// UntrustedSource, + SensitiveDataSource, + + // taint sinks + Execute, + FormatString, + SensitiveDataLeak }; enum class Property { @@ -112,6 +125,18 @@ struct Free final : public Unknown { [[nodiscard]] Kind getKind() const override; }; +struct TaintOutput final : public Unknown { + explicit TaintOutput(const std::string &str = "TaintOutput"); + + [[nodiscard]] Kind getKind() const override; +}; + +struct FormatString final : public Unknown { + explicit FormatString(const std::string &str = "FormatString"); + + [[nodiscard]] Kind getKind() const override; +}; + using Ptr = std::shared_ptr; bool operator==(const Ptr &first, const Ptr &second); } // namespace Statement diff --git a/lib/Module/Annotation.cpp b/lib/Module/Annotation.cpp index c4e5173410..7d45a48aa0 100644 --- a/lib/Module/Annotation.cpp +++ b/lib/Module/Annotation.cpp @@ -136,13 +136,27 @@ Free::Free(const std::string &str) : Unknown(str) { Kind Free::getKind() const { return Kind::Free; } +TaintOutput::TaintOutput(const std::string &str) : Unknown(str) { + if (!rawValue.empty()) { + klee_error("Annotation: Incorrect value format \"%s\", must be empty", rawValue.c_str()); + } +} + +Kind TaintOutput::getKind() const { return Kind::TaintOutput; } + +FormatString::FormatString(const std::string &str) : Unknown(str) {} + +Kind FormatString::getKind() const { return Kind::FormatString; } + const std::map StringToKindMap = { {"deref", Statement::Kind::Deref}, {"initnull", Statement::Kind::InitNull}, {"maybeinitnull", Statement::Kind::MaybeInitNull}, {"allocsource", Statement::Kind::AllocSource}, {"freesource", Statement::Kind::Free}, - {"freesink", Statement::Kind::Free}}; + {"freesink", Statement::Kind::Free}, + {"taintoutput", Statement::Kind::TaintOutput}, + {"formatstring", Statement::Kind::FormatString}}; inline Statement::Kind stringToKind(const std::string &str) { auto it = StringToKindMap.find(toLower(str)); @@ -167,6 +181,10 @@ Ptr stringToKindPtr(const std::string &str) { return std::make_shared(str); case Statement::Kind::Free: return std::make_shared(str); + case Statement::Kind::TaintOutput: + return std::make_shared(str); + case Statement::Kind::FormatString: + return std::make_shared(str); } } From 7691cf537e2d156a85013c3e27c13fb7f351e264 Mon Sep 17 00:00:00 2001 From: Maria Date: Wed, 6 Dec 2023 18:49:12 +0300 Subject: [PATCH 03/28] Add call buiders for new klee special function and add processing FormatString annotation --- include/klee/Core/MockBuilder.h | 5 ++ lib/Core/MockBuilder.cpp | 101 ++++++++++++++++++++++++++++++++ 2 files changed, 106 insertions(+) diff --git a/include/klee/Core/MockBuilder.h b/include/klee/Core/MockBuilder.h index da5d0ea198..fd35b00ffc 100644 --- a/include/klee/Core/MockBuilder.h +++ b/include/klee/Core/MockBuilder.h @@ -48,6 +48,11 @@ class MockBuilder { buildCallKleeMakeSymbolic(const std::string &kleeMakeSymbolicFunctionName, llvm::Value *source, llvm::Type *type, const std::string &symbolicName); + llvm::CallInst* + buildCallKleeTaintFunction(const std::string &functionName, + llvm::Value *source, llvm::Type *type, + size_t target); + void buildCallKleeTaintSinkHit(size_t taintSink); void buildAnnotationForExternalFunctionArgs( llvm::Function *func, diff --git a/lib/Core/MockBuilder.cpp b/lib/Core/MockBuilder.cpp index de06f5e463..91e7cb67c5 100644 --- a/lib/Core/MockBuilder.cpp +++ b/lib/Core/MockBuilder.cpp @@ -494,6 +494,60 @@ void MockBuilder::buildAnnotationForExternalFunctionArgs( } break; } + case Statement::Kind::TaintOutput: { +// buildCallKleeTaintFunction( +// "klee_add_taint", elem, +// elem->getType()->getPointerElementType(), // FIXME: now only first elem from array +// static_cast(Statement::Kind::FormatString)); +// break; + } + case Statement::Kind::FormatString: { + if (!elem->getType()->isPointerTy()) { + klee_error("Annotation: FormatString arg not pointer"); + } + + std::string sinkCondName = + "condition_sink_format_string_arg_" + std::to_string(i) + + "_" + func->getName().str(); + + llvm::BasicBlock *fromIf = builder->GetInsertBlock(); + llvm::Function *curFunc = fromIf->getParent(); + + llvm::BasicBlock *sinkBB = llvm::BasicBlock::Create( + mockModule->getContext(), sinkCondName, curFunc); + llvm::BasicBlock *contBB = llvm::BasicBlock::Create( + mockModule->getContext(), "continue_" + sinkCondName); + auto brValueSink = buildCallKleeTaintFunction( + "klee_check_taint", elem, + elem->getType()->getPointerElementType(), // FIXME: now only first elem from array + static_cast(Statement::Kind::FormatString)); + builder->CreateCondBr(brValueSink, sinkBB, contBB); +// builder->CreateBr(sinkBB); // for debug + + builder->SetInsertPoint(sinkBB); + std::string sinkHitCondName = + "condition_sink_hit_format_string_arg_" + std::to_string(i) + + "_" + func->getName().str(); + auto intType = llvm::IntegerType::get(mockModule->getContext(), 1); + auto *sinkHitCond = builder->CreateAlloca(intType, nullptr); + buildCallKleeMakeSymbolic("klee_make_mock", sinkHitCond, intType, + sinkHitCondName); + fromIf = builder->GetInsertBlock(); + curFunc = fromIf->getParent(); + llvm::BasicBlock *sinkHitBB = llvm::BasicBlock::Create( + mockModule->getContext(), sinkHitCondName, curFunc); + auto brValueSinkHit = builder->CreateLoad(intType, sinkHitCond); + builder->CreateCondBr(brValueSinkHit, sinkHitBB, contBB); + + builder->SetInsertPoint(sinkHitBB); + buildCallKleeTaintSinkHit( + static_cast(Statement::Kind::FormatString)); + builder->CreateBr(contBB); + + curFunc->getBasicBlockList().push_back(contBB); + builder->SetInsertPoint(contBB); + break; + } case Statement::Kind::Unknown: default: klee_message("Annotation: not implemented %s", @@ -509,6 +563,53 @@ void MockBuilder::buildAnnotationForExternalFunctionArgs( } } +llvm::CallInst* +MockBuilder::buildCallKleeTaintFunction(const std::string &functionName, + llvm::Value *source, llvm::Type *type, + size_t target) { + const auto returnType = (functionName == "klee_check_taint") + ? llvm::Type::getInt1Ty(mockModule->getContext()) + : llvm::Type::getVoidTy(mockModule->getContext()); + + auto *kleeTaintFunctionType = llvm::FunctionType::get( + returnType, + {llvm::Type::getInt8PtrTy(mockModule->getContext()), + llvm::Type::getInt64Ty(mockModule->getContext()), + llvm::Type::getInt64Ty(mockModule->getContext())}, + false); + auto kleeAddTaintCallee = mockModule->getOrInsertFunction( + functionName, kleeTaintFunctionType); + + auto bitCastInst = builder->CreateBitCast( + source, llvm::Type::getInt8PtrTy(mockModule->getContext())); + return builder->CreateCall( + kleeAddTaintCallee, + {bitCastInst, + llvm::ConstantInt::get( + mockModule->getContext(), + llvm::APInt(64, mockModule->getDataLayout().getTypeStoreSize(type), + false)), + llvm::ConstantInt::get( + mockModule->getContext(), + llvm::APInt(64, target, false)) + }); +} + +void MockBuilder::buildCallKleeTaintSinkHit(size_t taintSink) { + auto *kleeTaintSinkHitType = llvm::FunctionType::get( + llvm::Type::getVoidTy(mockModule->getContext()), + {llvm::Type::getInt64Ty(mockModule->getContext())}, + false); + auto kleeTaintSinkHitCallee = mockModule->getOrInsertFunction( + "klee_taint_sink_hit", kleeTaintSinkHitType); + + builder->CreateCall( + kleeTaintSinkHitCallee, + {llvm::ConstantInt::get( + mockModule->getContext(), + llvm::APInt(64, taintSink, false))}); +} + void MockBuilder::processingValue(llvm::Value *prev, llvm::Type *elemType, const Statement::Alloc *allocSourcePtr, bool initNullPtr) { From 55bcd564db220d3c4555da654b710bf33c5e777f Mon Sep 17 00:00:00 2001 From: Maria Date: Wed, 6 Dec 2023 21:48:15 +0300 Subject: [PATCH 04/28] Add correct size calculation for strings for taint klee special functions --- include/klee/Core/MockBuilder.h | 3 +-- lib/Core/MockBuilder.cpp | 31 ++++++++++++++++++------------- 2 files changed, 19 insertions(+), 15 deletions(-) diff --git a/include/klee/Core/MockBuilder.h b/include/klee/Core/MockBuilder.h index fd35b00ffc..b81406a0d0 100644 --- a/include/klee/Core/MockBuilder.h +++ b/include/klee/Core/MockBuilder.h @@ -50,8 +50,7 @@ class MockBuilder { const std::string &symbolicName); llvm::CallInst* buildCallKleeTaintFunction(const std::string &functionName, - llvm::Value *source, llvm::Type *type, - size_t target); + llvm::Value *source, size_t target); void buildCallKleeTaintSinkHit(size_t taintSink); void buildAnnotationForExternalFunctionArgs( diff --git a/lib/Core/MockBuilder.cpp b/lib/Core/MockBuilder.cpp index 91e7cb67c5..fee2d5acd4 100644 --- a/lib/Core/MockBuilder.cpp +++ b/lib/Core/MockBuilder.cpp @@ -16,6 +16,7 @@ #include "llvm/IR/IRBuilder.h" #include "llvm/IR/Module.h" #include "llvm/Support/raw_ostream.h" +#include "llvm/Transforms/Utils/BuildLibCalls.h" #include #include @@ -495,11 +496,7 @@ void MockBuilder::buildAnnotationForExternalFunctionArgs( break; } case Statement::Kind::TaintOutput: { -// buildCallKleeTaintFunction( -// "klee_add_taint", elem, -// elem->getType()->getPointerElementType(), // FIXME: now only first elem from array -// static_cast(Statement::Kind::FormatString)); -// break; + break; } case Statement::Kind::FormatString: { if (!elem->getType()->isPointerTy()) { @@ -519,10 +516,8 @@ void MockBuilder::buildAnnotationForExternalFunctionArgs( mockModule->getContext(), "continue_" + sinkCondName); auto brValueSink = buildCallKleeTaintFunction( "klee_check_taint", elem, - elem->getType()->getPointerElementType(), // FIXME: now only first elem from array static_cast(Statement::Kind::FormatString)); builder->CreateCondBr(brValueSink, sinkBB, contBB); -// builder->CreateBr(sinkBB); // for debug builder->SetInsertPoint(sinkBB); std::string sinkHitCondName = @@ -565,8 +560,21 @@ void MockBuilder::buildAnnotationForExternalFunctionArgs( llvm::CallInst* MockBuilder::buildCallKleeTaintFunction(const std::string &functionName, - llvm::Value *source, llvm::Type *type, - size_t target) { + llvm::Value *source, size_t target) { + llvm::Value *countBytes; + if (source->getType()->getPointerElementType()->isIntegerTy(8)) { + auto *TLI = new llvm::TargetLibraryInfo(llvm::TargetLibraryInfoImpl()); + countBytes = llvm::emitStrLen(source, *builder, + mockModule->getDataLayout(),TLI); + } + else { + const size_t bytes = mockModule->getDataLayout().getTypeStoreSize( + source->getType()->getPointerElementType()); + countBytes = llvm::ConstantInt::get( + mockModule->getContext(), + llvm::APInt(64, bytes, false)); + } + const auto returnType = (functionName == "klee_check_taint") ? llvm::Type::getInt1Ty(mockModule->getContext()) : llvm::Type::getVoidTy(mockModule->getContext()); @@ -585,10 +593,7 @@ MockBuilder::buildCallKleeTaintFunction(const std::string &functionName, return builder->CreateCall( kleeAddTaintCallee, {bitCastInst, - llvm::ConstantInt::get( - mockModule->getContext(), - llvm::APInt(64, mockModule->getDataLayout().getTypeStoreSize(type), - false)), + countBytes, llvm::ConstantInt::get( mockModule->getContext(), llvm::APInt(64, target, false)) From 9101a78c046ef72dd8c03f61e3c5d9606c739296 Mon Sep 17 00:00:00 2001 From: Maria Date: Thu, 14 Dec 2023 16:47:34 +0300 Subject: [PATCH 05/28] Fix klee function for handler name --- lib/Core/MockBuilder.cpp | 1 + lib/Core/SpecialFunctionHandler.cpp | 9 +++++---- tools/klee/main.cpp | 3 ++- 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/lib/Core/MockBuilder.cpp b/lib/Core/MockBuilder.cpp index fee2d5acd4..f433ad90f4 100644 --- a/lib/Core/MockBuilder.cpp +++ b/lib/Core/MockBuilder.cpp @@ -496,6 +496,7 @@ void MockBuilder::buildAnnotationForExternalFunctionArgs( break; } case Statement::Kind::TaintOutput: { +// buildCallKleeTaintFunction("klee_add_taint", elem,); break; } case Statement::Kind::FormatString: { diff --git a/lib/Core/SpecialFunctionHandler.cpp b/lib/Core/SpecialFunctionHandler.cpp index 0217eb73ef..501a94b57d 100644 --- a/lib/Core/SpecialFunctionHandler.cpp +++ b/lib/Core/SpecialFunctionHandler.cpp @@ -133,7 +133,7 @@ static SpecialFunctionHandler::HandlerInfo handlerInfo[] = { add("klee_add_taint", handleAddTaint, false), add("klee_clear_taint", handleClearTaint, false), add("klee_check_taint", handleCheckTaint, true), - add("klee_taint_sink_taint", handleTaintSinkHit, false), + add("klee_taint_sink_hit", handleTaintSinkHit, false), #ifdef SUPPORT_KLEE_EH_CXX add("_klee_eh_Unwind_RaiseException_impl", handleEhUnwindRaiseExceptionImpl, false), @@ -1261,8 +1261,8 @@ void SpecialFunctionHandler::handleCheckTaint( } // FIXME: this is a test version right now -// ref result = ConstantExpr::create(true, Expr::Bool); -// executor.bindLocal(target, state, result); + ref result = ConstantExpr::create(true, Expr::Bool); + executor.bindLocal(target, state, result); } void SpecialFunctionHandler::handleTaintSinkHit( @@ -1275,5 +1275,6 @@ void SpecialFunctionHandler::handleTaintSinkHit( return; } - // klee_error("") + + executor.terminateStateOnError(state, "FormatString", StateTerminationType::User); } diff --git a/tools/klee/main.cpp b/tools/klee/main.cpp index 00e5705b6a..227540dabd 100644 --- a/tools/klee/main.cpp +++ b/tools/klee/main.cpp @@ -1080,7 +1080,8 @@ static const char *modelledExternals[] = { "klee_get_valuef", "klee_get_valued", "klee_get_valuel", "klee_get_valuell", "klee_get_value_i32", "klee_get_value_i64", "klee_get_obj_size", "klee_is_symbolic", "klee_make_symbolic", "klee_make_mock", - "klee_add_taint", "klee_clear_taint", "klee_check_taint", "klee_taint_sink_hit", + "klee_add_taint", "klee_clear_taint", + "klee_check_taint", "klee_taint_sink_hit", "klee_mark_global", "klee_open_merge", "klee_close_merge", "klee_prefer_cex", "klee_posix_prefer_cex", "klee_print_expr", "klee_print_range", "klee_report_error", "klee_set_forking", From 636122db1a00b32c0311e2bac65703ec8b3a0d1d Mon Sep 17 00:00:00 2001 From: Maria Date: Fri, 15 Dec 2023 20:15:24 +0300 Subject: [PATCH 06/28] Add taint annotations and transform annotaions file --- configs/annotations.json | 13632 +++++++++++++++++++++++++++++-- configs/taint-annotations.json | 11 + scripts/cooddy_annotations.py | 79 + 3 files changed, 12911 insertions(+), 811 deletions(-) create mode 100644 configs/taint-annotations.json create mode 100755 scripts/cooddy_annotations.py diff --git a/configs/annotations.json b/configs/annotations.json index 685f60c2a6..e77a8f1227 100644 --- a/configs/annotations.json +++ b/configs/annotations.json @@ -1,574 +1,661 @@ { - "atof": { - "name": "atof", + "__builtin_clz": { + "name": "__builtin_clz", "annotation": [ - [], [ - "Deref" - ] + "Condition::>=0", + "Condition::<32" + ], + [] ], "properties": [] }, - "atoi": { - "name": "atoi", + "__builtin_clzl": { + "name": "__builtin_clzl", "annotation": [ - [], [ - "Deref" - ] + "Condition::>=0", + "Condition::<32" + ], + [] ], "properties": [] }, - "atol": { - "name": "atol", + "__builtin_clzll": { + "name": "__builtin_clzll", "annotation": [ - [], [ - "Deref" - ] + "Condition::>=0", + "Condition::<64" + ], + [] ], "properties": [] }, - "atoll": { - "name": "atoll", + "__builtin_ffs": { + "name": "__builtin_ffs", "annotation": [ - [], [ - "Deref" - ] + "Condition::>=0", + "Condition::<=32" + ], + [] ], "properties": [] }, - "bcmp": { - "name": "bcmp", + "__builtin_ffsll": { + "name": "__builtin_ffsll", "annotation": [ - [], - [ - "Deref" - ], [ - "Deref" + "Condition::>=0", + "Condition::<=64" ], [] ], "properties": [] }, - "calloc": { - "name": "calloc", + "__builtin_va_end": { + "name": "__builtin_va_end", "annotation": [ - [ - "AllocSource::1", - "InitNull" - ], - [], [] ], "properties": [] }, - "fclose": { - "name": "fclose", + "__builtin_va_start": { + "name": "__builtin_va_start", "annotation": [ [], [ - "Deref" - ] + "TaintPropagation::UntrustedSource:1" + ], + [] ], "properties": [] }, - "fcvt": { - "name": "fcvt", + "_ZNSt8__detail12__int_limitsIiLb1EE3maxEv": { + "name": "__int_limits::max", "annotation": [ - [], - [], - [], - [ - "Deref" - ], - [ - "Deref" - ] + [] ], "properties": [] }, - "feof": { - "name": "feof", + "_ZNSt8__detail12__int_limitsIiLb1EE3minEv": { + "name": "__int_limits::min", + "annotation": [ + [] + ], + "properties": [] + }, + "_execl": { + "name": "_execl", "annotation": [ [], [ - "Deref" + "Execute" + ], + [ + "Execute" + ], + [ + "Execute" ] ], "properties": [] }, - "ferror": { - "name": "ferror", + "_execle": { + "name": "_execle", "annotation": [ [], [ - "Deref" + "Execute" + ], + [ + "Execute" + ], + [ + "Execute" ] ], "properties": [] }, - "fgetc": { - "name": "fgetc", + "_execlp": { + "name": "_execlp", "annotation": [ [], [ - "Deref" + "Execute" + ], + [ + "Execute" + ], + [ + "Execute" ] ], "properties": [] }, - "fgetpos": { - "name": "fgetpos", + "_execlpe": { + "name": "_execlpe", "annotation": [ [], [ - "Deref" + "Execute" ], [ - "Deref" + "Execute" + ], + [ + "Execute" ] ], "properties": [] }, - "fgetpos64": { - "name": "fgetpos64", + "_execv": { + "name": "_execv", "annotation": [ [], [ - "Deref" + "Execute" ], [ - "Deref" + "Execute" ] ], "properties": [] }, - "fgets": { - "name": "fgets", + "_execve": { + "name": "_execve", "annotation": [ + [], [ - "InitNull" + "Execute" ], [ - "Deref" + "Execute" ], - [], [ - "Deref" + "Execute" ] ], "properties": [] }, - "fgetwc": { - "name": "fgetwc", + "_execvp": { + "name": "_execvp", "annotation": [ [], [ - "Deref" + "Execute" + ], + [ + "Execute" ] ], "properties": [] }, - "fgetws": { - "name": "fgetws", + "_execvpe": { + "name": "_execvpe", "annotation": [ + [], [ - "InitNull" + "Execute" ], [ - "Deref" + "Execute" ], - [], [ - "Deref" + "Execute" ] ], "properties": [] }, - "fileno": { - "name": "fileno", + "_ZNSt14_Fnv_hash_impl4hashEPKvyy": { + "name": "_Fnv_hash_impl::hash", "annotation": [ [], - [ - "Deref" - ] + [], + [], + [] ], "properties": [] }, - "fopen": { - "name": "fopen", + "_ZNSt10_Hash_impl4hashEPKvyy": { + "name": "_Hash_impl::hash", "annotation": [ - [ - "InitNull" - ], + [], + [], [], [] ], "properties": [] }, - "fopen64": { - "name": "fopen64", + "_ZNSt10_Hash_impl4hashIdEEyRKT_": { + "name": "_Hash_impl::hash", "annotation": [ - [ - "InitNull" - ], [], [] ], "properties": [] }, - "fopen_s": { - "name": "fopen_s", + "_ZNSt10_Hash_impl4hashIfEEyRKT_": { + "name": "_Hash_impl::hash", "annotation": [ [], - [ - "InitNull:*:!=0" - ], - [], - [ - "FreeSink::4" - ] + [] ], "properties": [] }, - "fprintf": { - "name": "fprintf", + "_ZNSt10_Hash_impl4hashIiEEyRKT_": { + "name": "_Hash_impl::hash", "annotation": [ - [], - [ - "Deref" - ], [], [] ], "properties": [] }, - "fputc": { - "name": "fputc", + "_popen": { + "name": "_popen", "annotation": [ - [], [], [ - "Deref" - ] + "Execute" + ], + [] ], "properties": [] }, - "fputs": { - "name": "fputs", + "_spawnl": { + "name": "_spawnl", "annotation": [ + [], [], [ - "Deref" + "Execute" ], [ - "Deref" + "Execute" + ], + [ + "Execute" ] ], "properties": [] }, - "fputwc": { - "name": "fputwc", + "_spawnle": { + "name": "_spawnle", "annotation": [ [], [], [ - "Deref" + "Execute" + ], + [ + "Execute" + ], + [ + "Execute" ] ], "properties": [] }, - "fputws": { - "name": "fputws", + "_spawnlp": { + "name": "_spawnlp", "annotation": [ + [], [], [ - "Deref" + "Execute" ], [ - "Deref" + "Execute" + ], + [ + "Execute" ] ], "properties": [] }, - "fread": { - "name": "fread", + "_spawnlpe": { + "name": "_spawnlpe", "annotation": [ + [], [], [ - "Deref" + "Execute" ], - [], - [], [ - "Deref" + "Execute" + ], + [ + "Execute" ] ], "properties": [] }, - "free": { - "name": "free", + "_spawnv": { + "name": "_spawnv", "annotation": [ + [], [], [ - "FreeSink::1" + "Execute" + ], + [ + "Execute" ] ], "properties": [] }, - "freopen": { - "name": "freopen", + "_spawnve": { + "name": "_spawnve", "annotation": [ - [ - "InitNull" - ], [], [], [ - "Deref" + "Execute" + ], + [ + "Execute" + ], + [ + "Execute" ] ], "properties": [] }, - "freopen64": { - "name": "freopen64", + "_spawnvp": { + "name": "_spawnvp", "annotation": [ - [ - "InitNull" - ], [], [], [ - "Deref" + "Execute" + ], + [ + "Execute" ] ], "properties": [] }, - "freopen_s": { - "name": "freopen_s", + "_spawnvpe": { + "name": "_spawnvpe", "annotation": [ + [], [], [ - "InitNull:*:!=0" + "Execute" ], - [], - [], [ - "FreeSink::4" + "Execute" + ], + [ + "Execute" ] ], "properties": [] }, - "fscanf": { - "name": "fscanf", + "_stricmp": { + "name": "_stricmp", "annotation": [ - [], [ - "Deref" + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" ], [], [] ], "properties": [] }, - "fscanf_s": { - "name": "fscanf_s", + "_strnicmp": { + "name": "_strnicmp", "annotation": [ - [], [ - "Deref" + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" ], [], + [], [] ], "properties": [] }, - "fseek": { - "name": "fseek", + "_texecl": { + "name": "_texecl", "annotation": [ [], [ - "Deref" + "Execute" ], - [], - [] + [ + "Execute" + ], + [ + "Execute" + ] ], "properties": [] }, - "fsetpos": { - "name": "fsetpos", + "_texecle": { + "name": "_texecle", "annotation": [ [], [ - "Deref" + "Execute" ], [ - "Deref" + "Execute" + ], + [ + "Execute" + ], + [ + "Execute" ] ], "properties": [] }, - "fsetpos64": { - "name": "fsetpos64", + "_texeclp": { + "name": "_texeclp", "annotation": [ [], [ - "Deref" + "Execute" ], [ - "Deref" + "Execute" + ], + [ + "Execute" ] ], "properties": [] }, - "ftell": { - "name": "ftell", + "_texeclpe": { + "name": "_texeclpe", "annotation": [ [], [ - "Deref" + "Execute" + ], + [ + "Execute" + ], + [ + "Execute" + ], + [ + "Execute" ] ], "properties": [] }, - "fwide": { - "name": "fwide", + "_texecv": { + "name": "_texecv", "annotation": [ [], [ - "Deref" + "Execute" ], - [] + [ + "Execute" + ] ], "properties": [] }, - "fwprintf": { - "name": "fwprintf", + "_texecve": { + "name": "_texecve", "annotation": [ [], [ - "Deref" + "Execute" ], - [], - [] + [ + "Execute" + ], + [ + "Execute" + ] ], "properties": [] }, - "fwrite": { - "name": "fwrite", + "_texecvp": { + "name": "_texecvp", "annotation": [ [], [ - "Deref" + "Execute" ], - [], - [], [ - "Deref" + "Execute" ] ], "properties": [] }, - "fwscanf": { - "name": "fwscanf", + "_texecvpe": { + "name": "_texecvpe", "annotation": [ [], [ - "Deref" + "Execute" ], - [], - [] + [ + "Execute" + ], + [ + "Execute" + ] ], "properties": [] }, - "getc": { - "name": "getc", + "_tolower": { + "name": "_tolower", "annotation": [ - [], [ - "Deref" - ] + "TaintPropagation::UntrustedSource:1" + ], + [] ], "properties": [] }, - "getenv": { - "name": "getenv", + "_toupper": { + "name": "_toupper", "annotation": [ - [], [ - "Deref" - ] + "TaintPropagation::UntrustedSource:1" + ], + [] ], "properties": [] }, - "getenv_s": { - "name": "getenv_s", + "_tpopen": { + "name": "_tpopen", "annotation": [ [], [ - "Deref" - ], - [ - "Deref" + "Execute" ], - [], [] ], "properties": [] }, - "gets": { - "name": "gets", + "_tspawnl": { + "name": "_tspawnl", "annotation": [ + [], [], [ - "Deref" + "Execute" + ], + [ + "Execute" + ], + [ + "Execute" ] ], "properties": [] }, - "gets_s": { - "name": "gets_s", + "_tspawnle": { + "name": "_tspawnle", "annotation": [ + [], [], [ - "Deref" + "Execute" ], - [] + [ + "Execute" + ], + [ + "Execute" + ] ], "properties": [] }, - "getw": { - "name": "getw", + "_tspawnlp": { + "name": "_tspawnlp", "annotation": [ + [], [], [ - "Deref" + "Execute" + ], + [ + "Execute" + ], + [ + "Execute" ] ], "properties": [] }, - "getwc": { - "name": "getwc", + "_tspawnlpe": { + "name": "_tspawnlpe", "annotation": [ + [], [], [ - "Deref" + "Execute" + ], + [ + "Execute" + ], + [ + "Execute" ] ], "properties": [] }, - "itoa": { - "name": "itoa", + "_tspawnv": { + "name": "_tspawnv", "annotation": [ [], [], [ - "Deref" + "Execute" ], - [] + [ + "Execute" + ] ], "properties": [] }, @@ -582,675 +669,12470 @@ ], "properties": [] }, - "malloc": { - "name": "malloc", + "_tspawnve": { + "name": "_tspawnve", "annotation": [ + [], + [], [ - "AllocSource::1", - "InitNull" + "Execute" ], - [] + [ + "Execute" + ], + [ + "Execute" + ] ], "properties": [] }, - "memccpy": { - "name": "memccpy", + "_tspawnvp": { + "name": "_tspawnvp", "annotation": [ + [], [], [ - "Deref" + "Execute" ], [ - "Deref" - ], - [], - [] + "Execute" + ] ], "properties": [] }, - "memchr": { - "name": "memchr", + "_tspawnvpe": { + "name": "_tspawnvpe", "annotation": [ + [], + [], [ - "InitNull" + "Execute" ], [ - "Deref" + "Execute" ], - [], - [] + [ + "Execute" + ] ], "properties": [] }, - "memcmp": { - "name": "memcmp", + "_tsystem": { + "name": "_tsystem", "annotation": [ [], [ - "Deref" - ], - [ - "Deref" - ], - [] + "Execute" + ] ], "properties": [] }, - "memcpy": { - "name": "memcpy", + "_wexecl": { + "name": "_wexecl", "annotation": [ [], [ - "Deref" + "Execute" ], [ - "Deref" + "Execute" ], - [] + [ + "Execute" + ] ], "properties": [] }, - "memcpy_s": { - "name": "memcpy_s", + "_wexecle": { + "name": "_wexecle", "annotation": [ [], [ - "Deref" + "Execute" ], - [], [ - "Deref" + "Execute" ], - [] + [ + "Execute" + ], + [ + "Execute" + ] ], "properties": [] }, - "memicmp": { - "name": "memicmp", + "_wexeclp": { + "name": "_wexeclp", "annotation": [ [], [ - "Deref" + "Execute" ], [ - "Deref" + "Execute" ], - [], - [] + [ + "Execute" + ] ], "properties": [] }, - "memmem": { - "name": "memmem", + "_wexeclpe": { + "name": "_wexeclpe", "annotation": [ + [], [ - "InitNull" + "Execute" ], [ - "Deref" + "Execute" ], - [], [ - "Deref" + "Execute" ], - [] + [ + "Execute" + ] ], "properties": [] }, - "memmove": { - "name": "memmove", + "_wexecv": { + "name": "_wexecv", "annotation": [ [], [ - "Deref" + "Execute" ], [ - "Deref" - ], - [] + "Execute" + ] ], "properties": [] }, - "memmove_s": { - "name": "memmove_s", + "_wexecve": { + "name": "_wexecve", "annotation": [ [], [ - "Deref" + "Execute" ], - [], [ - "Deref" + "Execute" ], - [] + [ + "Execute" + ] ], "properties": [] }, - "mempcpy": { - "name": "mempcpy", + "_wexecvp": { + "name": "_wexecvp", "annotation": [ [], [ - "Deref" + "Execute" ], [ - "Deref" - ], - [] + "Execute" + ] ], "properties": [] }, - "memset": { - "name": "memset", + "_wexecvpe": { + "name": "_wexecvpe", "annotation": [ [], [ - "Deref" + "Execute" ], - [], - [] + [ + "Execute" + ], + [ + "Execute" + ] ], "properties": [] }, - "memset_s": { - "name": "memset_s", + "_wpopen": { + "name": "_wpopen", "annotation": [ [], [ - "Deref" + "Execute" ], - [], - [], [] ], "properties": [] }, - "pthread_mutex_lock": { - "name": "pthread_mutex_lock", + "_wspawnl": { + "name": "_wspawnl", "annotation": [ + [], [], [ - "InitNull::!=0" + "Execute" + ], + [ + "Execute" + ], + [ + "Execute" ] ], "properties": [] }, - "pthread_mutex_trylock": { - "name": "pthread_mutex_trylock", + "_wspawnle": { + "name": "_wspawnle", "annotation": [ + [], [], [ - "InitNull::!=0" + "Execute" + ], + [ + "Execute" + ], + [ + "Execute" ] ], "properties": [] }, - "putc": { - "name": "putc", + "_wspawnlp": { + "name": "_wspawnlp", "annotation": [ [], [], [ - "Deref" + "Execute" + ], + [ + "Execute" + ], + [ + "Execute" ] ], "properties": [] }, - "puts": { - "name": "puts", + "_wspawnlpe": { + "name": "_wspawnlpe", "annotation": [ + [], [], [ - "Deref" + "Execute" + ], + [ + "Execute" + ], + [ + "Execute" ] ], "properties": [] }, - "qsort": { - "name": "qsort", + "_wspawnv": { + "name": "_wspawnv", "annotation": [ + [], [], [ - "Deref" + "Execute" ], - [], - [], - [] + [ + "Execute" + ] ], "properties": [] }, - "rawmemchr": { - "name": "rawmemchr", + "_wspawnve": { + "name": "_wspawnve", "annotation": [ + [], + [], [ - "InitNull" + "Execute" ], [ - "Deref" + "Execute" ], - [], - [] + [ + "Execute" + ] ], "properties": [] }, - "realloc": { - "name": "realloc", + "_wspawnvp": { + "name": "_wspawnvp", "annotation": [ + [], + [], [ - "AllocSource::1", - "InitNull" + "Execute" ], + [ + "Execute" + ] + ], + "properties": [] + }, + "_wspawnvpe": { + "name": "_wspawnvpe", + "annotation": [ [], - [] + [], + [ + "Execute" + ], + [ + "Execute" + ], + [ + "Execute" + ] ], "properties": [] }, - "setbuf": { - "name": "setbuf", + "_wsystem": { + "name": "_wsystem", "annotation": [ [], [ - "Deref" + "Execute" + ] + ], + "properties": [] + }, + "abort": { + "name": "abort", + "annotation": [ + [] + ], + "properties": [] + }, + "abs": { + "name": "abs", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" ], [] ], "properties": [] }, - "setlocale": { - "name": "setlocale", + "acos": { + "name": "acos", "annotation": [ [ - "InitNull" + "TaintPropagation::UntrustedSource:1" ], - [], [] ], "properties": [] }, - "snprintf": { - "name": "snprintf", + "acosf": { + "name": "acosf", "annotation": [ - [], [ - "Deref" + "TaintPropagation::UntrustedSource:1" ], - [], [] ], "properties": [] }, - "snprintf_s": { - "name": "snprintf_s", + "acosh": { + "name": "acosh", "annotation": [ - [], [ - "Deref" + "TaintPropagation::UntrustedSource:1" ], - [], [] ], "properties": [] }, - "snwprintf": { - "name": "snwprintf", + "acoshf": { + "name": "acoshf", "annotation": [ - [], [ - "Deref" + "TaintPropagation::UntrustedSource:1" ], - [], [] ], "properties": [] }, - "sprintf": { - "name": "sprintf", + "acoshl": { + "name": "acoshl", "annotation": [ - [], [ - "Deref" + "TaintPropagation::UntrustedSource:1" ], [] ], "properties": [] }, - "sprintf_s": { - "name": "sprintf_s", + "acosl": { + "name": "acosl", "annotation": [ - [], [ - "Deref" + "TaintPropagation::UntrustedSource:1" ], - [], [] ], "properties": [] }, - "sscanf": { - "name": "sscanf", + "asin": { + "name": "asin", "annotation": [ - [], [ - "Deref" + "TaintPropagation::UntrustedSource:1" ], - [], [] ], "properties": [] }, - "sscanf_s": { - "name": "sscanf_s", + "asinf": { + "name": "asinf", "annotation": [ - [], [ - "Deref" + "TaintPropagation::UntrustedSource:1" ], - [], - [], [] ], "properties": [] }, - "std::from_chars": { - "name": "std::from_chars", + "asinh": { + "name": "asinh", "annotation": [ - [], [ - "Deref" + "TaintPropagation::UntrustedSource:1" ], - [], - [], [] ], "properties": [] }, - "std::to_chars": { - "name": "std::to_chars", + "asinhf": { + "name": "asinhf", "annotation": [ - [], [ - "Deref" + "TaintPropagation::UntrustedSource:1" ], - [], - [], [] ], "properties": [] }, - "stpcpy": { - "name": "stpcpy", + "asinhl": { + "name": "asinhl", "annotation": [ - [], [ - "Deref" + "TaintPropagation::UntrustedSource:1" ], [] ], "properties": [] }, - "strcat": { - "name": "strcat", + "asinl": { + "name": "asinl", "annotation": [ - [], [ - "Deref" + "TaintPropagation::UntrustedSource:1" ], + [] + ], + "properties": [] + }, + "atan": { + "name": "atan", + "annotation": [ [ - "Deref" - ] + "TaintPropagation::UntrustedSource:1" + ], + [] ], "properties": [] }, - "strcat_s": { - "name": "strcat_s", + "atan2": { + "name": "atan2", "annotation": [ - [], [ - "Deref" + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" ], [], - [ - "Deref" - ] + [] ], "properties": [] }, - "strchr": { - "name": "strchr", + "atan2l": { + "name": "atan2l", "annotation": [ [ - "InitNull" + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" ], + [] + ], + "properties": [] + }, + "atanf": { + "name": "atanf", + "annotation": [ [ - "Deref" + "TaintPropagation::UntrustedSource:1" ], [] ], "properties": [] }, - "strchrnul": { - "name": "strchrnul", + "atanh": { + "name": "atanh", "annotation": [ - [], [ - "Deref" + "TaintPropagation::UntrustedSource:1" ], [] ], "properties": [] }, - "strcmp": { - "name": "strcmp", + "atanhf": { + "name": "atanhf", "annotation": [ - [], [ - "Deref" + "TaintPropagation::UntrustedSource:1" ], - [ - "Deref" - ] + [] ], "properties": [] }, - "strcpy": { - "name": "strcpy", + "atanhl": { + "name": "atanhl", "annotation": [ - [], [ - "Deref" + "TaintPropagation::UntrustedSource:1" ], - [ - "Deref" - ] + [] ], "properties": [] }, - "strcpy_s": { - "name": "strcpy_s", + "atanl": { + "name": "atanl", "annotation": [ - [], [ - "Deref" + "TaintPropagation::UntrustedSource:1" ], - [], - [ - "Deref" - ] + [] ], "properties": [] }, - "strdup": { - "name": "strdup", + "atexit": { + "name": "atexit", "annotation": [ [], - [ - "Deref" - ] + [] ], "properties": [] }, - "strlen": { - "name": "strlen", + "atof": { + "name": "atof", "annotation": [ - [], + [ + "TaintPropagation::UntrustedSource:1" + ], [ "Deref" ] ], "properties": [] }, - "strncasecmp": { - "name": "strncasecmp", + "atoi": { + "name": "atoi", "annotation": [ - [], [ - "Deref" + "TaintPropagation::UntrustedSource:1" ], [ "Deref" - ], - [] + ] ], "properties": [] }, - "strncat": { - "name": "strncat", + "atol": { + "name": "atol", "annotation": [ - [], [ - "Deref" + "TaintPropagation::UntrustedSource:1" ], [ "Deref" - ], - [] + ] ], "properties": [] }, - "strncat_s": { - "name": "strncat_s", + "atoll": { + "name": "atoll", "annotation": [ - [], [ - "Deref" + "TaintPropagation::UntrustedSource:1" ], - [], [ "Deref" - ], - [] + ] ], "properties": [] }, - "strncmp": { - "name": "strncmp", + "_ZSt13back_inserterINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEESt20back_insert_iteratorIT_ERS7_": { + "name": "back_inserter", "annotation": [ - [], [ - "Deref" - ], - [ - "Deref" + "CreateObject", + "TaintPropagation::UntrustedSource:1" ], [] ], "properties": [] }, - "strncpy": { - "name": "strncpy", + "_ZNKSt9bad_alloc4whatEv": { + "name": "bad_alloc::what", "annotation": [ - [], - [ - "Deref" - ], - [ - "Deref" - ], [] ], "properties": [] }, - "strncpy_s": { - "name": "strncpy_s", + "_ZNKSt20bad_array_new_length4whatEv": { + "name": "bad_array_new_length::what", "annotation": [ - [], - [ - "Deref" - ], - [], - [ - "Deref" - ], [] ], "properties": [] }, - "strndup": { - "name": "strndup", + "_ZNKSt8bad_cast4whatEv": { + "name": "bad_cast::what", "annotation": [ - [], - [ - "Deref" - ] + [] ], "properties": [] }, - "strnlen": { - "name": "strnlen", + "_ZNKSt13bad_exception4whatEv": { + "name": "bad_exception::what", "annotation": [ - [], - [ - "Deref" - ] + [] ], "properties": [] }, - "strnset": { - "name": "strnset", + "_ZNKSt10bad_typeid4whatEv": { + "name": "bad_typeid::what", "annotation": [ - [], - [ - "Deref" - ], - [ - "Deref" - ], [] ], "properties": [] }, - "strpbrk": { - "name": "strpbrk", + "basename": { + "name": "basename", "annotation": [ [ - "InitNull" - ], - [ - "Deref" + "TaintPropagation::UntrustedSource:1" ], [] ], "properties": [] }, - "strrchr": { - "name": "strrchr", + "_ZNSi6ignoreEx": { + "name": "basic_istream::ignore", "annotation": [ - [ - "InitNull" - ], - [ - "Deref" - ], + [], [] ], "properties": [] }, - "strset": { - "name": "strset", + "_ZNSi6ignoreExi": { + "name": "basic_istream::ignore", "annotation": [ [], + [], + [] + ], + "properties": [] + }, + "_ZNSt13basic_istreamIwSt11char_traitsIwEE6ignoreEx": { + "name": "basic_istream::ignore", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt13basic_istreamIwSt11char_traitsIwEE6ignoreExt": { + "name": "basic_istream::ignore", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEC1EOS4_": { + "name": "basic_string::basic_string", + "annotation": [ + [ + "CreateObject", + "StringFunc", + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEC1EPKcRKS3_": { + "name": "basic_string::basic_string", + "annotation": [ + [ + "CreateObject", + "StringFunc", + "TaintPropagation::UntrustedSource:2" + ], + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEEC1EPKwRKS3_": { + "name": "basic_string::basic_string", + "annotation": [ + [ + "CreateObject", + "StringFunc", + "TaintPropagation::UntrustedSource:2" + ], + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE5c_strEv": { + "name": "basic_string::c_str", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "_ZNKSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEE5c_strEv": { + "name": "basic_string::c_str", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE5clearEv": { + "name": "basic_string::clear", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE4dataEv": { + "name": "basic_string::data", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt7__cxx1112basic_stringIDiSt11char_traitsIDiESaIDiEE4dataEv": { + "name": "basic_string::data", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt7__cxx1112basic_stringIDsSt11char_traitsIDsESaIDsEE4dataEv": { + "name": "basic_string::data", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEE4dataEv": { + "name": "basic_string::data", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE6lengthEv": { + "name": "basic_string::length", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt7__cxx1112basic_stringIDiSt11char_traitsIDiESaIDiEE6lengthEv": { + "name": "basic_string::length", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt7__cxx1112basic_stringIDsSt11char_traitsIDsESaIDsEE6lengthEv": { + "name": "basic_string::length", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEE6lengthEv": { + "name": "basic_string::length", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEpLEc": { + "name": "basic_string::operator+=", + "annotation": [ + [], + [ + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEpLERKS4_": { + "name": "basic_string::operator+=", + "annotation": [ + [], + [ + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEixEy": { + "name": "basic_string::operator[]", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE7reserveEy": { + "name": "basic_string::reserve", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE4sizeEv": { + "name": "basic_string::size", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt17basic_string_viewIcSt11char_traitsIcEE4dataEv": { + "name": "basic_string_view::data", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt17basic_string_viewIDiSt11char_traitsIDiEE4dataEv": { + "name": "basic_string_view::data", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt17basic_string_viewIDsSt11char_traitsIDsEE4dataEv": { + "name": "basic_string_view::data", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt17basic_string_viewIwSt11char_traitsIwEE4dataEv": { + "name": "basic_string_view::data", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt17basic_string_viewIcSt11char_traitsIcEE6lengthEv": { + "name": "basic_string_view::length", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt17basic_string_viewIDiSt11char_traitsIDiEE6lengthEv": { + "name": "basic_string_view::length", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt17basic_string_viewIDsSt11char_traitsIDsEE6lengthEv": { + "name": "basic_string_view::length", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt17basic_string_viewIwSt11char_traitsIwEE6lengthEv": { + "name": "basic_string_view::length", + "annotation": [ + [] + ], + "properties": [] + }, + "bcmp": { + "name": "bcmp", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [ + "Deref" + ], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "_ZSt9boolalphaRSt8ios_base": { + "name": "boolalpha", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "bsearch": { + "name": "bsearch", + "annotation": [ + [], + [], + [], + [], + [], + [] + ], + "properties": [] + }, + "btowc": { + "name": "btowc", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "cabf": { + "name": "cabf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "cabl": { + "name": "cabl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "cabs": { + "name": "cabs", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "cacos": { + "name": "cacos", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "cacosf": { + "name": "cacosf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "cacosh": { + "name": "cacosh", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "cacoshf": { + "name": "cacoshf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "cacoshl": { + "name": "cacoshl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "cacosl": { + "name": "cacosl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "calloc": { + "name": "calloc", + "annotation": [ + [ + "AllocSource::1", + "ZeroMemory", + "InitNull" + ], + [ + "AllocSize" + ], + [ + "AllocSize" + ] + ], + "properties": [] + }, + "canonicalize": { + "name": "canonicalize", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "canonicalizef": { + "name": "canonicalizef", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "canonicalizel": { + "name": "canonicalizel", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "carg": { + "name": "carg", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "cargf": { + "name": "cargf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "cargl": { + "name": "cargl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "casin": { + "name": "casin", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "casinf": { + "name": "casinf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "casinh": { + "name": "casinh", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "casinhf": { + "name": "casinhf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "casinhl": { + "name": "casinhl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "casinl": { + "name": "casinl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "catan": { + "name": "catan", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "catanf": { + "name": "catanf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "catanh": { + "name": "catanh", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "catanhf": { + "name": "catanhf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "catanhl": { + "name": "catanhl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "catanl": { + "name": "catanl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "cbrt": { + "name": "cbrt", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "cbrtf": { + "name": "cbrtf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "cbrtl": { + "name": "cbrtl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "ccosh": { + "name": "ccosh", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "ccoshf": { + "name": "ccoshf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "ccoshl": { + "name": "ccoshl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "ceil": { + "name": "ceil", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "ceilf": { + "name": "ceilf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "ceill": { + "name": "ceill", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "cexp": { + "name": "cexp", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "cexpf": { + "name": "cexpf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "cexpl": { + "name": "cexpl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIcE6assignEPcyc": { + "name": "char_traits::assign", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIcE6assignERcRKc": { + "name": "char_traits::assign", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIDiE6assignEPDiyDi": { + "name": "char_traits::assign", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIDiE6assignERDiRKDi": { + "name": "char_traits::assign", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIDsE6assignEPDsyDs": { + "name": "char_traits::assign", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIDsE6assignERDsRKDs": { + "name": "char_traits::assign", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIwE6assignEPwyw": { + "name": "char_traits::assign", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIwE6assignERwRKw": { + "name": "char_traits::assign", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZN9__gnu_cxx11char_traitsIcE7compareEPKcS3_y": { + "name": "char_traits::compare", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZN9__gnu_cxx11char_traitsIwE7compareEPKwS3_y": { + "name": "char_traits::compare", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIcE7compareEPKcS2_y": { + "name": "char_traits::compare", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIDiE7compareEPKDiS2_y": { + "name": "char_traits::compare", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIDsE7compareEPKDsS2_y": { + "name": "char_traits::compare", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIwE7compareEPKwS2_y": { + "name": "char_traits::compare", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIcE4copyEPcPKcy": { + "name": "char_traits::copy", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIDiE4copyEPDiPKDiy": { + "name": "char_traits::copy", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIDsE4copyEPDsPKDsy": { + "name": "char_traits::copy", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIwE4copyEPwPKwy": { + "name": "char_traits::copy", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIcE3eofEv": { + "name": "char_traits::eof", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIDiE3eofEv": { + "name": "char_traits::eof", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIDsE3eofEv": { + "name": "char_traits::eof", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIwE3eofEv": { + "name": "char_traits::eof", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIcE2eqERKcS2_": { + "name": "char_traits::eq", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIDiE2eqERKDiS2_": { + "name": "char_traits::eq", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIDsE2eqERKDsS2_": { + "name": "char_traits::eq", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIwE2eqERKwS2_": { + "name": "char_traits::eq", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIcE11eq_int_typeERKiS2_": { + "name": "char_traits::eq_int_type", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIDiE11eq_int_typeERKjS2_": { + "name": "char_traits::eq_int_type", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIDsE11eq_int_typeERKtS2_": { + "name": "char_traits::eq_int_type", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIwE11eq_int_typeERKtS2_": { + "name": "char_traits::eq_int_type", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZN9__gnu_cxx11char_traitsIcE4findEPKcyRS2_": { + "name": "char_traits::find", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZN9__gnu_cxx11char_traitsIwE4findEPKwyRS2_": { + "name": "char_traits::find", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIcE4findEPKcyRS1_": { + "name": "char_traits::find", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIDiE4findEPKDiyRS1_": { + "name": "char_traits::find", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIDsE4findEPKDsyRS1_": { + "name": "char_traits::find", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIwE4findEPKwyRS1_": { + "name": "char_traits::find", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZN9__gnu_cxx11char_traitsIcE6lengthEPKc": { + "name": "char_traits::length", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZN9__gnu_cxx11char_traitsIwE6lengthEPKw": { + "name": "char_traits::length", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIcE6lengthEPKc": { + "name": "char_traits::length", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIDiE6lengthEPKDi": { + "name": "char_traits::length", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIDsE6lengthEPKDs": { + "name": "char_traits::length", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIwE6lengthEPKw": { + "name": "char_traits::length", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIcE2ltERKcS2_": { + "name": "char_traits::lt", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIDiE2ltERKDiS2_": { + "name": "char_traits::lt", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIDsE2ltERKDsS2_": { + "name": "char_traits::lt", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIwE2ltERKwS2_": { + "name": "char_traits::lt", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIcE4moveEPcPKcy": { + "name": "char_traits::move", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIDiE4moveEPDiPKDiy": { + "name": "char_traits::move", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIDsE4moveEPDsPKDsy": { + "name": "char_traits::move", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIwE4moveEPwPKwy": { + "name": "char_traits::move", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIcE7not_eofERKi": { + "name": "char_traits::not_eof", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIDiE7not_eofERKj": { + "name": "char_traits::not_eof", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIDsE7not_eofERKt": { + "name": "char_traits::not_eof", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIwE7not_eofERKt": { + "name": "char_traits::not_eof", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIcE12to_char_typeERKi": { + "name": "char_traits::to_char_type", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIDiE12to_char_typeERKj": { + "name": "char_traits::to_char_type", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIDsE12to_char_typeERKt": { + "name": "char_traits::to_char_type", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIwE12to_char_typeERKt": { + "name": "char_traits::to_char_type", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIcE11to_int_typeERKc": { + "name": "char_traits::to_int_type", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIDiE11to_int_typeERKDi": { + "name": "char_traits::to_int_type", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIDsE11to_int_typeERKDs": { + "name": "char_traits::to_int_type", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIwE11to_int_typeERKw": { + "name": "char_traits::to_int_type", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "cimag": { + "name": "cimag", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "cimagf": { + "name": "cimagf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "cimagl": { + "name": "cimagl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "clearerr": { + "name": "clearerr", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "clearerr_s": { + "name": "clearerr_s", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "clog": { + "name": "clog", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "clog10": { + "name": "clog10", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "clog10f": { + "name": "clog10f", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "clog10l": { + "name": "clog10l", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "clogf": { + "name": "clogf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "clogl": { + "name": "clogl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "close": { + "name": "close", + "annotation": [ + [], + [ + "FreeDescriptor::1" + ] + ], + "properties": [] + }, + "conj": { + "name": "conj", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "conjf": { + "name": "conjf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "conjl": { + "name": "conjl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "copysign": { + "name": "copysign", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "copysignf": { + "name": "copysignf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "copysignl": { + "name": "copysignl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "cosh": { + "name": "cosh", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "coshf": { + "name": "coshf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "coshl": { + "name": "coshl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "cpow": { + "name": "cpow", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "cpowf": { + "name": "cpowf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "cpowl": { + "name": "cpowl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "cproj": { + "name": "cproj", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "cprojf": { + "name": "cprojf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "cprojl": { + "name": "cprojl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "creal": { + "name": "creal", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "crealf": { + "name": "crealf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "creall": { + "name": "creall", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "CreateProcessA": { + "name": "CreateProcessA", + "annotation": [ + [], + [ + "Execute" + ], + [ + "Execute" + ], + [], + [], + [], + [], + [ + "Execute" + ], + [ + "Execute" + ], + [], + [] + ], + "properties": [] + }, + "CreateProcessAsUserA": { + "name": "CreateProcessAsUserA", + "annotation": [ + [], + [], + [ + "Execute" + ], + [ + "Execute" + ], + [], + [], + [], + [], + [ + "Execute" + ], + [ + "Execute" + ], + [], + [] + ], + "properties": [] + }, + "CreateProcessAsUserW": { + "name": "CreateProcessAsUserW", + "annotation": [ + [], + [], + [ + "Execute" + ], + [ + "Execute" + ], + [], + [], + [], + [], + [ + "Execute" + ], + [ + "Execute" + ], + [], + [] + ], + "properties": [] + }, + "CreateProcessW": { + "name": "CreateProcessW", + "annotation": [ + [], + [ + "Execute" + ], + [ + "Execute" + ], + [], + [], + [], + [], + [ + "Execute" + ], + [ + "Execute" + ], + [], + [] + ], + "properties": [] + }, + "CreateProcessWithLogonW": { + "name": "CreateProcessWithLogonW", + "annotation": [ + [], + [], + [], + [], + [], + [ + "Execute" + ], + [ + "Execute" + ], + [], + [ + "Execute" + ], + [ + "Execute" + ], + [], + [] + ], + "properties": [] + }, + "CreateProcessWithTokenW": { + "name": "CreateProcessWithTokenW", + "annotation": [ + [], + [], + [], + [ + "Execute" + ], + [ + "Execute" + ], + [], + [ + "Execute" + ], + [ + "Execute" + ], + [], + [] + ], + "properties": [] + }, + "csinh": { + "name": "csinh", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "csinhf": { + "name": "csinhf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "csinhl": { + "name": "csinhl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "csqrt": { + "name": "csqrt", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "csqrtf": { + "name": "csqrtf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "csqrtl": { + "name": "csqrtl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "ctanh": { + "name": "ctanh", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "ctanhf": { + "name": "ctanhf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "ctanhl": { + "name": "ctanhl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "_ZNSt5ctypeIcE13classic_tableEv": { + "name": "ctype::classic_table", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIwE5do_isEPKwS2_Pt": { + "name": "ctype::do_is", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIwE5do_isEtw": { + "name": "ctype::do_is", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIcE9do_narrowEcc": { + "name": "ctype::do_narrow", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIcE9do_narrowEPKcS2_cPc": { + "name": "ctype::do_narrow", + "annotation": [ + [], + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIwE9do_narrowEPKwS2_cPc": { + "name": "ctype::do_narrow", + "annotation": [ + [], + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIwE9do_narrowEwc": { + "name": "ctype::do_narrow", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIwE10do_scan_isEtPKwS2_": { + "name": "ctype::do_scan_is", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIwE11do_scan_notEtPKwS2_": { + "name": "ctype::do_scan_not", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIcE10do_tolowerEc": { + "name": "ctype::do_tolower", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIcE10do_tolowerEPcPKc": { + "name": "ctype::do_tolower", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIwE10do_tolowerEPwPKw": { + "name": "ctype::do_tolower", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIwE10do_tolowerEw": { + "name": "ctype::do_tolower", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIcE10do_toupperEc": { + "name": "ctype::do_toupper", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIcE10do_toupperEPcPKc": { + "name": "ctype::do_toupper", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIwE10do_toupperEPwPKw": { + "name": "ctype::do_toupper", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIwE10do_toupperEw": { + "name": "ctype::do_toupper", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIcE8do_widenEc": { + "name": "ctype::do_widen", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIcE8do_widenEPKcS2_Pc": { + "name": "ctype::do_widen", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIwE8do_widenEc": { + "name": "ctype::do_widen", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIwE8do_widenEPKcS2_Pw": { + "name": "ctype::do_widen", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIcE2isEPKcS2_Pt": { + "name": "ctype::is", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIcE2isEtc": { + "name": "ctype::is", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIcE6narrowEcc": { + "name": "ctype::narrow", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIcE6narrowEPKcS2_cPc": { + "name": "ctype::narrow", + "annotation": [ + [], + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIcE7scan_isEtPKcS2_": { + "name": "ctype::scan_is", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIcE8scan_notEtPKcS2_": { + "name": "ctype::scan_not", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIcE5tableEv": { + "name": "ctype::table", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIcE7tolowerEc": { + "name": "ctype::tolower", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIcE7tolowerEPcPKc": { + "name": "ctype::tolower", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIcE7toupperEc": { + "name": "ctype::toupper", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIcE7toupperEPcPKc": { + "name": "ctype::toupper", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIcE5widenEc": { + "name": "ctype::widen", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIcE5widenEPKcS2_Pc": { + "name": "ctype::widen", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZSt17current_exceptionv": { + "name": "current_exception", + "annotation": [ + [] + ], + "properties": [] + }, + "cwait": { + "name": "cwait", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "daddl": { + "name": "daddl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "ddivl": { + "name": "ddivl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "_ZSt3decRSt8ios_base": { + "name": "dec", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZSt12defaultfloatRSt8ios_base": { + "name": "defaultfloat", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "dfmal": { + "name": "dfmal", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "dirname": { + "name": "dirname", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "_ZN9__gnu_cxx3divExx": { + "name": "div", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZSt3divll": { + "name": "div", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "div": { + "name": "div", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "dmull": { + "name": "dmull", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "dpax_popen_s": { + "name": "dpax_popen_s", + "annotation": [ + [], + [ + "Execute" + ], + [ + "Execute" + ], + [] + ], + "properties": [] + }, + "dpax_system_s": { + "name": "dpax_system_s", + "annotation": [ + [], + [ + "Execute" + ], + [] + ], + "properties": [] + }, + "drem": { + "name": "drem", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "dremf": { + "name": "dremf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "dreml": { + "name": "dreml", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "dsqrtl": { + "name": "dsqrtl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "dsubl": { + "name": "dsubl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "ecvt": { + "name": "ecvt", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2", + "TaintPropagation::UntrustedSource:3", + "TaintPropagation::UntrustedSource:4" + ], + [], + [], + [], + [] + ], + "properties": [] + }, + "erf": { + "name": "erf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "erfc": { + "name": "erfc", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "erfcf": { + "name": "erfcf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "erfcl": { + "name": "erfcl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "erff": { + "name": "erff", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "erfl": { + "name": "erfl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "_ZNKSt3_V214error_category23default_error_conditionEi": { + "name": "error_category::default_error_condition", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt3_V214error_category10equivalentEiRKSt15error_condition": { + "name": "error_category::equivalent", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt3_V214error_category10equivalentERKSt10error_codei": { + "name": "error_category::equivalent", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt3_V214error_category7messageB5cxx11Ei": { + "name": "error_category::message", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt3_V214error_category4nameEv": { + "name": "error_category::name", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt3_V214error_categoryneERKS0_": { + "name": "error_category::operator!=", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt3_V214error_categoryltERKS0_": { + "name": "error_category::operator<", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt3_V214error_categoryeqERKS0_": { + "name": "error_category::operator==", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt10error_code6assignEiRKNSt3_V214error_categoryE": { + "name": "error_code::assign", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt10error_code8categoryEv": { + "name": "error_code::category", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNSt10error_code5clearEv": { + "name": "error_code::clear", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt10error_code23default_error_conditionEv": { + "name": "error_code::default_error_condition", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt10error_code7messageB5cxx11Ev": { + "name": "error_code::message", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt10error_code5valueEv": { + "name": "error_code::value", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNSt15error_condition6assignEiRKNSt3_V214error_categoryE": { + "name": "error_condition::assign", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt15error_condition8categoryEv": { + "name": "error_condition::category", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNSt15error_condition5clearEv": { + "name": "error_condition::clear", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt15error_condition7messageB5cxx11Ev": { + "name": "error_condition::message", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt15error_condition5valueEv": { + "name": "error_condition::value", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt9exception4whatEv": { + "name": "exception::what", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNSt15__exception_ptr13exception_ptr4swapERS0_": { + "name": "exception_ptr::swap", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "execl": { + "name": "execl", + "annotation": [ + [], + [ + "Execute" + ], + [ + "Execute" + ], + [ + "Execute" + ] + ], + "properties": [] + }, + "execle": { + "name": "execle", + "annotation": [ + [], + [ + "Execute" + ], + [ + "Execute" + ], + [ + "Execute" + ] + ], + "properties": [] + }, + "execlp": { + "name": "execlp", + "annotation": [ + [], + [ + "Execute" + ], + [ + "Execute" + ], + [ + "Execute" + ] + ], + "properties": [] + }, + "execlpe": { + "name": "execlpe", + "annotation": [ + [], + [ + "Execute" + ], + [ + "Execute" + ], + [ + "Execute" + ] + ], + "properties": [] + }, + "execv": { + "name": "execv", + "annotation": [ + [], + [ + "Execute" + ], + [ + "Execute" + ] + ], + "properties": [] + }, + "execve": { + "name": "execve", + "annotation": [ + [], + [ + "Execute" + ], + [ + "Execute" + ], + [ + "Execute" + ] + ], + "properties": [] + }, + "execvp": { + "name": "execvp", + "annotation": [ + [], + [ + "Execute" + ], + [ + "Execute" + ] + ], + "properties": [] + }, + "execvpe": { + "name": "execvpe", + "annotation": [ + [], + [ + "Execute" + ], + [ + "Execute" + ], + [ + "Execute" + ] + ], + "properties": [] + }, + "exit": { + "name": "exit", + "annotation": [ + [ + "NoReturn" + ], + [] + ], + "properties": [] + }, + "exp": { + "name": "exp", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "exp10": { + "name": "exp10", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "exp10f": { + "name": "exp10f", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "exp10l": { + "name": "exp10l", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "exp2": { + "name": "exp2", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "exp2f": { + "name": "exp2f", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "exp2l": { + "name": "exp2l", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "expf": { + "name": "expf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "expl": { + "name": "expl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "expm1": { + "name": "expm1", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "expm1f": { + "name": "expm1f", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "expm1l": { + "name": "expm1l", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "fabs": { + "name": "fabs", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "fabsf": { + "name": "fabsf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "fabsl": { + "name": "fabsl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "fadd": { + "name": "fadd", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "faddl": { + "name": "faddl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fclose": { + "name": "fclose", + "annotation": [ + [], + [ + "Deref", + "FreeDescriptor::1" + ] + ], + "properties": [] + }, + "fcloseall": { + "name": "fcloseall", + "annotation": [ + [] + ], + "properties": [] + }, + "fcvt": { + "name": "fcvt", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2", + "TaintPropagation::UntrustedSource:3", + "TaintPropagation::UntrustedSource:4" + ], + [], + [], + [ + "Deref" + ], + [ + "Deref" + ] + ], + "properties": [] + }, + "fdim": { + "name": "fdim", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fdimf": { + "name": "fdimf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fdiml": { + "name": "fdiml", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fdiv": { + "name": "fdiv", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fdivl": { + "name": "fdivl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fdopen": { + "name": "fdopen", + "annotation": [ + [ + "AllocDescriptor::1" + ], + [ + "Alias::0" + ], + [] + ], + "properties": [] + }, + "feof": { + "name": "feof", + "annotation": [ + [], + [ + "Deref" + ] + ], + "properties": [] + }, + "ferror": { + "name": "ferror", + "annotation": [ + [], + [ + "Deref" + ] + ], + "properties": [] + }, + "fflush": { + "name": "fflush", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "ffma": { + "name": "ffma", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "ffmal": { + "name": "ffmal", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fgetc": { + "name": "fgetc", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [ + "Deref" + ] + ], + "properties": [] + }, + "fgetchar": { + "name": "fgetchar", + "annotation": [ + [] + ], + "properties": [] + }, + "fgetpos": { + "name": "fgetpos", + "annotation": [ + [], + [ + "Deref" + ], + [ + "Deref" + ] + ], + "properties": [] + }, + "fgetpos64": { + "name": "fgetpos64", + "annotation": [ + [], + [ + "Deref" + ], + [ + "Deref" + ] + ], + "properties": [] + }, + "fgets": { + "name": "fgets", + "annotation": [ + [ + "InitNull", + "TaintOutput::UntrustedSource" + ], + [ + "Deref", + "TaintOutput::UntrustedSource" + ], + [], + [ + "Deref" + ] + ], + "properties": [] + }, + "fgetwc": { + "name": "fgetwc", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [ + "Deref" + ] + ], + "properties": [] + }, + "fgetws": { + "name": "fgetws", + "annotation": [ + [ + "InitNull", + "TaintOutput::UntrustedSource" + ], + [ + "Deref", + "TaintOutput::UntrustedSource" + ], + [], + [ + "Deref" + ] + ], + "properties": [] + }, + "fileno": { + "name": "fileno", + "annotation": [ + [ + "AllocDescriptor::1" + ], + [ + "Deref", + "Alias::0" + ] + ], + "properties": [] + }, + "_ZSt5fixedRSt8ios_base": { + "name": "fixed", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "floor": { + "name": "floor", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "floorf": { + "name": "floorf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "floorl": { + "name": "floorl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "flushall": { + "name": "flushall", + "annotation": [ + [] + ], + "properties": [] + }, + "fma": { + "name": "fma", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fmaf": { + "name": "fmaf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fmal": { + "name": "fmal", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fmax": { + "name": "fmax", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fmaxf": { + "name": "fmaxf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fmaximum": { + "name": "fmaximum", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fmaximum_mag": { + "name": "fmaximum_mag", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fmaximum_mag_num": { + "name": "fmaximum_mag_num", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fmaximum_mag_numf": { + "name": "fmaximum_mag_numf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fmaximum_mag_numl": { + "name": "fmaximum_mag_numl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fmaximum_magf": { + "name": "fmaximum_magf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fmaximum_magl": { + "name": "fmaximum_magl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fmaximum_num": { + "name": "fmaximum_num", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fmaximum_numf": { + "name": "fmaximum_numf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fmaximum_numl": { + "name": "fmaximum_numl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fmaximumf": { + "name": "fmaximumf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fmaximuml": { + "name": "fmaximuml", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fmaxl": { + "name": "fmaxl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fmaxmag": { + "name": "fmaxmag", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fmaxmagf": { + "name": "fmaxmagf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fmaxmagl": { + "name": "fmaxmagl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fmemopen": { + "name": "fmemopen", + "annotation": [ + [ + "AllocDescriptor::1" + ], + [], + [], + [] + ], + "properties": [] + }, + "fmin": { + "name": "fmin", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fminf": { + "name": "fminf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fminimum": { + "name": "fminimum", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fminimum_mag": { + "name": "fminimum_mag", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fminimum_mag_num": { + "name": "fminimum_mag_num", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fminimum_mag_numf": { + "name": "fminimum_mag_numf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fminimum_mag_numl": { + "name": "fminimum_mag_numl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fminimum_magf": { + "name": "fminimum_magf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fminimum_magl": { + "name": "fminimum_magl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fminimum_num": { + "name": "fminimum_num", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fminimum_numf": { + "name": "fminimum_numf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fminimum_numl": { + "name": "fminimum_numl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fminimumf": { + "name": "fminimumf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fminimuml": { + "name": "fminimuml", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fminl": { + "name": "fminl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fminmag": { + "name": "fminmag", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fminmagf": { + "name": "fminmagf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fminmagl": { + "name": "fminmagl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fmod": { + "name": "fmod", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fmodf": { + "name": "fmodf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fmodl": { + "name": "fmodl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fmul": { + "name": "fmul", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fmull": { + "name": "fmull", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fopen": { + "name": "fopen", + "annotation": [ + [ + "InitNull", + "AllocDescriptor::1" + ], + [], + [] + ], + "properties": [] + }, + "fopen64": { + "name": "fopen64", + "annotation": [ + [ + "InitNull", + "AllocDescriptor::1" + ], + [], + [] + ], + "properties": [] + }, + "fopen_s": { + "name": "fopen_s", + "annotation": [ + [], + [ + "AllocDescriptor:*:1", + "InitNull:*:!=0" + ], + [], + [ + "FreeSink::4" + ] + ], + "properties": [] + }, + "_Z7fprintfP6_iobufPKcz": { + "name": "fprintf", + "annotation": [ + [], + [ + "Deref" + ], + [ + "FormatString::Printf", + "SensitiveDataLeak" + ], + [ + "SensitiveDataLeak" + ] + ], + "properties": [] + }, + "fprintf": { + "name": "fprintf", + "annotation": [ + [], + [ + "Deref" + ], + [ + "FormatString::Printf", + "SensitiveDataLeak" + ], + [ + "SensitiveDataLeak" + ] + ], + "properties": [] + }, + "fprintf_s": { + "name": "fprintf_s", + "annotation": [ + [], + [], + [ + "FormatString::Printf", + "SensitiveDataLeak" + ], + [ + "SensitiveDataLeak" + ] + ], + "properties": [] + }, + "fputc": { + "name": "fputc", + "annotation": [ + [], + [], + [ + "Deref" + ] + ], + "properties": [] + }, + "fputchar": { + "name": "fputchar", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "fputs": { + "name": "fputs", + "annotation": [ + [], + [ + "Deref" + ], + [ + "Deref" + ] + ], + "properties": [] + }, + "fputwc": { + "name": "fputwc", + "annotation": [ + [], + [], + [ + "Deref" + ] + ], + "properties": [] + }, + "fputws": { + "name": "fputws", + "annotation": [ + [], + [ + "Deref" + ], + [ + "Deref" + ] + ], + "properties": [] + }, + "fread": { + "name": "fread", + "annotation": [ + [ + "TaintOutput::UntrustedSource", + "Condition::<=$3" + ], + [ + "Write:*", + "Deref", + "TaintOutput::UntrustedSource" + ], + [ + "CheckOverflow" + ], + [ + "CheckOverflow" + ], + [ + "Deref" + ] + ], + "properties": [] + }, + "fread_s": { + "name": "fread_s", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [ + "TaintOutput::UntrustedSource" + ], + [ + "CheckOverflow" + ], + [ + "CheckOverflow" + ], + [ + "CheckOverflow" + ], + [] + ], + "properties": [] + }, + "free": { + "name": "free", + "annotation": [ + [], + [ + "FreeSink::1" + ] + ], + "properties": [] + }, + "freopen": { + "name": "freopen", + "annotation": [ + [ + "InitNull", + "AllocDescriptor::1" + ], + [], + [], + [ + "Deref" + ] + ], + "properties": [] + }, + "freopen64": { + "name": "freopen64", + "annotation": [ + [ + "InitNull", + "AllocDescriptor::1" + ], + [], + [], + [ + "Deref" + ] + ], + "properties": [] + }, + "freopen_s": { + "name": "freopen_s", + "annotation": [ + [], + [ + "AllocDescriptor:*:1", + "InitNull:*:!=0" + ], + [], + [], + [ + "FreeSink::4" + ] + ], + "properties": [] + }, + "fromfp": { + "name": "fromfp", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "fromfpf": { + "name": "fromfpf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "fromfpl": { + "name": "fromfpl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "fromfpx": { + "name": "fromfpx", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "fromfpxf": { + "name": "fromfpxf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "fromfpxl": { + "name": "fromfpxl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "fscanf": { + "name": "fscanf", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [ + "Deref" + ], + [ + "FormatString::Scanf" + ], + [ + "TaintOutput:*:UntrustedSource", + "Write:*", + "OutputString" + ] + ], + "properties": [] + }, + "fscanf_s": { + "name": "fscanf_s", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [ + "Deref" + ], + [ + "FormatString::Scanfs" + ], + [ + "TaintOutput:*:UntrustedSource", + "Write:*", + "FormatStringArgs", + "OutputString::-1" + ] + ], + "properties": [] + }, + "fseek": { + "name": "fseek", + "annotation": [ + [], + [ + "Deref" + ], + [], + [] + ], + "properties": [] + }, + "fseeko": { + "name": "fseeko", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "fseeko64": { + "name": "fseeko64", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "fsetpos": { + "name": "fsetpos", + "annotation": [ + [], + [ + "Deref" + ], + [ + "Deref" + ] + ], + "properties": [] + }, + "fsetpos64": { + "name": "fsetpos64", + "annotation": [ + [], + [ + "Deref" + ], + [ + "Deref" + ] + ], + "properties": [] + }, + "fsqrt": { + "name": "fsqrt", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fsqrtl": { + "name": "fsqrtl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fstat": { + "name": "fstat", + "annotation": [ + [], + [], + [ + "TaintPropagation::UntrustedSource:1" + ] + ], + "properties": [] + }, + "fsub": { + "name": "fsub", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fsubl": { + "name": "fsubl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "ftell": { + "name": "ftell", + "annotation": [ + [], + [ + "Deref" + ] + ], + "properties": [] + }, + "ftello": { + "name": "ftello", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "ftello64": { + "name": "ftello64", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "ftime": { + "name": "ftime", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "fwide": { + "name": "fwide", + "annotation": [ + [], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "fwprintf": { + "name": "fwprintf", + "annotation": [ + [], + [ + "Deref" + ], + [ + "FormatString", + "SensitiveDataLeak" + ], + [ + "SensitiveDataLeak" + ] + ], + "properties": [] + }, + "fwprintf_s": { + "name": "fwprintf_s", + "annotation": [ + [], + [], + [ + "FormatString", + "SensitiveDataLeak" + ], + [ + "SensitiveDataLeak" + ] + ], + "properties": [] + }, + "fwrite": { + "name": "fwrite", + "annotation": [ + [], + [ + "Deref", + "SensitiveDataLeak" + ], + [], + [], + [ + "Deref" + ] + ], + "properties": [] + }, + "fwscanf": { + "name": "fwscanf", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [ + "Deref" + ], + [ + "FormatString" + ], + [ + "TaintOutput::UntrustedSource" + ] + ], + "properties": [] + }, + "g_spawn_async": { + "name": "g_spawn_async", + "annotation": [ + [], + [ + "Execute" + ], + [ + "Execute" + ], + [ + "Execute" + ], + [], + [], + [], + [], + [] + ], + "properties": [] + }, + "g_spawn_command_line_async": { + "name": "g_spawn_command_line_async", + "annotation": [ + [], + [ + "Execute" + ], + [] + ], + "properties": [] + }, + "g_spawn_command_line_sync": { + "name": "g_spawn_command_line_sync", + "annotation": [ + [], + [ + "Execute" + ], + [] + ], + "properties": [] + }, + "g_spawn_sync": { + "name": "g_spawn_sync", + "annotation": [ + [], + [ + "Execute" + ], + [ + "Execute" + ], + [ + "Execute" + ], + [], + [], + [], + [], + [], + [], + [] + ], + "properties": [] + }, + "gamma": { + "name": "gamma", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "gammaf": { + "name": "gammaf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "gammal": { + "name": "gammal", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "gcvt": { + "name": "gcvt", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt3_V216generic_categoryEv": { + "name": "generic_category", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZSt15get_new_handlerv": { + "name": "get_new_handler", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZSt13get_terminatev": { + "name": "get_terminate", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZSt14get_unexpectedv": { + "name": "get_unexpected", + "annotation": [ + [] + ], + "properties": [] + }, + "getc": { + "name": "getc", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [ + "Deref" + ] + ], + "properties": [] + }, + "getchar": { + "name": "getchar", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ] + ], + "properties": [] + }, + "getenv": { + "name": "getenv", + "annotation": [ + [ + "TaintOutput::UntrustedSource", + "TaintOutput::SensitiveDataSource" + ], + [ + "Deref" + ] + ], + "properties": [] + }, + "getenv_s": { + "name": "getenv_s", + "annotation": [ + [], + [ + "Deref" + ], + [ + "Deref", + "TaintOutput::UntrustedSource", + "TaintOutput::SensitiveDataSource" + ], + [], + [] + ], + "properties": [] + }, + "getpid": { + "name": "getpid", + "annotation": [ + [] + ], + "properties": [] + }, + "gets": { + "name": "gets", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [ + "TaintOutput::UntrustedSource", + "Deref", + "OutputString" + ] + ], + "properties": [] + }, + "gets_s": { + "name": "gets_s", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [ + "TaintOutput::UntrustedSource", + "Deref" + ], + [] + ], + "properties": [] + }, + "getw": { + "name": "getw", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [ + "Deref" + ] + ], + "properties": [] + }, + "getwc": { + "name": "getwc", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [ + "Deref" + ] + ], + "properties": [] + }, + "getwchar": { + "name": "getwchar", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ] + ], + "properties": [] + }, + "_ZNKSt7greaterIPVKvEclES1_S1_": { + "name": "greater::operator()", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt13greater_equalIPVKvEclES1_S1_": { + "name": "greater_equal::operator()", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashIaEclEa": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashIbEclEb": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashIcEclEc": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashIdEclEd": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashIDiEclEDi": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashIDnEclEDn": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashIDsEclEDs": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashIeEclEe": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashIfEclEf": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashIhEclEh": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashIiEclEi": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashIjEclEj": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashIlEclEl": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashImEclEm": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashInEclEn": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEEclERKS5_": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashINSt7__cxx1112basic_stringIDiSt11char_traitsIDiESaIDiEEEEclERKS5_": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashINSt7__cxx1112basic_stringIDsSt11char_traitsIDsESaIDsEEEEclERKS5_": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashINSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEEEEclERKS5_": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashIoEclEo": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashIsEclEs": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashISt10error_codeEclERKS0_": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashISt15error_conditionEclERKS0_": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashISt17basic_string_viewIcSt11char_traitsIcEEEclERKS3_": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashISt17basic_string_viewIDiSt11char_traitsIDiEEEclERKS3_": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashISt17basic_string_viewIDsSt11char_traitsIDsEEEclERKS3_": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashISt17basic_string_viewIwSt11char_traitsIwEEEclERKS3_": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashItEclEt": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashIwEclEw": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashIxEclEx": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashIyEclEy": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZSt3hexRSt8ios_base": { + "name": "hex", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZSt8hexfloatRSt8ios_base": { + "name": "hexfloat", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "htonl": { + "name": "htonl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "htons": { + "name": "htons", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "hypot": { + "name": "hypot", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "hypotf": { + "name": "hypotf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "hypotl": { + "name": "hypotl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "ilogb": { + "name": "ilogb", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "ilogbf": { + "name": "ilogbf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "ilogbl": { + "name": "ilogbl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "_ZSt8internalRSt8ios_base": { + "name": "internal", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt8ios_base5flagsEv": { + "name": "ios_base::flags", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNSt8ios_base5flagsESt13_Ios_Fmtflags": { + "name": "ios_base::flags", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt8ios_base6getlocEv": { + "name": "ios_base::getloc", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNSt8ios_base5imbueERKSt6locale": { + "name": "ios_base::imbue", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt8ios_base5iwordEi": { + "name": "ios_base::iword", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt8ios_base9precisionEv": { + "name": "ios_base::precision", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNSt8ios_base9precisionEx": { + "name": "ios_base::precision", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt8ios_base5pwordEi": { + "name": "ios_base::pword", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt8ios_base17register_callbackEPFvNS_5eventERS_iEi": { + "name": "ios_base::register_callback", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt8ios_base4setfESt13_Ios_Fmtflags": { + "name": "ios_base::setf", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt8ios_base4setfESt13_Ios_FmtflagsS0_": { + "name": "ios_base::setf", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt8ios_base15sync_with_stdioEb": { + "name": "ios_base::sync_with_stdio", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt8ios_base6unsetfESt13_Ios_Fmtflags": { + "name": "ios_base::unsetf", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt8ios_base5widthEv": { + "name": "ios_base::width", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNSt8ios_base5widthEx": { + "name": "ios_base::width", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt8ios_base6xallocEv": { + "name": "ios_base::xalloc", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZSt17iostream_categoryv": { + "name": "iostream_category", + "annotation": [ + [] + ], + "properties": [] + }, + "is_wctype": { + "name": "is_wctype", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "isalnum": { + "name": "isalnum", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "isalpha": { + "name": "isalpha", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "isblank": { + "name": "isblank", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "iscntrl": { + "name": "iscntrl", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "isdigit": { + "name": "isdigit", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "isgraph": { + "name": "isgraph", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "isleadbyte": { + "name": "isleadbyte", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "islower": { + "name": "islower", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "isprint": { + "name": "isprint", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "ispunct": { + "name": "ispunct", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "isspace": { + "name": "isspace", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "isupper": { + "name": "isupper", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "iswalnum": { + "name": "iswalnum", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "iswalpha": { + "name": "iswalpha", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "iswascii": { + "name": "iswascii", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "iswblank": { + "name": "iswblank", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "iswcntrl": { + "name": "iswcntrl", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "iswctype": { + "name": "iswctype", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "iswdigit": { + "name": "iswdigit", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "iswgraph": { + "name": "iswgraph", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "iswlower": { + "name": "iswlower", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "iswprint": { + "name": "iswprint", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "iswpunct": { + "name": "iswpunct", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "iswspace": { + "name": "iswspace", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "iswupper": { + "name": "iswupper", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "iswxdigit": { + "name": "iswxdigit", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "isxdigit": { + "name": "isxdigit", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "itoa": { + "name": "itoa", + "annotation": [ + [], + [], + [ + "Deref", + "Alias::0", + "OutputString::11" + ], + [] + ], + "properties": [] + }, + "j0": { + "name": "j0", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "j0f": { + "name": "j0f", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "j0l": { + "name": "j0l", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "j1": { + "name": "j1", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "j1f": { + "name": "j1f", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "j1l": { + "name": "j1l", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "jn": { + "name": "jn", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "jnf": { + "name": "jnf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "jnl": { + "name": "jnl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "labs": { + "name": "labs", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "_ZSt7launderPKv": { + "name": "launder", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZSt7launderPv": { + "name": "launder", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZSt7launderPVKv": { + "name": "launder", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZSt7launderPVv": { + "name": "launder", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "ldiv": { + "name": "ldiv", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZSt4leftRSt8ios_base": { + "name": "left", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4lessIPKNSt3_V214error_categoryEEclES3_S3_": { + "name": "less::operator()", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt4lessIPVKvEclES1_S1_": { + "name": "less::operator()", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt10less_equalIPVKvEclES1_S1_": { + "name": "less_equal::operator()", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "lgamma": { + "name": "lgamma", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "lgamma_r": { + "name": "lgamma_r", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "lgammaf": { + "name": "lgammaf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "lgammaf_r": { + "name": "lgammaf_r", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "lgammal": { + "name": "lgammal", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "lgammal_r": { + "name": "lgammal_r", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "llabs": { + "name": "llabs", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "lldiv": { + "name": "lldiv", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "llogb": { + "name": "llogb", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "llogbf": { + "name": "llogbf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "llogbl": { + "name": "llogbl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "llrint": { + "name": "llrint", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "llrintf": { + "name": "llrintf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "llrintl": { + "name": "llrintl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "llround": { + "name": "llround", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "llroundf": { + "name": "llroundf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "llroundl": { + "name": "llroundl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "lltoa": { + "name": "lltoa", + "annotation": [ + [], + [], + [ + "OutputString::21" + ], + [] + ], + "properties": [] + }, + "lltow": { + "name": "lltow", + "annotation": [ + [], + [], + [ + "OutputString::21" + ], + [] + ], + "properties": [] + }, + "_ZNSt6locale7classicEv": { + "name": "locale::classic", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNSt6locale6globalERKS_": { + "name": "locale::global", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt6locale4nameB5cxx11Ev": { + "name": "locale::name", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt6localeneERKS_": { + "name": "locale::operator!=", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt6localeeqERKS_": { + "name": "locale::operator==", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "localeconv": { + "name": "localeconv", + "annotation": [ + [] + ], + "properties": [] + }, + "log": { + "name": "log", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "log10f": { + "name": "log10f", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "log10l": { + "name": "log10l", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "log1p": { + "name": "log1p", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "log1pf": { + "name": "log1pf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "log1pl": { + "name": "log1pl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "log2": { + "name": "log2", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "log2f": { + "name": "log2f", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "log2l": { + "name": "log2l", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "logb": { + "name": "logb", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "logbf": { + "name": "logbf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "logbl": { + "name": "logbl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "logf": { + "name": "logf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "_ZNKSt11logic_error4whatEv": { + "name": "logic_error::what", + "annotation": [ + [] + ], + "properties": [] + }, + "logl": { + "name": "logl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "LogonUserA": { + "name": "LogonUserA", + "annotation": [ + [], + [], + [], + [ + "TaintOutput::SensitiveDataSource" + ], + [], + [], + [] + ], + "properties": [] + }, + "LogonUserW": { + "name": "LogonUserW", + "annotation": [ + [], + [], + [], + [ + "TaintOutput::SensitiveDataSource" + ], + [], + [], + [] + ], + "properties": [] + }, + "lrint": { + "name": "lrint", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "lrintf": { + "name": "lrintf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "lrintl": { + "name": "lrintl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "lround": { + "name": "lround", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "lroundf": { + "name": "lroundf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "lroundl": { + "name": "lroundl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "lseek": { + "name": "lseek", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:2" + ], + [], + [], + [] + ], + "properties": [] + }, + "ltoa": { + "name": "ltoa", + "annotation": [ + [], + [], + [ + "OutputString::11" + ], + [] + ], + "properties": [] + }, + "main": { + "name": "main", + "annotation": [ + [], + [ + "Condition::>0", + "Condition::<=1048576" + ], + [] + ], + "properties": [] + }, + "_ZSt15make_error_codeSt4errc": { + "name": "make_error_code", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZSt15make_error_codeSt7io_errc": { + "name": "make_error_code", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZSt20make_error_conditionSt4errc": { + "name": "make_error_condition", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZSt20make_error_conditionSt7io_errc": { + "name": "make_error_condition", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "malloc": { + "name": "malloc", + "annotation": [ + [ + "AllocSource::1", + "InitNull" + ], + [ + "AllocSize" + ] + ], + "properties": [] + }, + "mblen": { + "name": "mblen", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "mbrlen": { + "name": "mbrlen", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "mbrtowc": { + "name": "mbrtowc", + "annotation": [ + [], + [], + [], + [], + [] + ], + "properties": [] + }, + "mbsinit": { + "name": "mbsinit", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "mbsnrtowcs": { + "name": "mbsnrtowcs", + "annotation": [ + [], + [ + "TaintPropagation::UntrustedSource:2" + ], + [], + [], + [] + ], + "properties": [] + }, + "mbsrtowcs": { + "name": "mbsrtowcs", + "annotation": [ + [], + [ + "TaintPropagation::UntrustedSource:2" + ], + [], + [], + [] + ], + "properties": [] + }, + "mbsrtowcs_s": { + "name": "mbsrtowcs_s", + "annotation": [ + [], + [ + "TaintPropagation::UntrustedSource:2" + ], + [], + [], + [], + [], + [] + ], + "properties": [] + }, + "mbstowcs": { + "name": "mbstowcs", + "annotation": [ + [], + [ + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "mbstowcs_s": { + "name": "mbstowcs_s", + "annotation": [ + [], + [ + "TaintPropagation::UntrustedSource:2" + ], + [], + [], + [], + [] + ], + "properties": [] + }, + "mbtowc": { + "name": "mbtowc", + "annotation": [ + [], + [ + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "memccpy": { + "name": "memccpy", + "annotation": [ + [], + [ + "Deref", + "Write:*", + "InitMemory::2", + "TaintPropagation::UntrustedSource:2" + ], + [ + "Deref", + "Alias:*:1" + ], + [], + [ + "MemorySize::1", + "MemorySize::2" + ] + ], + "properties": [] + }, + "memchr": { + "name": "memchr", + "annotation": [ + [ + "InitNull", + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [], + [ + "MemorySize::1" + ] + ], + "properties": [] + }, + "memcmp": { + "name": "memcmp", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [ + "Deref" + ], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "memcpy": { + "name": "memcpy", + "annotation": [ + [], + [ + "Deref", + "Write:*", + "InitMemory::2", + "TaintPropagation::UntrustedSource:2" + ], + [ + "Deref", + "Alias:*:1" + ], + [ + "MemorySize::1", + "MemorySize::2" + ] + ], + "properties": [] + }, + "memcpy_s": { + "name": "memcpy_s", + "annotation": [ + [], + [ + "Deref", + "Write:*", + "InitMemory::3", + "TaintPropagation::UntrustedSource:3" + ], + [ + "MemorySize::1" + ], + [ + "Deref" + ], + [ + "BuffSize::>2", + "MemorySize::3" + ] + ], + "properties": [] + }, + "memicmp": { + "name": "memicmp", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [ + "Deref" + ], + [ + "Deref" + ], + [], + [] + ], + "properties": [] + }, + "memmem": { + "name": "memmem", + "annotation": [ + [ + "InitNull", + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "memmove": { + "name": "memmove", + "annotation": [ + [], + [ + "Deref", + "Write:*", + "InitMemory::2", + "TaintPropagation::UntrustedSource:2" + ], + [ + "Deref" + ], + [ + "MemorySize::1" + ] + ], + "properties": [] + }, + "memmove_s": { + "name": "memmove_s", + "annotation": [ + [], + [ + "Deref", + "Write:*", + "InitMemory::3", + "TaintPropagation::UntrustedSource:3" + ], + [ + "MemorySize::1" + ], + [ + "Deref" + ], + [ + "BuffSize::>2", + "MemorySize::3" + ] + ], + "properties": [] + }, + "mempcpy": { + "name": "mempcpy", + "annotation": [ + [], + [ + "Deref", + "Write:*", + "InitMemory::2", + "TaintPropagation::UntrustedSource:2" + ], + [ + "Deref" + ], + [ + "MemorySize::1", + "MemorySize::2" + ] + ], + "properties": [] + }, + "memset": { + "name": "memset", + "annotation": [ + [], + [ + "Deref", + "Write:*", + "ZeroMemory", + "InitMemory", + "TaintPropagation::UntrustedSource:1" + ], + [], + [ + "MemorySize::1" + ] + ], + "properties": [] + }, + "memset_s": { + "name": "memset_s", + "annotation": [ + [], + [ + "Deref", + "Write:*", + "ZeroMemory", + "InitMemory", + "TaintPropagation::UntrustedSource:1" + ], + [ + "MemorySize::1" + ], + [], + [ + "BuffSize::>2" + ] + ], + "properties": [] + }, + "_ZSt3minIxERKT_S2_S2_": { + "name": "min", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZSt3minIyERKT_S2_S2_": { + "name": "min", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "mkstemp": { + "name": "mkstemp", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "modf": { + "name": "modf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "modff": { + "name": "modff", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "modfl": { + "name": "modfl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "nearbyint": { + "name": "nearbyint", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "nearbyintf": { + "name": "nearbyintf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "nearbyintl": { + "name": "nearbyintl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "_ZNKSt16nested_exception10nested_ptrEv": { + "name": "nested_exception::nested_ptr", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt16nested_exception14rethrow_nestedEv": { + "name": "nested_exception::rethrow_nested", + "annotation": [ + [] + ], + "properties": [] + }, + "nextafter": { + "name": "nextafter", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "nextafterf": { + "name": "nextafterf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "nextafterl": { + "name": "nextafterl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "nextdown": { + "name": "nextdown", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [], + [] + ], + "properties": [] + }, + "nextdownf": { + "name": "nextdownf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [], + [] + ], + "properties": [] + }, + "nextdownl": { + "name": "nextdownl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [], + [] + ], + "properties": [] + }, + "nexttoward": { + "name": "nexttoward", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "nexttowardf": { + "name": "nexttowardf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "nexttowardl": { + "name": "nexttowardl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "nextup": { + "name": "nextup", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [], + [] + ], + "properties": [] + }, + "nextupf": { + "name": "nextupf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [], + [] + ], + "properties": [] + }, + "nextupl": { + "name": "nextupl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [], + [] + ], + "properties": [] + }, + "_ZSt11noboolalphaRSt8ios_base": { + "name": "noboolalpha", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZSt10noshowbaseRSt8ios_base": { + "name": "noshowbase", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZSt11noshowpointRSt8ios_base": { + "name": "noshowpoint", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZSt9noshowposRSt8ios_base": { + "name": "noshowpos", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZSt8noskipwsRSt8ios_base": { + "name": "noskipws", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZSt9nounitbufRSt8ios_base": { + "name": "nounitbuf", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZSt11nouppercaseRSt8ios_base": { + "name": "nouppercase", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "ntohl": { + "name": "ntohl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "ntohs": { + "name": "ntohs", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "_ZSt3octRSt8ios_base": { + "name": "oct", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "onexit": { + "name": "onexit", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "open": { + "name": "open", + "annotation": [ + [ + "AllocDescriptor::1" + ], + [], + [] + ], + "properties": [] + }, + "open64": { + "name": "open64", + "annotation": [ + [ + "AllocDescriptor::1" + ], + [], + [] + ], + "properties": [] + }, + "open_memstream": { + "name": "open_memstream", + "annotation": [ + [ + "AllocDescriptor::1" + ], + [], + [] + ], + "properties": [] + }, + "_ZdlPv": { + "name": "operator delete", + "annotation": [ + [], + [ + "FreeSink::2" + ] + ], + "properties": [] + }, + "_ZdlPvRKSt9nothrow_t": { + "name": "operator delete", + "annotation": [ + [], + [], + [ + "FreeSink::2" + ] + ], + "properties": [] + }, + "_ZdlPvS_": { + "name": "operator delete", + "annotation": [ + [], + [], + [ + "FreeSink::2" + ] + ], + "properties": [] + }, + "_ZdaPv": { + "name": "operator delete[]", + "annotation": [ + [], + [ + "FreeSink::3" + ] + ], + "properties": [] + }, + "_ZdaPvRKSt9nothrow_t": { + "name": "operator delete[]", + "annotation": [ + [], + [], + [ + "FreeSink::3" + ] + ], + "properties": [] + }, + "_ZdaPvS_": { + "name": "operator delete[]", + "annotation": [ + [], + [], + [ + "FreeSink::3" + ] + ], + "properties": [] + }, + "_Znwm": { + "name": "operator new", + "annotation": [ + [ + "AllocSource::2" + ], + [] + ], + "properties": [] + }, + "_Znwy": { + "name": "operator new", + "annotation": [ + [ + "AllocSource::2" + ], + [] + ], + "properties": [] + }, + "_ZnwyPv": { + "name": "operator new", + "annotation": [ + [ + "AllocSource::2" + ], + [], + [] + ], + "properties": [] + }, + "_ZnwyRKSt9nothrow_t": { + "name": "operator new", + "annotation": [ + [ + "AllocSource::2" + ], + [], + [] + ], + "properties": [] + }, + "_Znam": { + "name": "operator new[]", + "annotation": [ + [ + "AllocSource::3" + ], + [], + [] + ], + "properties": [] + }, + "_Znay": { + "name": "operator new[]", + "annotation": [ + [ + "AllocSource::3" + ], + [] + ], + "properties": [] + }, + "_ZnayPv": { + "name": "operator new[]", + "annotation": [ + [ + "AllocSource::3" + ], + [], + [] + ], + "properties": [] + }, + "_ZnayRKSt9nothrow_t": { + "name": "operator new[]", + "annotation": [ + [ + "AllocSource::3" + ], + [], + [] + ], + "properties": [] + }, + "_ZNSt15__exception_ptrneERKNS_13exception_ptrES2_": { + "name": "operator!=", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZStneRKSt10error_codeRKSt15error_condition": { + "name": "operator!=", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZStneRKSt10error_codeS1_": { + "name": "operator!=", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZStneRKSt15error_conditionRKSt10error_code": { + "name": "operator!=", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZStneRKSt15error_conditionS1_": { + "name": "operator!=", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZStanSt12_Ios_IostateS_": { + "name": "operator&", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZStanSt13_Ios_FmtflagsS_": { + "name": "operator&", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZStanSt13_Ios_OpenmodeS_": { + "name": "operator&", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZStaNRSt12_Ios_IostateS_": { + "name": "operator&=", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZStaNRSt13_Ios_FmtflagsS_": { + "name": "operator&=", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZStaNRSt13_Ios_OpenmodeS_": { + "name": "operator&=", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZStplIcSt11char_traitsIcESaIcEENSt7__cxx1112basic_stringIT_T0_T1_EEOS8_PKS5_": { + "name": "operator+", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "_ZStplIcSt11char_traitsIcESaIcEENSt7__cxx1112basic_stringIT_T0_T1_EEOS8_RKS8_": { + "name": "operator+", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "_ZStplIcSt11char_traitsIcESaIcEENSt7__cxx1112basic_stringIT_T0_T1_EEOS8_S9_": { + "name": "operator+", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "_ZStplIcSt11char_traitsIcESaIcEENSt7__cxx1112basic_stringIT_T0_T1_EEPKS5_OS8_": { + "name": "operator+", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "_ZStplIcSt11char_traitsIcESaIcEENSt7__cxx1112basic_stringIT_T0_T1_EERKS8_PKS5_": { + "name": "operator+", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "_ZStplIcSt11char_traitsIcESaIcEENSt7__cxx1112basic_stringIT_T0_T1_EERKS8_SA_": { + "name": "operator+", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "_ZStltRKSt10error_codeS1_": { + "name": "operator<", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZStltRKSt15error_conditionS1_": { + "name": "operator<", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt15__exception_ptreqERKNS_13exception_ptrES2_": { + "name": "operator==", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZSteqRKSt10error_codeRKSt15error_condition": { + "name": "operator==", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZSteqRKSt10error_codeS1_": { + "name": "operator==", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZSteqRKSt15error_conditionRKSt10error_code": { + "name": "operator==", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZSteqRKSt15error_conditionS1_": { + "name": "operator==", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZStrsIcSt11char_traitsIcEERSt13basic_istreamIT_T0_ES6_PS3_": { + "name": "operator>>", + "annotation": [ + [], + [], + [ + "TaintOutput::UntrustedSource" + ] + ], + "properties": [] + }, + "_ZStrsIcSt11char_traitsIcESaIcEERSt13basic_istreamIT_T0_ES7_RNSt7__cxx1112basic_stringIS4_S5_T1_EE": { + "name": "operator>>", + "annotation": [ + [], + [], + [ + "TaintOutput::UntrustedSource" + ] + ], + "properties": [] + }, + "_ZSteoSt12_Ios_IostateS_": { + "name": "operator^", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZSteoSt13_Ios_FmtflagsS_": { + "name": "operator^", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZSteoSt13_Ios_OpenmodeS_": { + "name": "operator^", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZSteORSt12_Ios_IostateS_": { + "name": "operator^=", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZSteORSt13_Ios_FmtflagsS_": { + "name": "operator^=", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZSteORSt13_Ios_OpenmodeS_": { + "name": "operator^=", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZStorSt12_Ios_IostateS_": { + "name": "operator|", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZStorSt13_Ios_FmtflagsS_": { + "name": "operator|", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZStorSt13_Ios_OpenmodeS_": { + "name": "operator|", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZStoRRSt12_Ios_IostateS_": { + "name": "operator|=", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZStoRRSt13_Ios_FmtflagsS_": { + "name": "operator|=", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZStoRRSt13_Ios_OpenmodeS_": { + "name": "operator|=", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZStcoSt12_Ios_Iostate": { + "name": "operator~", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZStcoSt13_Ios_Fmtflags": { + "name": "operator~", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZStcoSt13_Ios_Openmode": { + "name": "operator~", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "perror": { + "name": "perror", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "popen": { + "name": "popen", + "annotation": [ + [], + [ + "Execute" + ], + [] + ], + "properties": [] + }, + "popen_s": { + "name": "popen_s", + "annotation": [ + [], + [ + "Execute" + ], + [ + "Execute" + ], + [] + ], + "properties": [] + }, + "posix_spawn": { + "name": "posix_spawn", + "annotation": [ + [], + [ + "Execute" + ], + [], + [], + [ + "Execute" + ], + [ + "Execute" + ] + ], + "properties": [] + }, + "posix_spawnp": { + "name": "posix_spawnp", + "annotation": [ + [], + [ + "Execute" + ], + [], + [], + [ + "Execute" + ], + [ + "Execute" + ] + ], + "properties": [] + }, + "pow": { + "name": "pow", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "powf": { + "name": "powf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "powl": { + "name": "powl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "printf": { + "name": "printf", + "annotation": [ + [], + [ + "FormatString::Printf", + "SensitiveDataLeak" + ], + [ + "CheckOverflow", + "SensitiveDataLeak" + ] + ], + "properties": [] + }, + "printf_s": { + "name": "printf_s", + "annotation": [ + [], + [ + "FormatString::Printf", + "SensitiveDataLeak" + ], + [ + "SensitiveDataLeak" + ] + ], + "properties": [] + }, + "pthread_attr_destroy": { + "name": "pthread_attr_destroy", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_attr_getdetachstate": { + "name": "pthread_attr_getdetachstate", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_attr_getinheritsched": { + "name": "pthread_attr_getinheritsched", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_attr_getschedparam": { + "name": "pthread_attr_getschedparam", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_attr_getschedpolicy": { + "name": "pthread_attr_getschedpolicy", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_attr_getscope": { + "name": "pthread_attr_getscope", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_attr_getstackaddr": { + "name": "pthread_attr_getstackaddr", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_attr_getstacksize": { + "name": "pthread_attr_getstacksize", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_attr_init": { + "name": "pthread_attr_init", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_attr_setdetachstate": { + "name": "pthread_attr_setdetachstate", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_attr_setinheritsched": { + "name": "pthread_attr_setinheritsched", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_attr_setschedparam": { + "name": "pthread_attr_setschedparam", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_attr_setschedpolicy": { + "name": "pthread_attr_setschedpolicy", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_attr_setscope": { + "name": "pthread_attr_setscope", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_attr_setstackaddr": { + "name": "pthread_attr_setstackaddr", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_attr_setstacksize": { + "name": "pthread_attr_setstacksize", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_barrier_destroy": { + "name": "pthread_barrier_destroy", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_barrier_init": { + "name": "pthread_barrier_init", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "pthread_barrier_wait": { + "name": "pthread_barrier_wait", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_barrierattr_destroy": { + "name": "pthread_barrierattr_destroy", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_barrierattr_getpshared": { + "name": "pthread_barrierattr_getpshared", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_barrierattr_init": { + "name": "pthread_barrierattr_init", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_barrierattr_setpshared": { + "name": "pthread_barrierattr_setpshared", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_cancel": { + "name": "pthread_cancel", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_cond_broadcast": { + "name": "pthread_cond_broadcast", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_cond_destroy": { + "name": "pthread_cond_destroy", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_cond_init": { + "name": "pthread_cond_init", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_cond_signal": { + "name": "pthread_cond_signal", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_cond_timedwait": { + "name": "pthread_cond_timedwait", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "pthread_cond_timedwait_relative_np": { + "name": "pthread_cond_timedwait_relative_np", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "pthread_cond_wait": { + "name": "pthread_cond_wait", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_condattr_destroy": { + "name": "pthread_condattr_destroy", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_condattr_getclock": { + "name": "pthread_condattr_getclock", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_condattr_getpshared": { + "name": "pthread_condattr_getpshared", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_condattr_init": { + "name": "pthread_condattr_init", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_condattr_setclock": { + "name": "pthread_condattr_setclock", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_condattr_setpshared": { + "name": "pthread_condattr_setpshared", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_create": { + "name": "pthread_create", + "annotation": [ + [], + [], + [], + [], + [] + ], + "properties": [] + }, + "pthread_create_wrapper": { + "name": "pthread_create_wrapper", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_delay_np": { + "name": "pthread_delay_np", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_detach": { + "name": "pthread_detach", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_equal": { + "name": "pthread_equal", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_exit": { + "name": "pthread_exit", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_get_concurrency": { + "name": "pthread_get_concurrency", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_getclean": { + "name": "pthread_getclean", + "annotation": [ + [] + ], + "properties": [] + }, + "pthread_getconcurrency": { + "name": "pthread_getconcurrency", + "annotation": [ + [] + ], + "properties": [] + }, + "pthread_getevent": { + "name": "pthread_getevent", + "annotation": [ + [] + ], + "properties": [] + }, + "pthread_gethandle": { + "name": "pthread_gethandle", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_getname_np": { + "name": "pthread_getname_np", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "pthread_getschedparam": { + "name": "pthread_getschedparam", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "pthread_getspecific": { + "name": "pthread_getspecific", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_join": { + "name": "pthread_join", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_key_create": { + "name": "pthread_key_create", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_key_delete": { + "name": "pthread_key_delete", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_kill": { + "name": "pthread_kill", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_mutex_destroy": { + "name": "pthread_mutex_destroy", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_mutex_init": { + "name": "pthread_mutex_init", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_mutex_lock": { + "name": "pthread_mutex_lock", + "annotation": [ + [], + [ + "LockResource::5", + "InitNull::!=0" + ] + ], + "properties": [] + }, + "pthread_mutex_timedlock": { + "name": "pthread_mutex_timedlock", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_mutex_trylock": { + "name": "pthread_mutex_trylock", + "annotation": [ + [], + [ + "LockResource::5", + "InitNull::!=0" + ] + ], + "properties": [] + }, + "pthread_mutex_unlock": { + "name": "pthread_mutex_unlock", + "annotation": [ + [], + [ + "UnlockResource::5" + ] + ], + "properties": [] + }, + "pthread_mutexattr_destroy": { + "name": "pthread_mutexattr_destroy", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_mutexattr_getprioceiling": { + "name": "pthread_mutexattr_getprioceiling", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_mutexattr_getprotocol": { + "name": "pthread_mutexattr_getprotocol", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_mutexattr_getpshared": { + "name": "pthread_mutexattr_getpshared", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_mutexattr_gettype": { + "name": "pthread_mutexattr_gettype", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_mutexattr_init": { + "name": "pthread_mutexattr_init", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_mutexattr_setprioceiling": { + "name": "pthread_mutexattr_setprioceiling", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_mutexattr_setprotocol": { + "name": "pthread_mutexattr_setprotocol", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_mutexattr_setpshared": { + "name": "pthread_mutexattr_setpshared", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_mutexattr_settype": { + "name": "pthread_mutexattr_settype", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_num_processors_np": { + "name": "pthread_num_processors_np", + "annotation": [ + [] + ], + "properties": [] + }, + "pthread_once": { + "name": "pthread_once", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_rwlock_destroy": { + "name": "pthread_rwlock_destroy", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_rwlock_init": { + "name": "pthread_rwlock_init", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_rwlock_rdlock": { + "name": "pthread_rwlock_rdlock", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_rwlock_timedrdlock": { + "name": "pthread_rwlock_timedrdlock", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_rwlock_timedwrlock": { + "name": "pthread_rwlock_timedwrlock", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_rwlock_tryrdlock": { + "name": "pthread_rwlock_tryrdlock", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_rwlock_trywrlock": { + "name": "pthread_rwlock_trywrlock", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_rwlock_unlock": { + "name": "pthread_rwlock_unlock", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_rwlock_wrlock": { + "name": "pthread_rwlock_wrlock", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_rwlockattr_destroy": { + "name": "pthread_rwlockattr_destroy", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_rwlockattr_getpshared": { + "name": "pthread_rwlockattr_getpshared", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_rwlockattr_init": { + "name": "pthread_rwlockattr_init", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_rwlockattr_setpshared": { + "name": "pthread_rwlockattr_setpshared", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_self": { + "name": "pthread_self", + "annotation": [ + [] + ], + "properties": [] + }, + "pthread_set_concurrency": { + "name": "pthread_set_concurrency", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_set_num_processors_np": { + "name": "pthread_set_num_processors_np", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_setcancelstate": { + "name": "pthread_setcancelstate", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_setcanceltype": { + "name": "pthread_setcanceltype", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_setconcurrency": { + "name": "pthread_setconcurrency", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_setname_np": { + "name": "pthread_setname_np", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_setschedparam": { + "name": "pthread_setschedparam", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "pthread_setspecific": { + "name": "pthread_setspecific", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_spin_destroy": { + "name": "pthread_spin_destroy", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_spin_init": { + "name": "pthread_spin_init", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_spin_lock": { + "name": "pthread_spin_lock", + "annotation": [ + [], + [ + "LockResource::5" + ] + ], + "properties": [] + }, + "pthread_spin_trylock": { + "name": "pthread_spin_trylock", + "annotation": [ + [], + [ + "LockResource::5" + ] + ], + "properties": [] + }, + "pthread_spin_unlock": { + "name": "pthread_spin_unlock", + "annotation": [ + [], + [ + "UnlockResource::5" + ] + ], + "properties": [] + }, + "pthread_testcancel": { + "name": "pthread_testcancel", + "annotation": [ + [] + ], + "properties": [] + }, + "pthread_timechange_handler_np": { + "name": "pthread_timechange_handler_np", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_tls_init": { + "name": "pthread_tls_init", + "annotation": [ + [] + ], + "properties": [] + }, + "putc": { + "name": "putc", + "annotation": [ + [], + [], + [ + "Deref" + ] + ], + "properties": [] + }, + "putchar": { + "name": "putchar", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "putenv": { + "name": "putenv", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "puts": { + "name": "puts", + "annotation": [ + [], + [ + "Deref" + ] + ], + "properties": [] + }, + "putw": { + "name": "putw", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "putwc": { + "name": "putwc", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "putwchar": { + "name": "putwchar", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "qsort": { + "name": "qsort", + "annotation": [ + [], + [ + "Deref" + ], + [], + [], + [] + ], + "properties": [] + }, + "qsort_s": { + "name": "qsort_s", + "annotation": [ + [], + [], + [], + [], + [], + [] + ], + "properties": [] + }, + "raise": { + "name": "raise", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "rand": { + "name": "rand", + "annotation": [ + [] + ], + "properties": [] + }, + "rawmemchr": { + "name": "rawmemchr", + "annotation": [ + [ + "InitNull", + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [], + [] + ], + "properties": [] + }, + "read": { + "name": "read", + "annotation": [ + [ + "Condition::<=$3" + ], + [], + [], + [] + ], + "properties": [] + }, + "readlink": { + "name": "readlink", + "annotation": [ + [ + "Condition::<=$3" + ], + [], + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "realloc": { + "name": "realloc", + "annotation": [ + [ + "AllocSource::1", + "InitNull" + ], + [], + [ + "AllocSize" + ] + ], + "properties": [] + }, + "realpath": { + "name": "realpath", + "annotation": [ + [], + [], + [ + "OutputString::260" + ] + ], + "properties": [] + }, + "remainder": { + "name": "remainder", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "remainderf": { + "name": "remainderf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "remainderl": { + "name": "remainderl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "remove": { + "name": "remove", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "rename": { + "name": "rename", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZSt17rethrow_exceptionNSt15__exception_ptr13exception_ptrE": { + "name": "rethrow_exception", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "rewind": { + "name": "rewind", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZSt5rightRSt8ios_base": { + "name": "right", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "rint": { + "name": "rint", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "rintf": { + "name": "rintf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "rintl": { + "name": "rintl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "rmtmp": { + "name": "rmtmp", + "annotation": [ + [] + ], + "properties": [] + }, + "round": { + "name": "round", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "roundeven": { + "name": "roundeven", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "roundevenf": { + "name": "roundevenf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "roundevenl": { + "name": "roundevenl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "roundf": { + "name": "roundf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "roundl": { + "name": "roundl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "_ZNKSt13runtime_error4whatEv": { + "name": "runtime_error::what", + "annotation": [ + [] + ], + "properties": [] + }, + "scanf": { + "name": "scanf", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [ + "FormatString::Scanf" + ], + [ + "TaintOutput:*:UntrustedSource", + "Write:*", + "FormatStringArgs", + "OutputString" + ] + ], + "properties": [] + }, + "scanf_s": { + "name": "scanf_s", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [ + "FormatString::Scanfs" + ], + [ + "TaintOutput::UntrustedSource", + "Write:*", + "FormatStringArgs", + "OutputString::-1" + ] + ], + "properties": [] + }, + "sched_get_priority_max": { + "name": "sched_get_priority_max", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "sched_get_priority_min": { + "name": "sched_get_priority_min", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "sched_getscheduler": { + "name": "sched_getscheduler", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "sched_setscheduler": { + "name": "sched_setscheduler", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "sched_yield": { + "name": "sched_yield", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZSt10scientificRSt8ios_base": { + "name": "scientific", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZSt15set_new_handlerPFvvE": { + "name": "set_new_handler", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZSt13set_terminatePFvvE": { + "name": "set_terminate", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZSt14set_unexpectedPFvvE": { + "name": "set_unexpected", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "setbuf": { + "name": "setbuf", + "annotation": [ + [], + [ + "Deref" + ], + [ + "Write:*" + ] + ], + "properties": [] + }, + "setlocale": { + "name": "setlocale", + "annotation": [ + [ + "InitNull" + ], + [], + [] + ], + "properties": [] + }, + "setvbuf": { + "name": "setvbuf", + "annotation": [ + [], + [], + [ + "Write:*" + ], + [], + [] + ], + "properties": [] + }, + "ShellExecuteA": { + "name": "ShellExecuteA", + "annotation": [ + [], + [], + [], + [ + "Execute" + ], + [ + "Execute" + ], + [ + "Execute" + ], + [] + ], + "properties": [] + }, + "ShellExecuteExA": { + "name": "ShellExecuteExA", + "annotation": [ + [], + [ + "Execute" + ] + ], + "properties": [] + }, + "ShellExecuteExW": { + "name": "ShellExecuteExW", + "annotation": [ + [], + [ + "Execute" + ] + ], + "properties": [] + }, + "ShellExecuteW": { + "name": "ShellExecuteW", + "annotation": [ + [], + [], + [], + [ + "Execute" + ], + [ + "Execute" + ], + [ + "Execute" + ], + [] + ], + "properties": [] + }, + "_ZSt8showbaseRSt8ios_base": { + "name": "showbase", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZSt9showpointRSt8ios_base": { + "name": "showpoint", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZSt7showposRSt8ios_base": { + "name": "showpos", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "signal": { + "name": "signal", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "sinh": { + "name": "sinh", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "sinhf": { + "name": "sinhf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "sinhl": { + "name": "sinhl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [], + [] + ], + "properties": [] + }, + "_ZSt6skipwsRSt8ios_base": { + "name": "skipws", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_Z8snprintfPcyPKcz": { + "name": "snprintf", + "annotation": [ + [], + [ + "Deref", + "TaintPropagation::UntrustedSource:4" + ], + [], + [ + "FormatString::Printf" + ] + ], + "properties": [] + }, + "snprintf": { + "name": "snprintf", + "annotation": [ + [], + [ + "Deref", + "TaintPropagation::UntrustedSource:4" + ], + [], + [ + "FormatString::Printf" + ] + ], + "properties": [] + }, + "snprintf_s": { + "name": "snprintf_s", + "annotation": [ + [], + [ + "Deref", + "TaintPropagation::UntrustedSource:4" + ], + [], + [ + "FormatString::Printf" + ] + ], + "properties": [] + }, + "snwprintf": { + "name": "snwprintf", + "annotation": [ + [], + [ + "Deref" + ], + [], + [ + "FormatString" + ] + ], + "properties": [] + }, + "spawnl": { + "name": "spawnl", + "annotation": [ + [], + [], + [ + "Execute" + ], + [ + "Execute" + ], + [ + "Execute" + ] + ], + "properties": [] + }, + "spawnle": { + "name": "spawnle", + "annotation": [ + [], + [], + [ + "Execute" + ], + [ + "Execute" + ], + [ + "Execute" + ] + ], + "properties": [] + }, + "spawnlp": { + "name": "spawnlp", + "annotation": [ + [], + [], + [ + "Execute" + ], + [ + "Execute" + ], + [ + "Execute" + ] + ], + "properties": [] + }, + "spawnlpe": { + "name": "spawnlpe", + "annotation": [ + [], + [], + [ + "Execute" + ], + [ + "Execute" + ], + [ + "Execute" + ] + ], + "properties": [] + }, + "spawnv": { + "name": "spawnv", + "annotation": [ + [], + [], + [ + "Execute" + ], + [ + "Execute" + ] + ], + "properties": [] + }, + "spawnve": { + "name": "spawnve", + "annotation": [ + [], + [], + [ + "Execute" + ], + [ + "Execute" + ], + [ + "Execute" + ] + ], + "properties": [] + }, + "spawnvp": { + "name": "spawnvp", + "annotation": [ + [], + [], + [ + "Execute" + ], + [ + "Execute" + ] + ], + "properties": [] + }, + "spawnvpe": { + "name": "spawnvpe", + "annotation": [ + [], + [], + [ + "Execute" + ], + [ + "Execute" + ], + [ + "Execute" + ] + ], + "properties": [] + }, + "sprintf": { + "name": "sprintf", + "annotation": [ + [ + "ArrayIndex::1", + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref", + "TaintPropagation::UntrustedSource:3", + "OutputString" + ], + [ + "FormatString::Printf" + ] + ], + "properties": [] + }, + "sprintf_s": { + "name": "sprintf_s", + "annotation": [ + [ + "ArrayIndex::1", + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref", + "TaintPropagation::UntrustedSource:4" + ], + [ + "MemorySize::1" + ], + [ + "FormatString::Printf" + ] + ], + "properties": [] + }, + "sqrt": { + "name": "sqrt", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "sqrtf": { + "name": "sqrtf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "sqrtl": { + "name": "sqrtl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "srand": { + "name": "srand", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "sscanf": { + "name": "sscanf", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [ + "Deref" + ], + [ + "FormatString::Scanf" + ], + [ + "Write:*", + "TaintPropagation::UntrustedSource:1", + "FormatStringArgs", + "OutputString" + ] + ], + "properties": [] + }, + "sscanf_s": { + "name": "sscanf_s", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [ + "Deref" + ], + [ + "FormatString::Scanfs" + ], + [ + "Write:*", + "TaintPropagation::UntrustedSource:1", + "FormatStringArgs", + "OutputString::-1" + ], + [] + ], + "properties": [] + }, + "std::basic_ios::fill": { + "name": "std::basic_ios::fill", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [], + [] + ], + "properties": [] + }, + "std::basic_ios::narrow": { + "name": "std::basic_ios::narrow", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [], + [], + [] + ], + "properties": [] + }, + "std::basic_ios::widen": { + "name": "std::basic_ios::widen", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [], + [] + ], + "properties": [] + }, + "std::basic_istream::gcount": { + "name": "std::basic_istream::gcount", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ] + ], + "properties": [] + }, + "std::basic_istream::get": { + "name": "std::basic_istream::get", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [], + [ + "TaintOutput::UntrustedSource" + ], + [], + [] + ], + "properties": [] + }, + "std::basic_istream::getline": { + "name": "std::basic_istream::getline", + "annotation": [ + [], + [], + [ + "TaintOutput::UntrustedSource" + ], + [] + ], + "properties": [] + }, + "std::basic_istream::operator<<": { + "name": "std::basic_istream::operator<<", + "annotation": [ + [], + [], + [ + "SensitiveDataLeak" + ] + ], + "properties": [] + }, + "std::basic_istream::operator>>": { + "name": "std::basic_istream::operator>>", + "annotation": [ + [], + [], + [ + "TaintOutput::UntrustedSource" + ] + ], + "properties": [] + }, + "std::basic_istream::peek": { + "name": "std::basic_istream::peek", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ] + ], + "properties": [] + }, + "std::basic_istream::read": { + "name": "std::basic_istream::read", + "annotation": [ + [], + [], + [ + "TaintOutput::UntrustedSource" + ], + [] + ], + "properties": [] + }, + "std::basic_istream::readsome": { + "name": "std::basic_istream::readsome", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [], + [ + "TaintOutput::UntrustedSource" + ], + [] + ], + "properties": [] + }, + "std::basic_istream::tellg": { + "name": "std::basic_istream::tellg", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [] + ], + "properties": [] + }, + "std::basic_string::copy": { + "name": "std::basic_string::copy", + "annotation": [ + [], + [], + [ + "TaintPropagation::UntrustedSource:1" + ], + [], + [] + ], + "properties": [] + }, + "std::deque::deque<_Tp, _Alloc>": { + "name": "std::deque::deque<_Tp, _Alloc>", + "annotation": [ + [], + [], + [ + "AllocSize" + ], + [] + ], + "properties": [] + }, + "std::deque::resize": { + "name": "std::deque::resize", + "annotation": [ + [], + [], + [ + "AllocSize" + ] + ], + "properties": [] + }, + "std::forward_list::forward_list<_Tp, _Alloc>": { + "name": "std::forward_list::forward_list<_Tp, _Alloc>", + "annotation": [ + [], + [], + [ + "AllocSize" + ], + [] + ], + "properties": [] + }, + "std::forward_list::resize": { + "name": "std::forward_list::resize", + "annotation": [ + [], + [], + [ + "AllocSize" + ] + ], + "properties": [] + }, + "std::fpos::operator long": { + "name": "std::fpos::operator long", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ] + ], + "properties": [] + }, + "std::fpos::operator long long": { + "name": "std::fpos::operator long long", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ] + ], + "properties": [] + }, + "std::from_chars": { + "name": "std::from_chars", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:4" + ], + [ + "Deref" + ], + [], + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:4" + ], + [] + ], + "properties": [] + }, + "std::list::list<_Tp, _Alloc>": { + "name": "std::list::list<_Tp, _Alloc>", + "annotation": [ + [], + [], + [ + "AllocSize" + ], + [] + ], + "properties": [] + }, + "std::list::resize": { + "name": "std::list::resize", + "annotation": [ + [], + [], + [ + "AllocSize" + ] + ], + "properties": [] + }, + "std::make_shared": { + "name": "std::make_shared", + "annotation": [ + [ + "CreateObject" + ] + ], + "properties": [] + }, + "std::make_unique": { + "name": "std::make_unique", + "annotation": [ + [ + "CreateObject" + ] + ], + "properties": [] + }, + "std::max": { + "name": "std::max", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2", + "Result::ite($1>$2,$1,$2)" + ], + [], + [] + ], + "properties": [] + }, + "std::min": { + "name": "std::min", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2", + "Result::ite($1<$2,$1,$2)" + ], + [], + [] + ], + "properties": [] + }, + "std::shared_ptr::get": { + "name": "std::shared_ptr::get", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "std::shared_ptr::shared_ptr<_Tp>": { + "name": "std::shared_ptr::shared_ptr<_Tp>", + "annotation": [ + [], + [ + "PassByRef" + ] + ], + "properties": [] + }, + "std::to_chars": { + "name": "std::to_chars", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:3", + "TaintPropagation::UntrustedSource:4" + ], + [ + "Deref", + "TaintPropagation::UntrustedSource:3", + "TaintPropagation::UntrustedSource:4" + ], + [], + [], + [] + ], + "properties": [] + }, + "std::unique_ptr::get": { + "name": "std::unique_ptr::get", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "std::unique_ptr::unique_ptr<_Tp, _Dp>": { + "name": "std::unique_ptr::unique_ptr<_Tp, _Dp>", + "annotation": [ + [], + [ + "PassByRef" + ] + ], + "properties": [] + }, + "std::vector::reserve": { + "name": "std::vector::reserve", + "annotation": [ + [], + [], + [ + "AllocSize" + ] + ], + "properties": [] + }, + "std::vector::resize": { + "name": "std::vector::resize", + "annotation": [ + [], + [], + [ + "AllocSize" + ] + ], + "properties": [] + }, + "std::vector::vector<_Tp, _Alloc>": { + "name": "std::vector::vector<_Tp, _Alloc>", + "annotation": [ + [], + [], + [ + "AllocSize" + ], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx114stodERKNS_12basic_stringIcSt11char_traitsIcESaIcEEEPy": { + "name": "stod", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx114stodERKNS_12basic_stringIwSt11char_traitsIwESaIwEEEPy": { + "name": "stod", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx114stofERKNS_12basic_stringIcSt11char_traitsIcESaIcEEEPy": { + "name": "stof", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx114stofERKNS_12basic_stringIwSt11char_traitsIwESaIwEEEPy": { + "name": "stof", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx114stoiERKNS_12basic_stringIcSt11char_traitsIcESaIcEEEPyi": { + "name": "stoi", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx114stoiERKNS_12basic_stringIwSt11char_traitsIwESaIwEEEPyi": { + "name": "stoi", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx114stolERKNS_12basic_stringIcSt11char_traitsIcESaIcEEEPyi": { + "name": "stol", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx114stolERKNS_12basic_stringIwSt11char_traitsIwESaIwEEEPyi": { + "name": "stol", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx115stoldERKNS_12basic_stringIcSt11char_traitsIcESaIcEEEPy": { + "name": "stold", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx115stoldERKNS_12basic_stringIwSt11char_traitsIwESaIwEEEPy": { + "name": "stold", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx115stollERKNS_12basic_stringIcSt11char_traitsIcESaIcEEEPyi": { + "name": "stoll", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx115stollERKNS_12basic_stringIwSt11char_traitsIwESaIwEEEPyi": { + "name": "stoll", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx115stoulERKNS_12basic_stringIcSt11char_traitsIcESaIcEEEPyi": { + "name": "stoul", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx115stoulERKNS_12basic_stringIwSt11char_traitsIwESaIwEEEPyi": { + "name": "stoul", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx116stoullERKNS_12basic_stringIcSt11char_traitsIcESaIcEEEPyi": { + "name": "stoull", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx116stoullERKNS_12basic_stringIwSt11char_traitsIwESaIwEEEPyi": { + "name": "stoull", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [], + [] + ], + "properties": [] + }, + "stpcpy": { + "name": "stpcpy", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:2" + ], + [ + "Deref", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "strcasecmp": { + "name": "strcasecmp", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "strcasestr": { + "name": "strcasestr", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [], + [] + ], + "properties": [] + }, + "strcat": { + "name": "strcat", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [ + "Deref", + "Write:*", + "StringFunc", + "TaintPropagation::UntrustedSource:2" + ], + [ + "Deref", + "StringFunc", + "MemorySize::1" + ] + ], + "properties": [] + }, + "strcat_s": { + "name": "strcat_s", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:3" + ], + [ + "Deref", + "Write:*", + "StringFunc", + "TaintPropagation::UntrustedSource:3" + ], + [ + "MemorySize::1" + ], + [ + "Deref", + "StringFunc", + "MemorySize::1" + ] + ], + "properties": [] + }, + "strchr": { + "name": "strchr", + "annotation": [ + [ + "InitNull", + "TaintPropagation::UntrustedSource:1" + ], + [ + "StringFunc", + "Deref" + ], + [] + ], + "properties": [] + }, + "strchrnul": { + "name": "strchrnul", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "StringFunc", + "Deref" + ], + [] + ], + "properties": [] + }, + "strcmp": { + "name": "strcmp", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [ + "StringFunc", + "Deref" + ], + [ + "StringFunc", + "Deref" + ] + ], + "properties": [] + }, + "strcoll": { + "name": "strcoll", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "strcpy": { + "name": "strcpy", + "annotation": [ + [], + [ + "Deref", + "Write:*", + "StringFunc", + "TaintPropagation::UntrustedSource:2" + ], + [ + "Deref", + "StringFunc", + "MemorySize::1" + ] + ], + "properties": [] + }, + "strcpy_s": { + "name": "strcpy_s", + "annotation": [ + [], + [ + "Deref", + "Write:*", + "StringFunc", + "TaintPropagation::UntrustedSource:3" + ], + [ + "MemorySize::1" + ], + [ + "Deref", + "StringFunc" + ] + ], + "properties": [] + }, + "strcspn": { + "name": "strcspn", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [], + [] + ], + "properties": [] + }, + "strdup": { + "name": "strdup", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref", + "StringFunc" + ] + ], + "properties": [] + }, + "strfromd": { + "name": "strfromd", + "annotation": [ + [], + [ + "TaintPropagation::UntrustedSource:4" + ], + [] + ], + "properties": [] + }, + "strfromf": { + "name": "strfromf", + "annotation": [ + [], + [ + "TaintPropagation::UntrustedSource:4" + ], + [] + ], + "properties": [] + }, + "strfroml": { + "name": "strfroml", + "annotation": [ + [], + [ + "TaintPropagation::UntrustedSource:4" + ], + [] + ], + "properties": [] + }, + "strlen": { + "name": "strlen", + "annotation": [ + [ + "ArrayIndex::1", + "TaintPropagation::UntrustedSource:1" + ], + [ + "StringFunc", + "Deref" + ] + ], + "properties": [] + }, + "strncasecmp": { + "name": "strncasecmp", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [ + "Deref" + ], + [ + "Deref" + ], + [ + "MemorySize::1" + ] + ], + "properties": [] + }, + "strncat": { + "name": "strncat", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [ + "Deref", + "Write:*", + "StringFunc", + "TaintPropagation::UntrustedSource:2" + ], + [ + "Deref", + "StringFunc" + ], + [ + "CharMemSize::1" + ] + ], + "properties": [] + }, + "strncat_s": { + "name": "strncat_s", + "annotation": [ + [], + [ + "Deref", + "Write:*", + "StringFunc" + ], + [ + "MemorySize::1" + ], + [ + "Deref", + "StringFunc" + ], + [ + "BuffSize::>2" + ] + ], + "properties": [] + }, + "strncmp": { + "name": "strncmp", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [ + "Deref", + "StringFunc" + ], + [ + "Deref", + "StringFunc" + ], + [ + "MemorySize::1", + "MemorySize::2" + ] + ], + "properties": [] + }, + "strncpy": { + "name": "strncpy", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:2", + "TaintPropagation::UntrustedSource:1" + ], + [ + "TaintPropagation::UntrustedSource:2", + "Deref", + "Write:*", + "StringFunc" + ], + [ + "Deref", + "StringFunc" + ], + [ + "CharMemSize::1" + ] + ], + "properties": [] + }, + "strncpy_s": { + "name": "strncpy_s", + "annotation": [ + [], + [ + "TaintPropagation::UntrustedSource:3", + "Deref", + "Write:*", + "StringFunc" + ], + [ + "MemorySize::1" + ], + [ + "Deref", + "StringFunc" + ], + [ + "BuffSize::>2" + ] + ], + "properties": [] + }, + "strndup": { + "name": "strndup", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref", + "StringFunc" + ] + ], + "properties": [] + }, + "strnlen": { + "name": "strnlen", + "annotation": [ + [ + "ArrayIndex::1", + "TaintPropagation::UntrustedSource:1" + ], + [ + "StringFunc", + "Deref" + ] + ], + "properties": [] + }, + "strnset": { + "name": "strnset", + "annotation": [ + [], + [ + "Deref", + "Write:*", + "StringFunc" + ], + [ + "Deref" + ], + [ + "MemorySize::1" + ] + ], + "properties": [] + }, + "strpbrk": { + "name": "strpbrk", + "annotation": [ + [ + "InitNull", + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "strrchr": { + "name": "strrchr", + "annotation": [ + [ + "InitNull", + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref", + "StringFunc" + ], + [] + ], + "properties": [] + }, + "strsep": { + "name": "strsep", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [], + [] + ], + "properties": [] + }, + "strset": { + "name": "strset", + "annotation": [ + [], + [ + "Deref", + "Write:*", + "StringFunc" + ], + [ + "Deref" + ] + ], + "properties": [] + }, + "strspn": { + "name": "strspn", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [ + "Deref" + ] + ], + "properties": [] + }, + "strstr": { + "name": "strstr", + "annotation": [ + [ + "InitNull", + "TaintPropagation::UntrustedSource:1" + ], + [], + [] + ], + "properties": [] + }, + "_ZL6strtodPKcPPc": { + "name": "strtod", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "strtod": { + "name": "strtod", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "_ZL6strtofPKcPPc": { + "name": "strtof", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "strtok": { + "name": "strtok", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [], + [] + ], + "properties": [] + }, + "strtok_r": { + "name": "strtok_r", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [], + [] + ], + "properties": [] + }, + "strtok_s": { + "name": "strtok_s", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [ + "StringFunc", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "strtol": { + "name": "strtol", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [], + [] + ], + "properties": [] + }, + "strtold": { + "name": "strtold", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "strtoll": { + "name": "strtoll", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [], + [] + ], + "properties": [] + }, + "strtoul": { + "name": "strtoul", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [], + [] + ], + "properties": [] + }, + "strtoull": { + "name": "strtoull", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [], + [] + ], + "properties": [] + }, + "strverscmp": { + "name": "strverscmp", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "strxfrm": { + "name": "strxfrm", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:2", + "TaintPropagation::UntrustedSource:1" + ], + [ + "TaintPropagation::UntrustedSource:2", + "Deref", + "Write:*", + "StringFunc" + ], + [ + "Deref", + "StringFunc" + ], + [ + "MemorySize::1" + ] + ], + "properties": [] + }, + "swab": { + "name": "swab", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt15__exception_ptr4swapERNS_13exception_ptrES1_": { + "name": "swap", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZL8swprintfPwPKwz": { + "name": "swprintf", + "annotation": [ + [], + [ + "Deref", + "TaintPropagation::UntrustedSource:3" + ], + [ + "FormatString" + ] + ], + "properties": [] + }, + "_ZL8swprintfPwyPKwz": { + "name": "swprintf", + "annotation": [ + [], + [ + "Deref", + "TaintPropagation::UntrustedSource:3" + ], + [ + "FormatString" + ] + ], + "properties": [] + }, + "swprintf": { + "name": "swprintf", + "annotation": [ + [], + [ + "Deref", + "TaintPropagation::UntrustedSource:3" + ], + [ + "FormatString" + ] + ], + "properties": [] + }, + "swprintf_s": { + "name": "swprintf_s", + "annotation": [ + [], + [ + "Deref", + "TaintPropagation::UntrustedSource:3" + ], + [ + "MemorySize::1" + ], + [ + "FormatString" + ] + ], + "properties": [] + }, + "swscanf": { + "name": "swscanf", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [ + "Deref" + ], + [ + "FormatString" + ], + [ + "Write:*", + "TaintPropagation::UntrustedSource:1" + ] + ], + "properties": [] + }, + "swscanf_s": { + "name": "swscanf_s", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [ + "Deref" + ], + [ + "FormatString" + ], + [ + "Write:*", + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "system": { + "name": "system", + "annotation": [ + [], + [ + "Execute" + ] + ], + "properties": [] + }, + "_ZNSt3_V215system_categoryEv": { + "name": "system_category", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt12system_error4codeEv": { + "name": "system_error::code", + "annotation": [ + [] + ], + "properties": [] + }, + "system_s": { + "name": "system_s", + "annotation": [ + [], + [ + "Execute" + ], + [] + ], + "properties": [] + }, + "tanh": { + "name": "tanh", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "tanhf": { + "name": "tanhf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "tanhl": { + "name": "tanhl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [], + [] + ], + "properties": [] + }, + "tempnam": { + "name": "tempnam", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZSt9terminatev": { + "name": "terminate", + "annotation": [ + [] + ], + "properties": [] + }, + "tgamma": { + "name": "tgamma", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "tgammaf": { + "name": "tgammaf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "tgammal": { + "name": "tgammal", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "tmpfile": { + "name": "tmpfile", + "annotation": [ + [] + ], + "properties": [] + }, + "tmpnam": { + "name": "tmpnam", + "annotation": [ + [ + "InitNull" + ], + [] + ], + "properties": [] + }, + "tmpnam_s": { + "name": "tmpnam_s", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx119to_stringEd": { + "name": "to_string", + "annotation": [ + [ + "CreateObject", + "StringFunc", + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx119to_stringEe": { + "name": "to_string", + "annotation": [ + [ + "CreateObject", + "StringFunc", + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx119to_stringEf": { + "name": "to_string", + "annotation": [ + [ + "CreateObject", + "StringFunc", + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx119to_stringEi": { + "name": "to_string", + "annotation": [ + [ + "CreateObject", + "StringFunc", + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx119to_stringEj": { + "name": "to_string", + "annotation": [ + [ + "CreateObject", + "StringFunc", + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx119to_stringEl": { + "name": "to_string", + "annotation": [ + [ + "CreateObject", + "StringFunc", + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx119to_stringEm": { + "name": "to_string", + "annotation": [ + [ + "CreateObject", + "StringFunc", + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx119to_stringEx": { + "name": "to_string", + "annotation": [ + [ + "CreateObject", + "StringFunc", + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx119to_stringEy": { + "name": "to_string", + "annotation": [ + [ + "CreateObject", + "StringFunc", + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx1110to_wstringEd": { + "name": "to_wstring", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx1110to_wstringEe": { + "name": "to_wstring", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx1110to_wstringEf": { + "name": "to_wstring", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx1110to_wstringEi": { + "name": "to_wstring", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx1110to_wstringEj": { + "name": "to_wstring", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx1110to_wstringEl": { + "name": "to_wstring", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx1110to_wstringEm": { + "name": "to_wstring", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx1110to_wstringEx": { + "name": "to_wstring", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx1110to_wstringEy": { + "name": "to_wstring", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "toascii": { + "name": "toascii", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "tolower": { + "name": "tolower", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "toupper": { + "name": "toupper", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "towctrans": { + "name": "towctrans", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [], + [] + ], + "properties": [] + }, + "towlower": { + "name": "towlower", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "towupper": { + "name": "towupper", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "trunc": { + "name": "trunc", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "truncf": { + "name": "truncf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "truncl": { + "name": "truncl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "_ZNKSt9type_info6beforeERKS_": { + "name": "type_info::before", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt9type_info9hash_codeEv": { + "name": "type_info::hash_code", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt9type_info4nameEv": { + "name": "type_info::name", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt9type_infoneERKS_": { + "name": "type_info::operator!=", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt9type_infoeqERKS_": { + "name": "type_info::operator==", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "ufromfp": { + "name": "ufromfp", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "ufromfpf": { + "name": "ufromfpf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "ufromfpl": { + "name": "ufromfpl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "ulltoa": { + "name": "ulltoa", + "annotation": [ + [], + [], + [ + "OutputString::21" + ], + [] + ], + "properties": [] + }, + "ulltow": { + "name": "ulltow", + "annotation": [ + [], + [], + [ + "OutputString::21" + ], + [] + ], + "properties": [] + }, + "ultoa": { + "name": "ultoa", + "annotation": [ + [], + [], + [ + "OutputString::11" + ], + [] + ], + "properties": [] + }, + "_ZSt18uncaught_exceptionv": { + "name": "uncaught_exception", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZSt19uncaught_exceptionsv": { + "name": "uncaught_exceptions", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZSt10unexpectedv": { + "name": "unexpected", + "annotation": [ + [] + ], + "properties": [] + }, + "ungetc": { + "name": "ungetc", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "ungetwc": { + "name": "ungetwc", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZSt7unitbufRSt8ios_base": { + "name": "unitbuf", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "unlink": { + "name": "unlink", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZSt9uppercaseRSt8ios_base": { + "name": "uppercase", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_Z8vfprintfP6_iobufPKcPc": { + "name": "vfprintf", + "annotation": [ + [], + [ + "Deref" + ], + [ + "FormatString" + ] + ], + "properties": [] + }, + "vfprintf_s": { + "name": "vfprintf_s", + "annotation": [ + [], + [ + "Deref" + ], + [ + "MemorySize::1" + ], + [ + "FormatString" + ] + ], + "properties": [] + }, + "vfscanf": { + "name": "vfscanf", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [ + "Deref" + ], + [ + "FormatString" + ], + [ + "TaintOutput::UntrustedSource", + "Write:*" + ] + ], + "properties": [] + }, + "_Z7vfscanfP6_iobufPKcPc": { + "name": "vfscanf", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [ + "Deref" + ], + [ + "FormatString" + ], + [ + "TaintOutput::UntrustedSource", + "Write:*" + ] + ], + "properties": [] + }, + "vfscanf_s": { + "name": "vfscanf_s", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [], + [ + "FormatString" + ], + [ + "TaintOutput::UntrustedSource", + "Write:*", + "OutputString::-1" + ], + [] + ], + "properties": [] + }, + "vfwprintf": { + "name": "vfwprintf", + "annotation": [ + [], + [ + "Deref" + ], + [ + "FormatString" + ] + ], + "properties": [] + }, + "vfwprintf_s": { + "name": "vfwprintf_s", + "annotation": [ + [], + [ + "Deref" + ], + [ + "MemorySize::1" + ], + [ + "FormatString" + ] + ], + "properties": [] + }, + "vfwscanf": { + "name": "vfwscanf", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [ + "Deref" + ], + [ + "FormatString" + ], + [ + "TaintOutput::UntrustedSource", + "Write:*", + "OutputString" + ] + ], + "properties": [] + }, + "_Z7vprintfPKcPc": { + "name": "vprintf", + "annotation": [ + [], + [], + [ + "FormatString" + ] + ], + "properties": [] + }, + "vprintf_s": { + "name": "vprintf_s", + "annotation": [ + [], + [], + [ + "FormatString" + ] + ], + "properties": [] + }, + "vscanf": { + "name": "vscanf", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [ + "FormatString" + ], + [ + "TaintOutput::UntrustedSource", + "Write:*", + "OutputString" + ] + ], + "properties": [] + }, + "vscanf_s": { + "name": "vscanf_s", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [ + "FormatString" + ], + [ + "TaintOutput::UntrustedSource", + "Write:*", + "OutputString::-1" + ], + [] + ], + "properties": [] + }, + "_Z9vsnprintfPcyPKcS_": { + "name": "vsnprintf", + "annotation": [ + [ + "ArrayIndex::1" + ], + [ + "Deref", + "TaintPropagation::UntrustedSource:4" + ], + [ + "MemorySize::1" + ], + [ + "FormatString" + ] + ], + "properties": [] + }, + "vsnprintf_s": { + "name": "vsnprintf_s", + "annotation": [ + [ + "ArrayIndex::1" + ], + [ + "Deref", + "TaintPropagation::UntrustedSource:5" + ], + [ + "MemorySize::1" + ], + [ + "BuffSize::>2" + ], + [ + "FormatString" + ] + ], + "properties": [] + }, + "vsnwprintf": { + "name": "vsnwprintf", + "annotation": [ + [ + "ArrayIndex::1" + ], + [ + "Deref", + "TaintPropagation::UntrustedSource:4" + ], + [ + "MemorySize::1" + ], + [ + "FormatString" + ] + ], + "properties": [] + }, + "_Z8vsprintfPcPKcS_": { + "name": "vsprintf", + "annotation": [ + [ + "ArrayIndex::1", + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref", + "TaintPropagation::UntrustedSource:3" + ], + [ + "FormatString" + ] + ], + "properties": [] + }, + "vsprintf": { + "name": "vsprintf", + "annotation": [ + [ + "ArrayIndex::1", + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref", + "TaintPropagation::UntrustedSource:3" + ], + [ + "FormatString" + ] + ], + "properties": [] + }, + "vsprintf_s": { + "name": "vsprintf_s", + "annotation": [ + [ + "ArrayIndex::1", + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref", + "TaintPropagation::UntrustedSource:4" + ], + [ + "MemorySize::1" + ], + [ + "FormatString" + ] + ], + "properties": [] + }, + "vsscanf": { + "name": "vsscanf", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [ + "Deref" + ], + [ + "FormatString" + ], + [ + "Deref", + "Write:*", + "TaintPropagation::UntrustedSource:1", + "OutputString" + ] + ], + "properties": [] + }, + "vsscanf_s": { + "name": "vsscanf_s", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [], + [ + "FormatString" + ], + [ + "TaintOutput::UntrustedSource", + "Write:*", + "OutputString::-1" + ], + [] + ], + "properties": [] + }, + "_ZL9vswprintfPwPKwPc": { + "name": "vswprintf", + "annotation": [ + [], + [ + "TaintPropagation::UntrustedSource:4" + ], + [], + [ + "FormatString" + ] + ], + "properties": [] + }, + "_ZL9vswprintfPwyPKwPc": { + "name": "vswprintf", + "annotation": [ + [], + [], + [], + [], + [ + "FormatString" + ] + ], + "properties": [] + }, + "vswprintf_s": { + "name": "vswprintf_s", + "annotation": [ + [], + [ + "TaintPropagation::UntrustedSource:4" + ], + [], + [ + "FormatString" + ] + ], + "properties": [] + }, + "vswscanf": { + "name": "vswscanf", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [ + "Deref" + ], + [ + "FormatString" + ], + [ + "Write:*", + "Deref", + "TaintPropagation::UntrustedSource:1", + "OutputString" + ] + ], + "properties": [] + }, + "vwprintf": { + "name": "vwprintf", + "annotation": [ + [], + [], + [ + "FormatString" + ] + ], + "properties": [] + }, + "vwprintf_s": { + "name": "vwprintf_s", + "annotation": [ + [], + [], + [ + "FormatString" + ] + ], + "properties": [] + }, + "vwscanf": { + "name": "vwscanf", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [ + "FormatString" + ], + [ + "TaintOutput::UntrustedSource", + "Write:*", + "OutputString" + ] + ], + "properties": [] + }, + "wcpcpy": { + "name": "wcpcpy", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:2" + ], + [ + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "wcrtomb": { + "name": "wcrtomb", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "wcrtomb_s": { + "name": "wcrtomb_s", + "annotation": [ + [], + [], + [], + [], + [], + [] + ], + "properties": [] + }, + "wcscasecmp": { + "name": "wcscasecmp", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "wcscat": { + "name": "wcscat", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [ + "Deref", + "Write:*" + ], + [ + "Deref" + ] + ], + "properties": [] + }, + "wcscat_s": { + "name": "wcscat_s", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [ + "Deref", + "Write:*" + ], + [ + "MemorySize::1" + ], + [ + "Deref" + ] + ], + "properties": [] + }, + "_ZSt6wcschrPww": { + "name": "wcschr", + "annotation": [ + [ + "InitNull", + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "wcschr": { + "name": "wcschr", + "annotation": [ + [ + "InitNull", + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "wcschrnul": { + "name": "wcschrnul", + "annotation": [ + [ + "InitNull", + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "wcscmp": { + "name": "wcscmp", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [ + "Deref" + ], + [ + "Deref" + ] + ], + "properties": [] + }, + "wcscoll": { + "name": "wcscoll", + "annotation": [ + [], + [ + "Deref" + ], + [ + "Deref" + ] + ], + "properties": [] + }, + "wcscpy": { + "name": "wcscpy", + "annotation": [ + [], + [ + "Deref", + "Write:*" + ], + [ + "Deref" + ] + ], + "properties": [] + }, + "wcscpy_s": { + "name": "wcscpy_s", + "annotation": [ + [], + [ + "Deref", + "Write:*" + ], [ - "Deref" + "MemorySize::1" ], [ "Deref" @@ -1258,10 +13140,12 @@ ], "properties": [] }, - "strspn": { - "name": "strspn", + "wcscspn": { + "name": "wcscspn", "annotation": [ - [], + [ + "TaintPropagation::UntrustedSource:1" + ], [ "Deref" ], @@ -1271,298 +13155,383 @@ ], "properties": [] }, - "strstr": { - "name": "strstr", + "wcsdup": { + "name": "wcsdup", "annotation": [ [ - "InitNull" + "TaintPropagation::UntrustedSource:1" ], - [], [] ], "properties": [] }, - "strtod": { - "name": "strtod", + "wcsftime": { + "name": "wcsftime", "annotation": [ + [], + [], + [], [], [ "Deref" - ], - [] + ] ], "properties": [] }, - "strtol": { - "name": "strtol", + "wcsicmp": { + "name": "wcsicmp", "annotation": [ [], - [ - "Deref" - ], [], [] ], "properties": [] }, - "strtold": { - "name": "strtold", + "wcsicoll": { + "name": "wcsicoll", "annotation": [ [], + [], + [] + ], + "properties": [] + }, + "wcslen": { + "name": "wcslen", + "annotation": [ [ - "Deref" + "TaintPropagation::UntrustedSource:1" ], [] ], "properties": [] }, - "strtoll": { - "name": "strtoll", + "wcslwr": { + "name": "wcslwr", "annotation": [ [], + [] + ], + "properties": [] + }, + "wcsncasecmp": { + "name": "wcsncasecmp", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], [ "Deref" ], - [], - [] + [ + "Deref" + ], + [ + "MemorySize::1" + ] ], "properties": [] }, - "strtoul": { - "name": "strtoul", + "wcsncat": { + "name": "wcsncat", "annotation": [ - [], + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [ + "Deref", + "Write:*" + ], [ "Deref" ], - [], [] ], "properties": [] }, - "strtoull": { - "name": "strtoull", + "wcsncat_s": { + "name": "wcsncat_s", "annotation": [ - [], + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [ + "Deref", + "Write:*" + ], + [ + "MemorySize::1" + ], [ "Deref" ], - [], - [] + [ + "BuffSize::>2" + ] ], "properties": [] }, - "strxfrm": { - "name": "strxfrm", + "wcsncmp": { + "name": "wcsncmp", "annotation": [ - [], + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], [ "Deref" ], [ "Deref" ], - [] + [ + "MemorySize::1" + ] ], "properties": [] }, - "swprintf": { - "name": "swprintf", + "wcsncpy": { + "name": "wcsncpy", "annotation": [ - [], + [ + "TaintPropagation::UntrustedSource:2", + "TaintPropagation::UntrustedSource:1" + ], + [ + "TaintPropagation::UntrustedSource:2", + "Deref", + "Write:*" + ], [ "Deref" ], - [] + [ + "CharMemSize::1" + ] ], "properties": [] }, - "swprintf_s": { - "name": "swprintf_s", + "wcsncpy_s": { + "name": "wcsncpy_s", "annotation": [ - [], + [ + "TaintPropagation::UntrustedSource:2", + "TaintPropagation::UntrustedSource:1" + ], + [ + "TaintPropagation::UntrustedSource:2", + "Deref", + "Write:*" + ], + [ + "MemorySize::1" + ], [ "Deref" ], - [], - [] + [ + "BuffSize::>2" + ] ], "properties": [] }, - "swscanf": { - "name": "swscanf", + "wcsnicmp": { + "name": "wcsnicmp", "annotation": [ [], - [ - "Deref" - ], + [], [], [] ], "properties": [] }, - "swscanf_s": { - "name": "swscanf_s", + "wcsnlen": { + "name": "wcsnlen", "annotation": [ - [], - [ - "Deref" - ], [], [], [] ], "properties": [] }, - "tmpnam": { - "name": "tmpnam", + "wcsnlen_s": { + "name": "wcsnlen_s", "annotation": [ - [ - "InitNull" - ], + [], + [], [] ], "properties": [] }, - "vfprintf_s": { - "name": "vfprintf_s", + "wcsnrtombs": { + "name": "wcsnrtombs", "annotation": [ [], [ - "Deref" + "TaintPropagation::UntrustedSource:2" ], [], + [], [] ], "properties": [] }, - "vfscanf": { - "name": "vfscanf", + "wcsnset": { + "name": "wcsnset", "annotation": [ [], - [ - "Deref" - ], + [], [], [] ], "properties": [] }, - "vfwprintf": { - "name": "vfwprintf", + "_ZSt7wcspbrkPwPKw": { + "name": "wcspbrk", "annotation": [ - [], + [ + "TaintPropagation::UntrustedSource:1", + "InitNull" + ], [ "Deref" ], - [] + [ + "Deref" + ] ], "properties": [] }, - "vfwprintf_s": { - "name": "vfwprintf_s", + "wcspbrk": { + "name": "wcspbrk", "annotation": [ - [], + [ + "TaintPropagation::UntrustedSource:1", + "InitNull" + ], [ "Deref" ], - [], - [] + [ + "Deref" + ] ], "properties": [] }, - "vfwscanf": { - "name": "vfwscanf", + "_ZSt7wcsrchrPww": { + "name": "wcsrchr", "annotation": [ - [], + [ + "TaintPropagation::UntrustedSource:1", + "InitNull" + ], [ "Deref" ], - [], [] ], "properties": [] }, - "vsnprintf_s": { - "name": "vsnprintf_s", + "wcsrchr": { + "name": "wcsrchr", "annotation": [ - [], + [ + "TaintPropagation::UntrustedSource:1", + "InitNull" + ], [ "Deref" ], - [], + [] + ], + "properties": [] + }, + "wcsrev": { + "name": "wcsrev", + "annotation": [ [], [] ], "properties": [] }, - "vsnwprintf": { - "name": "vsnwprintf", + "wcsrtombs": { + "name": "wcsrtombs", "annotation": [ [], [ - "Deref" + "TaintPropagation::UntrustedSource:2" ], [], + [], [] ], "properties": [] }, - "vsprintf": { - "name": "vsprintf", + "wcsrtombs_s": { + "name": "wcsrtombs_s", "annotation": [ [], [ - "Deref" + "TaintPropagation::UntrustedSource:2" ], + [], + [], + [], + [], [] ], "properties": [] }, - "vsprintf_s": { - "name": "vsprintf_s", + "wcsset": { + "name": "wcsset", "annotation": [ [], - [ - "Deref" - ], [], [] ], "properties": [] }, - "vsscanf": { - "name": "vsscanf", + "wcsspn": { + "name": "wcsspn", "annotation": [ - [], + [ + "TaintPropagation::UntrustedSource:1" + ], [ "Deref" ], - [], [ "Deref" ] ], "properties": [] }, - "vswscanf": { - "name": "vswscanf", + "_ZSt6wcsstrPwPKw": { + "name": "wcsstr", "annotation": [ - [], + [ + "TaintPropagation::UntrustedSource:1", + "InitNull" + ], [ "Deref" ], - [], [ "Deref" ] ], "properties": [] }, - "wcscat": { - "name": "wcscat", + "wcsstr": { + "name": "wcsstr", "annotation": [ - [], + [ + "TaintPropagation::UntrustedSource:1", + "InitNull" + ], [ "Deref" ], @@ -1572,26 +13541,21 @@ ], "properties": [] }, - "wcscat_s": { - "name": "wcscat_s", + "_ZL6wcstodPKwPPw": { + "name": "wcstod", "annotation": [ [], [ "Deref" ], - [], - [ - "Deref" - ] + [] ], "properties": [] }, - "wcschr": { - "name": "wcschr", + "_ZL6wcstofPKwPPw": { + "name": "wcstof", "annotation": [ - [ - "InitNull" - ], + [], [ "Deref" ], @@ -1599,133 +13563,126 @@ ], "properties": [] }, - "wcschrnul": { - "name": "wcschrnul", + "wcstok": { + "name": "wcstok", "annotation": [ [ - "InitNull" + "TaintPropagation::UntrustedSource:1" ], + [], + [] + ], + "properties": [] + }, + "wcstok_s": { + "name": "wcstok_s", + "annotation": [ [ - "Deref" + "TaintPropagation::UntrustedSource:1" ], + [], + [], [] ], "properties": [] }, - "wcscmp": { - "name": "wcscmp", + "wcstol": { + "name": "wcstol", "annotation": [ [], [ "Deref" ], - [ - "Deref" - ] + [], + [] ], "properties": [] }, - "wcscoll": { - "name": "wcscoll", + "wcstold": { + "name": "wcstold", "annotation": [ [], [ "Deref" ], - [ - "Deref" - ] + [] ], "properties": [] }, - "wcscpy": { - "name": "wcscpy", + "wcstoll": { + "name": "wcstoll", "annotation": [ [], [ "Deref" ], - [ - "Deref" - ] + [], + [] ], "properties": [] }, - "wcscpy_s": { - "name": "wcscpy_s", + "wcstombs": { + "name": "wcstombs", "annotation": [ [], [ - "Deref" + "TaintPropagation::UntrustedSource:2" ], [], - [ - "Deref" - ] + [] ], "properties": [] }, - "wcscspn": { - "name": "wcscspn", + "wcstombs_s": { + "name": "wcstombs_s", "annotation": [ [], [ - "Deref" + "TaintPropagation::UntrustedSource:2" ], - [ - "Deref" - ] + [], + [], + [], + [] ], "properties": [] }, - "wcsftime": { - "name": "wcsftime", + "wcstoul": { + "name": "wcstoul", "annotation": [ - [], - [], - [], [], [ "Deref" - ] + ], + [], + [] ], "properties": [] }, - "wcsncasecmp": { - "name": "wcsncasecmp", + "wcstoull": { + "name": "wcstoull", "annotation": [ [], [ "Deref" ], - [ - "Deref" - ], + [], [] ], "properties": [] }, - "wcsncat": { - "name": "wcsncat", + "wcsupr": { + "name": "wcsupr", "annotation": [ [], - [ - "Deref" - ], - [ - "Deref" - ], [] ], "properties": [] }, - "wcsncat_s": { - "name": "wcsncat_s", + "wcsxfrm": { + "name": "wcsxfrm", "annotation": [ [], - [ - "Deref" - ], [], [ "Deref" @@ -1734,121 +13691,135 @@ ], "properties": [] }, - "wcsncmp": { - "name": "wcsncmp", + "wctob": { + "name": "wctob", "annotation": [ - [], [ - "Deref" - ], - [ - "Deref" + "TaintPropagation::UntrustedSource:1" ], [] ], "properties": [] }, - "wcsncpy": { - "name": "wcsncpy", + "wctomb": { + "name": "wctomb", "annotation": [ [], [ - "Deref" - ], - [ - "Deref" + "TaintPropagation::UntrustedSource:2" ], [] ], "properties": [] }, - "wcsncpy_s": { - "name": "wcsncpy_s", + "wctrans": { + "name": "wctrans", "annotation": [ [], [ "Deref" - ], + ] + ], + "properties": [] + }, + "wctype": { + "name": "wctype", + "annotation": [ [], [ "Deref" + ] + ], + "properties": [] + }, + "WinExec": { + "name": "WinExec", + "annotation": [ + [], + [ + "Execute" ], [] ], "properties": [] }, - "wcspbrk": { - "name": "wcspbrk", + "_ZSt7wmemchrPwwy": { + "name": "wmemchr", "annotation": [ [ - "InitNull" + "InitNull", + "TaintPropagation::UntrustedSource:1" ], [ "Deref" ], + [], [ - "Deref" + "MemorySize::1" ] ], "properties": [] }, - "wcsrchr": { - "name": "wcsrchr", + "wmemchr": { + "name": "wmemchr", "annotation": [ [ - "InitNull" + "InitNull", + "TaintPropagation::UntrustedSource:1" ], [ "Deref" ], + [], [] ], "properties": [] }, - "wcsspn": { - "name": "wcsspn", + "wmemcmp": { + "name": "wmemcmp", "annotation": [ - [], [ - "Deref" + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" ], [ "Deref" - ] - ], - "properties": [] - }, - "wcsstr": { - "name": "wcsstr", - "annotation": [ - [ - "InitNull" ], [ "Deref" ], - [ - "Deref" - ] + [] ], "properties": [] }, - "wcstol": { - "name": "wcstol", + "wmemcpy": { + "name": "wmemcpy", "annotation": [ [], + [ + "Deref", + "Write:*", + "TaintPropagation::UntrustedSource:2" + ], [ "Deref" ], - [], [] ], "properties": [] }, - "wcstold": { - "name": "wcstold", + "wmemcpy_s": { + "name": "wmemcpy_s", "annotation": [ [], + [ + "Deref", + "Write:*", + "TaintPropagation::UntrustedSource:3" + ], + [ + "MemorySize::1" + ], [ "Deref" ], @@ -1856,172 +13827,211 @@ ], "properties": [] }, - "wcstoll": { - "name": "wcstoll", + "wmemmove": { + "name": "wmemmove", "annotation": [ [], + [ + "Deref", + "Write:*", + "TaintPropagation::UntrustedSource:2" + ], [ "Deref" ], - [], [] ], "properties": [] }, - "wcstoul": { - "name": "wcstoul", + "wmemmove_s": { + "name": "wmemmove_s", "annotation": [ [], + [ + "Deref", + "Write:*", + "TaintPropagation::UntrustedSource:3" + ], + [ + "MemorySize::1" + ], [ "Deref" ], - [], [] ], "properties": [] }, - "wcstoull": { - "name": "wcstoull", + "wmempcpy": { + "name": "wmempcpy", "annotation": [ [], + [ + "Deref", + "Write:*", + "TaintPropagation::UntrustedSource:2" + ], [ "Deref" ], - [], [] ], "properties": [] }, - "wcsxfrm": { - "name": "wcsxfrm", + "wmemset": { + "name": "wmemset", "annotation": [ - [], [], [ - "Deref" + "Write:*", + "TaintPropagation::UntrustedSource:2" ], + [], [] ], "properties": [] }, - "wctrans": { - "name": "wctrans", + "wprintf": { + "name": "wprintf", "annotation": [ [], [ - "Deref" + "FormatString", + "SensitiveDataLeak" + ], + [ + "SensitiveDataLeak" ] ], "properties": [] }, - "wctype": { - "name": "wctype", + "wprintf_s": { + "name": "wprintf_s", "annotation": [ [], [ - "Deref" + "FormatString", + "SensitiveDataLeak" + ], + [ + "SensitiveDataLeak" ] ], "properties": [] }, - "wmemchr": { - "name": "wmemchr", + "wscanf": { + "name": "wscanf", "annotation": [ [ - "InitNull" + "TaintOutput::UntrustedSource" ], [ - "Deref" + "FormatString" ], + [ + "TaintOutput::UntrustedSource", + "Write:*", + "OutputString" + ] + ], + "properties": [] + }, + "wtoll": { + "name": "wtoll", + "annotation": [ [], [] ], "properties": [] }, - "wmemcmp": { - "name": "wmemcmp", + "y0": { + "name": "y0", "annotation": [ - [], - [ - "Deref" - ], [ - "Deref" + "TaintPropagation::UntrustedSource:1" ], [] ], "properties": [] }, - "wmemcpy": { - "name": "wmemcpy", + "y0f": { + "name": "y0f", "annotation": [ - [], - [ - "Deref" - ], [ - "Deref" + "TaintPropagation::UntrustedSource:1" ], [] ], "properties": [] }, - "wmemcpy_s": { - "name": "wmemcpy_s", + "y0l": { + "name": "y0l", "annotation": [ - [], - [ - "Deref" - ], - [], [ - "Deref" + "TaintPropagation::UntrustedSource:1" ], [] ], "properties": [] }, - "wmemmove": { - "name": "wmemmove", + "y1": { + "name": "y1", "annotation": [ - [], [ - "Deref" + "TaintPropagation::UntrustedSource:1" ], + [] + ], + "properties": [] + }, + "y1f": { + "name": "y1f", + "annotation": [ [ - "Deref" + "TaintPropagation::UntrustedSource:1" ], [] ], "properties": [] }, - "wmemmove_s": { - "name": "wmemmove_s", + "y1l": { + "name": "y1l", "annotation": [ - [], [ - "Deref" + "TaintPropagation::UntrustedSource:1" ], - [], + [] + ], + "properties": [] + }, + "yn": { + "name": "yn", + "annotation": [ [ - "Deref" + "TaintPropagation::UntrustedSource:1" ], [] ], "properties": [] }, - "wmempcpy": { - "name": "wmempcpy", + "ynf": { + "name": "ynf", "annotation": [ - [], [ - "Deref" + "TaintPropagation::UntrustedSource:1" ], + [] + ], + "properties": [] + }, + "ynl": { + "name": "ynl", + "annotation": [ [ - "Deref" + "TaintPropagation::UntrustedSource:1" ], [] ], "properties": [] } -} +} \ No newline at end of file diff --git a/configs/taint-annotations.json b/configs/taint-annotations.json new file mode 100644 index 0000000000..df9bcd6965 --- /dev/null +++ b/configs/taint-annotations.json @@ -0,0 +1,11 @@ +{ + "SensitiveDataLeak": [ + "SensitiveDataSource" + ], + "FormatString": [ + "UntrustedSource" + ], + "Execute": [ + "UntrustedSource" + ] +} diff --git a/scripts/cooddy_annotations.py b/scripts/cooddy_annotations.py new file mode 100755 index 0000000000..1d61fc8462 --- /dev/null +++ b/scripts/cooddy_annotations.py @@ -0,0 +1,79 @@ +#!/bin/python3 + +import json +import re +from argparse import ArgumentParser + +Cooddy_name_pattern = re.compile(r"^(?P.*)\((?P[^()]*)\)$") + + +def getNames(name: str): + m = Cooddy_name_pattern.fullmatch(name) + if m: + return m.group("name"), m.group("mangled_name") + return name, name + + +def transform_annotation_with_taint_statements(annotation, funcName): + transformed_annotation = [] + for i, annotation_for_param in enumerate(annotation): + transformed_annotation_for_param = [] + for st in annotation_for_param: + statement = st.split(':') + st_len = len(statement) + assert(st_len <= 3) + + transformed_statement = st + if (statement[0] == "TaintOutput"): + if (st_len == 3 and statement[2] != ""): + print("For TaintOutput in {} annotation elem #{} ignore data from cooddy annotations file".format(funcName, i)) + offset = statement[1] if st_len == 2 else "" + transformed_statement = "TaintOutput:{}:UntrustedSource".format(offset) + elif (statement[0] == "TaintPropagation"): + if (st_len == 2): + print("TaintPropagation in {} annotation elem #{} misprint".format(funcName, i)) + transformed_statement = "TaintPropagation::UntrustedSource:{}".format(statement[1]) + elif (st_len == 3): + if (statement[1] != ""): + print("For TaintPropagation in {} annotation elem #{} ignore offset from cooddy annotations file".format(funcName, i)) + transformed_statement = "TaintPropagation::UntrustedSource:{}".format(statement[2]) + elif (statement[0] == "SensitiveDataSource"): + if (st_len != 1): + print("For SensitiveDataSource in {} annotation elem #{} ignore offset and data from cooddy annotations file".format(funcName, i)) + transformed_statement = "TaintOutput::SensitiveDataSource" + + transformed_annotation_for_param.append(transformed_statement) + transformed_annotation.append(transformed_annotation_for_param) + + return transformed_annotation + + + +def transform(utbot_json, coody_json, process_taint): + for coody_name, annotation in coody_json.items(): + funcName, mangledName = getNames(coody_name) + if (process_taint): + annotation = transform_annotation_with_taint_statements(annotation, funcName) + utbot_json[mangledName] = {"name": funcName, "annotation": annotation, "properties": []} + + +def main(): + parser = ArgumentParser( + prog='cooddy_annotations.py', + description='This script transforms .json annotations used by Cooddy static analyzer into annotations understandable by KLEE') + parser.add_argument('filenames', metavar='Path', nargs='+', help="Cooddy annotation .json file path") + parser.add_argument('Output', help="Target file path for produced KLEE annotation") + parser.add_argument('--taint', action='store_true', help="Enable processing of annotations associated with taint analysis " + + "(needed if you want to use taint analysis)") + args = parser.parse_args() + utbot_json = dict() + for filename in args.filenames: + with open(filename) as file: + j = json.load(file) + transform(utbot_json, j, args.taint) + with open(args.Output, 'w') as file: + json.dump(utbot_json, file, indent=" ") + + +if __name__ == "__main__": + main() From 69c52f34d1a3440eb04c533bc6445110dd870001 Mon Sep 17 00:00:00 2001 From: Maria Date: Fri, 15 Dec 2023 20:19:03 +0300 Subject: [PATCH 07/28] Add taint annotations parsing and new klee taint function --- include/klee/Core/Interpreter.h | 14 ++-- include/klee/Core/MockBuilder.h | 4 +- include/klee/Module/Annotation.h | 27 +++---- include/klee/Module/AnnotationsData.h | 20 +++++ include/klee/Module/TaintAnnotation.h | 30 ++++++++ include/klee/klee.h | 16 +++- lib/Core/MockBuilder.cpp | 102 +++++++++++++------------- lib/Core/SpecialFunctionHandler.cpp | 18 ++++- lib/Core/SpecialFunctionHandler.h | 1 + lib/Module/Annotation.cpp | 43 +++++++++-- lib/Module/AnnotationsData.cpp | 13 ++++ lib/Module/CMakeLists.txt | 2 + lib/Module/TaintAnnotation.cpp | 47 ++++++++++++ runtime/Runtest/intrinsics.c | 3 +- tools/klee/main.cpp | 18 +++-- 15 files changed, 271 insertions(+), 87 deletions(-) create mode 100644 include/klee/Module/AnnotationsData.h create mode 100644 include/klee/Module/TaintAnnotation.h create mode 100644 lib/Module/AnnotationsData.cpp create mode 100644 lib/Module/TaintAnnotation.cpp diff --git a/include/klee/Core/Interpreter.h b/include/klee/Core/Interpreter.h index aceb78dcfc..df82a2fb47 100644 --- a/include/klee/Core/Interpreter.h +++ b/include/klee/Core/Interpreter.h @@ -110,6 +110,7 @@ class Interpreter { std::string MainCurrentName; std::string MainNameAfterMock; std::string AnnotationsFile; + std::string TaintAnnotationsFile; bool Optimize; bool Simplify; bool CheckDivZero; @@ -122,16 +123,19 @@ class Interpreter { const std::string &_EntryPoint, const std::string &_OptSuffix, const std::string &_MainCurrentName, const std::string &_MainNameAfterMock, - const std::string &_AnnotationsFile, bool _Optimize, - bool _Simplify, bool _CheckDivZero, bool _CheckOvershift, + const std::string &_AnnotationsFile, + const std::string &_TaintAnnotationsFile, + bool _Optimize, bool _Simplify, + bool _CheckDivZero, bool _CheckOvershift, bool _AnnotateOnlyExternal, bool _WithFPRuntime, bool _WithPOSIXRuntime) : LibraryDir(_LibraryDir), EntryPoint(_EntryPoint), OptSuffix(_OptSuffix), MainCurrentName(_MainCurrentName), MainNameAfterMock(_MainNameAfterMock), - AnnotationsFile(_AnnotationsFile), Optimize(_Optimize), - Simplify(_Simplify), CheckDivZero(_CheckDivZero), - CheckOvershift(_CheckOvershift), + AnnotationsFile(_AnnotationsFile), + TaintAnnotationsFile(_TaintAnnotationsFile), + Optimize(_Optimize), Simplify(_Simplify), + CheckDivZero(_CheckDivZero), CheckOvershift(_CheckOvershift), AnnotateOnlyExternal(_AnnotateOnlyExternal), WithFPRuntime(_WithFPRuntime), WithPOSIXRuntime(_WithPOSIXRuntime) {} }; diff --git a/include/klee/Core/MockBuilder.h b/include/klee/Core/MockBuilder.h index b81406a0d0..15f1fd63de 100644 --- a/include/klee/Core/MockBuilder.h +++ b/include/klee/Core/MockBuilder.h @@ -10,7 +10,7 @@ #define KLEE_MOCKBUILDER_H #include "klee/Core/Interpreter.h" -#include "klee/Module/Annotation.h" +#include "klee/Module/AnnotationsData.h" #include "llvm/IR/IRBuilder.h" #include "llvm/IR/Module.h" @@ -38,7 +38,7 @@ class MockBuilder { std::set &mainModuleFunctions; std::set &mainModuleGlobals; - AnnotationsMap annotations; + AnnotationsData annotationsData; void initMockModule(); void buildMockMain(); diff --git a/include/klee/Module/Annotation.h b/include/klee/Module/Annotation.h index 546dddbf95..8191c61fcf 100644 --- a/include/klee/Module/Annotation.h +++ b/include/klee/Module/Annotation.h @@ -15,6 +15,12 @@ #include #include #include +#include "klee/Config/config.h" +#include "klee/Config/config.h" + +#include "llvm/IR/Module.h" + +#include using json = nlohmann::json; @@ -31,18 +37,8 @@ enum class Kind { AllocSource, Free, - // TODO: perhaps separate TaintSources and TaintSinks - // taint sources - TaintInput, - TaintPropagation, TaintOutput, -// UntrustedSource, - SensitiveDataSource, - - // taint sinks - Execute, - FormatString, - SensitiveDataLeak + TaintPropagation }; enum class Property { @@ -126,13 +122,18 @@ struct Free final : public Unknown { }; struct TaintOutput final : public Unknown { + std::string type; + explicit TaintOutput(const std::string &str = "TaintOutput"); [[nodiscard]] Kind getKind() const override; }; -struct FormatString final : public Unknown { - explicit FormatString(const std::string &str = "FormatString"); +struct TaintPropagation final : public Unknown { + std::string type; + size_t propagationParameter; + + explicit TaintPropagation(const std::string &str = "TaintPropagation"); [[nodiscard]] Kind getKind() const override; }; diff --git a/include/klee/Module/AnnotationsData.h b/include/klee/Module/AnnotationsData.h new file mode 100644 index 0000000000..3cdb7d9b82 --- /dev/null +++ b/include/klee/Module/AnnotationsData.h @@ -0,0 +1,20 @@ +#ifndef KLEE_ANNOTATIONS_DATA_H +#define KLEE_ANNOTATIONS_DATA_H + +#include "klee/Module/Annotation.h" +#include "klee/Module/TaintAnnotation.h" + +namespace klee { + +struct AnnotationsData final { + AnnotationsMap annotations; + TaintAnnotation taintAnnotation; + + explicit AnnotationsData(const std::string &annotationsFile, + const std::string &taintAnnotationsFile); + virtual ~AnnotationsData(); +}; + +} // namespace klee + +#endif // KLEE_ANNOTATIONS_DATA_H diff --git a/include/klee/Module/TaintAnnotation.h b/include/klee/Module/TaintAnnotation.h new file mode 100644 index 0000000000..22ed577577 --- /dev/null +++ b/include/klee/Module/TaintAnnotation.h @@ -0,0 +1,30 @@ +#ifndef KLEE_TAINT_ANNOTATION_H +#define KLEE_TAINT_ANNOTATION_H + +#include "nlohmann/json.hpp" +#include "nonstd/optional.hpp" + +#include "map" +#include "set" +#include "string" +#include "vector" + +using json = nlohmann::json; + +namespace klee { + +using TaintSinksSourcesMap = std::map>; + +class TaintAnnotation final { +public: + TaintSinksSourcesMap sinksToSources; + std::map sinks; + std::map sources; + + explicit TaintAnnotation(const std::string &taintAnnotationsFile); + virtual ~TaintAnnotation(); +}; + +} // namespace klee + +#endif // KLEE_TAINT_ANNOTATION_H diff --git a/include/klee/klee.h b/include/klee/klee.h index ecb449471d..076d827d56 100644 --- a/include/klee/klee.h +++ b/include/klee/klee.h @@ -45,7 +45,7 @@ void klee_make_symbolic(void *addr, size_t nbytes, const char *name); * be the entire contents of the object. * \arg taint_type - Taint type. */ -void klee_add_taint(void *array, size_t nbytes, size_t taint_type) {} +void klee_add_taint(void *array, size_t nbytes, size_t taint_type); /* klee_clear_taint - Clear the contents of the object pointer to \arg addr * of the taint \arg taint_type. @@ -55,9 +55,19 @@ void klee_add_taint(void *array, size_t nbytes, size_t taint_type) {} * be the entire contents of the object. * \arg taint_type - Taint type. */ -void klee_clear_taint(void *array, size_t nbytes, size_t taint_type) {} +void klee_clear_taint(void *array, size_t nbytes, size_t taint_type); /* klee_check_taint - Check that the contents of the object pointer + * to \arg addr has a \arg taint_type. + * + * \arg addr - The start of the object. + * \arg nbytes - The number of bytes to set taint type; currently this *must* + * be the entire contents of the object. + * \arg taint_type - Taint type. + */ +bool klee_check_taint(void *array, size_t nbytes, size_t taint_type); + +/* klee_check_taint_sink - Check that the contents of the object pointer * to \arg addr causes a taint sink \arg taint_sink hit. * * \arg addr - The start of the object. @@ -65,7 +75,7 @@ void klee_clear_taint(void *array, size_t nbytes, size_t taint_type) {} * be the entire contents of the object. * \arg taint_sink - Taint sink. */ -bool klee_check_taint(void *array, size_t nbytes, size_t taint_sink); +bool klee_check_taint_sink(void *array, size_t nbytes, size_t taint_sink); /* klee_taint_sink_hit - Execute taint sink \arg taint_sink hit. * diff --git a/lib/Core/MockBuilder.cpp b/lib/Core/MockBuilder.cpp index f433ad90f4..fa89616ce5 100644 --- a/lib/Core/MockBuilder.cpp +++ b/lib/Core/MockBuilder.cpp @@ -95,9 +95,8 @@ MockBuilder::MockBuilder( ignoredExternals(ignoredExternals), redefinitions(redefinitions), interpreterHandler(interpreterHandler), mainModuleFunctions(mainModuleFunctions), - mainModuleGlobals(mainModuleGlobals) { - annotations = parseAnnotations(opts.AnnotationsFile); -} + mainModuleGlobals(mainModuleGlobals), + annotationsData(opts.AnnotationsFile, opts.TaintAnnotationsFile) {} std::unique_ptr MockBuilder::build() { initMockModule(); @@ -243,7 +242,7 @@ void MockBuilder::buildExternalFunctionsDefinitions() { } if (!opts.AnnotateOnlyExternal) { - for (const auto &annotation : annotations) { + for (const auto &annotation : annotationsData.annotations) { llvm::Function *func = userModule->getFunction(annotation.first); if (func) { auto ext = externalFunctions.find(annotation.first); @@ -276,8 +275,8 @@ void MockBuilder::buildExternalFunctionsDefinitions() { auto *BB = llvm::BasicBlock::Create(ctx, "entry", func); builder->SetInsertPoint(BB); - const auto nameToAnnotations = annotations.find(extName); - if (nameToAnnotations != annotations.end()) { + const auto nameToAnnotations = annotationsData.annotations.find(extName); + if (nameToAnnotations != annotationsData.annotations.end()) { klee_message("Annotation function %s", extName.c_str()); const auto &annotation = nameToAnnotations->second; @@ -496,54 +495,59 @@ void MockBuilder::buildAnnotationForExternalFunctionArgs( break; } case Statement::Kind::TaintOutput: { + auto x = std::dynamic_pointer_cast(statement); // buildCallKleeTaintFunction("klee_add_taint", elem,); break; } - case Statement::Kind::FormatString: { - if (!elem->getType()->isPointerTy()) { - klee_error("Annotation: FormatString arg not pointer"); - } - - std::string sinkCondName = - "condition_sink_format_string_arg_" + std::to_string(i) + - "_" + func->getName().str(); - - llvm::BasicBlock *fromIf = builder->GetInsertBlock(); - llvm::Function *curFunc = fromIf->getParent(); - - llvm::BasicBlock *sinkBB = llvm::BasicBlock::Create( - mockModule->getContext(), sinkCondName, curFunc); - llvm::BasicBlock *contBB = llvm::BasicBlock::Create( - mockModule->getContext(), "continue_" + sinkCondName); - auto brValueSink = buildCallKleeTaintFunction( - "klee_check_taint", elem, - static_cast(Statement::Kind::FormatString)); - builder->CreateCondBr(brValueSink, sinkBB, contBB); - - builder->SetInsertPoint(sinkBB); - std::string sinkHitCondName = - "condition_sink_hit_format_string_arg_" + std::to_string(i) + - "_" + func->getName().str(); - auto intType = llvm::IntegerType::get(mockModule->getContext(), 1); - auto *sinkHitCond = builder->CreateAlloca(intType, nullptr); - buildCallKleeMakeSymbolic("klee_make_mock", sinkHitCond, intType, - sinkHitCondName); - fromIf = builder->GetInsertBlock(); - curFunc = fromIf->getParent(); - llvm::BasicBlock *sinkHitBB = llvm::BasicBlock::Create( - mockModule->getContext(), sinkHitCondName, curFunc); - auto brValueSinkHit = builder->CreateLoad(intType, sinkHitCond); - builder->CreateCondBr(brValueSinkHit, sinkHitBB, contBB); - - builder->SetInsertPoint(sinkHitBB); - buildCallKleeTaintSinkHit( - static_cast(Statement::Kind::FormatString)); - builder->CreateBr(contBB); - - curFunc->getBasicBlockList().push_back(contBB); - builder->SetInsertPoint(contBB); + case Statement::Kind::TaintPropagation: { +// buildCallKleeTaintFunction("klee_add_taint", elem,); break; } +// case Statement::Kind::FormatString: { +// if (!elem->getType()->isPointerTy()) { +// klee_error("Annotation: FormatString arg not pointer"); +// } +// +// std::string sinkCondName = +// "condition_sink_format_string_arg_" + std::to_string(i) + +// "_" + func->getName().str(); +// +// llvm::BasicBlock *fromIf = builder->GetInsertBlock(); +// llvm::Function *curFunc = fromIf->getParent(); +// +// llvm::BasicBlock *sinkBB = llvm::BasicBlock::Create( +// mockModule->getContext(), sinkCondName, curFunc); +// llvm::BasicBlock *contBB = llvm::BasicBlock::Create( +// mockModule->getContext(), "continue_" + sinkCondName); +// auto brValueSink = buildCallKleeTaintFunction( +// "klee_check_taint_sink", elem, +// static_cast(Statement::Kind::FormatString)); +// builder->CreateCondBr(brValueSink, sinkBB, contBB); +// +// builder->SetInsertPoint(sinkBB); +// std::string sinkHitCondName = +// "condition_sink_hit_format_string_arg_" + std::to_string(i) + +// "_" + func->getName().str(); +// auto intType = llvm::IntegerType::get(mockModule->getContext(), 1); +// auto *sinkHitCond = builder->CreateAlloca(intType, nullptr); +// buildCallKleeMakeSymbolic("klee_make_mock", sinkHitCond, intType, +// sinkHitCondName); +// fromIf = builder->GetInsertBlock(); +// curFunc = fromIf->getParent(); +// llvm::BasicBlock *sinkHitBB = llvm::BasicBlock::Create( +// mockModule->getContext(), sinkHitCondName, curFunc); +// auto brValueSinkHit = builder->CreateLoad(intType, sinkHitCond); +// builder->CreateCondBr(brValueSinkHit, sinkHitBB, contBB); +// +// builder->SetInsertPoint(sinkHitBB); +// buildCallKleeTaintSinkHit( +// static_cast(Statement::Kind::FormatString)); +// builder->CreateBr(contBB); +// +// curFunc->getBasicBlockList().push_back(contBB); +// builder->SetInsertPoint(contBB); +// break; +// } case Statement::Kind::Unknown: default: klee_message("Annotation: not implemented %s", diff --git a/lib/Core/SpecialFunctionHandler.cpp b/lib/Core/SpecialFunctionHandler.cpp index 501a94b57d..89dd4a97d8 100644 --- a/lib/Core/SpecialFunctionHandler.cpp +++ b/lib/Core/SpecialFunctionHandler.cpp @@ -133,6 +133,7 @@ static SpecialFunctionHandler::HandlerInfo handlerInfo[] = { add("klee_add_taint", handleAddTaint, false), add("klee_clear_taint", handleClearTaint, false), add("klee_check_taint", handleCheckTaint, true), + add("klee_check_taint_sink", handleCheckTaintSink, true), add("klee_taint_sink_hit", handleTaintSinkHit, false), #ifdef SUPPORT_KLEE_EH_CXX add("_klee_eh_Unwind_RaiseException_impl", handleEhUnwindRaiseExceptionImpl, @@ -1265,6 +1266,22 @@ void SpecialFunctionHandler::handleCheckTaint( executor.bindLocal(target, state, result); } +void SpecialFunctionHandler::handleCheckTaintSink( + klee::ExecutionState &state, + klee::KInstruction *target, + std::vector> &arguments) { + if (arguments.size() != 3) { + executor.terminateStateOnUserError( + state, "Incorrect number of arguments to " + "klee_check_taint_sink(void*, size_t, size_t)"); + return; + } + + // FIXME: this is a test version right now + ref result = ConstantExpr::create(true, Expr::Bool); + executor.bindLocal(target, state, result); +} + void SpecialFunctionHandler::handleTaintSinkHit( klee::ExecutionState &state, klee::KInstruction *target, @@ -1275,6 +1292,5 @@ void SpecialFunctionHandler::handleTaintSinkHit( return; } - executor.terminateStateOnError(state, "FormatString", StateTerminationType::User); } diff --git a/lib/Core/SpecialFunctionHandler.h b/lib/Core/SpecialFunctionHandler.h index a0da418e0f..a483edb575 100644 --- a/lib/Core/SpecialFunctionHandler.h +++ b/lib/Core/SpecialFunctionHandler.h @@ -184,6 +184,7 @@ class SpecialFunctionHandler { HANDLER(handleAddTaint); HANDLER(handleClearTaint); HANDLER(handleCheckTaint); + HANDLER(handleCheckTaintSink); HANDLER(handleTaintSinkHit); #undef HANDLER }; diff --git a/lib/Module/Annotation.cpp b/lib/Module/Annotation.cpp index 7d45a48aa0..d09df6ddc0 100644 --- a/lib/Module/Annotation.cpp +++ b/lib/Module/Annotation.cpp @@ -7,6 +7,7 @@ //===----------------------------------------------------------------------===// #include "klee/Module/Annotation.h" +#include "klee/Module/TaintAnnotation.h" #include "klee/Support/ErrorHandling.h" #include "klee/Support/CompilerWarning.h" @@ -19,6 +20,8 @@ DISABLE_WARNING_POP #include +#include + namespace klee { static inline std::string toLower(const std::string &str) { @@ -136,17 +139,43 @@ Free::Free(const std::string &str) : Unknown(str) { Kind Free::getKind() const { return Kind::Free; } +/* + * Format: TaintOutput:{offset}:{type} + */ + TaintOutput::TaintOutput(const std::string &str) : Unknown(str) { - if (!rawValue.empty()) { - klee_error("Annotation: Incorrect value format \"%s\", must be empty", rawValue.c_str()); + if (rawValue.empty()) { + klee_error("Annotation TaintOutput: Incorrect value format, must be not empty"); } + type = rawValue; } Kind TaintOutput::getKind() const { return Kind::TaintOutput; } -FormatString::FormatString(const std::string &str) : Unknown(str) {} +/* + * Format: TaintPropagation::{type}:{data} + */ + +TaintPropagation::TaintPropagation(const std::string &str) : Unknown(str) { + if (!rawOffset.empty()) { + klee_error("Annotation TaintPropagation: Incorrect offset format, must be empty"); + } + if (rawValue.empty()) { + klee_error("Annotation TaintPropagation: Incorrect value format, must be not empty"); + } + + const size_t colonPos = rawValue.find(':'); + if (colonPos == std::string::npos) { + klee_error("Annotation TaintPropagation: Incorrect value %s format, must be :", rawValue.c_str()); + } + type = rawValue.substr(0, colonPos); + + if (sscanf(rawValue.substr(colonPos + 1, std::string::npos).c_str(), "%zu", &propagationParameter) != 1) { + klee_error("Annotation TaintPropagation: Incorrect value %s format, must be :", rawValue.c_str()); + } +} -Kind FormatString::getKind() const { return Kind::FormatString; } +Kind TaintPropagation::getKind() const { return Kind::TaintPropagation; } const std::map StringToKindMap = { {"deref", Statement::Kind::Deref}, @@ -156,7 +185,7 @@ const std::map StringToKindMap = { {"freesource", Statement::Kind::Free}, {"freesink", Statement::Kind::Free}, {"taintoutput", Statement::Kind::TaintOutput}, - {"formatstring", Statement::Kind::FormatString}}; + {"taintpropagation", Statement::Kind::TaintPropagation}}; inline Statement::Kind stringToKind(const std::string &str) { auto it = StringToKindMap.find(toLower(str)); @@ -183,8 +212,8 @@ Ptr stringToKindPtr(const std::string &str) { return std::make_shared(str); case Statement::Kind::TaintOutput: return std::make_shared(str); - case Statement::Kind::FormatString: - return std::make_shared(str); + case Statement::Kind::TaintPropagation: + return std::make_shared(str); } } diff --git a/lib/Module/AnnotationsData.cpp b/lib/Module/AnnotationsData.cpp new file mode 100644 index 0000000000..a0ad0d9b29 --- /dev/null +++ b/lib/Module/AnnotationsData.cpp @@ -0,0 +1,13 @@ +#include "klee/Module/AnnotationsData.h" + +namespace klee { + +klee::AnnotationsData::AnnotationsData(const std::string &annotationsFile, + const std::string &taintAnnotationsFile): + taintAnnotation(taintAnnotationsFile) { + annotations = parseAnnotations(annotationsFile); +} + +AnnotationsData::~AnnotationsData() = default; + +} // namespace klee diff --git a/lib/Module/CMakeLists.txt b/lib/Module/CMakeLists.txt index 65cccdcc68..7e0383cf67 100644 --- a/lib/Module/CMakeLists.txt +++ b/lib/Module/CMakeLists.txt @@ -8,6 +8,7 @@ #===------------------------------------------------------------------------===# set(KLEE_MODULE_COMPONENT_SRCS Annotation.cpp + AnnotationsData.cpp CallSplitter.cpp CallRemover.cpp Checks.cpp @@ -30,6 +31,7 @@ set(KLEE_MODULE_COMPONENT_SRCS ReturnLocationFinderPass.cpp ReturnSplitter.cpp SarifReport.cpp + TaintAnnotation.cpp Target.cpp TargetHash.cpp TargetForest.cpp diff --git a/lib/Module/TaintAnnotation.cpp b/lib/Module/TaintAnnotation.cpp new file mode 100644 index 0000000000..bff46d1009 --- /dev/null +++ b/lib/Module/TaintAnnotation.cpp @@ -0,0 +1,47 @@ +#include "klee/Module/TaintAnnotation.h" +#include "klee/Support/ErrorHandling.h" + +#include + +namespace klee { + +TaintAnnotation::TaintAnnotation(const std::string &taintAnnotationsFilePath) { + std::ifstream taintAnnotationsFile(taintAnnotationsFilePath); + if (!taintAnnotationsFile.good()) { + klee_error("Taint annotation: Opening %s failed.", taintAnnotationsFilePath.c_str()); + } + json taintAnnotationsJson = json::parse(taintAnnotationsFile, nullptr, false); + if (taintAnnotationsJson.is_discarded()) { + klee_error("Taint annotation: Parsing JSON %s failed.", taintAnnotationsFilePath.c_str()); + } + + std::set sourcesStrs; + for (auto &item : taintAnnotationsJson.items()) { + if (!item.value().is_array()) { + klee_error("Taint annotations: Incorrect file format"); + } + const auto sourcesForThisSink = item.value().get>(); + sourcesStrs.insert(sourcesForThisSink.begin(), sourcesForThisSink.end()); + } + + size_t sourcesCounter = 0; + for (auto &sourceStr : sourcesStrs) { + sources[sourceStr] = sourcesCounter; + sourcesCounter++; + } + + size_t sinksCounter = 0; + for (auto &item : taintAnnotationsJson.items()) { + sinks[item.key()] = sinksCounter; + std::set sourcesForThisSink; + for (auto &sourceStr : item.value()) { + sourcesForThisSink.insert(sources[sourceStr]); + } + sinksToSources[sinksCounter] = sourcesForThisSink; + sinksCounter++; + } +} + +TaintAnnotation::~TaintAnnotation() = default; + +} // namespace klee diff --git a/runtime/Runtest/intrinsics.c b/runtime/Runtest/intrinsics.c index 85e3120048..8a3c9ea3cf 100644 --- a/runtime/Runtest/intrinsics.c +++ b/runtime/Runtest/intrinsics.c @@ -167,7 +167,8 @@ void klee_make_mock(void *ret_array, size_t ret_nbytes, const char *fname) { // TODO: add for tests void klee_add_taint(void *array, size_t nbytes, size_t taint_type) {} void klee_clear_taint(void *array, size_t nbytes, size_t taint_type) {} -bool klee_check_taint(void *array, size_t nbytes, size_t taint_sink) {} +bool klee_check_taint(void *array, size_t nbytes, size_t taint_type) {} +bool klee_check_taint_sink(void *array, size_t nbytes, size_t taint_sink) {} void klee_taint_sink_hit(size_t taint_sink) {} void klee_silent_exit(int x) { exit(x); } diff --git a/tools/klee/main.cpp b/tools/klee/main.cpp index 227540dabd..90b61fda9b 100644 --- a/tools/klee/main.cpp +++ b/tools/klee/main.cpp @@ -411,6 +411,11 @@ cl::opt AnnotateOnlyExternal( cl::desc("Ignore annotations for defined function (default=false)"), cl::init(false), cl::cat(MockCat)); +cl::opt + TaintAnnotationsFile("taint-annotations", + cl::desc("Path to the taint annotations JSON file"), + cl::value_desc("path file"), cl::cat(MockCat)); + enum class SAMultiplexKind { None, Traces, @@ -1080,12 +1085,12 @@ static const char *modelledExternals[] = { "klee_get_valuef", "klee_get_valued", "klee_get_valuel", "klee_get_valuell", "klee_get_value_i32", "klee_get_value_i64", "klee_get_obj_size", "klee_is_symbolic", "klee_make_symbolic", "klee_make_mock", - "klee_add_taint", "klee_clear_taint", - "klee_check_taint", "klee_taint_sink_hit", - "klee_mark_global", "klee_open_merge", "klee_close_merge", - "klee_prefer_cex", "klee_posix_prefer_cex", "klee_print_expr", - "klee_print_range", "klee_report_error", "klee_set_forking", - "klee_silent_exit", "klee_warning", "klee_warning_once", "klee_stack_trace", + "klee_add_taint", "klee_clear_taint", "klee_check_taint", + "klee_check_taint_sink", "klee_taint_sink_hit", "klee_mark_global", + "klee_open_merge", "klee_close_merge", "klee_prefer_cex", + "klee_posix_prefer_cex", "klee_print_expr", "klee_print_range", + "klee_report_error", "klee_set_forking", "klee_silent_exit", "klee_warning", + "klee_warning_once", "klee_stack_trace", #ifdef SUPPORT_KLEE_EH_CXX "_klee_eh_Unwind_RaiseException_impl", "klee_eh_typeid_for", #endif @@ -2175,6 +2180,7 @@ int main(int argc, char **argv, char **envp) { /*MainCurrentName=*/EntryPoint, /*MainNameAfterMock=*/"__klee_mock_wrapped_main", /*AnnotationsFile=*/AnnotationsFile, + /*TaintAnnotationsFile=*/TaintAnnotationsFile, /*Optimize=*/OptimizeModule, /*Simplify*/ SimplifyModule, /*CheckDivZero=*/CheckDivZero, From 2dc12d38a1c70a38b7c577067dd93cc3f9929aff Mon Sep 17 00:00:00 2001 From: Maria Date: Fri, 15 Dec 2023 20:39:05 +0300 Subject: [PATCH 08/28] Add TaintSink --- configs/annotations.json | 632 +++++++++++++++---------------- include/klee/Module/Annotation.h | 13 +- lib/Module/Annotation.cpp | 22 +- scripts/cooddy_annotations.py | 12 + 4 files changed, 361 insertions(+), 318 deletions(-) diff --git a/configs/annotations.json b/configs/annotations.json index e77a8f1227..1c62cb7c2f 100644 --- a/configs/annotations.json +++ b/configs/annotations.json @@ -91,13 +91,13 @@ "annotation": [ [], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ] ], "properties": [] @@ -107,13 +107,13 @@ "annotation": [ [], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ] ], "properties": [] @@ -123,13 +123,13 @@ "annotation": [ [], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ] ], "properties": [] @@ -139,13 +139,13 @@ "annotation": [ [], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ] ], "properties": [] @@ -155,10 +155,10 @@ "annotation": [ [], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ] ], "properties": [] @@ -168,13 +168,13 @@ "annotation": [ [], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ] ], "properties": [] @@ -184,10 +184,10 @@ "annotation": [ [], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ] ], "properties": [] @@ -197,13 +197,13 @@ "annotation": [ [], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ] ], "properties": [] @@ -257,7 +257,7 @@ "annotation": [ [], [ - "Execute" + "TaintSink::Execute" ], [] ], @@ -269,13 +269,13 @@ [], [], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ] ], "properties": [] @@ -286,13 +286,13 @@ [], [], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ] ], "properties": [] @@ -303,13 +303,13 @@ [], [], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ] ], "properties": [] @@ -320,13 +320,13 @@ [], [], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ] ], "properties": [] @@ -337,10 +337,10 @@ [], [], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ] ], "properties": [] @@ -351,13 +351,13 @@ [], [], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ] ], "properties": [] @@ -368,10 +368,10 @@ [], [], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ] ], "properties": [] @@ -382,13 +382,13 @@ [], [], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ] ], "properties": [] @@ -423,13 +423,13 @@ "annotation": [ [], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ] ], "properties": [] @@ -439,16 +439,16 @@ "annotation": [ [], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ] ], "properties": [] @@ -458,13 +458,13 @@ "annotation": [ [], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ] ], "properties": [] @@ -474,16 +474,16 @@ "annotation": [ [], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ] ], "properties": [] @@ -493,10 +493,10 @@ "annotation": [ [], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ] ], "properties": [] @@ -506,13 +506,13 @@ "annotation": [ [], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ] ], "properties": [] @@ -522,10 +522,10 @@ "annotation": [ [], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ] ], "properties": [] @@ -535,13 +535,13 @@ "annotation": [ [], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ] ], "properties": [] @@ -571,7 +571,7 @@ "annotation": [ [], [ - "Execute" + "TaintSink::Execute" ], [] ], @@ -583,13 +583,13 @@ [], [], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ] ], "properties": [] @@ -600,13 +600,13 @@ [], [], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ] ], "properties": [] @@ -617,13 +617,13 @@ [], [], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ] ], "properties": [] @@ -634,13 +634,13 @@ [], [], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ] ], "properties": [] @@ -651,10 +651,10 @@ [], [], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ] ], "properties": [] @@ -675,13 +675,13 @@ [], [], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ] ], "properties": [] @@ -692,10 +692,10 @@ [], [], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ] ], "properties": [] @@ -706,13 +706,13 @@ [], [], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ] ], "properties": [] @@ -722,7 +722,7 @@ "annotation": [ [], [ - "Execute" + "TaintSink::Execute" ] ], "properties": [] @@ -732,13 +732,13 @@ "annotation": [ [], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ] ], "properties": [] @@ -748,16 +748,16 @@ "annotation": [ [], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ] ], "properties": [] @@ -767,13 +767,13 @@ "annotation": [ [], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ] ], "properties": [] @@ -783,16 +783,16 @@ "annotation": [ [], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ] ], "properties": [] @@ -802,10 +802,10 @@ "annotation": [ [], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ] ], "properties": [] @@ -815,13 +815,13 @@ "annotation": [ [], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ] ], "properties": [] @@ -831,10 +831,10 @@ "annotation": [ [], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ] ], "properties": [] @@ -844,13 +844,13 @@ "annotation": [ [], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ] ], "properties": [] @@ -860,7 +860,7 @@ "annotation": [ [], [ - "Execute" + "TaintSink::Execute" ], [] ], @@ -872,13 +872,13 @@ [], [], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ] ], "properties": [] @@ -889,13 +889,13 @@ [], [], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ] ], "properties": [] @@ -906,13 +906,13 @@ [], [], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ] ], "properties": [] @@ -923,13 +923,13 @@ [], [], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ] ], "properties": [] @@ -940,10 +940,10 @@ [], [], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ] ], "properties": [] @@ -954,13 +954,13 @@ [], [], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ] ], "properties": [] @@ -971,10 +971,10 @@ [], [], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ] ], "properties": [] @@ -985,13 +985,13 @@ [], [], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ] ], "properties": [] @@ -1001,7 +1001,7 @@ "annotation": [ [], [ - "Execute" + "TaintSink::Execute" ] ], "properties": [] @@ -2919,20 +2919,20 @@ "annotation": [ [], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ], [], [], [], [], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ], [], [] @@ -2945,20 +2945,20 @@ [], [], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ], [], [], [], [], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ], [], [] @@ -2971,20 +2971,20 @@ [], [], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ], [], [], [], [], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ], [], [] @@ -2996,20 +2996,20 @@ "annotation": [ [], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ], [], [], [], [], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ], [], [] @@ -3025,17 +3025,17 @@ [], [], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ], [], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ], [], [] @@ -3049,17 +3049,17 @@ [], [], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ], [], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ], [], [] @@ -3583,10 +3583,10 @@ "annotation": [ [], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ], [] ], @@ -3597,7 +3597,7 @@ "annotation": [ [], [ - "Execute" + "TaintSink::Execute" ], [] ], @@ -3900,13 +3900,13 @@ "annotation": [ [], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ] ], "properties": [] @@ -3916,13 +3916,13 @@ "annotation": [ [], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ] ], "properties": [] @@ -3932,13 +3932,13 @@ "annotation": [ [], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ] ], "properties": [] @@ -3948,13 +3948,13 @@ "annotation": [ [], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ] ], "properties": [] @@ -3964,10 +3964,10 @@ "annotation": [ [], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ] ], "properties": [] @@ -3977,13 +3977,13 @@ "annotation": [ [], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ] ], "properties": [] @@ -3993,10 +3993,10 @@ "annotation": [ [], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ] ], "properties": [] @@ -4006,13 +4006,13 @@ "annotation": [ [], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ] ], "properties": [] @@ -5049,11 +5049,11 @@ "Deref" ], [ - "FormatString::Printf", - "SensitiveDataLeak" + "TaintSink::FormatString", + "TaintSink::SensitiveDataLeak" ], [ - "SensitiveDataLeak" + "TaintSink::SensitiveDataLeak" ] ], "properties": [] @@ -5066,11 +5066,11 @@ "Deref" ], [ - "FormatString::Printf", - "SensitiveDataLeak" + "TaintSink::FormatString", + "TaintSink::SensitiveDataLeak" ], [ - "SensitiveDataLeak" + "TaintSink::SensitiveDataLeak" ] ], "properties": [] @@ -5081,11 +5081,11 @@ [], [], [ - "FormatString::Printf", - "SensitiveDataLeak" + "TaintSink::FormatString", + "TaintSink::SensitiveDataLeak" ], [ - "SensitiveDataLeak" + "TaintSink::SensitiveDataLeak" ] ], "properties": [] @@ -5318,7 +5318,7 @@ "Deref" ], [ - "FormatString::Scanf" + "TaintSink::FormatString" ], [ "TaintOutput:*:UntrustedSource", @@ -5338,7 +5338,7 @@ "Deref" ], [ - "FormatString::Scanfs" + "TaintSink::FormatString" ], [ "TaintOutput:*:UntrustedSource", @@ -5515,11 +5515,11 @@ "Deref" ], [ - "FormatString", - "SensitiveDataLeak" + "TaintSink::FormatString", + "TaintSink::SensitiveDataLeak" ], [ - "SensitiveDataLeak" + "TaintSink::SensitiveDataLeak" ] ], "properties": [] @@ -5530,11 +5530,11 @@ [], [], [ - "FormatString", - "SensitiveDataLeak" + "TaintSink::FormatString", + "TaintSink::SensitiveDataLeak" ], [ - "SensitiveDataLeak" + "TaintSink::SensitiveDataLeak" ] ], "properties": [] @@ -5545,7 +5545,7 @@ [], [ "Deref", - "SensitiveDataLeak" + "TaintSink::SensitiveDataLeak" ], [], [], @@ -5565,7 +5565,7 @@ "Deref" ], [ - "FormatString" + "TaintSink::FormatString" ], [ "TaintOutput::UntrustedSource" @@ -5578,13 +5578,13 @@ "annotation": [ [], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ], [], [], @@ -5599,7 +5599,7 @@ "annotation": [ [], [ - "Execute" + "TaintSink::Execute" ], [] ], @@ -5610,7 +5610,7 @@ "annotation": [ [], [ - "Execute" + "TaintSink::Execute" ], [] ], @@ -5621,13 +5621,13 @@ "annotation": [ [], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ], [], [], @@ -8573,7 +8573,7 @@ "annotation": [ [], [ - "Execute" + "TaintSink::Execute" ], [] ], @@ -8584,10 +8584,10 @@ "annotation": [ [], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ], [] ], @@ -8598,15 +8598,15 @@ "annotation": [ [], [ - "Execute" + "TaintSink::Execute" ], [], [], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ] ], "properties": [] @@ -8616,15 +8616,15 @@ "annotation": [ [], [ - "Execute" + "TaintSink::Execute" ], [], [], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ] ], "properties": [] @@ -8670,12 +8670,12 @@ "annotation": [ [], [ - "FormatString::Printf", - "SensitiveDataLeak" + "TaintSink::FormatString", + "TaintSink::SensitiveDataLeak" ], [ "CheckOverflow", - "SensitiveDataLeak" + "TaintSink::SensitiveDataLeak" ] ], "properties": [] @@ -8685,11 +8685,11 @@ "annotation": [ [], [ - "FormatString::Printf", - "SensitiveDataLeak" + "TaintSink::FormatString", + "TaintSink::SensitiveDataLeak" ], [ - "SensitiveDataLeak" + "TaintSink::SensitiveDataLeak" ] ], "properties": [] @@ -9941,7 +9941,7 @@ "TaintOutput::UntrustedSource" ], [ - "FormatString::Scanf" + "TaintSink::FormatString" ], [ "TaintOutput:*:UntrustedSource", @@ -9959,7 +9959,7 @@ "TaintOutput::UntrustedSource" ], [ - "FormatString::Scanfs" + "TaintSink::FormatString" ], [ "TaintOutput::UntrustedSource", @@ -10087,13 +10087,13 @@ [], [], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ], [] ], @@ -10104,7 +10104,7 @@ "annotation": [ [], [ - "Execute" + "TaintSink::Execute" ] ], "properties": [] @@ -10114,7 +10114,7 @@ "annotation": [ [], [ - "Execute" + "TaintSink::Execute" ] ], "properties": [] @@ -10126,13 +10126,13 @@ [], [], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ], [] ], @@ -10220,7 +10220,7 @@ ], [], [ - "FormatString::Printf" + "TaintSink::FormatString" ] ], "properties": [] @@ -10235,7 +10235,7 @@ ], [], [ - "FormatString::Printf" + "TaintSink::FormatString" ] ], "properties": [] @@ -10250,7 +10250,7 @@ ], [], [ - "FormatString::Printf" + "TaintSink::FormatString" ] ], "properties": [] @@ -10264,7 +10264,7 @@ ], [], [ - "FormatString" + "TaintSink::FormatString" ] ], "properties": [] @@ -10275,13 +10275,13 @@ [], [], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ] ], "properties": [] @@ -10292,13 +10292,13 @@ [], [], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ] ], "properties": [] @@ -10309,13 +10309,13 @@ [], [], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ] ], "properties": [] @@ -10326,13 +10326,13 @@ [], [], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ] ], "properties": [] @@ -10343,10 +10343,10 @@ [], [], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ] ], "properties": [] @@ -10357,13 +10357,13 @@ [], [], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ] ], "properties": [] @@ -10374,10 +10374,10 @@ [], [], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ] ], "properties": [] @@ -10388,13 +10388,13 @@ [], [], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ], [ - "Execute" + "TaintSink::Execute" ] ], "properties": [] @@ -10412,7 +10412,7 @@ "OutputString" ], [ - "FormatString::Printf" + "TaintSink::FormatString" ] ], "properties": [] @@ -10432,7 +10432,7 @@ "MemorySize::1" ], [ - "FormatString::Printf" + "TaintSink::FormatString" ] ], "properties": [] @@ -10485,7 +10485,7 @@ "Deref" ], [ - "FormatString::Scanf" + "TaintSink::FormatString" ], [ "Write:*", @@ -10506,7 +10506,7 @@ "Deref" ], [ - "FormatString::Scanfs" + "TaintSink::FormatString" ], [ "Write:*", @@ -10594,7 +10594,7 @@ [], [], [ - "SensitiveDataLeak" + "TaintSink::SensitiveDataLeak" ] ], "properties": [] @@ -11842,7 +11842,7 @@ "TaintPropagation::UntrustedSource:3" ], [ - "FormatString" + "TaintSink::FormatString" ] ], "properties": [] @@ -11856,7 +11856,7 @@ "TaintPropagation::UntrustedSource:3" ], [ - "FormatString" + "TaintSink::FormatString" ] ], "properties": [] @@ -11870,7 +11870,7 @@ "TaintPropagation::UntrustedSource:3" ], [ - "FormatString" + "TaintSink::FormatString" ] ], "properties": [] @@ -11887,7 +11887,7 @@ "MemorySize::1" ], [ - "FormatString" + "TaintSink::FormatString" ] ], "properties": [] @@ -11902,7 +11902,7 @@ "Deref" ], [ - "FormatString" + "TaintSink::FormatString" ], [ "Write:*", @@ -11921,7 +11921,7 @@ "Deref" ], [ - "FormatString" + "TaintSink::FormatString" ], [ "Write:*", @@ -11936,7 +11936,7 @@ "annotation": [ [], [ - "Execute" + "TaintSink::Execute" ] ], "properties": [] @@ -11960,7 +11960,7 @@ "annotation": [ [], [ - "Execute" + "TaintSink::Execute" ], [] ], @@ -12515,7 +12515,7 @@ "Deref" ], [ - "FormatString" + "TaintSink::FormatString" ] ], "properties": [] @@ -12531,7 +12531,7 @@ "MemorySize::1" ], [ - "FormatString" + "TaintSink::FormatString" ] ], "properties": [] @@ -12546,7 +12546,7 @@ "Deref" ], [ - "FormatString" + "TaintSink::FormatString" ], [ "TaintOutput::UntrustedSource", @@ -12565,7 +12565,7 @@ "Deref" ], [ - "FormatString" + "TaintSink::FormatString" ], [ "TaintOutput::UntrustedSource", @@ -12582,7 +12582,7 @@ ], [], [ - "FormatString" + "TaintSink::FormatString" ], [ "TaintOutput::UntrustedSource", @@ -12601,7 +12601,7 @@ "Deref" ], [ - "FormatString" + "TaintSink::FormatString" ] ], "properties": [] @@ -12617,7 +12617,7 @@ "MemorySize::1" ], [ - "FormatString" + "TaintSink::FormatString" ] ], "properties": [] @@ -12632,7 +12632,7 @@ "Deref" ], [ - "FormatString" + "TaintSink::FormatString" ], [ "TaintOutput::UntrustedSource", @@ -12648,7 +12648,7 @@ [], [], [ - "FormatString" + "TaintSink::FormatString" ] ], "properties": [] @@ -12659,7 +12659,7 @@ [], [], [ - "FormatString" + "TaintSink::FormatString" ] ], "properties": [] @@ -12671,7 +12671,7 @@ "TaintOutput::UntrustedSource" ], [ - "FormatString" + "TaintSink::FormatString" ], [ "TaintOutput::UntrustedSource", @@ -12688,7 +12688,7 @@ "TaintOutput::UntrustedSource" ], [ - "FormatString" + "TaintSink::FormatString" ], [ "TaintOutput::UntrustedSource", @@ -12713,7 +12713,7 @@ "MemorySize::1" ], [ - "FormatString" + "TaintSink::FormatString" ] ], "properties": [] @@ -12735,7 +12735,7 @@ "BuffSize::>2" ], [ - "FormatString" + "TaintSink::FormatString" ] ], "properties": [] @@ -12754,7 +12754,7 @@ "MemorySize::1" ], [ - "FormatString" + "TaintSink::FormatString" ] ], "properties": [] @@ -12771,7 +12771,7 @@ "TaintPropagation::UntrustedSource:3" ], [ - "FormatString" + "TaintSink::FormatString" ] ], "properties": [] @@ -12788,7 +12788,7 @@ "TaintPropagation::UntrustedSource:3" ], [ - "FormatString" + "TaintSink::FormatString" ] ], "properties": [] @@ -12808,7 +12808,7 @@ "MemorySize::1" ], [ - "FormatString" + "TaintSink::FormatString" ] ], "properties": [] @@ -12823,7 +12823,7 @@ "Deref" ], [ - "FormatString" + "TaintSink::FormatString" ], [ "Deref", @@ -12842,7 +12842,7 @@ ], [], [ - "FormatString" + "TaintSink::FormatString" ], [ "TaintOutput::UntrustedSource", @@ -12862,7 +12862,7 @@ ], [], [ - "FormatString" + "TaintSink::FormatString" ] ], "properties": [] @@ -12875,7 +12875,7 @@ [], [], [ - "FormatString" + "TaintSink::FormatString" ] ], "properties": [] @@ -12889,7 +12889,7 @@ ], [], [ - "FormatString" + "TaintSink::FormatString" ] ], "properties": [] @@ -12904,7 +12904,7 @@ "Deref" ], [ - "FormatString" + "TaintSink::FormatString" ], [ "Write:*", @@ -12921,7 +12921,7 @@ [], [], [ - "FormatString" + "TaintSink::FormatString" ] ], "properties": [] @@ -12932,7 +12932,7 @@ [], [], [ - "FormatString" + "TaintSink::FormatString" ] ], "properties": [] @@ -12944,7 +12944,7 @@ "TaintOutput::UntrustedSource" ], [ - "FormatString" + "TaintSink::FormatString" ], [ "TaintOutput::UntrustedSource", @@ -13737,7 +13737,7 @@ "annotation": [ [], [ - "Execute" + "TaintSink::Execute" ], [] ], @@ -13896,11 +13896,11 @@ "annotation": [ [], [ - "FormatString", - "SensitiveDataLeak" + "TaintSink::FormatString", + "TaintSink::SensitiveDataLeak" ], [ - "SensitiveDataLeak" + "TaintSink::SensitiveDataLeak" ] ], "properties": [] @@ -13910,11 +13910,11 @@ "annotation": [ [], [ - "FormatString", - "SensitiveDataLeak" + "TaintSink::FormatString", + "TaintSink::SensitiveDataLeak" ], [ - "SensitiveDataLeak" + "TaintSink::SensitiveDataLeak" ] ], "properties": [] @@ -13926,7 +13926,7 @@ "TaintOutput::UntrustedSource" ], [ - "FormatString" + "TaintSink::FormatString" ], [ "TaintOutput::UntrustedSource", diff --git a/include/klee/Module/Annotation.h b/include/klee/Module/Annotation.h index 8191c61fcf..b855b5a03f 100644 --- a/include/klee/Module/Annotation.h +++ b/include/klee/Module/Annotation.h @@ -38,7 +38,8 @@ enum class Kind { Free, TaintOutput, - TaintPropagation + TaintPropagation, + TaintSink }; enum class Property { @@ -121,6 +122,8 @@ struct Free final : public Unknown { [[nodiscard]] Kind getKind() const override; }; +//TODO: maybe separate class Taint + struct TaintOutput final : public Unknown { std::string type; @@ -138,6 +141,14 @@ struct TaintPropagation final : public Unknown { [[nodiscard]] Kind getKind() const override; }; +struct TaintSink final : public Unknown { + std::string type; + + explicit TaintSink(const std::string &str = "TaintSink"); + + [[nodiscard]] Kind getKind() const override; +}; + using Ptr = std::shared_ptr; bool operator==(const Ptr &first, const Ptr &second); } // namespace Statement diff --git a/lib/Module/Annotation.cpp b/lib/Module/Annotation.cpp index d09df6ddc0..7a3b796c25 100644 --- a/lib/Module/Annotation.cpp +++ b/lib/Module/Annotation.cpp @@ -177,6 +177,23 @@ TaintPropagation::TaintPropagation(const std::string &str) : Unknown(str) { Kind TaintPropagation::getKind() const { return Kind::TaintPropagation; } +/* + * Format: TaintSink::{type} + */ + +TaintSink::TaintSink(const std::string &str) : Unknown(str) { + if (!rawOffset.empty()) { + klee_error("Annotation TaintSink: Incorrect offset format, must be empty"); + } + if (rawValue.empty()) { + klee_error("Annotation TaintSink: Incorrect value format, must be not empty"); + } + + type = rawValue; +} + +Kind TaintSink::getKind() const { return Kind::TaintSink; } + const std::map StringToKindMap = { {"deref", Statement::Kind::Deref}, {"initnull", Statement::Kind::InitNull}, @@ -185,7 +202,8 @@ const std::map StringToKindMap = { {"freesource", Statement::Kind::Free}, {"freesink", Statement::Kind::Free}, {"taintoutput", Statement::Kind::TaintOutput}, - {"taintpropagation", Statement::Kind::TaintPropagation}}; + {"taintpropagation", Statement::Kind::TaintPropagation}, + {"taintsink", Statement::Kind::TaintSink}}; inline Statement::Kind stringToKind(const std::string &str) { auto it = StringToKindMap.find(toLower(str)); @@ -214,6 +232,8 @@ Ptr stringToKindPtr(const std::string &str) { return std::make_shared(str); case Statement::Kind::TaintPropagation: return std::make_shared(str); + case Statement::Kind::TaintSink: + return std::make_shared(str); } } diff --git a/scripts/cooddy_annotations.py b/scripts/cooddy_annotations.py index 1d61fc8462..382e43d1ad 100755 --- a/scripts/cooddy_annotations.py +++ b/scripts/cooddy_annotations.py @@ -41,6 +41,18 @@ def transform_annotation_with_taint_statements(annotation, funcName): if (st_len != 1): print("For SensitiveDataSource in {} annotation elem #{} ignore offset and data from cooddy annotations file".format(funcName, i)) transformed_statement = "TaintOutput::SensitiveDataSource" + elif (statement[0] == "Execute"): + if (st_len != 1): + print("For Execute in {} annotation elem #{} ignore offset and data from cooddy annotations file".format(funcName, i)) + transformed_statement = "TaintSink::Execute" + elif (statement[0] == "FormatString"): + if (st_len != 1): + print("For FormatString in {} annotation elem #{} ignore offset and data from cooddy annotations file".format(funcName, i)) + transformed_statement = "TaintSink::FormatString" + elif (statement[0] == "SensitiveDataLeak"): + if (st_len != 1): + print("For SensitiveDataLeak in {} annotation elem #{} ignore offset and data from cooddy annotations file".format(funcName, i)) + transformed_statement = "TaintSink::SensitiveDataLeak" transformed_annotation_for_param.append(transformed_statement) transformed_annotation.append(transformed_annotation_for_param) From 440292affe37875c4ca4c5798524404cdc67edbb Mon Sep 17 00:00:00 2001 From: Maria Date: Fri, 15 Dec 2023 20:39:47 +0300 Subject: [PATCH 09/28] Update .gitignore --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index 77c409f5ec..6b1c703679 100644 --- a/.gitignore +++ b/.gitignore @@ -32,5 +32,6 @@ autoconf/autom4te.cache/ autom4te.cache/ .vscode/ +.idea/ .cache/ .helix/ From 2d1afdda138c56b8e656f3e57894b6d543977057 Mon Sep 17 00:00:00 2001 From: Maria Date: Thu, 21 Dec 2023 18:54:12 +0300 Subject: [PATCH 10/28] Separate Taint class of annotations --- include/klee/Module/Annotation.h | 22 ++++++++----- lib/Module/Annotation.cpp | 54 +++++++++++++++++++------------- 2 files changed, 46 insertions(+), 30 deletions(-) diff --git a/include/klee/Module/Annotation.h b/include/klee/Module/Annotation.h index b855b5a03f..1c01408138 100644 --- a/include/klee/Module/Annotation.h +++ b/include/klee/Module/Annotation.h @@ -122,18 +122,26 @@ struct Free final : public Unknown { [[nodiscard]] Kind getKind() const override; }; -//TODO: maybe separate class Taint +struct Taint : public Unknown { +protected: + std::string taintType; + +public: + explicit Taint(const std::string &str = "Unknown"); -struct TaintOutput final : public Unknown { - std::string type; + [[nodiscard]] Kind getKind() const override; + [[nodiscard]] std::string getTaintType() const; + [[nodiscard]] std::string getTaintTypeAsLower() const; +}; + +struct TaintOutput final : public Taint { explicit TaintOutput(const std::string &str = "TaintOutput"); [[nodiscard]] Kind getKind() const override; }; -struct TaintPropagation final : public Unknown { - std::string type; +struct TaintPropagation final : public Taint { size_t propagationParameter; explicit TaintPropagation(const std::string &str = "TaintPropagation"); @@ -141,9 +149,7 @@ struct TaintPropagation final : public Unknown { [[nodiscard]] Kind getKind() const override; }; -struct TaintSink final : public Unknown { - std::string type; - +struct TaintSink final : public Taint { explicit TaintSink(const std::string &str = "TaintSink"); [[nodiscard]] Kind getKind() const override; diff --git a/lib/Module/Annotation.cpp b/lib/Module/Annotation.cpp index 7a3b796c25..bbdb38094a 100644 --- a/lib/Module/Annotation.cpp +++ b/lib/Module/Annotation.cpp @@ -139,16 +139,25 @@ Free::Free(const std::string &str) : Unknown(str) { Kind Free::getKind() const { return Kind::Free; } +Taint::Taint(const std::string &str) : Unknown(str) { + taintType = rawValue.substr(0, rawValue.find(':')); + // TODO: in the future, support typeless annotations (meaning all types) + if (taintType.empty()) { + klee_error("Annotation Taint: Incorrect value format, must has taint type"); + } +} + +Kind Taint::getKind() const { return Unknown::getKind(); } + +std::string Taint::getTaintType() const { return taintType; } + +std::string Taint::getTaintTypeAsLower() const { return toLower(taintType); } + /* * Format: TaintOutput:{offset}:{type} */ -TaintOutput::TaintOutput(const std::string &str) : Unknown(str) { - if (rawValue.empty()) { - klee_error("Annotation TaintOutput: Incorrect value format, must be not empty"); - } - type = rawValue; -} +TaintOutput::TaintOutput(const std::string &str) : Taint(str) {} Kind TaintOutput::getKind() const { return Kind::TaintOutput; } @@ -156,22 +165,27 @@ Kind TaintOutput::getKind() const { return Kind::TaintOutput; } * Format: TaintPropagation::{type}:{data} */ -TaintPropagation::TaintPropagation(const std::string &str) : Unknown(str) { +TaintPropagation::TaintPropagation(const std::string &str) : Taint(str) { + //TODO: now this is true for cooddy, but it’s not clear how to use them. if (!rawOffset.empty()) { - klee_error("Annotation TaintPropagation: Incorrect offset format, must be empty"); - } - if (rawValue.empty()) { - klee_error("Annotation TaintPropagation: Incorrect value format, must be not empty"); + klee_error("Annotation TaintSink: Incorrect offset format, must be empty"); } const size_t colonPos = rawValue.find(':'); - if (colonPos == std::string::npos) { - klee_error("Annotation TaintPropagation: Incorrect value %s format, must be :", rawValue.c_str()); + const std::string rawData = (colonPos == std::string::npos) + ? std::string() + : rawValue.substr(colonPos + 1, std::string::npos); + + if (rawData.empty()) { + klee_error("Annotation TaintPropagation: Incorrect value %s format, must be :", + rawValue.c_str()); } - type = rawValue.substr(0, colonPos); - if (sscanf(rawValue.substr(colonPos + 1, std::string::npos).c_str(), "%zu", &propagationParameter) != 1) { - klee_error("Annotation TaintPropagation: Incorrect value %s format, must be :", rawValue.c_str()); + char* end = nullptr; + propagationParameter = strtoul(rawData.c_str(), &end, 10); + if (*end != '\0' || errno == ERANGE) { + klee_error("Annotation TaintPropagation: Incorrect value %s format, must be :", + rawValue.c_str()); } } @@ -181,15 +195,11 @@ Kind TaintPropagation::getKind() const { return Kind::TaintPropagation; } * Format: TaintSink::{type} */ -TaintSink::TaintSink(const std::string &str) : Unknown(str) { +TaintSink::TaintSink(const std::string &str) : Taint(str) { + //TODO: now this is true for cooddy, but it’s not clear how to use them. if (!rawOffset.empty()) { klee_error("Annotation TaintSink: Incorrect offset format, must be empty"); } - if (rawValue.empty()) { - klee_error("Annotation TaintSink: Incorrect value format, must be not empty"); - } - - type = rawValue; } Kind TaintSink::getKind() const { return Kind::TaintSink; } From 54531d3cf348e2a8ef010cc629bb42e9d1bd64a3 Mon Sep 17 00:00:00 2001 From: Maria Date: Fri, 22 Dec 2023 19:48:34 +0300 Subject: [PATCH 11/28] Update TaintOutput --- configs/annotations.json | 6 ++-- lib/Module/Annotation.cpp | 16 ++++------- scripts/cooddy_annotations.py | 54 +++++++++++++++++++---------------- 3 files changed, 37 insertions(+), 39 deletions(-) diff --git a/configs/annotations.json b/configs/annotations.json index 1c62cb7c2f..12a7e3d527 100644 --- a/configs/annotations.json +++ b/configs/annotations.json @@ -5321,7 +5321,7 @@ "TaintSink::FormatString" ], [ - "TaintOutput:*:UntrustedSource", + "TaintOutput::UntrustedSource", "Write:*", "OutputString" ] @@ -5341,7 +5341,7 @@ "TaintSink::FormatString" ], [ - "TaintOutput:*:UntrustedSource", + "TaintOutput::UntrustedSource", "Write:*", "FormatStringArgs", "OutputString::-1" @@ -9944,7 +9944,7 @@ "TaintSink::FormatString" ], [ - "TaintOutput:*:UntrustedSource", + "TaintOutput::UntrustedSource", "Write:*", "FormatStringArgs", "OutputString" diff --git a/lib/Module/Annotation.cpp b/lib/Module/Annotation.cpp index bbdb38094a..f2a8ee52d9 100644 --- a/lib/Module/Annotation.cpp +++ b/lib/Module/Annotation.cpp @@ -140,6 +140,10 @@ Free::Free(const std::string &str) : Unknown(str) { Kind Free::getKind() const { return Kind::Free; } Taint::Taint(const std::string &str) : Unknown(str) { + if (!rawOffset.empty()) { + klee_error("Annotation Taint: Incorrect offset format, must be empty"); + } + taintType = rawValue.substr(0, rawValue.find(':')); // TODO: in the future, support typeless annotations (meaning all types) if (taintType.empty()) { @@ -166,11 +170,6 @@ Kind TaintOutput::getKind() const { return Kind::TaintOutput; } */ TaintPropagation::TaintPropagation(const std::string &str) : Taint(str) { - //TODO: now this is true for cooddy, but it’s not clear how to use them. - if (!rawOffset.empty()) { - klee_error("Annotation TaintSink: Incorrect offset format, must be empty"); - } - const size_t colonPos = rawValue.find(':'); const std::string rawData = (colonPos == std::string::npos) ? std::string() @@ -195,12 +194,7 @@ Kind TaintPropagation::getKind() const { return Kind::TaintPropagation; } * Format: TaintSink::{type} */ -TaintSink::TaintSink(const std::string &str) : Taint(str) { - //TODO: now this is true for cooddy, but it’s not clear how to use them. - if (!rawOffset.empty()) { - klee_error("Annotation TaintSink: Incorrect offset format, must be empty"); - } -} +TaintSink::TaintSink(const std::string &str) : Taint(str) {} Kind TaintSink::getKind() const { return Kind::TaintSink; } diff --git a/scripts/cooddy_annotations.py b/scripts/cooddy_annotations.py index 382e43d1ad..6d55bda1be 100755 --- a/scripts/cooddy_annotations.py +++ b/scripts/cooddy_annotations.py @@ -14,7 +14,7 @@ def getNames(name: str): return name, name -def transform_annotation_with_taint_statements(annotation, funcName): +def transform_annotation_with_taint_statements(annotation, func_name): transformed_annotation = [] for i, annotation_for_param in enumerate(annotation): transformed_annotation_for_param = [] @@ -24,34 +24,39 @@ def transform_annotation_with_taint_statements(annotation, funcName): assert(st_len <= 3) transformed_statement = st - if (statement[0] == "TaintOutput"): - if (st_len == 3 and statement[2] != ""): - print("For TaintOutput in {} annotation elem #{} ignore data from cooddy annotations file".format(funcName, i)) - offset = statement[1] if st_len == 2 else "" - transformed_statement = "TaintOutput:{}:UntrustedSource".format(offset) - elif (statement[0] == "TaintPropagation"): - if (st_len == 2): - print("TaintPropagation in {} annotation elem #{} misprint".format(funcName, i)) + if statement[0] == "TaintOutput": + if st_len > 1: + print("For TaintOutput in {} annotation elem #{} " + + "ignore offset and data from cooddy annotations file".format(func_name, i)) + transformed_statement = "TaintOutput::UntrustedSource" + elif statement[0] == "TaintPropagation": + if st_len == 2: + print("TaintPropagation in {} annotation elem #{} misprint".format(func_name, i)) transformed_statement = "TaintPropagation::UntrustedSource:{}".format(statement[1]) - elif (st_len == 3): - if (statement[1] != ""): - print("For TaintPropagation in {} annotation elem #{} ignore offset from cooddy annotations file".format(funcName, i)) + elif st_len == 3: + if statement[1] != "": + print("For TaintPropagation in {} annotation elem #{} " + + "ignore offset from cooddy annotations file".format(func_name, i)) transformed_statement = "TaintPropagation::UntrustedSource:{}".format(statement[2]) - elif (statement[0] == "SensitiveDataSource"): - if (st_len != 1): - print("For SensitiveDataSource in {} annotation elem #{} ignore offset and data from cooddy annotations file".format(funcName, i)) + elif statement[0] == "SensitiveDataSource": + if st_len != 1: + print("For SensitiveDataSource in {} annotation elem #{} " + + "ignore offset and data from cooddy annotations file".format(func_name, i)) transformed_statement = "TaintOutput::SensitiveDataSource" - elif (statement[0] == "Execute"): - if (st_len != 1): - print("For Execute in {} annotation elem #{} ignore offset and data from cooddy annotations file".format(funcName, i)) + elif statement[0] == "Execute": + if st_len != 1: + print("For Execute in {} annotation elem #{} " + + "ignore offset and data from cooddy annotations file".format(func_name, i)) transformed_statement = "TaintSink::Execute" - elif (statement[0] == "FormatString"): - if (st_len != 1): - print("For FormatString in {} annotation elem #{} ignore offset and data from cooddy annotations file".format(funcName, i)) + elif statement[0] == "FormatString": + if st_len != 1: + print("For FormatString in {} annotation elem #{} " + + "ignore offset and data from cooddy annotations file".format(func_name, i)) transformed_statement = "TaintSink::FormatString" - elif (statement[0] == "SensitiveDataLeak"): - if (st_len != 1): - print("For SensitiveDataLeak in {} annotation elem #{} ignore offset and data from cooddy annotations file".format(funcName, i)) + elif statement[0] == "SensitiveDataLeak": + if st_len != 1: + print("For SensitiveDataLeak in {} annotation elem #{} " + + "ignore offset and data from cooddy annotations file".format(func_name, i)) transformed_statement = "TaintSink::SensitiveDataLeak" transformed_annotation_for_param.append(transformed_statement) @@ -60,7 +65,6 @@ def transform_annotation_with_taint_statements(annotation, funcName): return transformed_annotation - def transform(utbot_json, coody_json, process_taint): for coody_name, annotation in coody_json.items(): funcName, mangledName = getNames(coody_name) From dd15b5ab459920e73a2247d32a5d0f5e3c8d2ce9 Mon Sep 17 00:00:00 2001 From: Maria Date: Sat, 23 Dec 2023 00:02:01 +0300 Subject: [PATCH 12/28] Write mocks for taint annotations, change taint_type to taint_source --- include/klee/Module/Annotation.h | 2 +- include/klee/klee.h | 20 +-- lib/Core/MockBuilder.cpp | 249 ++++++++++++++++++++-------- lib/Core/SpecialFunctionHandler.cpp | 6 +- lib/Core/SpecialFunctionHandler.h | 2 +- lib/Module/Annotation.cpp | 8 +- runtime/Runtest/intrinsics.c | 6 +- tools/klee/main.cpp | 2 +- 8 files changed, 209 insertions(+), 86 deletions(-) diff --git a/include/klee/Module/Annotation.h b/include/klee/Module/Annotation.h index 1c01408138..a2d3dc70bf 100644 --- a/include/klee/Module/Annotation.h +++ b/include/klee/Module/Annotation.h @@ -142,7 +142,7 @@ struct TaintOutput final : public Taint { }; struct TaintPropagation final : public Taint { - size_t propagationParameter; + size_t propagationParameterIndex; explicit TaintPropagation(const std::string &str = "TaintPropagation"); diff --git a/include/klee/klee.h b/include/klee/klee.h index 076d827d56..e78c23b808 100644 --- a/include/klee/klee.h +++ b/include/klee/klee.h @@ -37,35 +37,35 @@ void *klee_define_fixed_object(void *addr, size_t nbytes); */ void klee_make_symbolic(void *addr, size_t nbytes, const char *name); -/* klee_add_taint - Add taint \arg taint_type for the contents +/* klee_add_taint - Add taint \arg taint_source for the contents * of the object pointer to \arg addr. * * \arg addr - The start of the object. * \arg nbytes - The number of bytes to set taint type; currently this *must* * be the entire contents of the object. - * \arg taint_type - Taint type. + * \arg taint_source - Taint source. */ -void klee_add_taint(void *array, size_t nbytes, size_t taint_type); +void klee_add_taint(void *array, size_t nbytes, size_t taint_source); /* klee_clear_taint - Clear the contents of the object pointer to \arg addr - * of the taint \arg taint_type. + * of the taint \arg taint_source. * * \arg addr - The start of the object. * \arg nbytes - The number of bytes to set taint type; currently this *must* * be the entire contents of the object. - * \arg taint_type - Taint type. + * \arg taint_source - Taint source. */ -void klee_clear_taint(void *array, size_t nbytes, size_t taint_type); +void klee_clear_taint(void *array, size_t nbytes, size_t taint_source); -/* klee_check_taint - Check that the contents of the object pointer - * to \arg addr has a \arg taint_type. +/* klee_check_taint_source - Check that the contents of the object pointer + * to \arg addr has a \arg taint_source. * * \arg addr - The start of the object. * \arg nbytes - The number of bytes to set taint type; currently this *must* * be the entire contents of the object. - * \arg taint_type - Taint type. + * \arg taint_source - Taint source. */ -bool klee_check_taint(void *array, size_t nbytes, size_t taint_type); +bool klee_check_taint_source(void *array, size_t nbytes, size_t taint_source); /* klee_check_taint_sink - Check that the contents of the object pointer * to \arg addr causes a taint sink \arg taint_sink hit. diff --git a/lib/Core/MockBuilder.cpp b/lib/Core/MockBuilder.cpp index fa89616ce5..999d7ad8a7 100644 --- a/lib/Core/MockBuilder.cpp +++ b/lib/Core/MockBuilder.cpp @@ -356,6 +356,8 @@ inline bool isCorrectStatements(const std::vector &statements, switch (statement->getKind()) { case Statement::Kind::Deref: case Statement::Kind::InitNull: + case Statement::Kind::TaintOutput: + case Statement::Kind::TaintPropagation: return argType->isPointerTy(); case Statement::Kind::AllocSource: assert(false); @@ -495,59 +497,106 @@ void MockBuilder::buildAnnotationForExternalFunctionArgs( break; } case Statement::Kind::TaintOutput: { - auto x = std::dynamic_pointer_cast(statement); -// buildCallKleeTaintFunction("klee_add_taint", elem,); + if (!elem->getType()->isPointerTy()) { + klee_error("Annotation: TaintOutput arg not pointer"); + } + + auto taintOutputPtr = (Statement::TaintOutput *)statement.get(); + const size_t sourceTypeNum = annotationsData.taintAnnotation.sinks[ + taintOutputPtr->getTaintType() + ]; + + buildCallKleeTaintFunction("klee_add_taint", elem, sourceTypeNum); break; } case Statement::Kind::TaintPropagation: { -// buildCallKleeTaintFunction("klee_add_taint", elem,); + if (!elem->getType()->isPointerTy()) { + klee_error("Annotation: TaintPropagation arg not pointer"); + } + + auto taintPropagationPtr = (Statement::TaintPropagation *)statement.get(); + const std::string sourceTypeLower = taintPropagationPtr->getTaintTypeAsLower(); + const size_t sourceTypeNum = annotationsData.taintAnnotation.sinks[ + taintPropagationPtr->getTaintType() + ]; + + //TODO: support arg lists + if (taintPropagationPtr->propagationParameterIndex >= func->arg_size()) { + klee_warning("Annotation: ignore TaintPropagation because not support arg lists"); + break; + } + + const std::string propagateCondName = + "condition_taint_propagate_" + sourceTypeLower + "_arg_" + + std::to_string(i) + "_" + func->getName().str(); + + llvm::BasicBlock *fromIf = builder->GetInsertBlock(); + llvm::Function *curFunc = fromIf->getParent(); + + llvm::BasicBlock *propagateBB = llvm::BasicBlock::Create( + mockModule->getContext(), propagateCondName, curFunc); + llvm::BasicBlock *contBB = llvm::BasicBlock::Create( + mockModule->getContext(), "continue_" + propagateCondName); + + llvm::Value *propagationValue = + func->getArg(taintPropagationPtr->propagationParameterIndex); + auto brValuePropagate = buildCallKleeTaintFunction( + "klee_check_taint_source", propagationValue, sourceTypeNum); + builder->CreateCondBr(brValuePropagate, propagateBB, contBB); + + builder->SetInsertPoint(propagateBB); + buildCallKleeTaintFunction("klee_add_taint", elem, sourceTypeNum); + builder->CreateBr(contBB); + + curFunc->getBasicBlockList().push_back(contBB); + builder->SetInsertPoint(contBB); + break; + } + case Statement::Kind::TaintSink: { + auto taintSinkPtr = (Statement::TaintSink *)statement.get(); + const std::string sinkTypeLower = taintSinkPtr->getTaintTypeAsLower(); + const size_t sinkTypeNum = annotationsData.taintAnnotation.sinks[ + taintSinkPtr->getTaintType() + ]; + + const std::string sinkCondName = + "condition_taint_sink_" + sinkTypeLower + "_arg_" + + std::to_string(i) + "_" + func->getName().str(); + + llvm::BasicBlock *fromIf = builder->GetInsertBlock(); + llvm::Function *curFunc = fromIf->getParent(); + + llvm::BasicBlock *sinkBB = llvm::BasicBlock::Create( + mockModule->getContext(), sinkCondName, curFunc); + llvm::BasicBlock *contBB = llvm::BasicBlock::Create( + mockModule->getContext(), "continue_" + sinkCondName); + auto brValueSink = buildCallKleeTaintFunction( + "klee_check_taint_sink", elem, sinkTypeNum); + builder->CreateCondBr(brValueSink, sinkBB, contBB); + + builder->SetInsertPoint(sinkBB); + std::string sinkHitCondName = + "condition_taint_sink_hit_" + sinkTypeLower + "_arg_" + + std::to_string(i) + "_" + func->getName().str(); + auto intType = llvm::IntegerType::get(mockModule->getContext(), 1); + auto *sinkHitCond = builder->CreateAlloca(intType, nullptr); + buildCallKleeMakeSymbolic("klee_make_mock", sinkHitCond, intType, + sinkHitCondName); + fromIf = builder->GetInsertBlock(); + curFunc = fromIf->getParent(); + llvm::BasicBlock *sinkHitBB = llvm::BasicBlock::Create( + mockModule->getContext(), sinkHitCondName, curFunc); + auto brValueSinkHit = builder->CreateLoad(intType, sinkHitCond); + builder->CreateCondBr(brValueSinkHit, sinkHitBB, contBB); + + builder->SetInsertPoint(sinkHitBB); + buildCallKleeTaintSinkHit(sinkTypeNum); + builder->CreateBr(contBB); + + curFunc->getBasicBlockList().push_back(contBB); + builder->SetInsertPoint(contBB); break; } -// case Statement::Kind::FormatString: { -// if (!elem->getType()->isPointerTy()) { -// klee_error("Annotation: FormatString arg not pointer"); -// } -// -// std::string sinkCondName = -// "condition_sink_format_string_arg_" + std::to_string(i) + -// "_" + func->getName().str(); -// -// llvm::BasicBlock *fromIf = builder->GetInsertBlock(); -// llvm::Function *curFunc = fromIf->getParent(); -// -// llvm::BasicBlock *sinkBB = llvm::BasicBlock::Create( -// mockModule->getContext(), sinkCondName, curFunc); -// llvm::BasicBlock *contBB = llvm::BasicBlock::Create( -// mockModule->getContext(), "continue_" + sinkCondName); -// auto brValueSink = buildCallKleeTaintFunction( -// "klee_check_taint_sink", elem, -// static_cast(Statement::Kind::FormatString)); -// builder->CreateCondBr(brValueSink, sinkBB, contBB); -// -// builder->SetInsertPoint(sinkBB); -// std::string sinkHitCondName = -// "condition_sink_hit_format_string_arg_" + std::to_string(i) + -// "_" + func->getName().str(); -// auto intType = llvm::IntegerType::get(mockModule->getContext(), 1); -// auto *sinkHitCond = builder->CreateAlloca(intType, nullptr); -// buildCallKleeMakeSymbolic("klee_make_mock", sinkHitCond, intType, -// sinkHitCondName); -// fromIf = builder->GetInsertBlock(); -// curFunc = fromIf->getParent(); -// llvm::BasicBlock *sinkHitBB = llvm::BasicBlock::Create( -// mockModule->getContext(), sinkHitCondName, curFunc); -// auto brValueSinkHit = builder->CreateLoad(intType, sinkHitCond); -// builder->CreateCondBr(brValueSinkHit, sinkHitBB, contBB); -// -// builder->SetInsertPoint(sinkHitBB); -// buildCallKleeTaintSinkHit( -// static_cast(Statement::Kind::FormatString)); -// builder->CreateBr(contBB); -// -// curFunc->getBasicBlockList().push_back(contBB); -// builder->SetInsertPoint(contBB); -// break; -// } case Statement::Kind::Unknown: default: klee_message("Annotation: not implemented %s", @@ -566,21 +615,9 @@ void MockBuilder::buildAnnotationForExternalFunctionArgs( llvm::CallInst* MockBuilder::buildCallKleeTaintFunction(const std::string &functionName, llvm::Value *source, size_t target) { - llvm::Value *countBytes; - if (source->getType()->getPointerElementType()->isIntegerTy(8)) { - auto *TLI = new llvm::TargetLibraryInfo(llvm::TargetLibraryInfoImpl()); - countBytes = llvm::emitStrLen(source, *builder, - mockModule->getDataLayout(),TLI); - } - else { - const size_t bytes = mockModule->getDataLayout().getTypeStoreSize( - source->getType()->getPointerElementType()); - countBytes = llvm::ConstantInt::get( - mockModule->getContext(), - llvm::APInt(64, bytes, false)); - } - - const auto returnType = (functionName == "klee_check_taint") + // TODO: maybe separate as parameter + const auto returnType = (functionName == "klee_check_taint_source" || + functionName == "klee_check_taint_sink") ? llvm::Type::getInt1Ty(mockModule->getContext()) : llvm::Type::getVoidTy(mockModule->getContext()); @@ -593,11 +630,44 @@ MockBuilder::buildCallKleeTaintFunction(const std::string &functionName, auto kleeAddTaintCallee = mockModule->getOrInsertFunction( functionName, kleeTaintFunctionType); - auto bitCastInst = builder->CreateBitCast( + //TODO: that's not all: + // - add arg list (now it is not even considered + // when passing through the function + // parameters and never gets here) + // - think about ** + // - add going by pointers + llvm::Value *beginPtr; + llvm::Value *countBytes; + if (!source->getType()->isPointerTy() && !source->getType()->isArrayTy()) { + beginPtr = builder->CreateAlloca(source->getType()); + builder->CreateStore(source, beginPtr); + + const size_t bytes = mockModule->getDataLayout().getTypeStoreSize( + source->getType()->getPointerElementType()); + countBytes = llvm::ConstantInt::get( + mockModule->getContext(), + llvm::APInt(64, bytes, false)); + } else if (source->getType()->isPointerTy()) { + beginPtr = builder->CreateBitCast( source, llvm::Type::getInt8PtrTy(mockModule->getContext())); + + if (source->getType()->getPointerElementType()->isIntegerTy(8)) { + auto *TLI = new llvm::TargetLibraryInfo(llvm::TargetLibraryInfoImpl()); + countBytes = llvm::emitStrLen(source, *builder, + mockModule->getDataLayout(),TLI); + } + else { + const size_t bytes = mockModule->getDataLayout().getTypeStoreSize( + source->getType()->getPointerElementType()); + countBytes = llvm::ConstantInt::get( + mockModule->getContext(), + llvm::APInt(64, bytes, false)); + } + } + return builder->CreateCall( kleeAddTaintCallee, - {bitCastInst, + {beginPtr, countBytes, llvm::ConstantInt::get( mockModule->getContext(), @@ -727,6 +797,53 @@ void MockBuilder::buildAnnotationForExternalFunctionReturn( klee_warning("Annotation: unused \"Free\" for return"); break; } + case Statement::Kind::TaintOutput: { + auto taintOutputPtr = (Statement::TaintOutput *)statement.get(); + const size_t sourceTypeNum = annotationsData.taintAnnotation.sinks[ + taintOutputPtr->getTaintType() + ]; + + //TODO: get return value (maybe value from function body before returning) +// buildCallKleeTaintFunction("klee_add_taint", ??? ret_value, sourceTypeNum); + break; + } + case Statement::Kind::TaintPropagation: { + auto taintPropagationPtr = (Statement::TaintPropagation *)statement.get(); + const std::string sourceTypeLower = taintPropagationPtr->getTaintTypeAsLower(); + const size_t sourceTypeNum = annotationsData.taintAnnotation.sinks[ + taintPropagationPtr->getTaintType() + ]; + + const std::string propagateCondName = + "condition_taint_propagate_" + sourceTypeLower + "_ret_" + func->getName().str(); + + llvm::BasicBlock *fromIf = builder->GetInsertBlock(); + llvm::Function *curFunc = fromIf->getParent(); + + llvm::BasicBlock *propagateBB = llvm::BasicBlock::Create( + mockModule->getContext(), propagateCondName, curFunc); + llvm::BasicBlock *contBB = llvm::BasicBlock::Create( + mockModule->getContext(), "continue_" + propagateCondName); + + llvm::Value *propagationValue = func->getArg(taintPropagationPtr->propagationParameterIndex); + auto brValuePropagate = buildCallKleeTaintFunction( + "klee_check_taint_source", propagationValue, sourceTypeNum); + builder->CreateCondBr(brValuePropagate, propagateBB, contBB); + + builder->SetInsertPoint(propagateBB); + //TODO: get return value (maybe value from function body before returning) +// buildCallKleeTaintFunction("klee_add_taint", ??? ret_value, sourceTypeNum); + builder->CreateBr(contBB); + + curFunc->getBasicBlockList().push_back(contBB); + builder->SetInsertPoint(contBB); + break; + } + case Statement::Kind::TaintSink: { + klee_warning("Annotation: unused TaintSink for return function \"%s\"", + func->getName().str().c_str()); + break; + } case Statement::Kind::Unknown: default: klee_message("Annotation: not implemented %s", @@ -750,7 +867,7 @@ void MockBuilder::buildAnnotationForExternalFunctionReturn( builder->CreateICmpNE(retValue, llvm::ConstantPointerNull::get( llvm::cast(returnType)), - "condition_init_null" + retName); + "condition_init_null_" + retName); auto *kleeAssumeType = llvm::FunctionType::get( llvm::Type::getVoidTy(ctx), {llvm::Type::getInt64Ty(ctx)}, false); diff --git a/lib/Core/SpecialFunctionHandler.cpp b/lib/Core/SpecialFunctionHandler.cpp index 89dd4a97d8..4ec7e4aed9 100644 --- a/lib/Core/SpecialFunctionHandler.cpp +++ b/lib/Core/SpecialFunctionHandler.cpp @@ -132,7 +132,7 @@ static SpecialFunctionHandler::HandlerInfo handlerInfo[] = { add("klee_add_taint", handleAddTaint, false), add("klee_clear_taint", handleClearTaint, false), - add("klee_check_taint", handleCheckTaint, true), + add("klee_check_taint_source", handleCheckTaintSource, true), add("klee_check_taint_sink", handleCheckTaintSink, true), add("klee_taint_sink_hit", handleTaintSinkHit, false), #ifdef SUPPORT_KLEE_EH_CXX @@ -1250,14 +1250,14 @@ void SpecialFunctionHandler::handleClearTaint( // executor.executeMemoryOperation(state, true) } -void SpecialFunctionHandler::handleCheckTaint( +void SpecialFunctionHandler::handleCheckTaintSource( klee::ExecutionState &state, klee::KInstruction *target, std::vector> &arguments) { if (arguments.size() != 3) { executor.terminateStateOnUserError( state, "Incorrect number of arguments to " - "klee_check_taint(void*, size_t, size_t)"); + "klee_check_taint_source(void*, size_t, size_t)"); return; } diff --git a/lib/Core/SpecialFunctionHandler.h b/lib/Core/SpecialFunctionHandler.h index a483edb575..5a634751ca 100644 --- a/lib/Core/SpecialFunctionHandler.h +++ b/lib/Core/SpecialFunctionHandler.h @@ -183,7 +183,7 @@ class SpecialFunctionHandler { HANDLER(handlePointerOverflow); HANDLER(handleAddTaint); HANDLER(handleClearTaint); - HANDLER(handleCheckTaint); + HANDLER(handleCheckTaintSource); HANDLER(handleCheckTaintSink); HANDLER(handleTaintSinkHit); #undef HANDLER diff --git a/lib/Module/Annotation.cpp b/lib/Module/Annotation.cpp index f2a8ee52d9..fd095c4987 100644 --- a/lib/Module/Annotation.cpp +++ b/lib/Module/Annotation.cpp @@ -181,11 +181,17 @@ TaintPropagation::TaintPropagation(const std::string &str) : Taint(str) { } char* end = nullptr; - propagationParameter = strtoul(rawData.c_str(), &end, 10); + size_t propagationParameterData = strtoul(rawData.c_str(), &end, 10); if (*end != '\0' || errno == ERANGE) { klee_error("Annotation TaintPropagation: Incorrect value %s format, must be :", rawValue.c_str()); } + + if (propagationParameterData == 0) { + klee_error("Annotation TaintPropagation: Incorrect value %s, data for propagation must be >= 1", + rawValue.c_str()); + } + propagationParameterIndex = propagationParameterData - 1; } Kind TaintPropagation::getKind() const { return Kind::TaintPropagation; } diff --git a/runtime/Runtest/intrinsics.c b/runtime/Runtest/intrinsics.c index 8a3c9ea3cf..ce6b518ac1 100644 --- a/runtime/Runtest/intrinsics.c +++ b/runtime/Runtest/intrinsics.c @@ -165,9 +165,9 @@ void klee_make_mock(void *ret_array, size_t ret_nbytes, const char *fname) { } // TODO: add for tests -void klee_add_taint(void *array, size_t nbytes, size_t taint_type) {} -void klee_clear_taint(void *array, size_t nbytes, size_t taint_type) {} -bool klee_check_taint(void *array, size_t nbytes, size_t taint_type) {} +void klee_add_taint(void *array, size_t nbytes, size_t taint_source) {} +void klee_clear_taint(void *array, size_t nbytes, size_t taint_source) {} +bool klee_check_taint_source(void *array, size_t nbytes, size_t taint_source) {} bool klee_check_taint_sink(void *array, size_t nbytes, size_t taint_sink) {} void klee_taint_sink_hit(size_t taint_sink) {} diff --git a/tools/klee/main.cpp b/tools/klee/main.cpp index 90b61fda9b..1d523f9ad0 100644 --- a/tools/klee/main.cpp +++ b/tools/klee/main.cpp @@ -1085,7 +1085,7 @@ static const char *modelledExternals[] = { "klee_get_valuef", "klee_get_valued", "klee_get_valuel", "klee_get_valuell", "klee_get_value_i32", "klee_get_value_i64", "klee_get_obj_size", "klee_is_symbolic", "klee_make_symbolic", "klee_make_mock", - "klee_add_taint", "klee_clear_taint", "klee_check_taint", + "klee_add_taint", "klee_clear_taint", "klee_check_taint_source", "klee_check_taint_sink", "klee_taint_sink_hit", "klee_mark_global", "klee_open_merge", "klee_close_merge", "klee_prefer_cex", "klee_posix_prefer_cex", "klee_print_expr", "klee_print_range", From c4b8b10682ce386a8860e26f1fa10cc30ae061ed Mon Sep 17 00:00:00 2001 From: Maria Date: Thu, 11 Jan 2024 23:33:16 +0300 Subject: [PATCH 13/28] Rafactor taint code --- include/klee/Core/Interpreter.h | 11 +- include/klee/Core/MockBuilder.h | 17 +- include/klee/Module/Annotation.h | 10 +- include/klee/Module/TaintAnnotation.h | 3 +- include/klee/klee.h | 18 +- lib/Core/MockBuilder.cpp | 434 +++++++++++++------------- lib/Core/SpecialFunctionHandler.cpp | 64 ++-- lib/Module/Annotation.cpp | 18 +- lib/Module/AnnotationsData.cpp | 9 +- lib/Module/TaintAnnotation.cpp | 8 +- runtime/Runtest/intrinsics.c | 10 +- 11 files changed, 312 insertions(+), 290 deletions(-) diff --git a/include/klee/Core/Interpreter.h b/include/klee/Core/Interpreter.h index df82a2fb47..5d29496bed 100644 --- a/include/klee/Core/Interpreter.h +++ b/include/klee/Core/Interpreter.h @@ -124,18 +124,17 @@ class Interpreter { const std::string &_MainCurrentName, const std::string &_MainNameAfterMock, const std::string &_AnnotationsFile, - const std::string &_TaintAnnotationsFile, - bool _Optimize, bool _Simplify, - bool _CheckDivZero, bool _CheckOvershift, + const std::string &_TaintAnnotationsFile, bool _Optimize, + bool _Simplify, bool _CheckDivZero, bool _CheckOvershift, bool _AnnotateOnlyExternal, bool _WithFPRuntime, bool _WithPOSIXRuntime) : LibraryDir(_LibraryDir), EntryPoint(_EntryPoint), OptSuffix(_OptSuffix), MainCurrentName(_MainCurrentName), MainNameAfterMock(_MainNameAfterMock), AnnotationsFile(_AnnotationsFile), - TaintAnnotationsFile(_TaintAnnotationsFile), - Optimize(_Optimize), Simplify(_Simplify), - CheckDivZero(_CheckDivZero), CheckOvershift(_CheckOvershift), + TaintAnnotationsFile(_TaintAnnotationsFile), Optimize(_Optimize), + Simplify(_Simplify), CheckDivZero(_CheckDivZero), + CheckOvershift(_CheckOvershift), AnnotateOnlyExternal(_AnnotateOnlyExternal), WithFPRuntime(_WithFPRuntime), WithPOSIXRuntime(_WithPOSIXRuntime) {} }; diff --git a/include/klee/Core/MockBuilder.h b/include/klee/Core/MockBuilder.h index 15f1fd63de..c25713ea75 100644 --- a/include/klee/Core/MockBuilder.h +++ b/include/klee/Core/MockBuilder.h @@ -48,11 +48,22 @@ class MockBuilder { buildCallKleeMakeSymbolic(const std::string &kleeMakeSymbolicFunctionName, llvm::Value *source, llvm::Type *type, const std::string &symbolicName); - llvm::CallInst* - buildCallKleeTaintFunction(const std::string &functionName, - llvm::Value *source, size_t target); + llvm::CallInst *buildCallKleeTaintFunction(const std::string &functionName, + llvm::Value *source, size_t taint, + bool returnBool); void buildCallKleeTaintSinkHit(size_t taintSink); + void buildAnnotationTaintOutput(llvm::Value *elem, + const Statement::Ptr &statement); + void buildAnnotationTaintPropagation(llvm::Value *elem, + const Statement::Ptr &statement, + llvm::Function *func, + const std::string &target); + void buildAnnotationTaintSink(llvm::Value *elem, + const Statement::Ptr &statement, + llvm::Function *func, + const std::string &target); + void buildAnnotationForExternalFunctionArgs( llvm::Function *func, const std::vector> &statementsNotAllign); diff --git a/include/klee/Module/Annotation.h b/include/klee/Module/Annotation.h index a2d3dc70bf..0fdd6fd65e 100644 --- a/include/klee/Module/Annotation.h +++ b/include/klee/Module/Annotation.h @@ -124,15 +124,15 @@ struct Free final : public Unknown { struct Taint : public Unknown { protected: - std::string taintType; + std::string taintType; public: - explicit Taint(const std::string &str = "Unknown"); + explicit Taint(const std::string &str = "Unknown"); - [[nodiscard]] Kind getKind() const override; + [[nodiscard]] Kind getKind() const override; - [[nodiscard]] std::string getTaintType() const; - [[nodiscard]] std::string getTaintTypeAsLower() const; + [[nodiscard]] std::string getTaintType() const; + [[nodiscard]] std::string getTaintTypeAsLower() const; }; struct TaintOutput final : public Taint { diff --git a/include/klee/Module/TaintAnnotation.h b/include/klee/Module/TaintAnnotation.h index 22ed577577..b10c4c22a8 100644 --- a/include/klee/Module/TaintAnnotation.h +++ b/include/klee/Module/TaintAnnotation.h @@ -13,7 +13,7 @@ using json = nlohmann::json; namespace klee { -using TaintSinksSourcesMap = std::map>; +using TaintSinksSourcesMap = std::map>; class TaintAnnotation final { public: @@ -21,6 +21,7 @@ class TaintAnnotation final { std::map sinks; std::map sources; + explicit TaintAnnotation(); explicit TaintAnnotation(const std::string &taintAnnotationsFile); virtual ~TaintAnnotation(); }; diff --git a/include/klee/klee.h b/include/klee/klee.h index e78c23b808..d9ac945910 100644 --- a/include/klee/klee.h +++ b/include/klee/klee.h @@ -10,9 +10,9 @@ #ifndef KLEE_H #define KLEE_H +#include "stdbool.h" #include "stddef.h" #include "stdint.h" -#include "stdbool.h" #ifdef __cplusplus extern "C" { @@ -41,41 +41,33 @@ void klee_make_symbolic(void *addr, size_t nbytes, const char *name); * of the object pointer to \arg addr. * * \arg addr - The start of the object. - * \arg nbytes - The number of bytes to set taint type; currently this *must* - * be the entire contents of the object. * \arg taint_source - Taint source. */ -void klee_add_taint(void *array, size_t nbytes, size_t taint_source); +void klee_add_taint(void *array, size_t taint_source); /* klee_clear_taint - Clear the contents of the object pointer to \arg addr * of the taint \arg taint_source. * * \arg addr - The start of the object. - * \arg nbytes - The number of bytes to set taint type; currently this *must* - * be the entire contents of the object. * \arg taint_source - Taint source. */ -void klee_clear_taint(void *array, size_t nbytes, size_t taint_source); +void klee_clear_taint(void *array, size_t taint_source); /* klee_check_taint_source - Check that the contents of the object pointer * to \arg addr has a \arg taint_source. * * \arg addr - The start of the object. - * \arg nbytes - The number of bytes to set taint type; currently this *must* - * be the entire contents of the object. * \arg taint_source - Taint source. */ -bool klee_check_taint_source(void *array, size_t nbytes, size_t taint_source); +bool klee_check_taint_source(void *array, size_t taint_source); /* klee_check_taint_sink - Check that the contents of the object pointer * to \arg addr causes a taint sink \arg taint_sink hit. * * \arg addr - The start of the object. - * \arg nbytes - The number of bytes to set taint type; currently this *must* - * be the entire contents of the object. * \arg taint_sink - Taint sink. */ -bool klee_check_taint_sink(void *array, size_t nbytes, size_t taint_sink); +bool klee_check_taint_sink(void *array, size_t taint_sink); /* klee_taint_sink_hit - Execute taint sink \arg taint_sink hit. * diff --git a/lib/Core/MockBuilder.cpp b/lib/Core/MockBuilder.cpp index 999d7ad8a7..f4f229a902 100644 --- a/lib/Core/MockBuilder.cpp +++ b/lib/Core/MockBuilder.cpp @@ -411,6 +411,198 @@ unifyByOffset(const std::vector &statements) { return res; } +void MockBuilder::buildAnnotationTaintOutput(llvm::Value *elem, + const Statement::Ptr &statement) { + auto taintOutputPtr = (Statement::TaintOutput *)statement.get(); + const auto source = annotationsData.taintAnnotation.sources.find( + taintOutputPtr->getTaintType()); + if (source == annotationsData.taintAnnotation.sources.end()) { + klee_warning("Annotation: unknown TaintOutput source %s", + taintOutputPtr->getTaintType().c_str()); + return; + } + buildCallKleeTaintFunction("klee_add_taint", elem, source->second, false); +} + +void MockBuilder::buildAnnotationTaintPropagation( + llvm::Value *elem, const Statement::Ptr &statement, llvm::Function *func, + const std::string &target) { + auto taintPropagationPtr = (Statement::TaintPropagation *)statement.get(); + const std::string sourceTypeLower = + taintPropagationPtr->getTaintTypeAsLower(); + const auto source = annotationsData.taintAnnotation.sources.find( + taintPropagationPtr->getTaintType()); + if (source == annotationsData.taintAnnotation.sources.end()) { + klee_warning("Annotation: unknown TaintPropagation source %s", + taintPropagationPtr->getTaintType().c_str()); + return; + } + + // TODO: support variable arg list + if (taintPropagationPtr->propagationParameterIndex >= func->arg_size()) { + klee_warning( + "Annotation: ignore TaintPropagation because not support arg lists"); + return; + } + + const std::string propagateCondName = "condition_taint_propagate_" + + sourceTypeLower + target + + func->getName().str(); + + llvm::BasicBlock *fromIf = builder->GetInsertBlock(); + llvm::Function *curFunc = fromIf->getParent(); + + llvm::BasicBlock *propagateBB = llvm::BasicBlock::Create( + mockModule->getContext(), propagateCondName, curFunc); + llvm::BasicBlock *contBB = llvm::BasicBlock::Create( + mockModule->getContext(), "continue_" + propagateCondName); + + llvm::Value *propagationValue = + func->getArg(taintPropagationPtr->propagationParameterIndex); + auto brValuePropagate = buildCallKleeTaintFunction( + "klee_check_taint_source", propagationValue, source->second, true); + builder->CreateCondBr(brValuePropagate, propagateBB, contBB); + + builder->SetInsertPoint(propagateBB); + buildCallKleeTaintFunction("klee_add_taint", elem, source->second, false); + builder->CreateBr(contBB); + + curFunc->getBasicBlockList().push_back(contBB); + builder->SetInsertPoint(contBB); +} + +void MockBuilder::buildAnnotationTaintSink(llvm::Value *elem, + const Statement::Ptr &statement, + llvm::Function *func, + const std::string &target) { + auto taintSinkPtr = (Statement::TaintSink *)statement.get(); + const std::string sinkTypeLower = taintSinkPtr->getTaintTypeAsLower(); + const auto sink = + annotationsData.taintAnnotation.sinks.find(taintSinkPtr->getTaintType()); + if (sink == annotationsData.taintAnnotation.sinks.end()) { + klee_warning("Annotation: unknown TaintSink sink %s", + taintSinkPtr->getTaintType().c_str()); + return; + } + + const std::string sinkCondName = + "condition_taint_sink_" + sinkTypeLower + target + func->getName().str(); + + llvm::BasicBlock *fromIf = builder->GetInsertBlock(); + llvm::Function *curFunc = fromIf->getParent(); + + llvm::BasicBlock *sinkBB = + llvm::BasicBlock::Create(mockModule->getContext(), sinkCondName, curFunc); + llvm::BasicBlock *contBB = llvm::BasicBlock::Create( + mockModule->getContext(), "continue_" + sinkCondName); + auto brValueSink = buildCallKleeTaintFunction("klee_check_taint_sink", elem, + sink->second, true); + builder->CreateCondBr(brValueSink, sinkBB, contBB); + + builder->SetInsertPoint(sinkBB); + std::string sinkHitCondName = "condition_taint_sink_hit_" + sinkTypeLower + + target + func->getName().str(); + + auto intType = llvm::IntegerType::get(mockModule->getContext(), 1); + auto *sinkHitCond = builder->CreateAlloca(intType, nullptr); + buildCallKleeMakeSymbolic("klee_make_mock", sinkHitCond, intType, + sinkHitCondName); + fromIf = builder->GetInsertBlock(); + curFunc = fromIf->getParent(); + llvm::BasicBlock *sinkHitBB = llvm::BasicBlock::Create( + mockModule->getContext(), sinkHitCondName, curFunc); + auto brValueSinkHit = builder->CreateLoad(intType, sinkHitCond); + builder->CreateCondBr(brValueSinkHit, sinkHitBB, contBB); + + builder->SetInsertPoint(sinkHitBB); + buildCallKleeTaintSinkHit(sink->second); + builder->CreateBr(contBB); + + curFunc->getBasicBlockList().push_back(contBB); + builder->SetInsertPoint(contBB); +} + +llvm::CallInst * +MockBuilder::buildCallKleeTaintFunction(const std::string &functionName, + llvm::Value *source, size_t taint, + bool returnBool) { + const auto returnType = returnBool + ? llvm::Type::getInt1Ty(mockModule->getContext()) + : llvm::Type::getVoidTy(mockModule->getContext()); + + auto *kleeTaintFunctionType = llvm::FunctionType::get( + returnType, + {llvm::Type::getInt8PtrTy(mockModule->getContext()), + llvm::Type::getInt64Ty(mockModule->getContext())}, + false); + auto kleeAddTaintCallee = + mockModule->getOrInsertFunction(functionName, kleeTaintFunctionType); + + // //TODO: that's not all: + // // - add var arg list (now it is not even considered + // // when passing through the function + // // parameters and never gets here) + // // - think about ** + // // - add going by pointers + // llvm::Value *beginPtr; + // llvm::Value *countBytes; + // if (!source->getType()->isPointerTy() && !source->getType()->isArrayTy()) + // { + // beginPtr = builder->CreateAlloca(source->getType()); + // builder->CreateStore(source, beginPtr); + // + // const size_t bytes = mockModule->getDataLayout().getTypeStoreSize( + // source->getType()->getPointerElementType()); + // countBytes = llvm::ConstantInt::get( + // mockModule->getContext(), + // llvm::APInt(64, bytes, false)); + // } else if (source->getType()->isPointerTy()) { + // beginPtr = builder->CreateBitCast( + // source, llvm::Type::getInt8PtrTy(mockModule->getContext())); + // + // if (source->getType()->getPointerElementType()->isIntegerTy(8)) { + // auto *TLI = new + // llvm::TargetLibraryInfo(llvm::TargetLibraryInfoImpl()); countBytes = + // llvm::emitStrLen(source, *builder, + // mockModule->getDataLayout(),TLI); + // } + // else { + // const size_t bytes = mockModule->getDataLayout().getTypeStoreSize( + // source->getType()->getPointerElementType()); + // countBytes = llvm::ConstantInt::get( + // mockModule->getContext(), + // llvm::APInt(64, bytes, false)); + // } + // } + + llvm::Value *beginPtr; + if (!source->getType()->isPointerTy() && !source->getType()->isArrayTy()) { + beginPtr = builder->CreateAlloca(source->getType()); + builder->CreateStore(source, beginPtr); + } else { + beginPtr = builder->CreateBitCast( + source, llvm::Type::getInt8PtrTy(mockModule->getContext())); + } + + return builder->CreateCall( + kleeAddTaintCallee, + {beginPtr, llvm::ConstantInt::get(mockModule->getContext(), + llvm::APInt(64, taint, false))}); +} + +void MockBuilder::buildCallKleeTaintSinkHit(size_t taintSink) { + auto *kleeTaintSinkHitType = llvm::FunctionType::get( + llvm::Type::getVoidTy(mockModule->getContext()), + {llvm::Type::getInt64Ty(mockModule->getContext())}, false); + auto kleeTaintSinkHitCallee = mockModule->getOrInsertFunction( + "klee_taint_sink_hit", kleeTaintSinkHitType); + + builder->CreateCall( + kleeTaintSinkHitCallee, + {llvm::ConstantInt::get(mockModule->getContext(), + llvm::APInt(64, taintSink, false))}); +} + void MockBuilder::buildAnnotationForExternalFunctionArgs( llvm::Function *func, const std::vector> &statementsNotAlign) { @@ -498,103 +690,22 @@ void MockBuilder::buildAnnotationForExternalFunctionArgs( } case Statement::Kind::TaintOutput: { if (!elem->getType()->isPointerTy()) { - klee_error("Annotation: TaintOutput arg not pointer"); + klee_error("Annotation: TaintOutput arg is not pointer"); } - - auto taintOutputPtr = (Statement::TaintOutput *)statement.get(); - const size_t sourceTypeNum = annotationsData.taintAnnotation.sinks[ - taintOutputPtr->getTaintType() - ]; - - buildCallKleeTaintFunction("klee_add_taint", elem, sourceTypeNum); + buildAnnotationTaintOutput(elem, statement); break; } case Statement::Kind::TaintPropagation: { if (!elem->getType()->isPointerTy()) { - klee_error("Annotation: TaintPropagation arg not pointer"); - } - - auto taintPropagationPtr = (Statement::TaintPropagation *)statement.get(); - const std::string sourceTypeLower = taintPropagationPtr->getTaintTypeAsLower(); - const size_t sourceTypeNum = annotationsData.taintAnnotation.sinks[ - taintPropagationPtr->getTaintType() - ]; - - //TODO: support arg lists - if (taintPropagationPtr->propagationParameterIndex >= func->arg_size()) { - klee_warning("Annotation: ignore TaintPropagation because not support arg lists"); - break; + klee_error("Annotation: TaintPropagation arg is not pointer"); } - - const std::string propagateCondName = - "condition_taint_propagate_" + sourceTypeLower + "_arg_" + - std::to_string(i) + "_" + func->getName().str(); - - llvm::BasicBlock *fromIf = builder->GetInsertBlock(); - llvm::Function *curFunc = fromIf->getParent(); - - llvm::BasicBlock *propagateBB = llvm::BasicBlock::Create( - mockModule->getContext(), propagateCondName, curFunc); - llvm::BasicBlock *contBB = llvm::BasicBlock::Create( - mockModule->getContext(), "continue_" + propagateCondName); - - llvm::Value *propagationValue = - func->getArg(taintPropagationPtr->propagationParameterIndex); - auto brValuePropagate = buildCallKleeTaintFunction( - "klee_check_taint_source", propagationValue, sourceTypeNum); - builder->CreateCondBr(brValuePropagate, propagateBB, contBB); - - builder->SetInsertPoint(propagateBB); - buildCallKleeTaintFunction("klee_add_taint", elem, sourceTypeNum); - builder->CreateBr(contBB); - - curFunc->getBasicBlockList().push_back(contBB); - builder->SetInsertPoint(contBB); + buildAnnotationTaintPropagation(elem, statement, func, + "_arg_" + std::to_string(i) + "_"); break; } case Statement::Kind::TaintSink: { - auto taintSinkPtr = (Statement::TaintSink *)statement.get(); - const std::string sinkTypeLower = taintSinkPtr->getTaintTypeAsLower(); - const size_t sinkTypeNum = annotationsData.taintAnnotation.sinks[ - taintSinkPtr->getTaintType() - ]; - - const std::string sinkCondName = - "condition_taint_sink_" + sinkTypeLower + "_arg_" + - std::to_string(i) + "_" + func->getName().str(); - - llvm::BasicBlock *fromIf = builder->GetInsertBlock(); - llvm::Function *curFunc = fromIf->getParent(); - - llvm::BasicBlock *sinkBB = llvm::BasicBlock::Create( - mockModule->getContext(), sinkCondName, curFunc); - llvm::BasicBlock *contBB = llvm::BasicBlock::Create( - mockModule->getContext(), "continue_" + sinkCondName); - auto brValueSink = buildCallKleeTaintFunction( - "klee_check_taint_sink", elem, sinkTypeNum); - builder->CreateCondBr(brValueSink, sinkBB, contBB); - - builder->SetInsertPoint(sinkBB); - std::string sinkHitCondName = - "condition_taint_sink_hit_" + sinkTypeLower + "_arg_" + - std::to_string(i) + "_" + func->getName().str(); - auto intType = llvm::IntegerType::get(mockModule->getContext(), 1); - auto *sinkHitCond = builder->CreateAlloca(intType, nullptr); - buildCallKleeMakeSymbolic("klee_make_mock", sinkHitCond, intType, - sinkHitCondName); - fromIf = builder->GetInsertBlock(); - curFunc = fromIf->getParent(); - llvm::BasicBlock *sinkHitBB = llvm::BasicBlock::Create( - mockModule->getContext(), sinkHitCondName, curFunc); - auto brValueSinkHit = builder->CreateLoad(intType, sinkHitCond); - builder->CreateCondBr(brValueSinkHit, sinkHitBB, contBB); - - builder->SetInsertPoint(sinkHitBB); - buildCallKleeTaintSinkHit(sinkTypeNum); - builder->CreateBr(contBB); - - curFunc->getBasicBlockList().push_back(contBB); - builder->SetInsertPoint(contBB); + buildAnnotationTaintSink(elem, statement, func, + "_arg_" + std::to_string(i) + "_"); break; } case Statement::Kind::Unknown: @@ -612,84 +723,6 @@ void MockBuilder::buildAnnotationForExternalFunctionArgs( } } -llvm::CallInst* -MockBuilder::buildCallKleeTaintFunction(const std::string &functionName, - llvm::Value *source, size_t target) { - // TODO: maybe separate as parameter - const auto returnType = (functionName == "klee_check_taint_source" || - functionName == "klee_check_taint_sink") - ? llvm::Type::getInt1Ty(mockModule->getContext()) - : llvm::Type::getVoidTy(mockModule->getContext()); - - auto *kleeTaintFunctionType = llvm::FunctionType::get( - returnType, - {llvm::Type::getInt8PtrTy(mockModule->getContext()), - llvm::Type::getInt64Ty(mockModule->getContext()), - llvm::Type::getInt64Ty(mockModule->getContext())}, - false); - auto kleeAddTaintCallee = mockModule->getOrInsertFunction( - functionName, kleeTaintFunctionType); - - //TODO: that's not all: - // - add arg list (now it is not even considered - // when passing through the function - // parameters and never gets here) - // - think about ** - // - add going by pointers - llvm::Value *beginPtr; - llvm::Value *countBytes; - if (!source->getType()->isPointerTy() && !source->getType()->isArrayTy()) { - beginPtr = builder->CreateAlloca(source->getType()); - builder->CreateStore(source, beginPtr); - - const size_t bytes = mockModule->getDataLayout().getTypeStoreSize( - source->getType()->getPointerElementType()); - countBytes = llvm::ConstantInt::get( - mockModule->getContext(), - llvm::APInt(64, bytes, false)); - } else if (source->getType()->isPointerTy()) { - beginPtr = builder->CreateBitCast( - source, llvm::Type::getInt8PtrTy(mockModule->getContext())); - - if (source->getType()->getPointerElementType()->isIntegerTy(8)) { - auto *TLI = new llvm::TargetLibraryInfo(llvm::TargetLibraryInfoImpl()); - countBytes = llvm::emitStrLen(source, *builder, - mockModule->getDataLayout(),TLI); - } - else { - const size_t bytes = mockModule->getDataLayout().getTypeStoreSize( - source->getType()->getPointerElementType()); - countBytes = llvm::ConstantInt::get( - mockModule->getContext(), - llvm::APInt(64, bytes, false)); - } - } - - return builder->CreateCall( - kleeAddTaintCallee, - {beginPtr, - countBytes, - llvm::ConstantInt::get( - mockModule->getContext(), - llvm::APInt(64, target, false)) - }); -} - -void MockBuilder::buildCallKleeTaintSinkHit(size_t taintSink) { - auto *kleeTaintSinkHitType = llvm::FunctionType::get( - llvm::Type::getVoidTy(mockModule->getContext()), - {llvm::Type::getInt64Ty(mockModule->getContext())}, - false); - auto kleeTaintSinkHitCallee = mockModule->getOrInsertFunction( - "klee_taint_sink_hit", kleeTaintSinkHitType); - - builder->CreateCall( - kleeTaintSinkHitCallee, - {llvm::ConstantInt::get( - mockModule->getContext(), - llvm::APInt(64, taintSink, false))}); -} - void MockBuilder::processingValue(llvm::Value *prev, llvm::Type *elemType, const Statement::Alloc *allocSourcePtr, bool initNullPtr) { @@ -769,6 +802,7 @@ void MockBuilder::buildAnnotationForExternalFunctionReturn( Statement::InitNull *mustInitNull = nullptr; Statement::MaybeInitNull *maybeInitNull = nullptr; + std::vector taintStatements; for (const auto &statement : statements) { switch (statement->getKind()) { case Statement::Kind::Deref: @@ -797,51 +831,10 @@ void MockBuilder::buildAnnotationForExternalFunctionReturn( klee_warning("Annotation: unused \"Free\" for return"); break; } - case Statement::Kind::TaintOutput: { - auto taintOutputPtr = (Statement::TaintOutput *)statement.get(); - const size_t sourceTypeNum = annotationsData.taintAnnotation.sinks[ - taintOutputPtr->getTaintType() - ]; - - //TODO: get return value (maybe value from function body before returning) -// buildCallKleeTaintFunction("klee_add_taint", ??? ret_value, sourceTypeNum); - break; - } - case Statement::Kind::TaintPropagation: { - auto taintPropagationPtr = (Statement::TaintPropagation *)statement.get(); - const std::string sourceTypeLower = taintPropagationPtr->getTaintTypeAsLower(); - const size_t sourceTypeNum = annotationsData.taintAnnotation.sinks[ - taintPropagationPtr->getTaintType() - ]; - - const std::string propagateCondName = - "condition_taint_propagate_" + sourceTypeLower + "_ret_" + func->getName().str(); - - llvm::BasicBlock *fromIf = builder->GetInsertBlock(); - llvm::Function *curFunc = fromIf->getParent(); - - llvm::BasicBlock *propagateBB = llvm::BasicBlock::Create( - mockModule->getContext(), propagateCondName, curFunc); - llvm::BasicBlock *contBB = llvm::BasicBlock::Create( - mockModule->getContext(), "continue_" + propagateCondName); - - llvm::Value *propagationValue = func->getArg(taintPropagationPtr->propagationParameterIndex); - auto brValuePropagate = buildCallKleeTaintFunction( - "klee_check_taint_source", propagationValue, sourceTypeNum); - builder->CreateCondBr(brValuePropagate, propagateBB, contBB); - - builder->SetInsertPoint(propagateBB); - //TODO: get return value (maybe value from function body before returning) -// buildCallKleeTaintFunction("klee_add_taint", ??? ret_value, sourceTypeNum); - builder->CreateBr(contBB); - - curFunc->getBasicBlockList().push_back(contBB); - builder->SetInsertPoint(contBB); - break; - } + case Statement::Kind::TaintOutput: + case Statement::Kind::TaintPropagation: case Statement::Kind::TaintSink: { - klee_warning("Annotation: unused TaintSink for return function \"%s\"", - func->getName().str().c_str()); + taintStatements.push_back(statement); break; } case Statement::Kind::Unknown: @@ -879,6 +872,27 @@ void MockBuilder::buildAnnotationForExternalFunctionReturn( builder->CreateCall(kleeAssumeFunc, {cmpResult64}); } } + + for (const auto &statement : taintStatements) { + switch (statement->getKind()) { + case Statement::Kind::TaintOutput: { + buildAnnotationTaintOutput(retValuePtr, statement); + break; + } + case Statement::Kind::TaintPropagation: { + buildAnnotationTaintPropagation(retValuePtr, statement, func, "_ret_"); + break; + } + case Statement::Kind::TaintSink: { + klee_warning("Annotation: unused TaintSink for return function \"%s\"", + func->getName().str().c_str()); + break; + } + default: + __builtin_unreachable(); + } + } + llvm::Value *retValue = builder->CreateLoad(returnType, retValuePtr, retName); builder->CreateRet(retValue); } diff --git a/lib/Core/SpecialFunctionHandler.cpp b/lib/Core/SpecialFunctionHandler.cpp index 4ec7e4aed9..ef64482e52 100644 --- a/lib/Core/SpecialFunctionHandler.cpp +++ b/lib/Core/SpecialFunctionHandler.cpp @@ -1220,16 +1220,15 @@ void SpecialFunctionHandler::handleFAbs(ExecutionState &state, executor.bindLocal(target, state, result); } -//TODO: update definitions after adding taint memory, now pure +// TODO: update definitions after adding taint memory -void SpecialFunctionHandler::handleAddTaint( - klee::ExecutionState &state, - klee::KInstruction *target, - std::vector> &arguments) { - if (arguments.size() != 3) { - executor.terminateStateOnUserError( - state, "Incorrect number of arguments to " - "klee_add_taint(void*, size_t, size_t)"); +void SpecialFunctionHandler::handleAddTaint(klee::ExecutionState &state, + klee::KInstruction *target, + std::vector> &arguments) { + if (arguments.size() != 2) { + executor.terminateStateOnUserError(state, + "Incorrect number of arguments to " + "klee_add_taint(void*, size_t)"); return; } @@ -1237,13 +1236,12 @@ void SpecialFunctionHandler::handleAddTaint( } void SpecialFunctionHandler::handleClearTaint( - klee::ExecutionState &state, - klee::KInstruction *target, + klee::ExecutionState &state, klee::KInstruction *target, std::vector> &arguments) { - if (arguments.size() != 3) { - executor.terminateStateOnUserError( - state, "Incorrect number of arguments to " - "klee_clear_taint(void*, size_t, size_t)"); + if (arguments.size() != 2) { + executor.terminateStateOnUserError(state, + "Incorrect number of arguments to " + "klee_clear_taint(void*, size_t)"); return; } @@ -1251,40 +1249,35 @@ void SpecialFunctionHandler::handleClearTaint( } void SpecialFunctionHandler::handleCheckTaintSource( - klee::ExecutionState &state, - klee::KInstruction *target, + klee::ExecutionState &state, klee::KInstruction *target, std::vector> &arguments) { - if (arguments.size() != 3) { + if (arguments.size() != 2) { executor.terminateStateOnUserError( state, "Incorrect number of arguments to " - "klee_check_taint_source(void*, size_t, size_t)"); + "klee_check_taint_source(void*, size_t)"); return; } - // FIXME: this is a test version right now - ref result = ConstantExpr::create(true, Expr::Bool); - executor.bindLocal(target, state, result); + // ref result = ConstantExpr::create(true, Expr::Bool); + // executor.bindLocal(target, state, result); } void SpecialFunctionHandler::handleCheckTaintSink( - klee::ExecutionState &state, - klee::KInstruction *target, - std::vector> &arguments) { - if (arguments.size() != 3) { - executor.terminateStateOnUserError( - state, "Incorrect number of arguments to " - "klee_check_taint_sink(void*, size_t, size_t)"); + klee::ExecutionState &state, klee::KInstruction *target, + std::vector> &arguments) { + if (arguments.size() != 2) { + executor.terminateStateOnUserError(state, + "Incorrect number of arguments to " + "klee_check_taint_sink(void*, size_t)"); return; } - // FIXME: this is a test version right now - ref result = ConstantExpr::create(true, Expr::Bool); - executor.bindLocal(target, state, result); + // ref result = ConstantExpr::create(true, Expr::Bool); + // executor.bindLocal(target, state, result); } void SpecialFunctionHandler::handleTaintSinkHit( - klee::ExecutionState &state, - klee::KInstruction *target, + klee::ExecutionState &state, klee::KInstruction *target, std::vector> &arguments) { if (arguments.size() != 1) { executor.terminateStateOnUserError( @@ -1292,5 +1285,6 @@ void SpecialFunctionHandler::handleTaintSinkHit( return; } - executor.terminateStateOnError(state, "FormatString", StateTerminationType::User); + // executor.terminateStateOnError(state, "FormatString", + // StateTerminationType::User); } diff --git a/lib/Module/Annotation.cpp b/lib/Module/Annotation.cpp index fd095c4987..6a40c6c6fa 100644 --- a/lib/Module/Annotation.cpp +++ b/lib/Module/Annotation.cpp @@ -171,24 +171,28 @@ Kind TaintOutput::getKind() const { return Kind::TaintOutput; } TaintPropagation::TaintPropagation(const std::string &str) : Taint(str) { const size_t colonPos = rawValue.find(':'); - const std::string rawData = (colonPos == std::string::npos) - ? std::string() - : rawValue.substr(colonPos + 1, std::string::npos); + const std::string rawData = + (colonPos == std::string::npos) + ? std::string() + : rawValue.substr(colonPos + 1, std::string::npos); if (rawData.empty()) { - klee_error("Annotation TaintPropagation: Incorrect value %s format, must be :", + klee_error("Annotation TaintPropagation: Incorrect value %s format, must " + "be :", rawValue.c_str()); } - char* end = nullptr; + char *end = nullptr; size_t propagationParameterData = strtoul(rawData.c_str(), &end, 10); if (*end != '\0' || errno == ERANGE) { - klee_error("Annotation TaintPropagation: Incorrect value %s format, must be :", + klee_error("Annotation TaintPropagation: Incorrect value %s format, must " + "be :", rawValue.c_str()); } if (propagationParameterData == 0) { - klee_error("Annotation TaintPropagation: Incorrect value %s, data for propagation must be >= 1", + klee_error("Annotation TaintPropagation: Incorrect value %s, data for " + "propagation must be >= 1", rawValue.c_str()); } propagationParameterIndex = propagationParameterData - 1; diff --git a/lib/Module/AnnotationsData.cpp b/lib/Module/AnnotationsData.cpp index a0ad0d9b29..e314faa8ff 100644 --- a/lib/Module/AnnotationsData.cpp +++ b/lib/Module/AnnotationsData.cpp @@ -2,9 +2,12 @@ namespace klee { -klee::AnnotationsData::AnnotationsData(const std::string &annotationsFile, - const std::string &taintAnnotationsFile): - taintAnnotation(taintAnnotationsFile) { +klee::AnnotationsData::AnnotationsData( + const std::string &annotationsFile, + const std::string &taintAnnotationsFile) { + taintAnnotation = taintAnnotationsFile.empty() + ? TaintAnnotation() + : TaintAnnotation(taintAnnotationsFile); annotations = parseAnnotations(annotationsFile); } diff --git a/lib/Module/TaintAnnotation.cpp b/lib/Module/TaintAnnotation.cpp index bff46d1009..18a9ba9cfb 100644 --- a/lib/Module/TaintAnnotation.cpp +++ b/lib/Module/TaintAnnotation.cpp @@ -5,14 +5,18 @@ namespace klee { +TaintAnnotation::TaintAnnotation() = default; + TaintAnnotation::TaintAnnotation(const std::string &taintAnnotationsFilePath) { std::ifstream taintAnnotationsFile(taintAnnotationsFilePath); if (!taintAnnotationsFile.good()) { - klee_error("Taint annotation: Opening %s failed.", taintAnnotationsFilePath.c_str()); + klee_error("Taint annotation: Opening %s failed.", + taintAnnotationsFilePath.c_str()); } json taintAnnotationsJson = json::parse(taintAnnotationsFile, nullptr, false); if (taintAnnotationsJson.is_discarded()) { - klee_error("Taint annotation: Parsing JSON %s failed.", taintAnnotationsFilePath.c_str()); + klee_error("Taint annotation: Parsing JSON %s failed.", + taintAnnotationsFilePath.c_str()); } std::set sourcesStrs; diff --git a/runtime/Runtest/intrinsics.c b/runtime/Runtest/intrinsics.c index ce6b518ac1..dd02cb9ac7 100644 --- a/runtime/Runtest/intrinsics.c +++ b/runtime/Runtest/intrinsics.c @@ -11,10 +11,10 @@ #include #include +#include #include #include #include -#include #include #include "klee/klee.h" @@ -165,10 +165,10 @@ void klee_make_mock(void *ret_array, size_t ret_nbytes, const char *fname) { } // TODO: add for tests -void klee_add_taint(void *array, size_t nbytes, size_t taint_source) {} -void klee_clear_taint(void *array, size_t nbytes, size_t taint_source) {} -bool klee_check_taint_source(void *array, size_t nbytes, size_t taint_source) {} -bool klee_check_taint_sink(void *array, size_t nbytes, size_t taint_sink) {} +void klee_add_taint(void *array, size_t taint_source) {} +void klee_clear_taint(void *array, size_t taint_source) {} +bool klee_check_taint_source(void *array, size_t taint_source) {} +bool klee_check_taint_sink(void *array, size_t taint_sink) {} void klee_taint_sink_hit(size_t taint_sink) {} void klee_silent_exit(int x) { exit(x); } From bddcfc0670b4359e811ef6c6e6594ec3b5d3c31e Mon Sep 17 00:00:00 2001 From: Maria Date: Sat, 20 Jan 2024 20:21:35 +0300 Subject: [PATCH 14/28] Fix bugs, change annotation config and calc AnnotationData for Executor --- configs/annotations.json | 13381 ++---------------------- include/klee/Core/Interpreter.h | 12 +- include/klee/Core/MockBuilder.h | 5 +- include/klee/Core/TerminationTypes.h | 3 +- include/klee/Module/AnnotationsData.h | 5 +- include/klee/Module/TaintAnnotation.h | 5 +- lib/Core/Executor.cpp | 23 +- lib/Core/Executor.h | 5 + lib/Core/MockBuilder.cpp | 20 +- lib/Core/SpecialFunctionHandler.cpp | 20 +- lib/Module/AnnotationsData.cpp | 9 +- lib/Module/TaintAnnotation.cpp | 14 +- tools/klee/main.cpp | 10 +- 13 files changed, 919 insertions(+), 12593 deletions(-) diff --git a/configs/annotations.json b/configs/annotations.json index 12a7e3d527..76f6825a6b 100644 --- a/configs/annotations.json +++ b/configs/annotations.json @@ -1,660 +1,596 @@ { - "__builtin_clz": { - "name": "__builtin_clz", + "atof": { + "name": "atof", "annotation": [ [ - "Condition::>=0", - "Condition::<32" + "TaintPropagation::UntrustedSource:1" ], - [] + [ + "Deref" + ] ], "properties": [] }, - "__builtin_clzl": { - "name": "__builtin_clzl", + "atoi": { + "name": "atoi", "annotation": [ [ - "Condition::>=0", - "Condition::<32" + "TaintPropagation::UntrustedSource:1" ], - [] + [ + "Deref" + ] ], "properties": [] }, - "__builtin_clzll": { - "name": "__builtin_clzll", + "atol": { + "name": "atol", "annotation": [ [ - "Condition::>=0", - "Condition::<64" + "TaintPropagation::UntrustedSource:1" ], - [] + [ + "Deref" + ] ], "properties": [] }, - "__builtin_ffs": { - "name": "__builtin_ffs", + "atoll": { + "name": "atoll", "annotation": [ [ - "Condition::>=0", - "Condition::<=32" + "TaintPropagation::UntrustedSource:1" ], - [] + [ + "Deref" + ] ], "properties": [] }, - "__builtin_ffsll": { - "name": "__builtin_ffsll", + "bcmp": { + "name": "bcmp", "annotation": [ [ - "Condition::>=0", - "Condition::<=64" + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [ + "Deref" ], - [] - ], - "properties": [] - }, - "__builtin_va_end": { - "name": "__builtin_va_end", - "annotation": [ - [] - ], - "properties": [] - }, - "__builtin_va_start": { - "name": "__builtin_va_start", - "annotation": [ - [], [ - "TaintPropagation::UntrustedSource:1" + "Deref" ], [] ], "properties": [] }, - "_ZNSt8__detail12__int_limitsIiLb1EE3maxEv": { - "name": "__int_limits::max", + "calloc": { + "name": "calloc", "annotation": [ + [ + "AllocSource::1", + "InitNull" + ], + [], [] ], "properties": [] }, - "_ZNSt8__detail12__int_limitsIiLb1EE3minEv": { - "name": "__int_limits::min", + "fclose": { + "name": "fclose", "annotation": [ - [] + [], + [ + "Deref" + ] ], "properties": [] }, - "_execl": { - "name": "_execl", + "fcvt": { + "name": "fcvt", "annotation": [ - [], [ - "TaintSink::Execute" + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2", + "TaintPropagation::UntrustedSource:3", + "TaintPropagation::UntrustedSource:4" ], + [], + [], [ - "TaintSink::Execute" + "Deref" ], [ - "TaintSink::Execute" + "Deref" ] ], "properties": [] }, - "_execle": { - "name": "_execle", + "feof": { + "name": "feof", "annotation": [ [], [ - "TaintSink::Execute" - ], - [ - "TaintSink::Execute" - ], - [ - "TaintSink::Execute" + "Deref" ] ], "properties": [] }, - "_execlp": { - "name": "_execlp", + "ferror": { + "name": "ferror", "annotation": [ [], [ - "TaintSink::Execute" - ], + "Deref" + ] + ], + "properties": [] + }, + "fgetc": { + "name": "fgetc", + "annotation": [ [ - "TaintSink::Execute" + "TaintOutput::UntrustedSource" ], [ - "TaintSink::Execute" + "Deref" ] ], "properties": [] }, - "_execlpe": { - "name": "_execlpe", + "fgetpos": { + "name": "fgetpos", "annotation": [ [], [ - "TaintSink::Execute" - ], - [ - "TaintSink::Execute" + "Deref" ], [ - "TaintSink::Execute" + "Deref" ] ], "properties": [] }, - "_execv": { - "name": "_execv", + "fgetpos64": { + "name": "fgetpos64", "annotation": [ [], [ - "TaintSink::Execute" + "Deref" ], [ - "TaintSink::Execute" + "Deref" ] ], "properties": [] }, - "_execve": { - "name": "_execve", + "fgets": { + "name": "fgets", "annotation": [ - [], [ - "TaintSink::Execute" + "InitNull", + "TaintOutput::UntrustedSource" ], [ - "TaintSink::Execute" + "Deref", + "TaintOutput::UntrustedSource" ], + [], [ - "TaintSink::Execute" + "Deref" ] ], "properties": [] }, - "_execvp": { - "name": "_execvp", + "fgetwc": { + "name": "fgetwc", "annotation": [ - [], [ - "TaintSink::Execute" + "TaintOutput::UntrustedSource" ], [ - "TaintSink::Execute" + "Deref" ] ], "properties": [] }, - "_execvpe": { - "name": "_execvpe", + "fgetws": { + "name": "fgetws", "annotation": [ - [], [ - "TaintSink::Execute" + "InitNull", + "TaintOutput::UntrustedSource" ], [ - "TaintSink::Execute" + "Deref", + "TaintOutput::UntrustedSource" ], + [], [ - "TaintSink::Execute" + "Deref" ] ], "properties": [] }, - "_ZNSt14_Fnv_hash_impl4hashEPKvyy": { - "name": "_Fnv_hash_impl::hash", - "annotation": [ - [], - [], - [], - [] - ], - "properties": [] - }, - "_ZNSt10_Hash_impl4hashEPKvyy": { - "name": "_Hash_impl::hash", - "annotation": [ - [], - [], - [], - [] - ], - "properties": [] - }, - "_ZNSt10_Hash_impl4hashIdEEyRKT_": { - "name": "_Hash_impl::hash", + "fileno": { + "name": "fileno", "annotation": [ [], - [] + [ + "Deref" + ] ], "properties": [] }, - "_ZNSt10_Hash_impl4hashIfEEyRKT_": { - "name": "_Hash_impl::hash", + "fopen": { + "name": "fopen", "annotation": [ + [ + "InitNull" + ], [], [] ], "properties": [] }, - "_ZNSt10_Hash_impl4hashIiEEyRKT_": { - "name": "_Hash_impl::hash", + "fopen64": { + "name": "fopen64", "annotation": [ + [ + "InitNull" + ], [], [] ], "properties": [] }, - "_popen": { - "name": "_popen", + "fopen_s": { + "name": "fopen_s", "annotation": [ [], [ - "TaintSink::Execute" + "InitNull:*:!=0" ], - [] + [], + [ + "FreeSink::4" + ] ], "properties": [] }, - "_spawnl": { - "name": "_spawnl", + "fprintf": { + "name": "fprintf", "annotation": [ - [], [], [ - "TaintSink::Execute" + "Deref" ], [ - "TaintSink::Execute" + "TaintSink::FormatString", + "TaintSink::SensitiveDataLeak" ], [ - "TaintSink::Execute" + "TaintSink::SensitiveDataLeak" ] ], "properties": [] }, - "_spawnle": { - "name": "_spawnle", + "fputc": { + "name": "fputc", "annotation": [ [], [], [ - "TaintSink::Execute" - ], - [ - "TaintSink::Execute" - ], - [ - "TaintSink::Execute" + "Deref" ] ], "properties": [] }, - "_spawnlp": { - "name": "_spawnlp", + "fputs": { + "name": "fputs", "annotation": [ [], - [], - [ - "TaintSink::Execute" - ], [ - "TaintSink::Execute" + "Deref" ], [ - "TaintSink::Execute" + "Deref" ] ], "properties": [] }, - "_spawnlpe": { - "name": "_spawnlpe", + "fputwc": { + "name": "fputwc", "annotation": [ [], [], [ - "TaintSink::Execute" - ], - [ - "TaintSink::Execute" - ], - [ - "TaintSink::Execute" + "Deref" ] ], "properties": [] }, - "_spawnv": { - "name": "_spawnv", + "fputws": { + "name": "fputws", "annotation": [ - [], [], [ - "TaintSink::Execute" + "Deref" ], [ - "TaintSink::Execute" + "Deref" ] ], "properties": [] }, - "_spawnve": { - "name": "_spawnve", + "fread": { + "name": "fread", "annotation": [ - [], - [], [ - "TaintSink::Execute" + "TaintOutput::UntrustedSource" ], [ - "TaintSink::Execute" + "Deref", + "TaintOutput::UntrustedSource" ], - [ - "TaintSink::Execute" - ] - ], - "properties": [] - }, - "_spawnvp": { - "name": "_spawnvp", - "annotation": [ [], [], [ - "TaintSink::Execute" - ], - [ - "TaintSink::Execute" + "Deref" ] ], "properties": [] }, - "_spawnvpe": { - "name": "_spawnvpe", + "free": { + "name": "free", "annotation": [ [], - [], - [ - "TaintSink::Execute" - ], [ - "TaintSink::Execute" - ], - [ - "TaintSink::Execute" + "FreeSink::1" ] ], "properties": [] }, - "_stricmp": { - "name": "_stricmp", + "freopen": { + "name": "freopen", "annotation": [ [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" + "InitNull" ], [], - [] + [], + [ + "Deref" + ] ], "properties": [] }, - "_strnicmp": { - "name": "_strnicmp", + "freopen64": { + "name": "freopen64", "annotation": [ [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" + "InitNull" ], [], [], - [] + [ + "Deref" + ] ], "properties": [] }, - "_texecl": { - "name": "_texecl", + "freopen_s": { + "name": "freopen_s", "annotation": [ [], [ - "TaintSink::Execute" - ], - [ - "TaintSink::Execute" + "InitNull:*:!=0" ], + [], + [], [ - "TaintSink::Execute" + "FreeSink::4" ] ], "properties": [] }, - "_texecle": { - "name": "_texecle", + "fscanf": { + "name": "fscanf", "annotation": [ - [], [ - "TaintSink::Execute" + "TaintOutput::UntrustedSource" ], [ - "TaintSink::Execute" + "Deref" ], [ - "TaintSink::Execute" + "TaintSink::FormatString" ], [ - "TaintSink::Execute" - ] - ], - "properties": [] - }, - "_texeclp": { - "name": "_texeclp", - "annotation": [ - [], - [ - "TaintSink::Execute" - ], - [ - "TaintSink::Execute" - ], - [ - "TaintSink::Execute" + "TaintOutput::UntrustedSource" ] ], "properties": [] }, - "_texeclpe": { - "name": "_texeclpe", + "fscanf_s": { + "name": "fscanf_s", "annotation": [ - [], [ - "TaintSink::Execute" + "TaintOutput::UntrustedSource" ], [ - "TaintSink::Execute" + "Deref" ], [ - "TaintSink::Execute" + "TaintSink::FormatString" ], [ - "TaintSink::Execute" + "TaintOutput::UntrustedSource" ] ], "properties": [] }, - "_texecv": { - "name": "_texecv", + "fseek": { + "name": "fseek", "annotation": [ [], [ - "TaintSink::Execute" + "Deref" ], - [ - "TaintSink::Execute" - ] + [], + [] ], "properties": [] }, - "_texecve": { - "name": "_texecve", + "fsetpos": { + "name": "fsetpos", "annotation": [ [], [ - "TaintSink::Execute" - ], - [ - "TaintSink::Execute" + "Deref" ], [ - "TaintSink::Execute" + "Deref" ] ], "properties": [] }, - "_texecvp": { - "name": "_texecvp", + "fsetpos64": { + "name": "fsetpos64", "annotation": [ [], [ - "TaintSink::Execute" + "Deref" ], [ - "TaintSink::Execute" + "Deref" ] ], "properties": [] }, - "_texecvpe": { - "name": "_texecvpe", + "ftell": { + "name": "ftell", "annotation": [ [], [ - "TaintSink::Execute" - ], - [ - "TaintSink::Execute" - ], - [ - "TaintSink::Execute" + "Deref" ] ], "properties": [] }, - "_tolower": { - "name": "_tolower", + "fwide": { + "name": "fwide", "annotation": [ + [], [ - "TaintPropagation::UntrustedSource:1" + "Deref" ], [] ], "properties": [] }, - "_toupper": { - "name": "_toupper", + "fwprintf": { + "name": "fwprintf", "annotation": [ + [], [ - "TaintPropagation::UntrustedSource:1" + "Deref" ], - [] + [ + "TaintSink::FormatString", + "TaintSink::SensitiveDataLeak" + ], + [ + "TaintSink::SensitiveDataLeak" + ] ], "properties": [] }, - "_tpopen": { - "name": "_tpopen", + "fwrite": { + "name": "fwrite", "annotation": [ [], [ - "TaintSink::Execute" + "Deref", + "TaintSink::SensitiveDataLeak" ], - [] + [], + [], + [ + "Deref" + ] ], "properties": [] }, - "_tspawnl": { - "name": "_tspawnl", + "fwscanf": { + "name": "fwscanf", "annotation": [ - [], - [], [ - "TaintSink::Execute" + "TaintOutput::UntrustedSource" + ], + [ + "Deref" ], [ - "TaintSink::Execute" + "TaintSink::FormatString" ], [ - "TaintSink::Execute" + "TaintOutput::UntrustedSource" ] ], "properties": [] }, - "_tspawnle": { - "name": "_tspawnle", + "getc": { + "name": "getc", "annotation": [ - [], - [], - [ - "TaintSink::Execute" - ], [ - "TaintSink::Execute" + "TaintOutput::UntrustedSource" ], [ - "TaintSink::Execute" + "Deref" ] ], "properties": [] }, - "_tspawnlp": { - "name": "_tspawnlp", + "getenv": { + "name": "getenv", "annotation": [ - [], - [], - [ - "TaintSink::Execute" - ], [ - "TaintSink::Execute" + "TaintOutput::UntrustedSource", + "TaintOutput::SensitiveDataSource" ], [ - "TaintSink::Execute" + "Deref" ] ], "properties": [] }, - "_tspawnlpe": { - "name": "_tspawnlpe", + "getenv_s": { + "name": "getenv_s", "annotation": [ - [], [], [ - "TaintSink::Execute" + "Deref" ], [ - "TaintSink::Execute" + "Deref", + "TaintOutput::UntrustedSource", + "TaintOutput::SensitiveDataSource" ], - [ - "TaintSink::Execute" - ] + [], + [] ], "properties": [] }, - "_tspawnv": { - "name": "_tspawnv", + "gets": { + "name": "gets", "annotation": [ - [], - [], [ - "TaintSink::Execute" + "TaintOutput::UntrustedSource" ], [ - "TaintSink::Execute" + "Deref", + "TaintOutput::UntrustedSource" ] ], "properties": [] @@ -669,483 +605,465 @@ ], "properties": [] }, - "_tspawnve": { - "name": "_tspawnve", + "gets_s": { + "name": "gets_s", "annotation": [ - [], - [], [ - "TaintSink::Execute" + "TaintOutput::UntrustedSource" ], [ - "TaintSink::Execute" + "Deref", + "TaintOutput::UntrustedSource" ], - [ - "TaintSink::Execute" - ] + [] ], "properties": [] }, - "_tspawnvp": { - "name": "_tspawnvp", + "getw": { + "name": "getw", "annotation": [ - [], - [], [ - "TaintSink::Execute" + "TaintOutput::UntrustedSource" ], [ - "TaintSink::Execute" + "Deref" ] ], "properties": [] }, - "_tspawnvpe": { - "name": "_tspawnvpe", + "getwc": { + "name": "getwc", "annotation": [ - [], - [], [ - "TaintSink::Execute" - ], - [ - "TaintSink::Execute" + "TaintOutput::UntrustedSource" ], [ - "TaintSink::Execute" + "Deref" ] ], "properties": [] }, - "_tsystem": { - "name": "_tsystem", + "itoa": { + "name": "itoa", "annotation": [ + [], [], [ - "TaintSink::Execute" - ] + "Deref" + ], + [] ], "properties": [] }, - "_wexecl": { - "name": "_wexecl", + "malloc": { + "name": "malloc", "annotation": [ - [], - [ - "TaintSink::Execute" - ], [ - "TaintSink::Execute" + "AllocSource::1", + "InitNull" ], - [ - "TaintSink::Execute" - ] + [] ], "properties": [] }, - "_wexecle": { - "name": "_wexecle", + "memccpy": { + "name": "memccpy", "annotation": [ [], [ - "TaintSink::Execute" - ], - [ - "TaintSink::Execute" + "Deref", + "TaintPropagation::UntrustedSource:2" ], [ - "TaintSink::Execute" + "Deref" ], - [ - "TaintSink::Execute" - ] + [], + [] ], "properties": [] }, - "_wexeclp": { - "name": "_wexeclp", + "memchr": { + "name": "memchr", "annotation": [ - [], [ - "TaintSink::Execute" + "InitNull", + "TaintPropagation::UntrustedSource:1" ], [ - "TaintSink::Execute" + "Deref" ], - [ - "TaintSink::Execute" - ] + [], + [] ], "properties": [] }, - "_wexeclpe": { - "name": "_wexeclpe", + "memcmp": { + "name": "memcmp", "annotation": [ - [], [ - "TaintSink::Execute" + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" ], [ - "TaintSink::Execute" + "Deref" ], [ - "TaintSink::Execute" + "Deref" ], - [ - "TaintSink::Execute" - ] + [] ], "properties": [] }, - "_wexecv": { - "name": "_wexecv", + "memcpy": { + "name": "memcpy", "annotation": [ [], [ - "TaintSink::Execute" + "Deref", + "TaintPropagation::UntrustedSource:2" ], [ - "TaintSink::Execute" - ] + "Deref" + ], + [] ], "properties": [] }, - "_wexecve": { - "name": "_wexecve", + "memcpy_s": { + "name": "memcpy_s", "annotation": [ [], [ - "TaintSink::Execute" + "Deref", + "TaintPropagation::UntrustedSource:3" ], + [], [ - "TaintSink::Execute" + "Deref" ], - [ - "TaintSink::Execute" - ] + [] ], "properties": [] }, - "_wexecvp": { - "name": "_wexecvp", + "memicmp": { + "name": "memicmp", "annotation": [ - [], [ - "TaintSink::Execute" + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" ], [ - "TaintSink::Execute" - ] + "Deref" + ], + [ + "Deref" + ], + [], + [] ], "properties": [] }, - "_wexecvpe": { - "name": "_wexecvpe", + "memmem": { + "name": "memmem", "annotation": [ - [], [ - "TaintSink::Execute" + "InitNull", + "TaintPropagation::UntrustedSource:1" ], [ - "TaintSink::Execute" + "Deref" ], - [ - "TaintSink::Execute" - ] - ], - "properties": [] - }, - "_wpopen": { - "name": "_wpopen", - "annotation": [ [], [ - "TaintSink::Execute" + "Deref" ], [] ], "properties": [] }, - "_wspawnl": { - "name": "_wspawnl", + "memmove": { + "name": "memmove", "annotation": [ - [], [], [ - "TaintSink::Execute" + "Deref", + "TaintPropagation::UntrustedSource:2" ], [ - "TaintSink::Execute" + "Deref" ], - [ - "TaintSink::Execute" - ] + [] ], "properties": [] }, - "_wspawnle": { - "name": "_wspawnle", + "memmove_s": { + "name": "memmove_s", "annotation": [ - [], [], [ - "TaintSink::Execute" + "Deref", + "TaintPropagation::UntrustedSource:3" ], + [], [ - "TaintSink::Execute" + "Deref" ], - [ - "TaintSink::Execute" - ] + [] ], "properties": [] }, - "_wspawnlp": { - "name": "_wspawnlp", + "mempcpy": { + "name": "mempcpy", "annotation": [ - [], [], [ - "TaintSink::Execute" + "Deref", + "TaintPropagation::UntrustedSource:2" ], [ - "TaintSink::Execute" + "Deref" ], - [ - "TaintSink::Execute" - ] + [] ], "properties": [] }, - "_wspawnlpe": { - "name": "_wspawnlpe", + "memset": { + "name": "memset", "annotation": [ [], - [], - [ - "TaintSink::Execute" - ], [ - "TaintSink::Execute" + "Deref", + "TaintPropagation::UntrustedSource:1" ], - [ - "TaintSink::Execute" - ] + [], + [] ], "properties": [] }, - "_wspawnv": { - "name": "_wspawnv", + "memset_s": { + "name": "memset_s", "annotation": [ - [], [], [ - "TaintSink::Execute" + "Deref", + "TaintPropagation::UntrustedSource:1" ], - [ - "TaintSink::Execute" - ] + [], + [], + [] ], "properties": [] }, - "_wspawnve": { - "name": "_wspawnve", + "pthread_mutex_lock": { + "name": "pthread_mutex_lock", "annotation": [ [], - [], - [ - "TaintSink::Execute" - ], - [ - "TaintSink::Execute" - ], [ - "TaintSink::Execute" + "InitNull::!=0" ] ], "properties": [] }, - "_wspawnvp": { - "name": "_wspawnvp", + "pthread_mutex_trylock": { + "name": "pthread_mutex_trylock", "annotation": [ [], - [], - [ - "TaintSink::Execute" - ], [ - "TaintSink::Execute" + "InitNull::!=0" ] ], "properties": [] }, - "_wspawnvpe": { - "name": "_wspawnvpe", + "putc": { + "name": "putc", "annotation": [ [], [], [ - "TaintSink::Execute" - ], - [ - "TaintSink::Execute" - ], - [ - "TaintSink::Execute" + "Deref" ] ], "properties": [] }, - "_wsystem": { - "name": "_wsystem", + "puts": { + "name": "puts", "annotation": [ [], [ - "TaintSink::Execute" + "Deref" ] ], "properties": [] }, - "abort": { - "name": "abort", - "annotation": [ - [] - ], - "properties": [] - }, - "abs": { - "name": "abs", + "qsort": { + "name": "qsort", "annotation": [ + [], [ - "TaintPropagation::UntrustedSource:1" + "Deref" ], + [], + [], [] ], "properties": [] }, - "acos": { - "name": "acos", + "rawmemchr": { + "name": "rawmemchr", "annotation": [ [ + "InitNull", "TaintPropagation::UntrustedSource:1" ], - [] - ], - "properties": [] - }, - "acosf": { - "name": "acosf", - "annotation": [ [ - "TaintPropagation::UntrustedSource:1" + "Deref" ], + [], [] ], "properties": [] }, - "acosh": { - "name": "acosh", + "realloc": { + "name": "realloc", "annotation": [ [ - "TaintPropagation::UntrustedSource:1" + "AllocSource::1", + "InitNull" ], + [], [] ], "properties": [] }, - "acoshf": { - "name": "acoshf", + "setbuf": { + "name": "setbuf", "annotation": [ + [], [ - "TaintPropagation::UntrustedSource:1" + "Deref" ], [] ], "properties": [] }, - "acoshl": { - "name": "acoshl", + "setlocale": { + "name": "setlocale", "annotation": [ [ - "TaintPropagation::UntrustedSource:1" + "InitNull" ], + [], [] ], "properties": [] }, - "acosl": { - "name": "acosl", + "snprintf": { + "name": "snprintf", "annotation": [ + [], [ - "TaintPropagation::UntrustedSource:1" + "Deref", + "TaintPropagation::UntrustedSource:4" ], - [] + [], + [ + "TaintSink::FormatString" + ] ], "properties": [] }, - "asin": { - "name": "asin", + "snprintf_s": { + "name": "snprintf_s", "annotation": [ + [], [ - "TaintPropagation::UntrustedSource:1" + "Deref", + "TaintPropagation::UntrustedSource:4" ], - [] + [], + [ + "TaintSink::FormatString" + ] ], "properties": [] }, - "asinf": { - "name": "asinf", + "snwprintf": { + "name": "snwprintf", "annotation": [ + [], [ - "TaintPropagation::UntrustedSource:1" + "Deref" ], - [] + [], + [ + "TaintSink::FormatString" + ] ], "properties": [] }, - "asinh": { - "name": "asinh", + "sprintf": { + "name": "sprintf", "annotation": [ [ "TaintPropagation::UntrustedSource:1" ], - [] - ], - "properties": [] - }, - "asinhf": { - "name": "asinhf", - "annotation": [ [ - "TaintPropagation::UntrustedSource:1" + "Deref", + "TaintPropagation::UntrustedSource:3" ], - [] + [ + "TaintSink::FormatString" + ] ], "properties": [] }, - "asinhl": { - "name": "asinhl", + "sprintf_s": { + "name": "sprintf_s", "annotation": [ [ "TaintPropagation::UntrustedSource:1" ], - [] + [ + "Deref", + "TaintPropagation::UntrustedSource:4" + ], + [], + [ + "TaintSink::FormatString" + ] ], "properties": [] }, - "asinl": { - "name": "asinl", + "sscanf": { + "name": "sscanf", "annotation": [ [ - "TaintPropagation::UntrustedSource:1" + "TaintOutput::UntrustedSource" ], - [] + [ + "Deref" + ], + [ + "TaintSink::FormatString" + ], + [ + "TaintPropagation::UntrustedSource:1" + ] ], "properties": [] }, - "atan": { - "name": "atan", + "sscanf_s": { + "name": "sscanf_s", "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [ + "Deref" + ], + [ + "TaintSink::FormatString" + ], [ "TaintPropagation::UntrustedSource:1" ], @@ -1153,92 +1071,67 @@ ], "properties": [] }, - "atan2": { - "name": "atan2", + "std::from_chars": { + "name": "std::from_chars", "annotation": [ [ "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" + "TaintPropagation::UntrustedSource:4" + ], + [ + "Deref" ], [], - [] - ], - "properties": [] - }, - "atan2l": { - "name": "atan2l", - "annotation": [ [ "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" + "TaintPropagation::UntrustedSource:4" ], [] ], "properties": [] }, - "atanf": { - "name": "atanf", + "std::to_chars": { + "name": "std::to_chars", "annotation": [ [ - "TaintPropagation::UntrustedSource:1" + "TaintPropagation::UntrustedSource:3", + "TaintPropagation::UntrustedSource:4" ], - [] - ], - "properties": [] - }, - "atanh": { - "name": "atanh", - "annotation": [ [ - "TaintPropagation::UntrustedSource:1" + "Deref", + "TaintPropagation::UntrustedSource:3", + "TaintPropagation::UntrustedSource:4" ], + [], + [], [] ], "properties": [] }, - "atanhf": { - "name": "atanhf", + "stpcpy": { + "name": "stpcpy", "annotation": [ [ - "TaintPropagation::UntrustedSource:1" + "TaintPropagation::UntrustedSource:2" ], - [] - ], - "properties": [] - }, - "atanhl": { - "name": "atanhl", - "annotation": [ [ - "TaintPropagation::UntrustedSource:1" + "Deref", + "TaintPropagation::UntrustedSource:2" ], [] ], "properties": [] }, - "atanl": { - "name": "atanl", + "strcat": { + "name": "strcat", "annotation": [ [ - "TaintPropagation::UntrustedSource:1" + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" ], - [] - ], - "properties": [] - }, - "atexit": { - "name": "atexit", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "atof": { - "name": "atof", - "annotation": [ [ - "TaintPropagation::UntrustedSource:1" + "Deref", + "TaintPropagation::UntrustedSource:2" ], [ "Deref" @@ -1246,11526 +1139,431 @@ ], "properties": [] }, - "atoi": { - "name": "atoi", + "strcat_s": { + "name": "strcat_s", "annotation": [ [ - "TaintPropagation::UntrustedSource:1" + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:3" + ], + [ + "Deref", + "TaintPropagation::UntrustedSource:3" ], + [], [ "Deref" ] ], "properties": [] }, - "atol": { - "name": "atol", + "strchr": { + "name": "strchr", "annotation": [ [ + "InitNull", "TaintPropagation::UntrustedSource:1" ], [ "Deref" - ] + ], + [] ], "properties": [] }, - "atoll": { - "name": "atoll", + "strchrnul": { + "name": "strchrnul", "annotation": [ [ "TaintPropagation::UntrustedSource:1" ], [ "Deref" - ] - ], - "properties": [] - }, - "_ZSt13back_inserterINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEESt20back_insert_iteratorIT_ERS7_": { - "name": "back_inserter", - "annotation": [ - [ - "CreateObject", - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "_ZNKSt9bad_alloc4whatEv": { - "name": "bad_alloc::what", - "annotation": [ - [] - ], - "properties": [] - }, - "_ZNKSt20bad_array_new_length4whatEv": { - "name": "bad_array_new_length::what", - "annotation": [ - [] - ], - "properties": [] - }, - "_ZNKSt8bad_cast4whatEv": { - "name": "bad_cast::what", - "annotation": [ - [] - ], - "properties": [] - }, - "_ZNKSt13bad_exception4whatEv": { - "name": "bad_exception::what", - "annotation": [ - [] - ], - "properties": [] - }, - "_ZNKSt10bad_typeid4whatEv": { - "name": "bad_typeid::what", - "annotation": [ - [] - ], - "properties": [] - }, - "basename": { - "name": "basename", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "_ZNSi6ignoreEx": { - "name": "basic_istream::ignore", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNSi6ignoreExi": { - "name": "basic_istream::ignore", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "_ZNSt13basic_istreamIwSt11char_traitsIwEE6ignoreEx": { - "name": "basic_istream::ignore", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNSt13basic_istreamIwSt11char_traitsIwEE6ignoreExt": { - "name": "basic_istream::ignore", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEC1EOS4_": { - "name": "basic_string::basic_string", - "annotation": [ - [ - "CreateObject", - "StringFunc", - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEC1EPKcRKS3_": { - "name": "basic_string::basic_string", - "annotation": [ - [ - "CreateObject", - "StringFunc", - "TaintPropagation::UntrustedSource:2" - ], - [], - [], - [] - ], - "properties": [] - }, - "_ZNSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEEC1EPKwRKS3_": { - "name": "basic_string::basic_string", - "annotation": [ - [ - "CreateObject", - "StringFunc", - "TaintPropagation::UntrustedSource:2" - ], - [], - [], - [] - ], - "properties": [] - }, - "_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE5c_strEv": { - "name": "basic_string::c_str", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "_ZNKSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEE5c_strEv": { - "name": "basic_string::c_str", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE5clearEv": { - "name": "basic_string::clear", - "annotation": [ - [] - ], - "properties": [] - }, - "_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE4dataEv": { - "name": "basic_string::data", - "annotation": [ - [] - ], - "properties": [] - }, - "_ZNKSt7__cxx1112basic_stringIDiSt11char_traitsIDiESaIDiEE4dataEv": { - "name": "basic_string::data", - "annotation": [ - [] - ], - "properties": [] - }, - "_ZNKSt7__cxx1112basic_stringIDsSt11char_traitsIDsESaIDsEE4dataEv": { - "name": "basic_string::data", - "annotation": [ - [] - ], - "properties": [] - }, - "_ZNKSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEE4dataEv": { - "name": "basic_string::data", - "annotation": [ - [] - ], - "properties": [] - }, - "_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE6lengthEv": { - "name": "basic_string::length", - "annotation": [ - [] - ], - "properties": [] - }, - "_ZNKSt7__cxx1112basic_stringIDiSt11char_traitsIDiESaIDiEE6lengthEv": { - "name": "basic_string::length", - "annotation": [ - [] - ], - "properties": [] - }, - "_ZNKSt7__cxx1112basic_stringIDsSt11char_traitsIDsESaIDsEE6lengthEv": { - "name": "basic_string::length", - "annotation": [ - [] - ], - "properties": [] - }, - "_ZNKSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEE6lengthEv": { - "name": "basic_string::length", - "annotation": [ - [] - ], - "properties": [] - }, - "_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEpLEc": { - "name": "basic_string::operator+=", - "annotation": [ - [], - [ - "TaintPropagation::UntrustedSource:2" - ], - [] - ], - "properties": [] - }, - "_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEpLERKS4_": { - "name": "basic_string::operator+=", - "annotation": [ - [], - [ - "TaintPropagation::UntrustedSource:2" - ], - [] - ], - "properties": [] - }, - "_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEixEy": { - "name": "basic_string::operator[]", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE7reserveEy": { - "name": "basic_string::reserve", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE4sizeEv": { - "name": "basic_string::size", - "annotation": [ - [] - ], - "properties": [] - }, - "_ZNKSt17basic_string_viewIcSt11char_traitsIcEE4dataEv": { - "name": "basic_string_view::data", - "annotation": [ - [] - ], - "properties": [] - }, - "_ZNKSt17basic_string_viewIDiSt11char_traitsIDiEE4dataEv": { - "name": "basic_string_view::data", - "annotation": [ - [] - ], - "properties": [] - }, - "_ZNKSt17basic_string_viewIDsSt11char_traitsIDsEE4dataEv": { - "name": "basic_string_view::data", - "annotation": [ - [] - ], - "properties": [] - }, - "_ZNKSt17basic_string_viewIwSt11char_traitsIwEE4dataEv": { - "name": "basic_string_view::data", - "annotation": [ - [] - ], - "properties": [] - }, - "_ZNKSt17basic_string_viewIcSt11char_traitsIcEE6lengthEv": { - "name": "basic_string_view::length", - "annotation": [ - [] - ], - "properties": [] - }, - "_ZNKSt17basic_string_viewIDiSt11char_traitsIDiEE6lengthEv": { - "name": "basic_string_view::length", - "annotation": [ - [] - ], - "properties": [] - }, - "_ZNKSt17basic_string_viewIDsSt11char_traitsIDsEE6lengthEv": { - "name": "basic_string_view::length", - "annotation": [ - [] - ], - "properties": [] - }, - "_ZNKSt17basic_string_viewIwSt11char_traitsIwEE6lengthEv": { - "name": "basic_string_view::length", - "annotation": [ - [] - ], - "properties": [] - }, - "bcmp": { - "name": "bcmp", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [ - "Deref" - ], - [ - "Deref" - ], - [] - ], - "properties": [] - }, - "_ZSt9boolalphaRSt8ios_base": { - "name": "boolalpha", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "bsearch": { - "name": "bsearch", - "annotation": [ - [], - [], - [], - [], - [], - [] - ], - "properties": [] - }, - "btowc": { - "name": "btowc", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "cabf": { - "name": "cabf", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "cabl": { - "name": "cabl", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "cabs": { - "name": "cabs", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "cacos": { - "name": "cacos", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "cacosf": { - "name": "cacosf", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "cacosh": { - "name": "cacosh", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "cacoshf": { - "name": "cacoshf", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "cacoshl": { - "name": "cacoshl", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "cacosl": { - "name": "cacosl", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "calloc": { - "name": "calloc", - "annotation": [ - [ - "AllocSource::1", - "ZeroMemory", - "InitNull" - ], - [ - "AllocSize" - ], - [ - "AllocSize" - ] - ], - "properties": [] - }, - "canonicalize": { - "name": "canonicalize", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [], - [] - ], - "properties": [] - }, - "canonicalizef": { - "name": "canonicalizef", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [], - [] - ], - "properties": [] - }, - "canonicalizel": { - "name": "canonicalizel", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [], - [] - ], - "properties": [] - }, - "carg": { - "name": "carg", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "cargf": { - "name": "cargf", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "cargl": { - "name": "cargl", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "casin": { - "name": "casin", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "casinf": { - "name": "casinf", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "casinh": { - "name": "casinh", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "casinhf": { - "name": "casinhf", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "casinhl": { - "name": "casinhl", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "casinl": { - "name": "casinl", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "catan": { - "name": "catan", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "catanf": { - "name": "catanf", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "catanh": { - "name": "catanh", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "catanhf": { - "name": "catanhf", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "catanhl": { - "name": "catanhl", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "catanl": { - "name": "catanl", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "cbrt": { - "name": "cbrt", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "cbrtf": { - "name": "cbrtf", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "cbrtl": { - "name": "cbrtl", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "ccosh": { - "name": "ccosh", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "ccoshf": { - "name": "ccoshf", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "ccoshl": { - "name": "ccoshl", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "ceil": { - "name": "ceil", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "ceilf": { - "name": "ceilf", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "ceill": { - "name": "ceill", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "cexp": { - "name": "cexp", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "cexpf": { - "name": "cexpf", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "cexpl": { - "name": "cexpl", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "_ZNSt11char_traitsIcE6assignEPcyc": { - "name": "char_traits::assign", - "annotation": [ - [], - [], - [], - [] - ], - "properties": [] - }, - "_ZNSt11char_traitsIcE6assignERcRKc": { - "name": "char_traits::assign", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "_ZNSt11char_traitsIDiE6assignEPDiyDi": { - "name": "char_traits::assign", - "annotation": [ - [], - [], - [], - [] - ], - "properties": [] - }, - "_ZNSt11char_traitsIDiE6assignERDiRKDi": { - "name": "char_traits::assign", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "_ZNSt11char_traitsIDsE6assignEPDsyDs": { - "name": "char_traits::assign", - "annotation": [ - [], - [], - [], - [] - ], - "properties": [] - }, - "_ZNSt11char_traitsIDsE6assignERDsRKDs": { - "name": "char_traits::assign", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "_ZNSt11char_traitsIwE6assignEPwyw": { - "name": "char_traits::assign", - "annotation": [ - [], - [], - [], - [] - ], - "properties": [] - }, - "_ZNSt11char_traitsIwE6assignERwRKw": { - "name": "char_traits::assign", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "_ZN9__gnu_cxx11char_traitsIcE7compareEPKcS3_y": { - "name": "char_traits::compare", - "annotation": [ - [], - [], - [], - [] - ], - "properties": [] - }, - "_ZN9__gnu_cxx11char_traitsIwE7compareEPKwS3_y": { - "name": "char_traits::compare", - "annotation": [ - [], - [], - [], - [] - ], - "properties": [] - }, - "_ZNSt11char_traitsIcE7compareEPKcS2_y": { - "name": "char_traits::compare", - "annotation": [ - [], - [], - [], - [] - ], - "properties": [] - }, - "_ZNSt11char_traitsIDiE7compareEPKDiS2_y": { - "name": "char_traits::compare", - "annotation": [ - [], - [], - [], - [] - ], - "properties": [] - }, - "_ZNSt11char_traitsIDsE7compareEPKDsS2_y": { - "name": "char_traits::compare", - "annotation": [ - [], - [], - [], - [] - ], - "properties": [] - }, - "_ZNSt11char_traitsIwE7compareEPKwS2_y": { - "name": "char_traits::compare", - "annotation": [ - [], - [], - [], - [] - ], - "properties": [] - }, - "_ZNSt11char_traitsIcE4copyEPcPKcy": { - "name": "char_traits::copy", - "annotation": [ - [], - [], - [], - [] - ], - "properties": [] - }, - "_ZNSt11char_traitsIDiE4copyEPDiPKDiy": { - "name": "char_traits::copy", - "annotation": [ - [], - [], - [], - [] - ], - "properties": [] - }, - "_ZNSt11char_traitsIDsE4copyEPDsPKDsy": { - "name": "char_traits::copy", - "annotation": [ - [], - [], - [], - [] - ], - "properties": [] - }, - "_ZNSt11char_traitsIwE4copyEPwPKwy": { - "name": "char_traits::copy", - "annotation": [ - [], - [], - [], - [] - ], - "properties": [] - }, - "_ZNSt11char_traitsIcE3eofEv": { - "name": "char_traits::eof", - "annotation": [ - [] - ], - "properties": [] - }, - "_ZNSt11char_traitsIDiE3eofEv": { - "name": "char_traits::eof", - "annotation": [ - [] - ], - "properties": [] - }, - "_ZNSt11char_traitsIDsE3eofEv": { - "name": "char_traits::eof", - "annotation": [ - [] - ], - "properties": [] - }, - "_ZNSt11char_traitsIwE3eofEv": { - "name": "char_traits::eof", - "annotation": [ - [] - ], - "properties": [] - }, - "_ZNSt11char_traitsIcE2eqERKcS2_": { - "name": "char_traits::eq", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "_ZNSt11char_traitsIDiE2eqERKDiS2_": { - "name": "char_traits::eq", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "_ZNSt11char_traitsIDsE2eqERKDsS2_": { - "name": "char_traits::eq", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "_ZNSt11char_traitsIwE2eqERKwS2_": { - "name": "char_traits::eq", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "_ZNSt11char_traitsIcE11eq_int_typeERKiS2_": { - "name": "char_traits::eq_int_type", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "_ZNSt11char_traitsIDiE11eq_int_typeERKjS2_": { - "name": "char_traits::eq_int_type", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "_ZNSt11char_traitsIDsE11eq_int_typeERKtS2_": { - "name": "char_traits::eq_int_type", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "_ZNSt11char_traitsIwE11eq_int_typeERKtS2_": { - "name": "char_traits::eq_int_type", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "_ZN9__gnu_cxx11char_traitsIcE4findEPKcyRS2_": { - "name": "char_traits::find", - "annotation": [ - [], - [], - [], - [] - ], - "properties": [] - }, - "_ZN9__gnu_cxx11char_traitsIwE4findEPKwyRS2_": { - "name": "char_traits::find", - "annotation": [ - [], - [], - [], - [] - ], - "properties": [] - }, - "_ZNSt11char_traitsIcE4findEPKcyRS1_": { - "name": "char_traits::find", - "annotation": [ - [], - [], - [], - [] - ], - "properties": [] - }, - "_ZNSt11char_traitsIDiE4findEPKDiyRS1_": { - "name": "char_traits::find", - "annotation": [ - [], - [], - [], - [] - ], - "properties": [] - }, - "_ZNSt11char_traitsIDsE4findEPKDsyRS1_": { - "name": "char_traits::find", - "annotation": [ - [], - [], - [], - [] - ], - "properties": [] - }, - "_ZNSt11char_traitsIwE4findEPKwyRS1_": { - "name": "char_traits::find", - "annotation": [ - [], - [], - [], - [] - ], - "properties": [] - }, - "_ZN9__gnu_cxx11char_traitsIcE6lengthEPKc": { - "name": "char_traits::length", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZN9__gnu_cxx11char_traitsIwE6lengthEPKw": { - "name": "char_traits::length", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNSt11char_traitsIcE6lengthEPKc": { - "name": "char_traits::length", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNSt11char_traitsIDiE6lengthEPKDi": { - "name": "char_traits::length", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNSt11char_traitsIDsE6lengthEPKDs": { - "name": "char_traits::length", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNSt11char_traitsIwE6lengthEPKw": { - "name": "char_traits::length", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNSt11char_traitsIcE2ltERKcS2_": { - "name": "char_traits::lt", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "_ZNSt11char_traitsIDiE2ltERKDiS2_": { - "name": "char_traits::lt", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "_ZNSt11char_traitsIDsE2ltERKDsS2_": { - "name": "char_traits::lt", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "_ZNSt11char_traitsIwE2ltERKwS2_": { - "name": "char_traits::lt", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "_ZNSt11char_traitsIcE4moveEPcPKcy": { - "name": "char_traits::move", - "annotation": [ - [], - [], - [], - [] - ], - "properties": [] - }, - "_ZNSt11char_traitsIDiE4moveEPDiPKDiy": { - "name": "char_traits::move", - "annotation": [ - [], - [], - [], - [] - ], - "properties": [] - }, - "_ZNSt11char_traitsIDsE4moveEPDsPKDsy": { - "name": "char_traits::move", - "annotation": [ - [], - [], - [], - [] - ], - "properties": [] - }, - "_ZNSt11char_traitsIwE4moveEPwPKwy": { - "name": "char_traits::move", - "annotation": [ - [], - [], - [], - [] - ], - "properties": [] - }, - "_ZNSt11char_traitsIcE7not_eofERKi": { - "name": "char_traits::not_eof", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNSt11char_traitsIDiE7not_eofERKj": { - "name": "char_traits::not_eof", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNSt11char_traitsIDsE7not_eofERKt": { - "name": "char_traits::not_eof", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNSt11char_traitsIwE7not_eofERKt": { - "name": "char_traits::not_eof", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNSt11char_traitsIcE12to_char_typeERKi": { - "name": "char_traits::to_char_type", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNSt11char_traitsIDiE12to_char_typeERKj": { - "name": "char_traits::to_char_type", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNSt11char_traitsIDsE12to_char_typeERKt": { - "name": "char_traits::to_char_type", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNSt11char_traitsIwE12to_char_typeERKt": { - "name": "char_traits::to_char_type", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNSt11char_traitsIcE11to_int_typeERKc": { - "name": "char_traits::to_int_type", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNSt11char_traitsIDiE11to_int_typeERKDi": { - "name": "char_traits::to_int_type", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNSt11char_traitsIDsE11to_int_typeERKDs": { - "name": "char_traits::to_int_type", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNSt11char_traitsIwE11to_int_typeERKw": { - "name": "char_traits::to_int_type", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "cimag": { - "name": "cimag", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "cimagf": { - "name": "cimagf", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "cimagl": { - "name": "cimagl", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "clearerr": { - "name": "clearerr", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "clearerr_s": { - "name": "clearerr_s", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "clog": { - "name": "clog", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "clog10": { - "name": "clog10", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "clog10f": { - "name": "clog10f", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "clog10l": { - "name": "clog10l", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "clogf": { - "name": "clogf", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "clogl": { - "name": "clogl", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "close": { - "name": "close", - "annotation": [ - [], - [ - "FreeDescriptor::1" - ] - ], - "properties": [] - }, - "conj": { - "name": "conj", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "conjf": { - "name": "conjf", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "conjl": { - "name": "conjl", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "copysign": { - "name": "copysign", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [], - [] - ], - "properties": [] - }, - "copysignf": { - "name": "copysignf", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [], - [] - ], - "properties": [] - }, - "copysignl": { - "name": "copysignl", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [], - [] - ], - "properties": [] - }, - "cosh": { - "name": "cosh", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "coshf": { - "name": "coshf", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "coshl": { - "name": "coshl", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "cpow": { - "name": "cpow", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "cpowf": { - "name": "cpowf", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "cpowl": { - "name": "cpowl", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "cproj": { - "name": "cproj", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "cprojf": { - "name": "cprojf", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "cprojl": { - "name": "cprojl", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "creal": { - "name": "creal", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "crealf": { - "name": "crealf", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "creall": { - "name": "creall", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "CreateProcessA": { - "name": "CreateProcessA", - "annotation": [ - [], - [ - "TaintSink::Execute" - ], - [ - "TaintSink::Execute" - ], - [], - [], - [], - [], - [ - "TaintSink::Execute" - ], - [ - "TaintSink::Execute" - ], - [], - [] - ], - "properties": [] - }, - "CreateProcessAsUserA": { - "name": "CreateProcessAsUserA", - "annotation": [ - [], - [], - [ - "TaintSink::Execute" - ], - [ - "TaintSink::Execute" - ], - [], - [], - [], - [], - [ - "TaintSink::Execute" - ], - [ - "TaintSink::Execute" - ], - [], - [] - ], - "properties": [] - }, - "CreateProcessAsUserW": { - "name": "CreateProcessAsUserW", - "annotation": [ - [], - [], - [ - "TaintSink::Execute" - ], - [ - "TaintSink::Execute" - ], - [], - [], - [], - [], - [ - "TaintSink::Execute" - ], - [ - "TaintSink::Execute" - ], - [], - [] - ], - "properties": [] - }, - "CreateProcessW": { - "name": "CreateProcessW", - "annotation": [ - [], - [ - "TaintSink::Execute" - ], - [ - "TaintSink::Execute" - ], - [], - [], - [], - [], - [ - "TaintSink::Execute" - ], - [ - "TaintSink::Execute" - ], - [], - [] - ], - "properties": [] - }, - "CreateProcessWithLogonW": { - "name": "CreateProcessWithLogonW", - "annotation": [ - [], - [], - [], - [], - [], - [ - "TaintSink::Execute" - ], - [ - "TaintSink::Execute" - ], - [], - [ - "TaintSink::Execute" - ], - [ - "TaintSink::Execute" - ], - [], - [] - ], - "properties": [] - }, - "CreateProcessWithTokenW": { - "name": "CreateProcessWithTokenW", - "annotation": [ - [], - [], - [], - [ - "TaintSink::Execute" - ], - [ - "TaintSink::Execute" - ], - [], - [ - "TaintSink::Execute" - ], - [ - "TaintSink::Execute" - ], - [], - [] - ], - "properties": [] - }, - "csinh": { - "name": "csinh", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "csinhf": { - "name": "csinhf", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "csinhl": { - "name": "csinhl", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "csqrt": { - "name": "csqrt", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "csqrtf": { - "name": "csqrtf", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "csqrtl": { - "name": "csqrtl", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "ctanh": { - "name": "ctanh", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "ctanhf": { - "name": "ctanhf", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "ctanhl": { - "name": "ctanhl", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "_ZNSt5ctypeIcE13classic_tableEv": { - "name": "ctype::classic_table", - "annotation": [ - [] - ], - "properties": [] - }, - "_ZNKSt5ctypeIwE5do_isEPKwS2_Pt": { - "name": "ctype::do_is", - "annotation": [ - [], - [], - [], - [] - ], - "properties": [] - }, - "_ZNKSt5ctypeIwE5do_isEtw": { - "name": "ctype::do_is", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "_ZNKSt5ctypeIcE9do_narrowEcc": { - "name": "ctype::do_narrow", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "_ZNKSt5ctypeIcE9do_narrowEPKcS2_cPc": { - "name": "ctype::do_narrow", - "annotation": [ - [], - [], - [], - [], - [] - ], - "properties": [] - }, - "_ZNKSt5ctypeIwE9do_narrowEPKwS2_cPc": { - "name": "ctype::do_narrow", - "annotation": [ - [], - [], - [], - [], - [] - ], - "properties": [] - }, - "_ZNKSt5ctypeIwE9do_narrowEwc": { - "name": "ctype::do_narrow", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "_ZNKSt5ctypeIwE10do_scan_isEtPKwS2_": { - "name": "ctype::do_scan_is", - "annotation": [ - [], - [], - [], - [] - ], - "properties": [] - }, - "_ZNKSt5ctypeIwE11do_scan_notEtPKwS2_": { - "name": "ctype::do_scan_not", - "annotation": [ - [], - [], - [], - [] - ], - "properties": [] - }, - "_ZNKSt5ctypeIcE10do_tolowerEc": { - "name": "ctype::do_tolower", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNKSt5ctypeIcE10do_tolowerEPcPKc": { - "name": "ctype::do_tolower", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "_ZNKSt5ctypeIwE10do_tolowerEPwPKw": { - "name": "ctype::do_tolower", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "_ZNKSt5ctypeIwE10do_tolowerEw": { - "name": "ctype::do_tolower", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNKSt5ctypeIcE10do_toupperEc": { - "name": "ctype::do_toupper", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNKSt5ctypeIcE10do_toupperEPcPKc": { - "name": "ctype::do_toupper", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "_ZNKSt5ctypeIwE10do_toupperEPwPKw": { - "name": "ctype::do_toupper", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "_ZNKSt5ctypeIwE10do_toupperEw": { - "name": "ctype::do_toupper", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNKSt5ctypeIcE8do_widenEc": { - "name": "ctype::do_widen", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNKSt5ctypeIcE8do_widenEPKcS2_Pc": { - "name": "ctype::do_widen", - "annotation": [ - [], - [], - [], - [] - ], - "properties": [] - }, - "_ZNKSt5ctypeIwE8do_widenEc": { - "name": "ctype::do_widen", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNKSt5ctypeIwE8do_widenEPKcS2_Pw": { - "name": "ctype::do_widen", - "annotation": [ - [], - [], - [], - [] - ], - "properties": [] - }, - "_ZNKSt5ctypeIcE2isEPKcS2_Pt": { - "name": "ctype::is", - "annotation": [ - [], - [], - [], - [] - ], - "properties": [] - }, - "_ZNKSt5ctypeIcE2isEtc": { - "name": "ctype::is", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "_ZNKSt5ctypeIcE6narrowEcc": { - "name": "ctype::narrow", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "_ZNKSt5ctypeIcE6narrowEPKcS2_cPc": { - "name": "ctype::narrow", - "annotation": [ - [], - [], - [], - [], - [] - ], - "properties": [] - }, - "_ZNKSt5ctypeIcE7scan_isEtPKcS2_": { - "name": "ctype::scan_is", - "annotation": [ - [], - [], - [], - [] - ], - "properties": [] - }, - "_ZNKSt5ctypeIcE8scan_notEtPKcS2_": { - "name": "ctype::scan_not", - "annotation": [ - [], - [], - [], - [] - ], - "properties": [] - }, - "_ZNKSt5ctypeIcE5tableEv": { - "name": "ctype::table", - "annotation": [ - [] - ], - "properties": [] - }, - "_ZNKSt5ctypeIcE7tolowerEc": { - "name": "ctype::tolower", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNKSt5ctypeIcE7tolowerEPcPKc": { - "name": "ctype::tolower", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "_ZNKSt5ctypeIcE7toupperEc": { - "name": "ctype::toupper", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNKSt5ctypeIcE7toupperEPcPKc": { - "name": "ctype::toupper", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "_ZNKSt5ctypeIcE5widenEc": { - "name": "ctype::widen", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNKSt5ctypeIcE5widenEPKcS2_Pc": { - "name": "ctype::widen", - "annotation": [ - [], - [], - [], - [] - ], - "properties": [] - }, - "_ZSt17current_exceptionv": { - "name": "current_exception", - "annotation": [ - [] - ], - "properties": [] - }, - "cwait": { - "name": "cwait", - "annotation": [ - [], - [], - [], - [] - ], - "properties": [] - }, - "daddl": { - "name": "daddl", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [] - ], - "properties": [] - }, - "ddivl": { - "name": "ddivl", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [] - ], - "properties": [] - }, - "_ZSt3decRSt8ios_base": { - "name": "dec", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZSt12defaultfloatRSt8ios_base": { - "name": "defaultfloat", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "dfmal": { - "name": "dfmal", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [] - ], - "properties": [] - }, - "dirname": { - "name": "dirname", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "_ZN9__gnu_cxx3divExx": { - "name": "div", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "_ZSt3divll": { - "name": "div", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "div": { - "name": "div", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "dmull": { - "name": "dmull", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [] - ], - "properties": [] - }, - "dpax_popen_s": { - "name": "dpax_popen_s", - "annotation": [ - [], - [ - "TaintSink::Execute" - ], - [ - "TaintSink::Execute" - ], - [] - ], - "properties": [] - }, - "dpax_system_s": { - "name": "dpax_system_s", - "annotation": [ - [], - [ - "TaintSink::Execute" - ], - [] - ], - "properties": [] - }, - "drem": { - "name": "drem", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [] - ], - "properties": [] - }, - "dremf": { - "name": "dremf", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [] - ], - "properties": [] - }, - "dreml": { - "name": "dreml", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [] - ], - "properties": [] - }, - "dsqrtl": { - "name": "dsqrtl", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [] - ], - "properties": [] - }, - "dsubl": { - "name": "dsubl", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [] - ], - "properties": [] - }, - "ecvt": { - "name": "ecvt", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2", - "TaintPropagation::UntrustedSource:3", - "TaintPropagation::UntrustedSource:4" - ], - [], - [], - [], - [] - ], - "properties": [] - }, - "erf": { - "name": "erf", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "erfc": { - "name": "erfc", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "erfcf": { - "name": "erfcf", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "erfcl": { - "name": "erfcl", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "erff": { - "name": "erff", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "erfl": { - "name": "erfl", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "_ZNKSt3_V214error_category23default_error_conditionEi": { - "name": "error_category::default_error_condition", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNKSt3_V214error_category10equivalentEiRKSt15error_condition": { - "name": "error_category::equivalent", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "_ZNKSt3_V214error_category10equivalentERKSt10error_codei": { - "name": "error_category::equivalent", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "_ZNKSt3_V214error_category7messageB5cxx11Ei": { - "name": "error_category::message", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNKSt3_V214error_category4nameEv": { - "name": "error_category::name", - "annotation": [ - [] - ], - "properties": [] - }, - "_ZNKSt3_V214error_categoryneERKS0_": { - "name": "error_category::operator!=", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNKSt3_V214error_categoryltERKS0_": { - "name": "error_category::operator<", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNKSt3_V214error_categoryeqERKS0_": { - "name": "error_category::operator==", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNSt10error_code6assignEiRKNSt3_V214error_categoryE": { - "name": "error_code::assign", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "_ZNKSt10error_code8categoryEv": { - "name": "error_code::category", - "annotation": [ - [] - ], - "properties": [] - }, - "_ZNSt10error_code5clearEv": { - "name": "error_code::clear", - "annotation": [ - [] - ], - "properties": [] - }, - "_ZNKSt10error_code23default_error_conditionEv": { - "name": "error_code::default_error_condition", - "annotation": [ - [] - ], - "properties": [] - }, - "_ZNKSt10error_code7messageB5cxx11Ev": { - "name": "error_code::message", - "annotation": [ - [] - ], - "properties": [] - }, - "_ZNKSt10error_code5valueEv": { - "name": "error_code::value", - "annotation": [ - [] - ], - "properties": [] - }, - "_ZNSt15error_condition6assignEiRKNSt3_V214error_categoryE": { - "name": "error_condition::assign", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "_ZNKSt15error_condition8categoryEv": { - "name": "error_condition::category", - "annotation": [ - [] - ], - "properties": [] - }, - "_ZNSt15error_condition5clearEv": { - "name": "error_condition::clear", - "annotation": [ - [] - ], - "properties": [] - }, - "_ZNKSt15error_condition7messageB5cxx11Ev": { - "name": "error_condition::message", - "annotation": [ - [] - ], - "properties": [] - }, - "_ZNKSt15error_condition5valueEv": { - "name": "error_condition::value", - "annotation": [ - [] - ], - "properties": [] - }, - "_ZNKSt9exception4whatEv": { - "name": "exception::what", - "annotation": [ - [] - ], - "properties": [] - }, - "_ZNSt15__exception_ptr13exception_ptr4swapERS0_": { - "name": "exception_ptr::swap", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "execl": { - "name": "execl", - "annotation": [ - [], - [ - "TaintSink::Execute" - ], - [ - "TaintSink::Execute" - ], - [ - "TaintSink::Execute" - ] - ], - "properties": [] - }, - "execle": { - "name": "execle", - "annotation": [ - [], - [ - "TaintSink::Execute" - ], - [ - "TaintSink::Execute" - ], - [ - "TaintSink::Execute" - ] - ], - "properties": [] - }, - "execlp": { - "name": "execlp", - "annotation": [ - [], - [ - "TaintSink::Execute" - ], - [ - "TaintSink::Execute" - ], - [ - "TaintSink::Execute" - ] - ], - "properties": [] - }, - "execlpe": { - "name": "execlpe", - "annotation": [ - [], - [ - "TaintSink::Execute" - ], - [ - "TaintSink::Execute" - ], - [ - "TaintSink::Execute" - ] - ], - "properties": [] - }, - "execv": { - "name": "execv", - "annotation": [ - [], - [ - "TaintSink::Execute" - ], - [ - "TaintSink::Execute" - ] - ], - "properties": [] - }, - "execve": { - "name": "execve", - "annotation": [ - [], - [ - "TaintSink::Execute" - ], - [ - "TaintSink::Execute" - ], - [ - "TaintSink::Execute" - ] - ], - "properties": [] - }, - "execvp": { - "name": "execvp", - "annotation": [ - [], - [ - "TaintSink::Execute" - ], - [ - "TaintSink::Execute" - ] - ], - "properties": [] - }, - "execvpe": { - "name": "execvpe", - "annotation": [ - [], - [ - "TaintSink::Execute" - ], - [ - "TaintSink::Execute" - ], - [ - "TaintSink::Execute" - ] - ], - "properties": [] - }, - "exit": { - "name": "exit", - "annotation": [ - [ - "NoReturn" - ], - [] - ], - "properties": [] - }, - "exp": { - "name": "exp", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "exp10": { - "name": "exp10", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "exp10f": { - "name": "exp10f", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "exp10l": { - "name": "exp10l", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "exp2": { - "name": "exp2", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "exp2f": { - "name": "exp2f", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "exp2l": { - "name": "exp2l", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "expf": { - "name": "expf", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "expl": { - "name": "expl", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "expm1": { - "name": "expm1", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "expm1f": { - "name": "expm1f", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "expm1l": { - "name": "expm1l", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "fabs": { - "name": "fabs", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "fabsf": { - "name": "fabsf", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "fabsl": { - "name": "fabsl", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "fadd": { - "name": "fadd", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [] - ], - "properties": [] - }, - "faddl": { - "name": "faddl", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [] - ], - "properties": [] - }, - "fclose": { - "name": "fclose", - "annotation": [ - [], - [ - "Deref", - "FreeDescriptor::1" - ] - ], - "properties": [] - }, - "fcloseall": { - "name": "fcloseall", - "annotation": [ - [] - ], - "properties": [] - }, - "fcvt": { - "name": "fcvt", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2", - "TaintPropagation::UntrustedSource:3", - "TaintPropagation::UntrustedSource:4" - ], - [], - [], - [ - "Deref" - ], - [ - "Deref" - ] - ], - "properties": [] - }, - "fdim": { - "name": "fdim", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [] - ], - "properties": [] - }, - "fdimf": { - "name": "fdimf", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [] - ], - "properties": [] - }, - "fdiml": { - "name": "fdiml", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [] - ], - "properties": [] - }, - "fdiv": { - "name": "fdiv", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [] - ], - "properties": [] - }, - "fdivl": { - "name": "fdivl", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [] - ], - "properties": [] - }, - "fdopen": { - "name": "fdopen", - "annotation": [ - [ - "AllocDescriptor::1" - ], - [ - "Alias::0" - ], - [] - ], - "properties": [] - }, - "feof": { - "name": "feof", - "annotation": [ - [], - [ - "Deref" - ] - ], - "properties": [] - }, - "ferror": { - "name": "ferror", - "annotation": [ - [], - [ - "Deref" - ] - ], - "properties": [] - }, - "fflush": { - "name": "fflush", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "ffma": { - "name": "ffma", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [] - ], - "properties": [] - }, - "ffmal": { - "name": "ffmal", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [] - ], - "properties": [] - }, - "fgetc": { - "name": "fgetc", - "annotation": [ - [ - "TaintOutput::UntrustedSource" - ], - [ - "Deref" - ] - ], - "properties": [] - }, - "fgetchar": { - "name": "fgetchar", - "annotation": [ - [] - ], - "properties": [] - }, - "fgetpos": { - "name": "fgetpos", - "annotation": [ - [], - [ - "Deref" - ], - [ - "Deref" - ] - ], - "properties": [] - }, - "fgetpos64": { - "name": "fgetpos64", - "annotation": [ - [], - [ - "Deref" - ], - [ - "Deref" - ] - ], - "properties": [] - }, - "fgets": { - "name": "fgets", - "annotation": [ - [ - "InitNull", - "TaintOutput::UntrustedSource" - ], - [ - "Deref", - "TaintOutput::UntrustedSource" - ], - [], - [ - "Deref" - ] - ], - "properties": [] - }, - "fgetwc": { - "name": "fgetwc", - "annotation": [ - [ - "TaintOutput::UntrustedSource" - ], - [ - "Deref" - ] - ], - "properties": [] - }, - "fgetws": { - "name": "fgetws", - "annotation": [ - [ - "InitNull", - "TaintOutput::UntrustedSource" - ], - [ - "Deref", - "TaintOutput::UntrustedSource" - ], - [], - [ - "Deref" - ] - ], - "properties": [] - }, - "fileno": { - "name": "fileno", - "annotation": [ - [ - "AllocDescriptor::1" - ], - [ - "Deref", - "Alias::0" - ] - ], - "properties": [] - }, - "_ZSt5fixedRSt8ios_base": { - "name": "fixed", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "floor": { - "name": "floor", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "floorf": { - "name": "floorf", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "floorl": { - "name": "floorl", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "flushall": { - "name": "flushall", - "annotation": [ - [] - ], - "properties": [] - }, - "fma": { - "name": "fma", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [] - ], - "properties": [] - }, - "fmaf": { - "name": "fmaf", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [] - ], - "properties": [] - }, - "fmal": { - "name": "fmal", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [] - ], - "properties": [] - }, - "fmax": { - "name": "fmax", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [] - ], - "properties": [] - }, - "fmaxf": { - "name": "fmaxf", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [] - ], - "properties": [] - }, - "fmaximum": { - "name": "fmaximum", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [] - ], - "properties": [] - }, - "fmaximum_mag": { - "name": "fmaximum_mag", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [] - ], - "properties": [] - }, - "fmaximum_mag_num": { - "name": "fmaximum_mag_num", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [] - ], - "properties": [] - }, - "fmaximum_mag_numf": { - "name": "fmaximum_mag_numf", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [] - ], - "properties": [] - }, - "fmaximum_mag_numl": { - "name": "fmaximum_mag_numl", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [] - ], - "properties": [] - }, - "fmaximum_magf": { - "name": "fmaximum_magf", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [] - ], - "properties": [] - }, - "fmaximum_magl": { - "name": "fmaximum_magl", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [] - ], - "properties": [] - }, - "fmaximum_num": { - "name": "fmaximum_num", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [] - ], - "properties": [] - }, - "fmaximum_numf": { - "name": "fmaximum_numf", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [] - ], - "properties": [] - }, - "fmaximum_numl": { - "name": "fmaximum_numl", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [] - ], - "properties": [] - }, - "fmaximumf": { - "name": "fmaximumf", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [] - ], - "properties": [] - }, - "fmaximuml": { - "name": "fmaximuml", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [] - ], - "properties": [] - }, - "fmaxl": { - "name": "fmaxl", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [] - ], - "properties": [] - }, - "fmaxmag": { - "name": "fmaxmag", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [] - ], - "properties": [] - }, - "fmaxmagf": { - "name": "fmaxmagf", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [] - ], - "properties": [] - }, - "fmaxmagl": { - "name": "fmaxmagl", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [] - ], - "properties": [] - }, - "fmemopen": { - "name": "fmemopen", - "annotation": [ - [ - "AllocDescriptor::1" - ], - [], - [], - [] - ], - "properties": [] - }, - "fmin": { - "name": "fmin", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [] - ], - "properties": [] - }, - "fminf": { - "name": "fminf", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [] - ], - "properties": [] - }, - "fminimum": { - "name": "fminimum", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [] - ], - "properties": [] - }, - "fminimum_mag": { - "name": "fminimum_mag", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [] - ], - "properties": [] - }, - "fminimum_mag_num": { - "name": "fminimum_mag_num", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [] - ], - "properties": [] - }, - "fminimum_mag_numf": { - "name": "fminimum_mag_numf", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [] - ], - "properties": [] - }, - "fminimum_mag_numl": { - "name": "fminimum_mag_numl", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [] - ], - "properties": [] - }, - "fminimum_magf": { - "name": "fminimum_magf", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [] - ], - "properties": [] - }, - "fminimum_magl": { - "name": "fminimum_magl", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [] - ], - "properties": [] - }, - "fminimum_num": { - "name": "fminimum_num", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [] - ], - "properties": [] - }, - "fminimum_numf": { - "name": "fminimum_numf", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [] - ], - "properties": [] - }, - "fminimum_numl": { - "name": "fminimum_numl", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [] - ], - "properties": [] - }, - "fminimumf": { - "name": "fminimumf", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [] - ], - "properties": [] - }, - "fminimuml": { - "name": "fminimuml", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [] - ], - "properties": [] - }, - "fminl": { - "name": "fminl", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [] - ], - "properties": [] - }, - "fminmag": { - "name": "fminmag", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [] - ], - "properties": [] - }, - "fminmagf": { - "name": "fminmagf", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [] - ], - "properties": [] - }, - "fminmagl": { - "name": "fminmagl", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [] - ], - "properties": [] - }, - "fmod": { - "name": "fmod", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [] - ], - "properties": [] - }, - "fmodf": { - "name": "fmodf", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [] - ], - "properties": [] - }, - "fmodl": { - "name": "fmodl", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [] - ], - "properties": [] - }, - "fmul": { - "name": "fmul", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [] - ], - "properties": [] - }, - "fmull": { - "name": "fmull", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [] - ], - "properties": [] - }, - "fopen": { - "name": "fopen", - "annotation": [ - [ - "InitNull", - "AllocDescriptor::1" - ], - [], - [] - ], - "properties": [] - }, - "fopen64": { - "name": "fopen64", - "annotation": [ - [ - "InitNull", - "AllocDescriptor::1" - ], - [], - [] - ], - "properties": [] - }, - "fopen_s": { - "name": "fopen_s", - "annotation": [ - [], - [ - "AllocDescriptor:*:1", - "InitNull:*:!=0" - ], - [], - [ - "FreeSink::4" - ] - ], - "properties": [] - }, - "_Z7fprintfP6_iobufPKcz": { - "name": "fprintf", - "annotation": [ - [], - [ - "Deref" - ], - [ - "TaintSink::FormatString", - "TaintSink::SensitiveDataLeak" - ], - [ - "TaintSink::SensitiveDataLeak" - ] - ], - "properties": [] - }, - "fprintf": { - "name": "fprintf", - "annotation": [ - [], - [ - "Deref" - ], - [ - "TaintSink::FormatString", - "TaintSink::SensitiveDataLeak" - ], - [ - "TaintSink::SensitiveDataLeak" - ] - ], - "properties": [] - }, - "fprintf_s": { - "name": "fprintf_s", - "annotation": [ - [], - [], - [ - "TaintSink::FormatString", - "TaintSink::SensitiveDataLeak" - ], - [ - "TaintSink::SensitiveDataLeak" - ] - ], - "properties": [] - }, - "fputc": { - "name": "fputc", - "annotation": [ - [], - [], - [ - "Deref" - ] - ], - "properties": [] - }, - "fputchar": { - "name": "fputchar", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "fputs": { - "name": "fputs", - "annotation": [ - [], - [ - "Deref" - ], - [ - "Deref" - ] - ], - "properties": [] - }, - "fputwc": { - "name": "fputwc", - "annotation": [ - [], - [], - [ - "Deref" - ] - ], - "properties": [] - }, - "fputws": { - "name": "fputws", - "annotation": [ - [], - [ - "Deref" - ], - [ - "Deref" - ] - ], - "properties": [] - }, - "fread": { - "name": "fread", - "annotation": [ - [ - "TaintOutput::UntrustedSource", - "Condition::<=$3" - ], - [ - "Write:*", - "Deref", - "TaintOutput::UntrustedSource" - ], - [ - "CheckOverflow" - ], - [ - "CheckOverflow" - ], - [ - "Deref" - ] - ], - "properties": [] - }, - "fread_s": { - "name": "fread_s", - "annotation": [ - [ - "TaintOutput::UntrustedSource" - ], - [ - "TaintOutput::UntrustedSource" - ], - [ - "CheckOverflow" - ], - [ - "CheckOverflow" - ], - [ - "CheckOverflow" - ], - [] - ], - "properties": [] - }, - "free": { - "name": "free", - "annotation": [ - [], - [ - "FreeSink::1" - ] - ], - "properties": [] - }, - "freopen": { - "name": "freopen", - "annotation": [ - [ - "InitNull", - "AllocDescriptor::1" - ], - [], - [], - [ - "Deref" - ] - ], - "properties": [] - }, - "freopen64": { - "name": "freopen64", - "annotation": [ - [ - "InitNull", - "AllocDescriptor::1" - ], - [], - [], - [ - "Deref" - ] - ], - "properties": [] - }, - "freopen_s": { - "name": "freopen_s", - "annotation": [ - [], - [ - "AllocDescriptor:*:1", - "InitNull:*:!=0" - ], - [], - [], - [ - "FreeSink::4" - ] - ], - "properties": [] - }, - "fromfp": { - "name": "fromfp", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "fromfpf": { - "name": "fromfpf", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "fromfpl": { - "name": "fromfpl", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "fromfpx": { - "name": "fromfpx", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "fromfpxf": { - "name": "fromfpxf", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "fromfpxl": { - "name": "fromfpxl", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "fscanf": { - "name": "fscanf", - "annotation": [ - [ - "TaintOutput::UntrustedSource" - ], - [ - "Deref" - ], - [ - "TaintSink::FormatString" - ], - [ - "TaintOutput::UntrustedSource", - "Write:*", - "OutputString" - ] - ], - "properties": [] - }, - "fscanf_s": { - "name": "fscanf_s", - "annotation": [ - [ - "TaintOutput::UntrustedSource" - ], - [ - "Deref" - ], - [ - "TaintSink::FormatString" - ], - [ - "TaintOutput::UntrustedSource", - "Write:*", - "FormatStringArgs", - "OutputString::-1" - ] - ], - "properties": [] - }, - "fseek": { - "name": "fseek", - "annotation": [ - [], - [ - "Deref" - ], - [], - [] - ], - "properties": [] - }, - "fseeko": { - "name": "fseeko", - "annotation": [ - [], - [], - [], - [] - ], - "properties": [] - }, - "fseeko64": { - "name": "fseeko64", - "annotation": [ - [], - [], - [], - [] - ], - "properties": [] - }, - "fsetpos": { - "name": "fsetpos", - "annotation": [ - [], - [ - "Deref" - ], - [ - "Deref" - ] - ], - "properties": [] - }, - "fsetpos64": { - "name": "fsetpos64", - "annotation": [ - [], - [ - "Deref" - ], - [ - "Deref" - ] - ], - "properties": [] - }, - "fsqrt": { - "name": "fsqrt", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [] - ], - "properties": [] - }, - "fsqrtl": { - "name": "fsqrtl", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [] - ], - "properties": [] - }, - "fstat": { - "name": "fstat", - "annotation": [ - [], - [], - [ - "TaintPropagation::UntrustedSource:1" - ] - ], - "properties": [] - }, - "fsub": { - "name": "fsub", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [] - ], - "properties": [] - }, - "fsubl": { - "name": "fsubl", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [] - ], - "properties": [] - }, - "ftell": { - "name": "ftell", - "annotation": [ - [], - [ - "Deref" - ] - ], - "properties": [] - }, - "ftello": { - "name": "ftello", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "ftello64": { - "name": "ftello64", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "ftime": { - "name": "ftime", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "fwide": { - "name": "fwide", - "annotation": [ - [], - [ - "Deref" - ], - [] - ], - "properties": [] - }, - "fwprintf": { - "name": "fwprintf", - "annotation": [ - [], - [ - "Deref" - ], - [ - "TaintSink::FormatString", - "TaintSink::SensitiveDataLeak" - ], - [ - "TaintSink::SensitiveDataLeak" - ] - ], - "properties": [] - }, - "fwprintf_s": { - "name": "fwprintf_s", - "annotation": [ - [], - [], - [ - "TaintSink::FormatString", - "TaintSink::SensitiveDataLeak" - ], - [ - "TaintSink::SensitiveDataLeak" - ] - ], - "properties": [] - }, - "fwrite": { - "name": "fwrite", - "annotation": [ - [], - [ - "Deref", - "TaintSink::SensitiveDataLeak" - ], - [], - [], - [ - "Deref" - ] - ], - "properties": [] - }, - "fwscanf": { - "name": "fwscanf", - "annotation": [ - [ - "TaintOutput::UntrustedSource" - ], - [ - "Deref" - ], - [ - "TaintSink::FormatString" - ], - [ - "TaintOutput::UntrustedSource" - ] - ], - "properties": [] - }, - "g_spawn_async": { - "name": "g_spawn_async", - "annotation": [ - [], - [ - "TaintSink::Execute" - ], - [ - "TaintSink::Execute" - ], - [ - "TaintSink::Execute" - ], - [], - [], - [], - [], - [] - ], - "properties": [] - }, - "g_spawn_command_line_async": { - "name": "g_spawn_command_line_async", - "annotation": [ - [], - [ - "TaintSink::Execute" - ], - [] - ], - "properties": [] - }, - "g_spawn_command_line_sync": { - "name": "g_spawn_command_line_sync", - "annotation": [ - [], - [ - "TaintSink::Execute" - ], - [] - ], - "properties": [] - }, - "g_spawn_sync": { - "name": "g_spawn_sync", - "annotation": [ - [], - [ - "TaintSink::Execute" - ], - [ - "TaintSink::Execute" - ], - [ - "TaintSink::Execute" - ], - [], - [], - [], - [], - [], - [], - [] - ], - "properties": [] - }, - "gamma": { - "name": "gamma", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "gammaf": { - "name": "gammaf", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "gammal": { - "name": "gammal", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "gcvt": { - "name": "gcvt", - "annotation": [ - [], - [], - [], - [] - ], - "properties": [] - }, - "_ZNSt3_V216generic_categoryEv": { - "name": "generic_category", - "annotation": [ - [] - ], - "properties": [] - }, - "_ZSt15get_new_handlerv": { - "name": "get_new_handler", - "annotation": [ - [] - ], - "properties": [] - }, - "_ZSt13get_terminatev": { - "name": "get_terminate", - "annotation": [ - [] - ], - "properties": [] - }, - "_ZSt14get_unexpectedv": { - "name": "get_unexpected", - "annotation": [ - [] - ], - "properties": [] - }, - "getc": { - "name": "getc", - "annotation": [ - [ - "TaintOutput::UntrustedSource" - ], - [ - "Deref" - ] - ], - "properties": [] - }, - "getchar": { - "name": "getchar", - "annotation": [ - [ - "TaintOutput::UntrustedSource" - ] - ], - "properties": [] - }, - "getenv": { - "name": "getenv", - "annotation": [ - [ - "TaintOutput::UntrustedSource", - "TaintOutput::SensitiveDataSource" - ], - [ - "Deref" - ] - ], - "properties": [] - }, - "getenv_s": { - "name": "getenv_s", - "annotation": [ - [], - [ - "Deref" - ], - [ - "Deref", - "TaintOutput::UntrustedSource", - "TaintOutput::SensitiveDataSource" - ], - [], - [] - ], - "properties": [] - }, - "getpid": { - "name": "getpid", - "annotation": [ - [] - ], - "properties": [] - }, - "gets": { - "name": "gets", - "annotation": [ - [ - "TaintOutput::UntrustedSource" - ], - [ - "TaintOutput::UntrustedSource", - "Deref", - "OutputString" - ] - ], - "properties": [] - }, - "gets_s": { - "name": "gets_s", - "annotation": [ - [ - "TaintOutput::UntrustedSource" - ], - [ - "TaintOutput::UntrustedSource", - "Deref" - ], - [] - ], - "properties": [] - }, - "getw": { - "name": "getw", - "annotation": [ - [ - "TaintOutput::UntrustedSource" - ], - [ - "Deref" - ] - ], - "properties": [] - }, - "getwc": { - "name": "getwc", - "annotation": [ - [ - "TaintOutput::UntrustedSource" - ], - [ - "Deref" - ] - ], - "properties": [] - }, - "getwchar": { - "name": "getwchar", - "annotation": [ - [ - "TaintOutput::UntrustedSource" - ] - ], - "properties": [] - }, - "_ZNKSt7greaterIPVKvEclES1_S1_": { - "name": "greater::operator()", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "_ZNKSt13greater_equalIPVKvEclES1_S1_": { - "name": "greater_equal::operator()", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "_ZNKSt4hashIaEclEa": { - "name": "hash::operator()", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNKSt4hashIbEclEb": { - "name": "hash::operator()", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNKSt4hashIcEclEc": { - "name": "hash::operator()", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNKSt4hashIdEclEd": { - "name": "hash::operator()", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNKSt4hashIDiEclEDi": { - "name": "hash::operator()", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNKSt4hashIDnEclEDn": { - "name": "hash::operator()", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNKSt4hashIDsEclEDs": { - "name": "hash::operator()", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNKSt4hashIeEclEe": { - "name": "hash::operator()", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNKSt4hashIfEclEf": { - "name": "hash::operator()", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNKSt4hashIhEclEh": { - "name": "hash::operator()", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNKSt4hashIiEclEi": { - "name": "hash::operator()", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNKSt4hashIjEclEj": { - "name": "hash::operator()", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNKSt4hashIlEclEl": { - "name": "hash::operator()", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNKSt4hashImEclEm": { - "name": "hash::operator()", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNKSt4hashInEclEn": { - "name": "hash::operator()", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNKSt4hashINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEEclERKS5_": { - "name": "hash::operator()", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNKSt4hashINSt7__cxx1112basic_stringIDiSt11char_traitsIDiESaIDiEEEEclERKS5_": { - "name": "hash::operator()", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNKSt4hashINSt7__cxx1112basic_stringIDsSt11char_traitsIDsESaIDsEEEEclERKS5_": { - "name": "hash::operator()", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNKSt4hashINSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEEEEclERKS5_": { - "name": "hash::operator()", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNKSt4hashIoEclEo": { - "name": "hash::operator()", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNKSt4hashIsEclEs": { - "name": "hash::operator()", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNKSt4hashISt10error_codeEclERKS0_": { - "name": "hash::operator()", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNKSt4hashISt15error_conditionEclERKS0_": { - "name": "hash::operator()", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNKSt4hashISt17basic_string_viewIcSt11char_traitsIcEEEclERKS3_": { - "name": "hash::operator()", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNKSt4hashISt17basic_string_viewIDiSt11char_traitsIDiEEEclERKS3_": { - "name": "hash::operator()", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNKSt4hashISt17basic_string_viewIDsSt11char_traitsIDsEEEclERKS3_": { - "name": "hash::operator()", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNKSt4hashISt17basic_string_viewIwSt11char_traitsIwEEEclERKS3_": { - "name": "hash::operator()", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNKSt4hashItEclEt": { - "name": "hash::operator()", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNKSt4hashIwEclEw": { - "name": "hash::operator()", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNKSt4hashIxEclEx": { - "name": "hash::operator()", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNKSt4hashIyEclEy": { - "name": "hash::operator()", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZSt3hexRSt8ios_base": { - "name": "hex", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZSt8hexfloatRSt8ios_base": { - "name": "hexfloat", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "htonl": { - "name": "htonl", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "htons": { - "name": "htons", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "hypot": { - "name": "hypot", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [], - [] - ], - "properties": [] - }, - "hypotf": { - "name": "hypotf", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [], - [] - ], - "properties": [] - }, - "hypotl": { - "name": "hypotl", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [], - [] - ], - "properties": [] - }, - "ilogb": { - "name": "ilogb", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "ilogbf": { - "name": "ilogbf", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "ilogbl": { - "name": "ilogbl", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "_ZSt8internalRSt8ios_base": { - "name": "internal", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNKSt8ios_base5flagsEv": { - "name": "ios_base::flags", - "annotation": [ - [] - ], - "properties": [] - }, - "_ZNSt8ios_base5flagsESt13_Ios_Fmtflags": { - "name": "ios_base::flags", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNKSt8ios_base6getlocEv": { - "name": "ios_base::getloc", - "annotation": [ - [] - ], - "properties": [] - }, - "_ZNSt8ios_base5imbueERKSt6locale": { - "name": "ios_base::imbue", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNSt8ios_base5iwordEi": { - "name": "ios_base::iword", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNKSt8ios_base9precisionEv": { - "name": "ios_base::precision", - "annotation": [ - [] - ], - "properties": [] - }, - "_ZNSt8ios_base9precisionEx": { - "name": "ios_base::precision", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNSt8ios_base5pwordEi": { - "name": "ios_base::pword", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNSt8ios_base17register_callbackEPFvNS_5eventERS_iEi": { - "name": "ios_base::register_callback", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "_ZNSt8ios_base4setfESt13_Ios_Fmtflags": { - "name": "ios_base::setf", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNSt8ios_base4setfESt13_Ios_FmtflagsS0_": { - "name": "ios_base::setf", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "_ZNSt8ios_base15sync_with_stdioEb": { - "name": "ios_base::sync_with_stdio", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNSt8ios_base6unsetfESt13_Ios_Fmtflags": { - "name": "ios_base::unsetf", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNKSt8ios_base5widthEv": { - "name": "ios_base::width", - "annotation": [ - [] - ], - "properties": [] - }, - "_ZNSt8ios_base5widthEx": { - "name": "ios_base::width", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNSt8ios_base6xallocEv": { - "name": "ios_base::xalloc", - "annotation": [ - [] - ], - "properties": [] - }, - "_ZSt17iostream_categoryv": { - "name": "iostream_category", - "annotation": [ - [] - ], - "properties": [] - }, - "is_wctype": { - "name": "is_wctype", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "isalnum": { - "name": "isalnum", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "isalpha": { - "name": "isalpha", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "isblank": { - "name": "isblank", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "iscntrl": { - "name": "iscntrl", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "isdigit": { - "name": "isdigit", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "isgraph": { - "name": "isgraph", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "isleadbyte": { - "name": "isleadbyte", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "islower": { - "name": "islower", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "isprint": { - "name": "isprint", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "ispunct": { - "name": "ispunct", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "isspace": { - "name": "isspace", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "isupper": { - "name": "isupper", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "iswalnum": { - "name": "iswalnum", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "iswalpha": { - "name": "iswalpha", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "iswascii": { - "name": "iswascii", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "iswblank": { - "name": "iswblank", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "iswcntrl": { - "name": "iswcntrl", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "iswctype": { - "name": "iswctype", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "iswdigit": { - "name": "iswdigit", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "iswgraph": { - "name": "iswgraph", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "iswlower": { - "name": "iswlower", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "iswprint": { - "name": "iswprint", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "iswpunct": { - "name": "iswpunct", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "iswspace": { - "name": "iswspace", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "iswupper": { - "name": "iswupper", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "iswxdigit": { - "name": "iswxdigit", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "isxdigit": { - "name": "isxdigit", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "itoa": { - "name": "itoa", - "annotation": [ - [], - [], - [ - "Deref", - "Alias::0", - "OutputString::11" - ], - [] - ], - "properties": [] - }, - "j0": { - "name": "j0", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "j0f": { - "name": "j0f", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "j0l": { - "name": "j0l", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "j1": { - "name": "j1", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "j1f": { - "name": "j1f", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "j1l": { - "name": "j1l", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "jn": { - "name": "jn", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "jnf": { - "name": "jnf", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "jnl": { - "name": "jnl", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "labs": { - "name": "labs", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "_ZSt7launderPKv": { - "name": "launder", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZSt7launderPv": { - "name": "launder", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZSt7launderPVKv": { - "name": "launder", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZSt7launderPVv": { - "name": "launder", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "ldiv": { - "name": "ldiv", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "_ZSt4leftRSt8ios_base": { - "name": "left", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNKSt4lessIPKNSt3_V214error_categoryEEclES3_S3_": { - "name": "less::operator()", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "_ZNKSt4lessIPVKvEclES1_S1_": { - "name": "less::operator()", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "_ZNKSt10less_equalIPVKvEclES1_S1_": { - "name": "less_equal::operator()", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "lgamma": { - "name": "lgamma", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "lgamma_r": { - "name": "lgamma_r", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "lgammaf": { - "name": "lgammaf", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "lgammaf_r": { - "name": "lgammaf_r", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "lgammal": { - "name": "lgammal", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "lgammal_r": { - "name": "lgammal_r", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "llabs": { - "name": "llabs", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "lldiv": { - "name": "lldiv", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "llogb": { - "name": "llogb", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "llogbf": { - "name": "llogbf", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "llogbl": { - "name": "llogbl", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "llrint": { - "name": "llrint", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "llrintf": { - "name": "llrintf", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "llrintl": { - "name": "llrintl", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "llround": { - "name": "llround", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "llroundf": { - "name": "llroundf", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "llroundl": { - "name": "llroundl", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "lltoa": { - "name": "lltoa", - "annotation": [ - [], - [], - [ - "OutputString::21" - ], - [] - ], - "properties": [] - }, - "lltow": { - "name": "lltow", - "annotation": [ - [], - [], - [ - "OutputString::21" - ], - [] - ], - "properties": [] - }, - "_ZNSt6locale7classicEv": { - "name": "locale::classic", - "annotation": [ - [] - ], - "properties": [] - }, - "_ZNSt6locale6globalERKS_": { - "name": "locale::global", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNKSt6locale4nameB5cxx11Ev": { - "name": "locale::name", - "annotation": [ - [] - ], - "properties": [] - }, - "_ZNKSt6localeneERKS_": { - "name": "locale::operator!=", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNKSt6localeeqERKS_": { - "name": "locale::operator==", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "localeconv": { - "name": "localeconv", - "annotation": [ - [] - ], - "properties": [] - }, - "log": { - "name": "log", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "log10f": { - "name": "log10f", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "log10l": { - "name": "log10l", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "log1p": { - "name": "log1p", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "log1pf": { - "name": "log1pf", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "log1pl": { - "name": "log1pl", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "log2": { - "name": "log2", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "log2f": { - "name": "log2f", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "log2l": { - "name": "log2l", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "logb": { - "name": "logb", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "logbf": { - "name": "logbf", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "logbl": { - "name": "logbl", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "logf": { - "name": "logf", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "_ZNKSt11logic_error4whatEv": { - "name": "logic_error::what", - "annotation": [ - [] - ], - "properties": [] - }, - "logl": { - "name": "logl", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "LogonUserA": { - "name": "LogonUserA", - "annotation": [ - [], - [], - [], - [ - "TaintOutput::SensitiveDataSource" - ], - [], - [], - [] - ], - "properties": [] - }, - "LogonUserW": { - "name": "LogonUserW", - "annotation": [ - [], - [], - [], - [ - "TaintOutput::SensitiveDataSource" - ], - [], - [], - [] - ], - "properties": [] - }, - "lrint": { - "name": "lrint", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "lrintf": { - "name": "lrintf", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "lrintl": { - "name": "lrintl", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "lround": { - "name": "lround", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "lroundf": { - "name": "lroundf", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "lroundl": { - "name": "lroundl", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "lseek": { - "name": "lseek", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:2" - ], - [], - [], - [] - ], - "properties": [] - }, - "ltoa": { - "name": "ltoa", - "annotation": [ - [], - [], - [ - "OutputString::11" - ], - [] - ], - "properties": [] - }, - "main": { - "name": "main", - "annotation": [ - [], - [ - "Condition::>0", - "Condition::<=1048576" - ], - [] - ], - "properties": [] - }, - "_ZSt15make_error_codeSt4errc": { - "name": "make_error_code", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZSt15make_error_codeSt7io_errc": { - "name": "make_error_code", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZSt20make_error_conditionSt4errc": { - "name": "make_error_condition", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZSt20make_error_conditionSt7io_errc": { - "name": "make_error_condition", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "malloc": { - "name": "malloc", - "annotation": [ - [ - "AllocSource::1", - "InitNull" - ], - [ - "AllocSize" - ] - ], - "properties": [] - }, - "mblen": { - "name": "mblen", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "mbrlen": { - "name": "mbrlen", - "annotation": [ - [], - [], - [], - [] - ], - "properties": [] - }, - "mbrtowc": { - "name": "mbrtowc", - "annotation": [ - [], - [], - [], - [], - [] - ], - "properties": [] - }, - "mbsinit": { - "name": "mbsinit", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "mbsnrtowcs": { - "name": "mbsnrtowcs", - "annotation": [ - [], - [ - "TaintPropagation::UntrustedSource:2" - ], - [], - [], - [] - ], - "properties": [] - }, - "mbsrtowcs": { - "name": "mbsrtowcs", - "annotation": [ - [], - [ - "TaintPropagation::UntrustedSource:2" - ], - [], - [], - [] - ], - "properties": [] - }, - "mbsrtowcs_s": { - "name": "mbsrtowcs_s", - "annotation": [ - [], - [ - "TaintPropagation::UntrustedSource:2" - ], - [], - [], - [], - [], - [] - ], - "properties": [] - }, - "mbstowcs": { - "name": "mbstowcs", - "annotation": [ - [], - [ - "TaintPropagation::UntrustedSource:2" - ], - [], - [] - ], - "properties": [] - }, - "mbstowcs_s": { - "name": "mbstowcs_s", - "annotation": [ - [], - [ - "TaintPropagation::UntrustedSource:2" - ], - [], - [], - [], - [] - ], - "properties": [] - }, - "mbtowc": { - "name": "mbtowc", - "annotation": [ - [], - [ - "TaintPropagation::UntrustedSource:2" - ], - [], - [] - ], - "properties": [] - }, - "memccpy": { - "name": "memccpy", - "annotation": [ - [], - [ - "Deref", - "Write:*", - "InitMemory::2", - "TaintPropagation::UntrustedSource:2" - ], - [ - "Deref", - "Alias:*:1" - ], - [], - [ - "MemorySize::1", - "MemorySize::2" - ] - ], - "properties": [] - }, - "memchr": { - "name": "memchr", - "annotation": [ - [ - "InitNull", - "TaintPropagation::UntrustedSource:1" - ], - [ - "Deref" - ], - [], - [ - "MemorySize::1" - ] - ], - "properties": [] - }, - "memcmp": { - "name": "memcmp", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [ - "Deref" - ], - [ - "Deref" - ], - [] - ], - "properties": [] - }, - "memcpy": { - "name": "memcpy", - "annotation": [ - [], - [ - "Deref", - "Write:*", - "InitMemory::2", - "TaintPropagation::UntrustedSource:2" - ], - [ - "Deref", - "Alias:*:1" - ], - [ - "MemorySize::1", - "MemorySize::2" - ] - ], - "properties": [] - }, - "memcpy_s": { - "name": "memcpy_s", - "annotation": [ - [], - [ - "Deref", - "Write:*", - "InitMemory::3", - "TaintPropagation::UntrustedSource:3" - ], - [ - "MemorySize::1" - ], - [ - "Deref" - ], - [ - "BuffSize::>2", - "MemorySize::3" - ] - ], - "properties": [] - }, - "memicmp": { - "name": "memicmp", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [ - "Deref" - ], - [ - "Deref" - ], - [], - [] - ], - "properties": [] - }, - "memmem": { - "name": "memmem", - "annotation": [ - [ - "InitNull", - "TaintPropagation::UntrustedSource:1" - ], - [ - "Deref" - ], - [], - [ - "Deref" - ], - [] - ], - "properties": [] - }, - "memmove": { - "name": "memmove", - "annotation": [ - [], - [ - "Deref", - "Write:*", - "InitMemory::2", - "TaintPropagation::UntrustedSource:2" - ], - [ - "Deref" - ], - [ - "MemorySize::1" - ] - ], - "properties": [] - }, - "memmove_s": { - "name": "memmove_s", - "annotation": [ - [], - [ - "Deref", - "Write:*", - "InitMemory::3", - "TaintPropagation::UntrustedSource:3" - ], - [ - "MemorySize::1" - ], - [ - "Deref" - ], - [ - "BuffSize::>2", - "MemorySize::3" - ] - ], - "properties": [] - }, - "mempcpy": { - "name": "mempcpy", - "annotation": [ - [], - [ - "Deref", - "Write:*", - "InitMemory::2", - "TaintPropagation::UntrustedSource:2" - ], - [ - "Deref" - ], - [ - "MemorySize::1", - "MemorySize::2" - ] - ], - "properties": [] - }, - "memset": { - "name": "memset", - "annotation": [ - [], - [ - "Deref", - "Write:*", - "ZeroMemory", - "InitMemory", - "TaintPropagation::UntrustedSource:1" - ], - [], - [ - "MemorySize::1" - ] - ], - "properties": [] - }, - "memset_s": { - "name": "memset_s", - "annotation": [ - [], - [ - "Deref", - "Write:*", - "ZeroMemory", - "InitMemory", - "TaintPropagation::UntrustedSource:1" - ], - [ - "MemorySize::1" - ], - [], - [ - "BuffSize::>2" - ] - ], - "properties": [] - }, - "_ZSt3minIxERKT_S2_S2_": { - "name": "min", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "_ZSt3minIyERKT_S2_S2_": { - "name": "min", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "mkstemp": { - "name": "mkstemp", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "modf": { - "name": "modf", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "modff": { - "name": "modff", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "modfl": { - "name": "modfl", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "nearbyint": { - "name": "nearbyint", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "nearbyintf": { - "name": "nearbyintf", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "nearbyintl": { - "name": "nearbyintl", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "_ZNKSt16nested_exception10nested_ptrEv": { - "name": "nested_exception::nested_ptr", - "annotation": [ - [] - ], - "properties": [] - }, - "_ZNKSt16nested_exception14rethrow_nestedEv": { - "name": "nested_exception::rethrow_nested", - "annotation": [ - [] - ], - "properties": [] - }, - "nextafter": { - "name": "nextafter", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [], - [] - ], - "properties": [] - }, - "nextafterf": { - "name": "nextafterf", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [], - [] - ], - "properties": [] - }, - "nextafterl": { - "name": "nextafterl", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [], - [] - ], - "properties": [] - }, - "nextdown": { - "name": "nextdown", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [], - [] - ], - "properties": [] - }, - "nextdownf": { - "name": "nextdownf", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [], - [] - ], - "properties": [] - }, - "nextdownl": { - "name": "nextdownl", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [], - [] - ], - "properties": [] - }, - "nexttoward": { - "name": "nexttoward", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [], - [] - ], - "properties": [] - }, - "nexttowardf": { - "name": "nexttowardf", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [], - [] - ], - "properties": [] - }, - "nexttowardl": { - "name": "nexttowardl", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [], - [] - ], - "properties": [] - }, - "nextup": { - "name": "nextup", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [], - [] - ], - "properties": [] - }, - "nextupf": { - "name": "nextupf", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [], - [] - ], - "properties": [] - }, - "nextupl": { - "name": "nextupl", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [], - [] - ], - "properties": [] - }, - "_ZSt11noboolalphaRSt8ios_base": { - "name": "noboolalpha", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZSt10noshowbaseRSt8ios_base": { - "name": "noshowbase", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZSt11noshowpointRSt8ios_base": { - "name": "noshowpoint", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZSt9noshowposRSt8ios_base": { - "name": "noshowpos", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZSt8noskipwsRSt8ios_base": { - "name": "noskipws", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZSt9nounitbufRSt8ios_base": { - "name": "nounitbuf", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZSt11nouppercaseRSt8ios_base": { - "name": "nouppercase", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "ntohl": { - "name": "ntohl", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "ntohs": { - "name": "ntohs", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "_ZSt3octRSt8ios_base": { - "name": "oct", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "onexit": { - "name": "onexit", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "open": { - "name": "open", - "annotation": [ - [ - "AllocDescriptor::1" - ], - [], - [] - ], - "properties": [] - }, - "open64": { - "name": "open64", - "annotation": [ - [ - "AllocDescriptor::1" - ], - [], - [] - ], - "properties": [] - }, - "open_memstream": { - "name": "open_memstream", - "annotation": [ - [ - "AllocDescriptor::1" - ], - [], - [] - ], - "properties": [] - }, - "_ZdlPv": { - "name": "operator delete", - "annotation": [ - [], - [ - "FreeSink::2" - ] - ], - "properties": [] - }, - "_ZdlPvRKSt9nothrow_t": { - "name": "operator delete", - "annotation": [ - [], - [], - [ - "FreeSink::2" - ] - ], - "properties": [] - }, - "_ZdlPvS_": { - "name": "operator delete", - "annotation": [ - [], - [], - [ - "FreeSink::2" - ] - ], - "properties": [] - }, - "_ZdaPv": { - "name": "operator delete[]", - "annotation": [ - [], - [ - "FreeSink::3" - ] - ], - "properties": [] - }, - "_ZdaPvRKSt9nothrow_t": { - "name": "operator delete[]", - "annotation": [ - [], - [], - [ - "FreeSink::3" - ] - ], - "properties": [] - }, - "_ZdaPvS_": { - "name": "operator delete[]", - "annotation": [ - [], - [], - [ - "FreeSink::3" - ] - ], - "properties": [] - }, - "_Znwm": { - "name": "operator new", - "annotation": [ - [ - "AllocSource::2" - ], - [] - ], - "properties": [] - }, - "_Znwy": { - "name": "operator new", - "annotation": [ - [ - "AllocSource::2" - ], - [] - ], - "properties": [] - }, - "_ZnwyPv": { - "name": "operator new", - "annotation": [ - [ - "AllocSource::2" - ], - [], - [] - ], - "properties": [] - }, - "_ZnwyRKSt9nothrow_t": { - "name": "operator new", - "annotation": [ - [ - "AllocSource::2" - ], - [], - [] - ], - "properties": [] - }, - "_Znam": { - "name": "operator new[]", - "annotation": [ - [ - "AllocSource::3" - ], - [], - [] - ], - "properties": [] - }, - "_Znay": { - "name": "operator new[]", - "annotation": [ - [ - "AllocSource::3" - ], - [] - ], - "properties": [] - }, - "_ZnayPv": { - "name": "operator new[]", - "annotation": [ - [ - "AllocSource::3" - ], - [], - [] - ], - "properties": [] - }, - "_ZnayRKSt9nothrow_t": { - "name": "operator new[]", - "annotation": [ - [ - "AllocSource::3" - ], - [], - [] - ], - "properties": [] - }, - "_ZNSt15__exception_ptrneERKNS_13exception_ptrES2_": { - "name": "operator!=", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "_ZStneRKSt10error_codeRKSt15error_condition": { - "name": "operator!=", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "_ZStneRKSt10error_codeS1_": { - "name": "operator!=", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "_ZStneRKSt15error_conditionRKSt10error_code": { - "name": "operator!=", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "_ZStneRKSt15error_conditionS1_": { - "name": "operator!=", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "_ZStanSt12_Ios_IostateS_": { - "name": "operator&", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "_ZStanSt13_Ios_FmtflagsS_": { - "name": "operator&", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "_ZStanSt13_Ios_OpenmodeS_": { - "name": "operator&", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "_ZStaNRSt12_Ios_IostateS_": { - "name": "operator&=", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "_ZStaNRSt13_Ios_FmtflagsS_": { - "name": "operator&=", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "_ZStaNRSt13_Ios_OpenmodeS_": { - "name": "operator&=", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "_ZStplIcSt11char_traitsIcESaIcEENSt7__cxx1112basic_stringIT_T0_T1_EEOS8_PKS5_": { - "name": "operator+", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [], - [] - ], - "properties": [] - }, - "_ZStplIcSt11char_traitsIcESaIcEENSt7__cxx1112basic_stringIT_T0_T1_EEOS8_RKS8_": { - "name": "operator+", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [], - [] - ], - "properties": [] - }, - "_ZStplIcSt11char_traitsIcESaIcEENSt7__cxx1112basic_stringIT_T0_T1_EEOS8_S9_": { - "name": "operator+", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [], - [] - ], - "properties": [] - }, - "_ZStplIcSt11char_traitsIcESaIcEENSt7__cxx1112basic_stringIT_T0_T1_EEPKS5_OS8_": { - "name": "operator+", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [], - [] - ], - "properties": [] - }, - "_ZStplIcSt11char_traitsIcESaIcEENSt7__cxx1112basic_stringIT_T0_T1_EERKS8_PKS5_": { - "name": "operator+", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [], - [] - ], - "properties": [] - }, - "_ZStplIcSt11char_traitsIcESaIcEENSt7__cxx1112basic_stringIT_T0_T1_EERKS8_SA_": { - "name": "operator+", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [], - [] - ], - "properties": [] - }, - "_ZStltRKSt10error_codeS1_": { - "name": "operator<", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "_ZStltRKSt15error_conditionS1_": { - "name": "operator<", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "_ZNSt15__exception_ptreqERKNS_13exception_ptrES2_": { - "name": "operator==", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "_ZSteqRKSt10error_codeRKSt15error_condition": { - "name": "operator==", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "_ZSteqRKSt10error_codeS1_": { - "name": "operator==", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "_ZSteqRKSt15error_conditionRKSt10error_code": { - "name": "operator==", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "_ZSteqRKSt15error_conditionS1_": { - "name": "operator==", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "_ZStrsIcSt11char_traitsIcEERSt13basic_istreamIT_T0_ES6_PS3_": { - "name": "operator>>", - "annotation": [ - [], - [], - [ - "TaintOutput::UntrustedSource" - ] - ], - "properties": [] - }, - "_ZStrsIcSt11char_traitsIcESaIcEERSt13basic_istreamIT_T0_ES7_RNSt7__cxx1112basic_stringIS4_S5_T1_EE": { - "name": "operator>>", - "annotation": [ - [], - [], - [ - "TaintOutput::UntrustedSource" - ] - ], - "properties": [] - }, - "_ZSteoSt12_Ios_IostateS_": { - "name": "operator^", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "_ZSteoSt13_Ios_FmtflagsS_": { - "name": "operator^", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "_ZSteoSt13_Ios_OpenmodeS_": { - "name": "operator^", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "_ZSteORSt12_Ios_IostateS_": { - "name": "operator^=", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "_ZSteORSt13_Ios_FmtflagsS_": { - "name": "operator^=", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "_ZSteORSt13_Ios_OpenmodeS_": { - "name": "operator^=", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "_ZStorSt12_Ios_IostateS_": { - "name": "operator|", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "_ZStorSt13_Ios_FmtflagsS_": { - "name": "operator|", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "_ZStorSt13_Ios_OpenmodeS_": { - "name": "operator|", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "_ZStoRRSt12_Ios_IostateS_": { - "name": "operator|=", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "_ZStoRRSt13_Ios_FmtflagsS_": { - "name": "operator|=", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "_ZStoRRSt13_Ios_OpenmodeS_": { - "name": "operator|=", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "_ZStcoSt12_Ios_Iostate": { - "name": "operator~", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZStcoSt13_Ios_Fmtflags": { - "name": "operator~", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZStcoSt13_Ios_Openmode": { - "name": "operator~", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "perror": { - "name": "perror", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "popen": { - "name": "popen", - "annotation": [ - [], - [ - "TaintSink::Execute" - ], - [] - ], - "properties": [] - }, - "popen_s": { - "name": "popen_s", - "annotation": [ - [], - [ - "TaintSink::Execute" - ], - [ - "TaintSink::Execute" - ], - [] - ], - "properties": [] - }, - "posix_spawn": { - "name": "posix_spawn", - "annotation": [ - [], - [ - "TaintSink::Execute" - ], - [], - [], - [ - "TaintSink::Execute" - ], - [ - "TaintSink::Execute" - ] - ], - "properties": [] - }, - "posix_spawnp": { - "name": "posix_spawnp", - "annotation": [ - [], - [ - "TaintSink::Execute" - ], - [], - [], - [ - "TaintSink::Execute" - ], - [ - "TaintSink::Execute" - ] - ], - "properties": [] - }, - "pow": { - "name": "pow", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [], - [] - ], - "properties": [] - }, - "powf": { - "name": "powf", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [], - [] - ], - "properties": [] - }, - "powl": { - "name": "powl", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [], - [] - ], - "properties": [] - }, - "printf": { - "name": "printf", - "annotation": [ - [], - [ - "TaintSink::FormatString", - "TaintSink::SensitiveDataLeak" - ], - [ - "CheckOverflow", - "TaintSink::SensitiveDataLeak" - ] - ], - "properties": [] - }, - "printf_s": { - "name": "printf_s", - "annotation": [ - [], - [ - "TaintSink::FormatString", - "TaintSink::SensitiveDataLeak" - ], - [ - "TaintSink::SensitiveDataLeak" - ] - ], - "properties": [] - }, - "pthread_attr_destroy": { - "name": "pthread_attr_destroy", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "pthread_attr_getdetachstate": { - "name": "pthread_attr_getdetachstate", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "pthread_attr_getinheritsched": { - "name": "pthread_attr_getinheritsched", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "pthread_attr_getschedparam": { - "name": "pthread_attr_getschedparam", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "pthread_attr_getschedpolicy": { - "name": "pthread_attr_getschedpolicy", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "pthread_attr_getscope": { - "name": "pthread_attr_getscope", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "pthread_attr_getstackaddr": { - "name": "pthread_attr_getstackaddr", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "pthread_attr_getstacksize": { - "name": "pthread_attr_getstacksize", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "pthread_attr_init": { - "name": "pthread_attr_init", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "pthread_attr_setdetachstate": { - "name": "pthread_attr_setdetachstate", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "pthread_attr_setinheritsched": { - "name": "pthread_attr_setinheritsched", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "pthread_attr_setschedparam": { - "name": "pthread_attr_setschedparam", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "pthread_attr_setschedpolicy": { - "name": "pthread_attr_setschedpolicy", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "pthread_attr_setscope": { - "name": "pthread_attr_setscope", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "pthread_attr_setstackaddr": { - "name": "pthread_attr_setstackaddr", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "pthread_attr_setstacksize": { - "name": "pthread_attr_setstacksize", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "pthread_barrier_destroy": { - "name": "pthread_barrier_destroy", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "pthread_barrier_init": { - "name": "pthread_barrier_init", - "annotation": [ - [], - [], - [], - [] - ], - "properties": [] - }, - "pthread_barrier_wait": { - "name": "pthread_barrier_wait", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "pthread_barrierattr_destroy": { - "name": "pthread_barrierattr_destroy", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "pthread_barrierattr_getpshared": { - "name": "pthread_barrierattr_getpshared", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "pthread_barrierattr_init": { - "name": "pthread_barrierattr_init", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "pthread_barrierattr_setpshared": { - "name": "pthread_barrierattr_setpshared", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "pthread_cancel": { - "name": "pthread_cancel", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "pthread_cond_broadcast": { - "name": "pthread_cond_broadcast", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "pthread_cond_destroy": { - "name": "pthread_cond_destroy", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "pthread_cond_init": { - "name": "pthread_cond_init", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "pthread_cond_signal": { - "name": "pthread_cond_signal", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "pthread_cond_timedwait": { - "name": "pthread_cond_timedwait", - "annotation": [ - [], - [], - [], - [] - ], - "properties": [] - }, - "pthread_cond_timedwait_relative_np": { - "name": "pthread_cond_timedwait_relative_np", - "annotation": [ - [], - [], - [], - [] - ], - "properties": [] - }, - "pthread_cond_wait": { - "name": "pthread_cond_wait", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "pthread_condattr_destroy": { - "name": "pthread_condattr_destroy", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "pthread_condattr_getclock": { - "name": "pthread_condattr_getclock", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "pthread_condattr_getpshared": { - "name": "pthread_condattr_getpshared", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "pthread_condattr_init": { - "name": "pthread_condattr_init", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "pthread_condattr_setclock": { - "name": "pthread_condattr_setclock", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "pthread_condattr_setpshared": { - "name": "pthread_condattr_setpshared", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "pthread_create": { - "name": "pthread_create", - "annotation": [ - [], - [], - [], - [], - [] - ], - "properties": [] - }, - "pthread_create_wrapper": { - "name": "pthread_create_wrapper", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "pthread_delay_np": { - "name": "pthread_delay_np", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "pthread_detach": { - "name": "pthread_detach", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "pthread_equal": { - "name": "pthread_equal", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "pthread_exit": { - "name": "pthread_exit", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "pthread_get_concurrency": { - "name": "pthread_get_concurrency", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "pthread_getclean": { - "name": "pthread_getclean", - "annotation": [ - [] - ], - "properties": [] - }, - "pthread_getconcurrency": { - "name": "pthread_getconcurrency", - "annotation": [ - [] - ], - "properties": [] - }, - "pthread_getevent": { - "name": "pthread_getevent", - "annotation": [ - [] - ], - "properties": [] - }, - "pthread_gethandle": { - "name": "pthread_gethandle", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "pthread_getname_np": { - "name": "pthread_getname_np", - "annotation": [ - [], - [], - [], - [] - ], - "properties": [] - }, - "pthread_getschedparam": { - "name": "pthread_getschedparam", - "annotation": [ - [], - [], - [], - [] - ], - "properties": [] - }, - "pthread_getspecific": { - "name": "pthread_getspecific", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "pthread_join": { - "name": "pthread_join", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "pthread_key_create": { - "name": "pthread_key_create", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "pthread_key_delete": { - "name": "pthread_key_delete", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "pthread_kill": { - "name": "pthread_kill", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "pthread_mutex_destroy": { - "name": "pthread_mutex_destroy", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "pthread_mutex_init": { - "name": "pthread_mutex_init", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "pthread_mutex_lock": { - "name": "pthread_mutex_lock", - "annotation": [ - [], - [ - "LockResource::5", - "InitNull::!=0" - ] - ], - "properties": [] - }, - "pthread_mutex_timedlock": { - "name": "pthread_mutex_timedlock", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "pthread_mutex_trylock": { - "name": "pthread_mutex_trylock", - "annotation": [ - [], - [ - "LockResource::5", - "InitNull::!=0" - ] - ], - "properties": [] - }, - "pthread_mutex_unlock": { - "name": "pthread_mutex_unlock", - "annotation": [ - [], - [ - "UnlockResource::5" - ] - ], - "properties": [] - }, - "pthread_mutexattr_destroy": { - "name": "pthread_mutexattr_destroy", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "pthread_mutexattr_getprioceiling": { - "name": "pthread_mutexattr_getprioceiling", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "pthread_mutexattr_getprotocol": { - "name": "pthread_mutexattr_getprotocol", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "pthread_mutexattr_getpshared": { - "name": "pthread_mutexattr_getpshared", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "pthread_mutexattr_gettype": { - "name": "pthread_mutexattr_gettype", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "pthread_mutexattr_init": { - "name": "pthread_mutexattr_init", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "pthread_mutexattr_setprioceiling": { - "name": "pthread_mutexattr_setprioceiling", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "pthread_mutexattr_setprotocol": { - "name": "pthread_mutexattr_setprotocol", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "pthread_mutexattr_setpshared": { - "name": "pthread_mutexattr_setpshared", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "pthread_mutexattr_settype": { - "name": "pthread_mutexattr_settype", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "pthread_num_processors_np": { - "name": "pthread_num_processors_np", - "annotation": [ - [] - ], - "properties": [] - }, - "pthread_once": { - "name": "pthread_once", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "pthread_rwlock_destroy": { - "name": "pthread_rwlock_destroy", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "pthread_rwlock_init": { - "name": "pthread_rwlock_init", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "pthread_rwlock_rdlock": { - "name": "pthread_rwlock_rdlock", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "pthread_rwlock_timedrdlock": { - "name": "pthread_rwlock_timedrdlock", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "pthread_rwlock_timedwrlock": { - "name": "pthread_rwlock_timedwrlock", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "pthread_rwlock_tryrdlock": { - "name": "pthread_rwlock_tryrdlock", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "pthread_rwlock_trywrlock": { - "name": "pthread_rwlock_trywrlock", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "pthread_rwlock_unlock": { - "name": "pthread_rwlock_unlock", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "pthread_rwlock_wrlock": { - "name": "pthread_rwlock_wrlock", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "pthread_rwlockattr_destroy": { - "name": "pthread_rwlockattr_destroy", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "pthread_rwlockattr_getpshared": { - "name": "pthread_rwlockattr_getpshared", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "pthread_rwlockattr_init": { - "name": "pthread_rwlockattr_init", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "pthread_rwlockattr_setpshared": { - "name": "pthread_rwlockattr_setpshared", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "pthread_self": { - "name": "pthread_self", - "annotation": [ - [] - ], - "properties": [] - }, - "pthread_set_concurrency": { - "name": "pthread_set_concurrency", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "pthread_set_num_processors_np": { - "name": "pthread_set_num_processors_np", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "pthread_setcancelstate": { - "name": "pthread_setcancelstate", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "pthread_setcanceltype": { - "name": "pthread_setcanceltype", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "pthread_setconcurrency": { - "name": "pthread_setconcurrency", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "pthread_setname_np": { - "name": "pthread_setname_np", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "pthread_setschedparam": { - "name": "pthread_setschedparam", - "annotation": [ - [], - [], - [], - [] - ], - "properties": [] - }, - "pthread_setspecific": { - "name": "pthread_setspecific", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "pthread_spin_destroy": { - "name": "pthread_spin_destroy", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "pthread_spin_init": { - "name": "pthread_spin_init", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "pthread_spin_lock": { - "name": "pthread_spin_lock", - "annotation": [ - [], - [ - "LockResource::5" - ] - ], - "properties": [] - }, - "pthread_spin_trylock": { - "name": "pthread_spin_trylock", - "annotation": [ - [], - [ - "LockResource::5" - ] - ], - "properties": [] - }, - "pthread_spin_unlock": { - "name": "pthread_spin_unlock", - "annotation": [ - [], - [ - "UnlockResource::5" - ] - ], - "properties": [] - }, - "pthread_testcancel": { - "name": "pthread_testcancel", - "annotation": [ - [] - ], - "properties": [] - }, - "pthread_timechange_handler_np": { - "name": "pthread_timechange_handler_np", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "pthread_tls_init": { - "name": "pthread_tls_init", - "annotation": [ - [] - ], - "properties": [] - }, - "putc": { - "name": "putc", - "annotation": [ - [], - [], - [ - "Deref" - ] - ], - "properties": [] - }, - "putchar": { - "name": "putchar", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "putenv": { - "name": "putenv", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "puts": { - "name": "puts", - "annotation": [ - [], - [ - "Deref" - ] - ], - "properties": [] - }, - "putw": { - "name": "putw", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "putwc": { - "name": "putwc", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "putwchar": { - "name": "putwchar", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "qsort": { - "name": "qsort", - "annotation": [ - [], - [ - "Deref" - ], - [], - [], - [] - ], - "properties": [] - }, - "qsort_s": { - "name": "qsort_s", - "annotation": [ - [], - [], - [], - [], - [], - [] - ], - "properties": [] - }, - "raise": { - "name": "raise", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "rand": { - "name": "rand", - "annotation": [ - [] - ], - "properties": [] - }, - "rawmemchr": { - "name": "rawmemchr", - "annotation": [ - [ - "InitNull", - "TaintPropagation::UntrustedSource:1" - ], - [ - "Deref" - ], - [], - [] - ], - "properties": [] - }, - "read": { - "name": "read", - "annotation": [ - [ - "Condition::<=$3" - ], - [], - [], - [] - ], - "properties": [] - }, - "readlink": { - "name": "readlink", - "annotation": [ - [ - "Condition::<=$3" - ], - [], - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "realloc": { - "name": "realloc", - "annotation": [ - [ - "AllocSource::1", - "InitNull" - ], - [], - [ - "AllocSize" - ] - ], - "properties": [] - }, - "realpath": { - "name": "realpath", - "annotation": [ - [], - [], - [ - "OutputString::260" - ] - ], - "properties": [] - }, - "remainder": { - "name": "remainder", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [] - ], - "properties": [] - }, - "remainderf": { - "name": "remainderf", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [] - ], - "properties": [] - }, - "remainderl": { - "name": "remainderl", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [] - ], - "properties": [] - }, - "remove": { - "name": "remove", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "rename": { - "name": "rename", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "_ZSt17rethrow_exceptionNSt15__exception_ptr13exception_ptrE": { - "name": "rethrow_exception", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "rewind": { - "name": "rewind", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZSt5rightRSt8ios_base": { - "name": "right", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "rint": { - "name": "rint", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "rintf": { - "name": "rintf", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "rintl": { - "name": "rintl", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "rmtmp": { - "name": "rmtmp", - "annotation": [ - [] - ], - "properties": [] - }, - "round": { - "name": "round", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "roundeven": { - "name": "roundeven", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "roundevenf": { - "name": "roundevenf", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "roundevenl": { - "name": "roundevenl", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "roundf": { - "name": "roundf", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "roundl": { - "name": "roundl", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "_ZNKSt13runtime_error4whatEv": { - "name": "runtime_error::what", - "annotation": [ - [] - ], - "properties": [] - }, - "scanf": { - "name": "scanf", - "annotation": [ - [ - "TaintOutput::UntrustedSource" - ], - [ - "TaintSink::FormatString" - ], - [ - "TaintOutput::UntrustedSource", - "Write:*", - "FormatStringArgs", - "OutputString" - ] - ], - "properties": [] - }, - "scanf_s": { - "name": "scanf_s", - "annotation": [ - [ - "TaintOutput::UntrustedSource" - ], - [ - "TaintSink::FormatString" - ], - [ - "TaintOutput::UntrustedSource", - "Write:*", - "FormatStringArgs", - "OutputString::-1" - ] - ], - "properties": [] - }, - "sched_get_priority_max": { - "name": "sched_get_priority_max", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "sched_get_priority_min": { - "name": "sched_get_priority_min", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "sched_getscheduler": { - "name": "sched_getscheduler", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "sched_setscheduler": { - "name": "sched_setscheduler", - "annotation": [ - [], - [], - [], - [] - ], - "properties": [] - }, - "sched_yield": { - "name": "sched_yield", - "annotation": [ - [] - ], - "properties": [] - }, - "_ZSt10scientificRSt8ios_base": { - "name": "scientific", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZSt15set_new_handlerPFvvE": { - "name": "set_new_handler", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZSt13set_terminatePFvvE": { - "name": "set_terminate", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZSt14set_unexpectedPFvvE": { - "name": "set_unexpected", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "setbuf": { - "name": "setbuf", - "annotation": [ - [], - [ - "Deref" - ], - [ - "Write:*" - ] - ], - "properties": [] - }, - "setlocale": { - "name": "setlocale", - "annotation": [ - [ - "InitNull" - ], - [], - [] - ], - "properties": [] - }, - "setvbuf": { - "name": "setvbuf", - "annotation": [ - [], - [], - [ - "Write:*" - ], - [], - [] - ], - "properties": [] - }, - "ShellExecuteA": { - "name": "ShellExecuteA", - "annotation": [ - [], - [], - [], - [ - "TaintSink::Execute" - ], - [ - "TaintSink::Execute" - ], - [ - "TaintSink::Execute" - ], - [] - ], - "properties": [] - }, - "ShellExecuteExA": { - "name": "ShellExecuteExA", - "annotation": [ - [], - [ - "TaintSink::Execute" - ] - ], - "properties": [] - }, - "ShellExecuteExW": { - "name": "ShellExecuteExW", - "annotation": [ - [], - [ - "TaintSink::Execute" - ] - ], - "properties": [] - }, - "ShellExecuteW": { - "name": "ShellExecuteW", - "annotation": [ - [], - [], - [], - [ - "TaintSink::Execute" - ], - [ - "TaintSink::Execute" - ], - [ - "TaintSink::Execute" - ], - [] - ], - "properties": [] - }, - "_ZSt8showbaseRSt8ios_base": { - "name": "showbase", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZSt9showpointRSt8ios_base": { - "name": "showpoint", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZSt7showposRSt8ios_base": { - "name": "showpos", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "signal": { - "name": "signal", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "sinh": { - "name": "sinh", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "sinhf": { - "name": "sinhf", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "sinhl": { - "name": "sinhl", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [], - [] - ], - "properties": [] - }, - "_ZSt6skipwsRSt8ios_base": { - "name": "skipws", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_Z8snprintfPcyPKcz": { - "name": "snprintf", - "annotation": [ - [], - [ - "Deref", - "TaintPropagation::UntrustedSource:4" - ], - [], - [ - "TaintSink::FormatString" - ] - ], - "properties": [] - }, - "snprintf": { - "name": "snprintf", - "annotation": [ - [], - [ - "Deref", - "TaintPropagation::UntrustedSource:4" - ], - [], - [ - "TaintSink::FormatString" - ] - ], - "properties": [] - }, - "snprintf_s": { - "name": "snprintf_s", - "annotation": [ - [], - [ - "Deref", - "TaintPropagation::UntrustedSource:4" - ], - [], - [ - "TaintSink::FormatString" - ] - ], - "properties": [] - }, - "snwprintf": { - "name": "snwprintf", - "annotation": [ - [], - [ - "Deref" - ], - [], - [ - "TaintSink::FormatString" - ] - ], - "properties": [] - }, - "spawnl": { - "name": "spawnl", - "annotation": [ - [], - [], - [ - "TaintSink::Execute" - ], - [ - "TaintSink::Execute" - ], - [ - "TaintSink::Execute" - ] - ], - "properties": [] - }, - "spawnle": { - "name": "spawnle", - "annotation": [ - [], - [], - [ - "TaintSink::Execute" - ], - [ - "TaintSink::Execute" - ], - [ - "TaintSink::Execute" - ] - ], - "properties": [] - }, - "spawnlp": { - "name": "spawnlp", - "annotation": [ - [], - [], - [ - "TaintSink::Execute" - ], - [ - "TaintSink::Execute" - ], - [ - "TaintSink::Execute" - ] - ], - "properties": [] - }, - "spawnlpe": { - "name": "spawnlpe", - "annotation": [ - [], - [], - [ - "TaintSink::Execute" - ], - [ - "TaintSink::Execute" - ], - [ - "TaintSink::Execute" - ] - ], - "properties": [] - }, - "spawnv": { - "name": "spawnv", - "annotation": [ - [], - [], - [ - "TaintSink::Execute" - ], - [ - "TaintSink::Execute" - ] - ], - "properties": [] - }, - "spawnve": { - "name": "spawnve", - "annotation": [ - [], - [], - [ - "TaintSink::Execute" - ], - [ - "TaintSink::Execute" - ], - [ - "TaintSink::Execute" - ] - ], - "properties": [] - }, - "spawnvp": { - "name": "spawnvp", - "annotation": [ - [], - [], - [ - "TaintSink::Execute" - ], - [ - "TaintSink::Execute" - ] - ], - "properties": [] - }, - "spawnvpe": { - "name": "spawnvpe", - "annotation": [ - [], - [], - [ - "TaintSink::Execute" - ], - [ - "TaintSink::Execute" - ], - [ - "TaintSink::Execute" - ] - ], - "properties": [] - }, - "sprintf": { - "name": "sprintf", - "annotation": [ - [ - "ArrayIndex::1", - "TaintPropagation::UntrustedSource:1" - ], - [ - "Deref", - "TaintPropagation::UntrustedSource:3", - "OutputString" - ], - [ - "TaintSink::FormatString" - ] - ], - "properties": [] - }, - "sprintf_s": { - "name": "sprintf_s", - "annotation": [ - [ - "ArrayIndex::1", - "TaintPropagation::UntrustedSource:1" - ], - [ - "Deref", - "TaintPropagation::UntrustedSource:4" - ], - [ - "MemorySize::1" - ], - [ - "TaintSink::FormatString" - ] - ], - "properties": [] - }, - "sqrt": { - "name": "sqrt", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "sqrtf": { - "name": "sqrtf", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "sqrtl": { - "name": "sqrtl", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "srand": { - "name": "srand", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "sscanf": { - "name": "sscanf", - "annotation": [ - [ - "TaintOutput::UntrustedSource" - ], - [ - "Deref" - ], - [ - "TaintSink::FormatString" - ], - [ - "Write:*", - "TaintPropagation::UntrustedSource:1", - "FormatStringArgs", - "OutputString" - ] - ], - "properties": [] - }, - "sscanf_s": { - "name": "sscanf_s", - "annotation": [ - [ - "TaintOutput::UntrustedSource" - ], - [ - "Deref" - ], - [ - "TaintSink::FormatString" - ], - [ - "Write:*", - "TaintPropagation::UntrustedSource:1", - "FormatStringArgs", - "OutputString::-1" - ], - [] - ], - "properties": [] - }, - "std::basic_ios::fill": { - "name": "std::basic_ios::fill", - "annotation": [ - [ - "TaintOutput::UntrustedSource" - ], - [], - [] - ], - "properties": [] - }, - "std::basic_ios::narrow": { - "name": "std::basic_ios::narrow", - "annotation": [ - [ - "TaintOutput::UntrustedSource" - ], - [], - [], - [] - ], - "properties": [] - }, - "std::basic_ios::widen": { - "name": "std::basic_ios::widen", - "annotation": [ - [ - "TaintOutput::UntrustedSource" - ], - [], - [] - ], - "properties": [] - }, - "std::basic_istream::gcount": { - "name": "std::basic_istream::gcount", - "annotation": [ - [ - "TaintOutput::UntrustedSource" - ] - ], - "properties": [] - }, - "std::basic_istream::get": { - "name": "std::basic_istream::get", - "annotation": [ - [ - "TaintOutput::UntrustedSource" - ], - [], - [ - "TaintOutput::UntrustedSource" - ], - [], - [] - ], - "properties": [] - }, - "std::basic_istream::getline": { - "name": "std::basic_istream::getline", - "annotation": [ - [], - [], - [ - "TaintOutput::UntrustedSource" - ], - [] - ], - "properties": [] - }, - "std::basic_istream::operator<<": { - "name": "std::basic_istream::operator<<", - "annotation": [ - [], - [], - [ - "TaintSink::SensitiveDataLeak" - ] - ], - "properties": [] - }, - "std::basic_istream::operator>>": { - "name": "std::basic_istream::operator>>", - "annotation": [ - [], - [], - [ - "TaintOutput::UntrustedSource" - ] - ], - "properties": [] - }, - "std::basic_istream::peek": { - "name": "std::basic_istream::peek", - "annotation": [ - [ - "TaintOutput::UntrustedSource" - ] - ], - "properties": [] - }, - "std::basic_istream::read": { - "name": "std::basic_istream::read", - "annotation": [ - [], - [], - [ - "TaintOutput::UntrustedSource" - ], - [] - ], - "properties": [] - }, - "std::basic_istream::readsome": { - "name": "std::basic_istream::readsome", - "annotation": [ - [ - "TaintOutput::UntrustedSource" - ], - [], - [ - "TaintOutput::UntrustedSource" - ], - [] - ], - "properties": [] - }, - "std::basic_istream::tellg": { - "name": "std::basic_istream::tellg", - "annotation": [ - [ - "TaintOutput::UntrustedSource" - ], - [] - ], - "properties": [] - }, - "std::basic_string::copy": { - "name": "std::basic_string::copy", - "annotation": [ - [], - [], - [ - "TaintPropagation::UntrustedSource:1" - ], - [], - [] - ], - "properties": [] - }, - "std::deque::deque<_Tp, _Alloc>": { - "name": "std::deque::deque<_Tp, _Alloc>", - "annotation": [ - [], - [], - [ - "AllocSize" - ], - [] - ], - "properties": [] - }, - "std::deque::resize": { - "name": "std::deque::resize", - "annotation": [ - [], - [], - [ - "AllocSize" - ] - ], - "properties": [] - }, - "std::forward_list::forward_list<_Tp, _Alloc>": { - "name": "std::forward_list::forward_list<_Tp, _Alloc>", - "annotation": [ - [], - [], - [ - "AllocSize" - ], - [] - ], - "properties": [] - }, - "std::forward_list::resize": { - "name": "std::forward_list::resize", - "annotation": [ - [], - [], - [ - "AllocSize" - ] - ], - "properties": [] - }, - "std::fpos::operator long": { - "name": "std::fpos::operator long", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ] - ], - "properties": [] - }, - "std::fpos::operator long long": { - "name": "std::fpos::operator long long", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ] - ], - "properties": [] - }, - "std::from_chars": { - "name": "std::from_chars", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:4" - ], - [ - "Deref" - ], - [], - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:4" - ], - [] - ], - "properties": [] - }, - "std::list::list<_Tp, _Alloc>": { - "name": "std::list::list<_Tp, _Alloc>", - "annotation": [ - [], - [], - [ - "AllocSize" - ], - [] - ], - "properties": [] - }, - "std::list::resize": { - "name": "std::list::resize", - "annotation": [ - [], - [], - [ - "AllocSize" - ] - ], - "properties": [] - }, - "std::make_shared": { - "name": "std::make_shared", - "annotation": [ - [ - "CreateObject" - ] - ], - "properties": [] - }, - "std::make_unique": { - "name": "std::make_unique", - "annotation": [ - [ - "CreateObject" - ] - ], - "properties": [] - }, - "std::max": { - "name": "std::max", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2", - "Result::ite($1>$2,$1,$2)" - ], - [], - [] - ], - "properties": [] - }, - "std::min": { - "name": "std::min", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2", - "Result::ite($1<$2,$1,$2)" - ], - [], - [] - ], - "properties": [] - }, - "std::shared_ptr::get": { - "name": "std::shared_ptr::get", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "std::shared_ptr::shared_ptr<_Tp>": { - "name": "std::shared_ptr::shared_ptr<_Tp>", - "annotation": [ - [], - [ - "PassByRef" - ] - ], - "properties": [] - }, - "std::to_chars": { - "name": "std::to_chars", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:3", - "TaintPropagation::UntrustedSource:4" - ], - [ - "Deref", - "TaintPropagation::UntrustedSource:3", - "TaintPropagation::UntrustedSource:4" - ], - [], - [], - [] - ], - "properties": [] - }, - "std::unique_ptr::get": { - "name": "std::unique_ptr::get", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "std::unique_ptr::unique_ptr<_Tp, _Dp>": { - "name": "std::unique_ptr::unique_ptr<_Tp, _Dp>", - "annotation": [ - [], - [ - "PassByRef" - ] - ], - "properties": [] - }, - "std::vector::reserve": { - "name": "std::vector::reserve", - "annotation": [ - [], - [], - [ - "AllocSize" - ] - ], - "properties": [] - }, - "std::vector::resize": { - "name": "std::vector::resize", - "annotation": [ - [], - [], - [ - "AllocSize" - ] - ], - "properties": [] - }, - "std::vector::vector<_Tp, _Alloc>": { - "name": "std::vector::vector<_Tp, _Alloc>", - "annotation": [ - [], - [], - [ - "AllocSize" - ], - [] - ], - "properties": [] - }, - "_ZNSt7__cxx114stodERKNS_12basic_stringIcSt11char_traitsIcESaIcEEEPy": { - "name": "stod", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [ - "Deref" - ], - [] - ], - "properties": [] - }, - "_ZNSt7__cxx114stodERKNS_12basic_stringIwSt11char_traitsIwESaIwEEEPy": { - "name": "stod", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [ - "Deref" - ], - [] - ], - "properties": [] - }, - "_ZNSt7__cxx114stofERKNS_12basic_stringIcSt11char_traitsIcESaIcEEEPy": { - "name": "stof", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [ - "Deref" - ], - [] - ], - "properties": [] - }, - "_ZNSt7__cxx114stofERKNS_12basic_stringIwSt11char_traitsIwESaIwEEEPy": { - "name": "stof", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [ - "Deref" - ], - [] - ], - "properties": [] - }, - "_ZNSt7__cxx114stoiERKNS_12basic_stringIcSt11char_traitsIcESaIcEEEPyi": { - "name": "stoi", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [ - "Deref" - ], - [], - [] - ], - "properties": [] - }, - "_ZNSt7__cxx114stoiERKNS_12basic_stringIwSt11char_traitsIwESaIwEEEPyi": { - "name": "stoi", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [ - "Deref" - ], - [], - [] - ], - "properties": [] - }, - "_ZNSt7__cxx114stolERKNS_12basic_stringIcSt11char_traitsIcESaIcEEEPyi": { - "name": "stol", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [ - "Deref" - ], - [], - [] - ], - "properties": [] - }, - "_ZNSt7__cxx114stolERKNS_12basic_stringIwSt11char_traitsIwESaIwEEEPyi": { - "name": "stol", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [ - "Deref" - ], - [], - [] - ], - "properties": [] - }, - "_ZNSt7__cxx115stoldERKNS_12basic_stringIcSt11char_traitsIcESaIcEEEPy": { - "name": "stold", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [ - "Deref" - ], - [] - ], - "properties": [] - }, - "_ZNSt7__cxx115stoldERKNS_12basic_stringIwSt11char_traitsIwESaIwEEEPy": { - "name": "stold", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [ - "Deref" - ], - [] - ], - "properties": [] - }, - "_ZNSt7__cxx115stollERKNS_12basic_stringIcSt11char_traitsIcESaIcEEEPyi": { - "name": "stoll", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [ - "Deref" - ], - [], - [] - ], - "properties": [] - }, - "_ZNSt7__cxx115stollERKNS_12basic_stringIwSt11char_traitsIwESaIwEEEPyi": { - "name": "stoll", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [ - "Deref" - ], - [], - [] - ], - "properties": [] - }, - "_ZNSt7__cxx115stoulERKNS_12basic_stringIcSt11char_traitsIcESaIcEEEPyi": { - "name": "stoul", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [ - "Deref" - ], - [], - [] - ], - "properties": [] - }, - "_ZNSt7__cxx115stoulERKNS_12basic_stringIwSt11char_traitsIwESaIwEEEPyi": { - "name": "stoul", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [ - "Deref" - ], - [], - [] - ], - "properties": [] - }, - "_ZNSt7__cxx116stoullERKNS_12basic_stringIcSt11char_traitsIcESaIcEEEPyi": { - "name": "stoull", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [ - "Deref" - ], - [], - [] - ], - "properties": [] - }, - "_ZNSt7__cxx116stoullERKNS_12basic_stringIwSt11char_traitsIwESaIwEEEPyi": { - "name": "stoull", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [ - "Deref" - ], - [], - [] - ], - "properties": [] - }, - "stpcpy": { - "name": "stpcpy", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:2" - ], - [ - "Deref", - "TaintPropagation::UntrustedSource:2" - ], - [] - ], - "properties": [] - }, - "strcasecmp": { - "name": "strcasecmp", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [], - [] - ], - "properties": [] - }, - "strcasestr": { - "name": "strcasestr", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [], - [] - ], - "properties": [] - }, - "strcat": { - "name": "strcat", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [ - "Deref", - "Write:*", - "StringFunc", - "TaintPropagation::UntrustedSource:2" - ], - [ - "Deref", - "StringFunc", - "MemorySize::1" - ] - ], - "properties": [] - }, - "strcat_s": { - "name": "strcat_s", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:3" - ], - [ - "Deref", - "Write:*", - "StringFunc", - "TaintPropagation::UntrustedSource:3" - ], - [ - "MemorySize::1" - ], - [ - "Deref", - "StringFunc", - "MemorySize::1" - ] - ], - "properties": [] - }, - "strchr": { - "name": "strchr", - "annotation": [ - [ - "InitNull", - "TaintPropagation::UntrustedSource:1" - ], - [ - "StringFunc", - "Deref" - ], - [] - ], - "properties": [] - }, - "strchrnul": { - "name": "strchrnul", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [ - "StringFunc", - "Deref" - ], - [] - ], - "properties": [] - }, - "strcmp": { - "name": "strcmp", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [ - "StringFunc", - "Deref" - ], - [ - "StringFunc", - "Deref" - ] - ], - "properties": [] - }, - "strcoll": { - "name": "strcoll", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [], - [] - ], - "properties": [] - }, - "strcpy": { - "name": "strcpy", - "annotation": [ - [], - [ - "Deref", - "Write:*", - "StringFunc", - "TaintPropagation::UntrustedSource:2" - ], - [ - "Deref", - "StringFunc", - "MemorySize::1" - ] - ], - "properties": [] - }, - "strcpy_s": { - "name": "strcpy_s", - "annotation": [ - [], - [ - "Deref", - "Write:*", - "StringFunc", - "TaintPropagation::UntrustedSource:3" - ], - [ - "MemorySize::1" - ], - [ - "Deref", - "StringFunc" - ] - ], - "properties": [] - }, - "strcspn": { - "name": "strcspn", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [], - [] - ], - "properties": [] - }, - "strdup": { - "name": "strdup", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [ - "Deref", - "StringFunc" - ] - ], - "properties": [] - }, - "strfromd": { - "name": "strfromd", - "annotation": [ - [], - [ - "TaintPropagation::UntrustedSource:4" - ], - [] - ], - "properties": [] - }, - "strfromf": { - "name": "strfromf", - "annotation": [ - [], - [ - "TaintPropagation::UntrustedSource:4" - ], - [] - ], - "properties": [] - }, - "strfroml": { - "name": "strfroml", - "annotation": [ - [], - [ - "TaintPropagation::UntrustedSource:4" - ], - [] - ], - "properties": [] - }, - "strlen": { - "name": "strlen", - "annotation": [ - [ - "ArrayIndex::1", - "TaintPropagation::UntrustedSource:1" - ], - [ - "StringFunc", - "Deref" - ] - ], - "properties": [] - }, - "strncasecmp": { - "name": "strncasecmp", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [ - "Deref" - ], - [ - "Deref" - ], - [ - "MemorySize::1" - ] - ], - "properties": [] - }, - "strncat": { - "name": "strncat", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [ - "Deref", - "Write:*", - "StringFunc", - "TaintPropagation::UntrustedSource:2" - ], - [ - "Deref", - "StringFunc" - ], - [ - "CharMemSize::1" - ] - ], - "properties": [] - }, - "strncat_s": { - "name": "strncat_s", - "annotation": [ - [], - [ - "Deref", - "Write:*", - "StringFunc" - ], - [ - "MemorySize::1" - ], - [ - "Deref", - "StringFunc" - ], - [ - "BuffSize::>2" - ] - ], - "properties": [] - }, - "strncmp": { - "name": "strncmp", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [ - "Deref", - "StringFunc" - ], - [ - "Deref", - "StringFunc" - ], - [ - "MemorySize::1", - "MemorySize::2" - ] - ], - "properties": [] - }, - "strncpy": { - "name": "strncpy", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:2", - "TaintPropagation::UntrustedSource:1" - ], - [ - "TaintPropagation::UntrustedSource:2", - "Deref", - "Write:*", - "StringFunc" - ], - [ - "Deref", - "StringFunc" - ], - [ - "CharMemSize::1" - ] - ], - "properties": [] - }, - "strncpy_s": { - "name": "strncpy_s", - "annotation": [ - [], - [ - "TaintPropagation::UntrustedSource:3", - "Deref", - "Write:*", - "StringFunc" - ], - [ - "MemorySize::1" - ], - [ - "Deref", - "StringFunc" - ], - [ - "BuffSize::>2" - ] - ], - "properties": [] - }, - "strndup": { - "name": "strndup", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [ - "Deref", - "StringFunc" - ] - ], - "properties": [] - }, - "strnlen": { - "name": "strnlen", - "annotation": [ - [ - "ArrayIndex::1", - "TaintPropagation::UntrustedSource:1" - ], - [ - "StringFunc", - "Deref" - ] - ], - "properties": [] - }, - "strnset": { - "name": "strnset", - "annotation": [ - [], - [ - "Deref", - "Write:*", - "StringFunc" - ], - [ - "Deref" - ], - [ - "MemorySize::1" - ] - ], - "properties": [] - }, - "strpbrk": { - "name": "strpbrk", - "annotation": [ - [ - "InitNull", - "TaintPropagation::UntrustedSource:1" - ], - [ - "Deref" - ], - [] - ], - "properties": [] - }, - "strrchr": { - "name": "strrchr", - "annotation": [ - [ - "InitNull", - "TaintPropagation::UntrustedSource:1" - ], - [ - "Deref", - "StringFunc" - ], - [] - ], - "properties": [] - }, - "strsep": { - "name": "strsep", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [], - [] - ], - "properties": [] - }, - "strset": { - "name": "strset", - "annotation": [ - [], - [ - "Deref", - "Write:*", - "StringFunc" - ], - [ - "Deref" - ] - ], - "properties": [] - }, - "strspn": { - "name": "strspn", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [ - "Deref" - ], - [ - "Deref" - ] - ], - "properties": [] - }, - "strstr": { - "name": "strstr", - "annotation": [ - [ - "InitNull", - "TaintPropagation::UntrustedSource:1" - ], - [], - [] - ], - "properties": [] - }, - "_ZL6strtodPKcPPc": { - "name": "strtod", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [ - "Deref" - ], - [] - ], - "properties": [] - }, - "strtod": { - "name": "strtod", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [ - "Deref" - ], - [] - ], - "properties": [] - }, - "_ZL6strtofPKcPPc": { - "name": "strtof", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [ - "Deref" - ], - [] - ], - "properties": [] - }, - "strtok": { - "name": "strtok", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [], - [] - ], - "properties": [] - }, - "strtok_r": { - "name": "strtok_r", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [], - [] - ], - "properties": [] - }, - "strtok_s": { - "name": "strtok_s", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [ - "StringFunc", - "TaintPropagation::UntrustedSource:2" - ], - [], - [] - ], - "properties": [] - }, - "strtol": { - "name": "strtol", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [ - "Deref" - ], - [], - [] - ], - "properties": [] - }, - "strtold": { - "name": "strtold", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [ - "Deref" - ], - [] - ], - "properties": [] - }, - "strtoll": { - "name": "strtoll", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [ - "Deref" - ], - [], - [] - ], - "properties": [] - }, - "strtoul": { - "name": "strtoul", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [ - "Deref" - ], - [], - [] - ], - "properties": [] - }, - "strtoull": { - "name": "strtoull", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [ - "Deref" - ], - [], - [] - ], - "properties": [] - }, - "strverscmp": { - "name": "strverscmp", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [], - [] - ], - "properties": [] - }, - "strxfrm": { - "name": "strxfrm", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:2", - "TaintPropagation::UntrustedSource:1" - ], - [ - "TaintPropagation::UntrustedSource:2", - "Deref", - "Write:*", - "StringFunc" - ], - [ - "Deref", - "StringFunc" - ], - [ - "MemorySize::1" - ] - ], - "properties": [] - }, - "swab": { - "name": "swab", - "annotation": [ - [], - [], - [], - [] - ], - "properties": [] - }, - "_ZNSt15__exception_ptr4swapERNS_13exception_ptrES1_": { - "name": "swap", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "_ZL8swprintfPwPKwz": { - "name": "swprintf", - "annotation": [ - [], - [ - "Deref", - "TaintPropagation::UntrustedSource:3" - ], - [ - "TaintSink::FormatString" - ] - ], - "properties": [] - }, - "_ZL8swprintfPwyPKwz": { - "name": "swprintf", - "annotation": [ - [], - [ - "Deref", - "TaintPropagation::UntrustedSource:3" - ], - [ - "TaintSink::FormatString" - ] - ], - "properties": [] - }, - "swprintf": { - "name": "swprintf", - "annotation": [ - [], - [ - "Deref", - "TaintPropagation::UntrustedSource:3" - ], - [ - "TaintSink::FormatString" - ] - ], - "properties": [] - }, - "swprintf_s": { - "name": "swprintf_s", - "annotation": [ - [], - [ - "Deref", - "TaintPropagation::UntrustedSource:3" - ], - [ - "MemorySize::1" - ], - [ - "TaintSink::FormatString" - ] - ], - "properties": [] - }, - "swscanf": { - "name": "swscanf", - "annotation": [ - [ - "TaintOutput::UntrustedSource" - ], - [ - "Deref" - ], - [ - "TaintSink::FormatString" - ], - [ - "Write:*", - "TaintPropagation::UntrustedSource:1" - ] - ], - "properties": [] - }, - "swscanf_s": { - "name": "swscanf_s", - "annotation": [ - [ - "TaintOutput::UntrustedSource" - ], - [ - "Deref" - ], - [ - "TaintSink::FormatString" - ], - [ - "Write:*", - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "system": { - "name": "system", - "annotation": [ - [], - [ - "TaintSink::Execute" - ] - ], - "properties": [] - }, - "_ZNSt3_V215system_categoryEv": { - "name": "system_category", - "annotation": [ - [] - ], - "properties": [] - }, - "_ZNKSt12system_error4codeEv": { - "name": "system_error::code", - "annotation": [ - [] - ], - "properties": [] - }, - "system_s": { - "name": "system_s", - "annotation": [ - [], - [ - "TaintSink::Execute" - ], - [] - ], - "properties": [] - }, - "tanh": { - "name": "tanh", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "tanhf": { - "name": "tanhf", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "tanhl": { - "name": "tanhl", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [], - [] - ], - "properties": [] - }, - "tempnam": { - "name": "tempnam", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "_ZSt9terminatev": { - "name": "terminate", - "annotation": [ - [] - ], - "properties": [] - }, - "tgamma": { - "name": "tgamma", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "tgammaf": { - "name": "tgammaf", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "tgammal": { - "name": "tgammal", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "tmpfile": { - "name": "tmpfile", - "annotation": [ - [] - ], - "properties": [] - }, - "tmpnam": { - "name": "tmpnam", - "annotation": [ - [ - "InitNull" - ], - [] - ], - "properties": [] - }, - "tmpnam_s": { - "name": "tmpnam_s", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "_ZNSt7__cxx119to_stringEd": { - "name": "to_string", - "annotation": [ - [ - "CreateObject", - "StringFunc", - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "_ZNSt7__cxx119to_stringEe": { - "name": "to_string", - "annotation": [ - [ - "CreateObject", - "StringFunc", - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "_ZNSt7__cxx119to_stringEf": { - "name": "to_string", - "annotation": [ - [ - "CreateObject", - "StringFunc", - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "_ZNSt7__cxx119to_stringEi": { - "name": "to_string", - "annotation": [ - [ - "CreateObject", - "StringFunc", - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "_ZNSt7__cxx119to_stringEj": { - "name": "to_string", - "annotation": [ - [ - "CreateObject", - "StringFunc", - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "_ZNSt7__cxx119to_stringEl": { - "name": "to_string", - "annotation": [ - [ - "CreateObject", - "StringFunc", - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "_ZNSt7__cxx119to_stringEm": { - "name": "to_string", - "annotation": [ - [ - "CreateObject", - "StringFunc", - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "_ZNSt7__cxx119to_stringEx": { - "name": "to_string", - "annotation": [ - [ - "CreateObject", - "StringFunc", - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "_ZNSt7__cxx119to_stringEy": { - "name": "to_string", - "annotation": [ - [ - "CreateObject", - "StringFunc", - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "_ZNSt7__cxx1110to_wstringEd": { - "name": "to_wstring", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNSt7__cxx1110to_wstringEe": { - "name": "to_wstring", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNSt7__cxx1110to_wstringEf": { - "name": "to_wstring", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNSt7__cxx1110to_wstringEi": { - "name": "to_wstring", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNSt7__cxx1110to_wstringEj": { - "name": "to_wstring", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNSt7__cxx1110to_wstringEl": { - "name": "to_wstring", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNSt7__cxx1110to_wstringEm": { - "name": "to_wstring", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNSt7__cxx1110to_wstringEx": { - "name": "to_wstring", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "_ZNSt7__cxx1110to_wstringEy": { - "name": "to_wstring", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "toascii": { - "name": "toascii", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "tolower": { - "name": "tolower", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "toupper": { - "name": "toupper", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "towctrans": { - "name": "towctrans", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [], - [] - ], - "properties": [] - }, - "towlower": { - "name": "towlower", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "towupper": { - "name": "towupper", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" ], [] ], "properties": [] }, - "trunc": { - "name": "trunc", + "strcmp": { + "name": "strcmp", "annotation": [ [ - "TaintPropagation::UntrustedSource:1" + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" ], - [] - ], - "properties": [] - }, - "truncf": { - "name": "truncf", - "annotation": [ [ - "TaintPropagation::UntrustedSource:1" + "Deref" ], - [] - ], - "properties": [] - }, - "truncl": { - "name": "truncl", - "annotation": [ [ - "TaintPropagation::UntrustedSource:1" - ], - [] + "Deref" + ] ], "properties": [] }, - "_ZNKSt9type_info6beforeERKS_": { - "name": "type_info::before", + "strcpy": { + "name": "strcpy", "annotation": [ [], - [] - ], - "properties": [] - }, - "_ZNKSt9type_info9hash_codeEv": { - "name": "type_info::hash_code", - "annotation": [ - [] - ], - "properties": [] - }, - "_ZNKSt9type_info4nameEv": { - "name": "type_info::name", - "annotation": [ - [] + [ + "Deref", + "TaintPropagation::UntrustedSource:2" + ], + [ + "Deref" + ] ], "properties": [] }, - "_ZNKSt9type_infoneERKS_": { - "name": "type_info::operator!=", + "strcpy_s": { + "name": "strcpy_s", "annotation": [ [], - [] - ], - "properties": [] - }, - "_ZNKSt9type_infoeqERKS_": { - "name": "type_info::operator==", - "annotation": [ + [ + "Deref", + "TaintPropagation::UntrustedSource:3" + ], [], - [] + [ + "Deref" + ] ], "properties": [] }, - "ufromfp": { - "name": "ufromfp", + "strdup": { + "name": "strdup", "annotation": [ [ "TaintPropagation::UntrustedSource:1" ], - [] + [ + "Deref" + ] ], "properties": [] }, - "ufromfpf": { - "name": "ufromfpf", + "strlen": { + "name": "strlen", "annotation": [ [ "TaintPropagation::UntrustedSource:1" ], - [] + [ + "Deref" + ] ], "properties": [] }, - "ufromfpl": { - "name": "ufromfpl", + "strncasecmp": { + "name": "strncasecmp", "annotation": [ [ - "TaintPropagation::UntrustedSource:1" + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" ], - [] - ], - "properties": [] - }, - "ulltoa": { - "name": "ulltoa", - "annotation": [ - [], - [], [ - "OutputString::21" + "Deref" ], - [] - ], - "properties": [] - }, - "ulltow": { - "name": "ulltow", - "annotation": [ - [], - [], [ - "OutputString::21" + "Deref" ], [] ], "properties": [] }, - "ultoa": { - "name": "ultoa", + "strncat": { + "name": "strncat", "annotation": [ - [], - [], [ - "OutputString::11" + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [ + "Deref", + "TaintPropagation::UntrustedSource:2" + ], + [ + "Deref" ], [] ], "properties": [] }, - "_ZSt18uncaught_exceptionv": { - "name": "uncaught_exception", - "annotation": [ - [] - ], - "properties": [] - }, - "_ZSt19uncaught_exceptionsv": { - "name": "uncaught_exceptions", - "annotation": [ - [] - ], - "properties": [] - }, - "_ZSt10unexpectedv": { - "name": "unexpected", - "annotation": [ - [] - ], - "properties": [] - }, - "ungetc": { - "name": "ungetc", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "ungetwc": { - "name": "ungetwc", + "strncat_s": { + "name": "strncat_s", "annotation": [ [], + [ + "Deref" + ], [], + [ + "Deref" + ], [] ], "properties": [] }, - "_ZSt7unitbufRSt8ios_base": { - "name": "unitbuf", + "strncmp": { + "name": "strncmp", "annotation": [ - [], + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [ + "Deref" + ], + [ + "Deref" + ], [] ], "properties": [] }, - "unlink": { - "name": "unlink", + "strncpy": { + "name": "strncpy", "annotation": [ - [], + [ + "TaintPropagation::UntrustedSource:2", + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref", + "TaintPropagation::UntrustedSource:2" + ], + [ + "Deref" + ], [] ], "properties": [] }, - "_ZSt9uppercaseRSt8ios_base": { - "name": "uppercase", + "strncpy_s": { + "name": "strncpy_s", "annotation": [ [], - [] - ], - "properties": [] - }, - "_Z8vfprintfP6_iobufPKcPc": { - "name": "vfprintf", - "annotation": [ + [ + "Deref", + "TaintPropagation::UntrustedSource:3" + ], [], [ "Deref" ], - [ - "TaintSink::FormatString" - ] + [] ], "properties": [] }, - "vfprintf_s": { - "name": "vfprintf_s", + "strndup": { + "name": "strndup", "annotation": [ - [], - [ - "Deref" - ], [ - "MemorySize::1" + "TaintPropagation::UntrustedSource:1" ], [ - "TaintSink::FormatString" + "Deref" ] ], "properties": [] }, - "vfscanf": { - "name": "vfscanf", + "strnlen": { + "name": "strnlen", "annotation": [ [ - "TaintOutput::UntrustedSource" + "TaintPropagation::UntrustedSource:1" ], [ "Deref" - ], - [ - "TaintSink::FormatString" - ], - [ - "TaintOutput::UntrustedSource", - "Write:*" ] ], "properties": [] }, - "_Z7vfscanfP6_iobufPKcPc": { - "name": "vfscanf", + "strnset": { + "name": "strnset", "annotation": [ - [ - "TaintOutput::UntrustedSource" - ], + [], [ "Deref" ], [ - "TaintSink::FormatString" + "Deref" ], - [ - "TaintOutput::UntrustedSource", - "Write:*" - ] + [] ], "properties": [] }, - "vfscanf_s": { - "name": "vfscanf_s", + "strpbrk": { + "name": "strpbrk", "annotation": [ [ - "TaintOutput::UntrustedSource" - ], - [], - [ - "TaintSink::FormatString" + "InitNull", + "TaintPropagation::UntrustedSource:1" ], [ - "TaintOutput::UntrustedSource", - "Write:*", - "OutputString::-1" + "Deref" ], [] ], "properties": [] }, - "vfwprintf": { - "name": "vfwprintf", + "strrchr": { + "name": "strrchr", "annotation": [ - [], [ - "Deref" + "InitNull", + "TaintPropagation::UntrustedSource:1" ], [ - "TaintSink::FormatString" - ] + "Deref" + ], + [] ], "properties": [] }, - "vfwprintf_s": { - "name": "vfwprintf_s", + "strset": { + "name": "strset", "annotation": [ [], [ "Deref" ], [ - "MemorySize::1" - ], - [ - "TaintSink::FormatString" + "Deref" ] ], "properties": [] }, - "vfwscanf": { - "name": "vfwscanf", + "strspn": { + "name": "strspn", "annotation": [ [ - "TaintOutput::UntrustedSource" + "TaintPropagation::UntrustedSource:1" ], [ "Deref" ], [ - "TaintSink::FormatString" - ], - [ - "TaintOutput::UntrustedSource", - "Write:*", - "OutputString" + "Deref" ] ], "properties": [] }, - "_Z7vprintfPKcPc": { - "name": "vprintf", + "strstr": { + "name": "strstr", "annotation": [ - [], - [], [ - "TaintSink::FormatString" - ] + "InitNull", + "TaintPropagation::UntrustedSource:1" + ], + [], + [] ], "properties": [] }, - "vprintf_s": { - "name": "vprintf_s", + "strtod": { + "name": "strtod", "annotation": [ - [], - [], [ - "TaintSink::FormatString" - ] + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [] ], "properties": [] }, - "vscanf": { - "name": "vscanf", + "strtol": { + "name": "strtol", "annotation": [ [ - "TaintOutput::UntrustedSource" + "TaintPropagation::UntrustedSource:1" ], [ - "TaintSink::FormatString" + "Deref" ], - [ - "TaintOutput::UntrustedSource", - "Write:*", - "OutputString" - ] + [], + [] ], "properties": [] }, - "vscanf_s": { - "name": "vscanf_s", + "strtold": { + "name": "strtold", "annotation": [ [ - "TaintOutput::UntrustedSource" - ], - [ - "TaintSink::FormatString" + "TaintPropagation::UntrustedSource:1" ], [ - "TaintOutput::UntrustedSource", - "Write:*", - "OutputString::-1" + "Deref" ], [] ], "properties": [] }, - "_Z9vsnprintfPcyPKcS_": { - "name": "vsnprintf", + "strtoll": { + "name": "strtoll", "annotation": [ [ - "ArrayIndex::1" - ], - [ - "Deref", - "TaintPropagation::UntrustedSource:4" + "TaintPropagation::UntrustedSource:1" ], [ - "MemorySize::1" + "Deref" ], - [ - "TaintSink::FormatString" - ] + [], + [] ], "properties": [] }, - "vsnprintf_s": { - "name": "vsnprintf_s", + "strtoul": { + "name": "strtoul", "annotation": [ [ - "ArrayIndex::1" + "TaintPropagation::UntrustedSource:1" ], [ - "Deref", - "TaintPropagation::UntrustedSource:5" + "Deref" ], + [], + [] + ], + "properties": [] + }, + "strtoull": { + "name": "strtoull", + "annotation": [ [ - "MemorySize::1" + "TaintPropagation::UntrustedSource:1" ], [ - "BuffSize::>2" + "Deref" ], - [ - "TaintSink::FormatString" - ] + [], + [] ], "properties": [] }, - "vsnwprintf": { - "name": "vsnwprintf", + "strxfrm": { + "name": "strxfrm", "annotation": [ [ - "ArrayIndex::1" + "TaintPropagation::UntrustedSource:2", + "TaintPropagation::UntrustedSource:1" ], [ "Deref", - "TaintPropagation::UntrustedSource:4" + "TaintPropagation::UntrustedSource:2" ], [ - "MemorySize::1" + "Deref" ], - [ - "TaintSink::FormatString" - ] + [] ], "properties": [] }, - "_Z8vsprintfPcPKcS_": { - "name": "vsprintf", + "swprintf": { + "name": "swprintf", "annotation": [ - [ - "ArrayIndex::1", - "TaintPropagation::UntrustedSource:1" - ], + [], [ "Deref", "TaintPropagation::UntrustedSource:3" @@ -12776,45 +1574,41 @@ ], "properties": [] }, - "vsprintf": { - "name": "vsprintf", + "swprintf_s": { + "name": "swprintf_s", "annotation": [ - [ - "ArrayIndex::1", - "TaintPropagation::UntrustedSource:1" - ], + [], [ "Deref", "TaintPropagation::UntrustedSource:3" ], + [], [ "TaintSink::FormatString" ] ], "properties": [] }, - "vsprintf_s": { - "name": "vsprintf_s", + "swscanf": { + "name": "swscanf", "annotation": [ [ - "ArrayIndex::1", - "TaintPropagation::UntrustedSource:1" + "TaintOutput::UntrustedSource" ], [ - "Deref", - "TaintPropagation::UntrustedSource:4" + "Deref" ], [ - "MemorySize::1" + "TaintSink::FormatString" ], [ - "TaintSink::FormatString" + "TaintPropagation::UntrustedSource:1" ] ], "properties": [] }, - "vsscanf": { - "name": "vsscanf", + "swscanf_s": { + "name": "swscanf_s", "annotation": [ [ "TaintOutput::UntrustedSource" @@ -12826,66 +1620,73 @@ "TaintSink::FormatString" ], [ - "Deref", - "Write:*", - "TaintPropagation::UntrustedSource:1", - "OutputString" - ] + "TaintPropagation::UntrustedSource:1" + ], + [] ], "properties": [] }, - "vsscanf_s": { - "name": "vsscanf_s", + "tmpnam": { + "name": "tmpnam", "annotation": [ [ - "TaintOutput::UntrustedSource" + "InitNull" ], + [] + ], + "properties": [] + }, + "vfprintf_s": { + "name": "vfprintf_s", + "annotation": [ [], [ - "TaintSink::FormatString" + "Deref" ], + [], [ - "TaintOutput::UntrustedSource", - "Write:*", - "OutputString::-1" - ], - [] + "TaintSink::FormatString" + ] ], "properties": [] }, - "_ZL9vswprintfPwPKwPc": { - "name": "vswprintf", + "vfscanf": { + "name": "vfscanf", "annotation": [ - [], [ - "TaintPropagation::UntrustedSource:4" + "TaintOutput::UntrustedSource" + ], + [ + "Deref" ], - [], [ "TaintSink::FormatString" + ], + [ + "TaintOutput::UntrustedSource" ] ], "properties": [] }, - "_ZL9vswprintfPwyPKwPc": { - "name": "vswprintf", + "vfwprintf": { + "name": "vfwprintf", "annotation": [ [], - [], - [], - [], + [ + "Deref" + ], [ "TaintSink::FormatString" ] ], "properties": [] }, - "vswprintf_s": { - "name": "vswprintf_s", + "vfwprintf_s": { + "name": "vfwprintf_s", "annotation": [ [], [ - "TaintPropagation::UntrustedSource:4" + "Deref" ], [], [ @@ -12894,8 +1695,8 @@ ], "properties": [] }, - "vswscanf": { - "name": "vswscanf", + "vfwscanf": { + "name": "vfwscanf", "annotation": [ [ "TaintOutput::UntrustedSource" @@ -12907,17 +1708,19 @@ "TaintSink::FormatString" ], [ - "Write:*", - "Deref", - "TaintPropagation::UntrustedSource:1", - "OutputString" + "TaintOutput::UntrustedSource" ] ], "properties": [] }, - "vwprintf": { - "name": "vwprintf", + "vsnprintf_s": { + "name": "vsnprintf_s", "annotation": [ + [], + [ + "Deref", + "TaintPropagation::UntrustedSource:5" + ], [], [], [ @@ -12926,10 +1729,14 @@ ], "properties": [] }, - "vwprintf_s": { - "name": "vwprintf_s", + "vsnwprintf": { + "name": "vsnwprintf", "annotation": [ [], + [ + "Deref", + "TaintPropagation::UntrustedSource:4" + ], [], [ "TaintSink::FormatString" @@ -12937,67 +1744,74 @@ ], "properties": [] }, - "vwscanf": { - "name": "vwscanf", + "vsprintf": { + "name": "vsprintf", "annotation": [ [ - "TaintOutput::UntrustedSource" + "TaintPropagation::UntrustedSource:1" ], [ - "TaintSink::FormatString" + "Deref", + "TaintPropagation::UntrustedSource:3" ], [ - "TaintOutput::UntrustedSource", - "Write:*", - "OutputString" + "TaintSink::FormatString" ] ], "properties": [] }, - "wcpcpy": { - "name": "wcpcpy", + "vsprintf_s": { + "name": "vsprintf_s", "annotation": [ [ - "TaintPropagation::UntrustedSource:2" + "TaintPropagation::UntrustedSource:1" ], [ - "TaintPropagation::UntrustedSource:2" + "Deref", + "TaintPropagation::UntrustedSource:4" ], - [] - ], - "properties": [] - }, - "wcrtomb": { - "name": "wcrtomb", - "annotation": [ - [], [], - [], - [] + [ + "TaintSink::FormatString" + ] ], "properties": [] }, - "wcrtomb_s": { - "name": "wcrtomb_s", + "vsscanf": { + "name": "vsscanf", "annotation": [ - [], - [], - [], - [], - [], - [] + [ + "TaintOutput::UntrustedSource" + ], + [ + "Deref" + ], + [ + "TaintSink::FormatString" + ], + [ + "Deref", + "TaintPropagation::UntrustedSource:1" + ] ], "properties": [] }, - "wcscasecmp": { - "name": "wcscasecmp", + "vswscanf": { + "name": "vswscanf", "annotation": [ [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" + "TaintOutput::UntrustedSource" ], - [], - [] + [ + "Deref" + ], + [ + "TaintSink::FormatString" + ], + [ + "Deref", + "TaintPropagation::UntrustedSource:1" + ] ], "properties": [] }, @@ -13009,8 +1823,7 @@ "TaintPropagation::UntrustedSource:2" ], [ - "Deref", - "Write:*" + "Deref" ], [ "Deref" @@ -13025,30 +1838,13 @@ "TaintPropagation::UntrustedSource:1", "TaintPropagation::UntrustedSource:2" ], - [ - "Deref", - "Write:*" - ], - [ - "MemorySize::1" - ], [ "Deref" - ] - ], - "properties": [] - }, - "_ZSt6wcschrPww": { - "name": "wcschr", - "annotation": [ - [ - "InitNull", - "TaintPropagation::UntrustedSource:1" ], + [], [ "Deref" - ], - [] + ] ], "properties": [] }, @@ -13114,8 +1910,7 @@ "annotation": [ [], [ - "Deref", - "Write:*" + "Deref" ], [ "Deref" @@ -13128,12 +1923,9 @@ "annotation": [ [], [ - "Deref", - "Write:*" - ], - [ - "MemorySize::1" + "Deref" ], + [], [ "Deref" ] @@ -13155,16 +1947,6 @@ ], "properties": [] }, - "wcsdup": { - "name": "wcsdup", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, "wcsftime": { "name": "wcsftime", "annotation": [ @@ -13178,42 +1960,6 @@ ], "properties": [] }, - "wcsicmp": { - "name": "wcsicmp", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "wcsicoll": { - "name": "wcsicoll", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "wcslen": { - "name": "wcslen", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "wcslwr": { - "name": "wcslwr", - "annotation": [ - [], - [] - ], - "properties": [] - }, "wcsncasecmp": { "name": "wcsncasecmp", "annotation": [ @@ -13227,9 +1973,7 @@ [ "Deref" ], - [ - "MemorySize::1" - ] + [] ], "properties": [] }, @@ -13241,8 +1985,7 @@ "TaintPropagation::UntrustedSource:2" ], [ - "Deref", - "Write:*" + "Deref" ], [ "Deref" @@ -13259,18 +2002,13 @@ "TaintPropagation::UntrustedSource:2" ], [ - "Deref", - "Write:*" - ], - [ - "MemorySize::1" + "Deref" ], + [], [ "Deref" ], - [ - "BuffSize::>2" - ] + [] ], "properties": [] }, @@ -13287,9 +2025,7 @@ [ "Deref" ], - [ - "MemorySize::1" - ] + [] ], "properties": [] }, @@ -13301,236 +2037,41 @@ "TaintPropagation::UntrustedSource:1" ], [ - "TaintPropagation::UntrustedSource:2", - "Deref", - "Write:*" - ], - [ - "Deref" - ], - [ - "CharMemSize::1" - ] - ], - "properties": [] - }, - "wcsncpy_s": { - "name": "wcsncpy_s", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:2", - "TaintPropagation::UntrustedSource:1" - ], - [ - "TaintPropagation::UntrustedSource:2", "Deref", - "Write:*" - ], - [ - "MemorySize::1" - ], - [ - "Deref" - ], - [ - "BuffSize::>2" - ] - ], - "properties": [] - }, - "wcsnicmp": { - "name": "wcsnicmp", - "annotation": [ - [], - [], - [], - [] - ], - "properties": [] - }, - "wcsnlen": { - "name": "wcsnlen", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "wcsnlen_s": { - "name": "wcsnlen_s", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "wcsnrtombs": { - "name": "wcsnrtombs", - "annotation": [ - [], - [ - "TaintPropagation::UntrustedSource:2" - ], - [], - [], - [] - ], - "properties": [] - }, - "wcsnset": { - "name": "wcsnset", - "annotation": [ - [], - [], - [], - [] - ], - "properties": [] - }, - "_ZSt7wcspbrkPwPKw": { - "name": "wcspbrk", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "InitNull" - ], - [ - "Deref" - ], - [ - "Deref" - ] - ], - "properties": [] - }, - "wcspbrk": { - "name": "wcspbrk", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "InitNull" - ], - [ - "Deref" - ], - [ - "Deref" - ] - ], - "properties": [] - }, - "_ZSt7wcsrchrPww": { - "name": "wcsrchr", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "InitNull" - ], - [ - "Deref" - ], - [] - ], - "properties": [] - }, - "wcsrchr": { - "name": "wcsrchr", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "InitNull" - ], - [ - "Deref" - ], - [] - ], - "properties": [] - }, - "wcsrev": { - "name": "wcsrev", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "wcsrtombs": { - "name": "wcsrtombs", - "annotation": [ - [], - [ - "TaintPropagation::UntrustedSource:2" - ], - [], - [], - [] - ], - "properties": [] - }, - "wcsrtombs_s": { - "name": "wcsrtombs_s", - "annotation": [ - [], - [ "TaintPropagation::UntrustedSource:2" ], - [], - [], - [], - [], - [] - ], - "properties": [] - }, - "wcsset": { - "name": "wcsset", - "annotation": [ - [], - [], - [] - ], - "properties": [] - }, - "wcsspn": { - "name": "wcsspn", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], [ "Deref" ], - [ - "Deref" - ] + [] ], "properties": [] }, - "_ZSt6wcsstrPwPKw": { - "name": "wcsstr", + "wcsncpy_s": { + "name": "wcsncpy_s", "annotation": [ [ - "TaintPropagation::UntrustedSource:1", - "InitNull" + "TaintPropagation::UntrustedSource:2", + "TaintPropagation::UntrustedSource:1" ], [ - "Deref" + "Deref", + "TaintPropagation::UntrustedSource:2" ], + [], [ "Deref" - ] + ], + [] ], "properties": [] }, - "wcsstr": { - "name": "wcsstr", + "wcspbrk": { + "name": "wcspbrk", "annotation": [ [ - "TaintPropagation::UntrustedSource:1", - "InitNull" + "InitNull", + "TaintPropagation::UntrustedSource:1" ], [ "Deref" @@ -13541,21 +2082,13 @@ ], "properties": [] }, - "_ZL6wcstodPKwPPw": { - "name": "wcstod", + "wcsrchr": { + "name": "wcsrchr", "annotation": [ - [], [ - "Deref" + "InitNull", + "TaintPropagation::UntrustedSource:1" ], - [] - ], - "properties": [] - }, - "_ZL6wcstofPKwPPw": { - "name": "wcstof", - "annotation": [ - [], [ "Deref" ], @@ -13563,26 +2096,34 @@ ], "properties": [] }, - "wcstok": { - "name": "wcstok", + "wcsspn": { + "name": "wcsspn", "annotation": [ [ "TaintPropagation::UntrustedSource:1" ], - [], - [] + [ + "Deref" + ], + [ + "Deref" + ] ], "properties": [] }, - "wcstok_s": { - "name": "wcstok_s", + "wcsstr": { + "name": "wcsstr", "annotation": [ [ + "InitNull", "TaintPropagation::UntrustedSource:1" ], - [], - [], - [] + [ + "Deref" + ], + [ + "Deref" + ] ], "properties": [] }, @@ -13621,32 +2162,6 @@ ], "properties": [] }, - "wcstombs": { - "name": "wcstombs", - "annotation": [ - [], - [ - "TaintPropagation::UntrustedSource:2" - ], - [], - [] - ], - "properties": [] - }, - "wcstombs_s": { - "name": "wcstombs_s", - "annotation": [ - [], - [ - "TaintPropagation::UntrustedSource:2" - ], - [], - [], - [], - [] - ], - "properties": [] - }, "wcstoul": { "name": "wcstoul", "annotation": [ @@ -13671,14 +2186,6 @@ ], "properties": [] }, - "wcsupr": { - "name": "wcsupr", - "annotation": [ - [], - [] - ], - "properties": [] - }, "wcsxfrm": { "name": "wcsxfrm", "annotation": [ @@ -13691,27 +2198,6 @@ ], "properties": [] }, - "wctob": { - "name": "wctob", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "wctomb": { - "name": "wctomb", - "annotation": [ - [], - [ - "TaintPropagation::UntrustedSource:2" - ], - [] - ], - "properties": [] - }, "wctrans": { "name": "wctrans", "annotation": [ @@ -13732,34 +2218,6 @@ ], "properties": [] }, - "WinExec": { - "name": "WinExec", - "annotation": [ - [], - [ - "TaintSink::Execute" - ], - [] - ], - "properties": [] - }, - "_ZSt7wmemchrPwwy": { - "name": "wmemchr", - "annotation": [ - [ - "InitNull", - "TaintPropagation::UntrustedSource:1" - ], - [ - "Deref" - ], - [], - [ - "MemorySize::1" - ] - ], - "properties": [] - }, "wmemchr": { "name": "wmemchr", "annotation": [ @@ -13798,7 +2256,6 @@ [], [ "Deref", - "Write:*", "TaintPropagation::UntrustedSource:2" ], [ @@ -13814,12 +2271,9 @@ [], [ "Deref", - "Write:*", "TaintPropagation::UntrustedSource:3" ], - [ - "MemorySize::1" - ], + [], [ "Deref" ], @@ -13833,7 +2287,6 @@ [], [ "Deref", - "Write:*", "TaintPropagation::UntrustedSource:2" ], [ @@ -13849,12 +2302,9 @@ [], [ "Deref", - "Write:*", "TaintPropagation::UntrustedSource:3" ], - [ - "MemorySize::1" - ], + [], [ "Deref" ], @@ -13868,7 +2318,6 @@ [], [ "Deref", - "Write:*", "TaintPropagation::UntrustedSource:2" ], [ @@ -13877,161 +2326,5 @@ [] ], "properties": [] - }, - "wmemset": { - "name": "wmemset", - "annotation": [ - [], - [ - "Write:*", - "TaintPropagation::UntrustedSource:2" - ], - [], - [] - ], - "properties": [] - }, - "wprintf": { - "name": "wprintf", - "annotation": [ - [], - [ - "TaintSink::FormatString", - "TaintSink::SensitiveDataLeak" - ], - [ - "TaintSink::SensitiveDataLeak" - ] - ], - "properties": [] - }, - "wprintf_s": { - "name": "wprintf_s", - "annotation": [ - [], - [ - "TaintSink::FormatString", - "TaintSink::SensitiveDataLeak" - ], - [ - "TaintSink::SensitiveDataLeak" - ] - ], - "properties": [] - }, - "wscanf": { - "name": "wscanf", - "annotation": [ - [ - "TaintOutput::UntrustedSource" - ], - [ - "TaintSink::FormatString" - ], - [ - "TaintOutput::UntrustedSource", - "Write:*", - "OutputString" - ] - ], - "properties": [] - }, - "wtoll": { - "name": "wtoll", - "annotation": [ - [], - [] - ], - "properties": [] - }, - "y0": { - "name": "y0", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "y0f": { - "name": "y0f", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "y0l": { - "name": "y0l", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "y1": { - "name": "y1", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "y1f": { - "name": "y1f", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "y1l": { - "name": "y1l", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "yn": { - "name": "yn", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "ynf": { - "name": "ynf", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "ynl": { - "name": "ynl", - "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] } } \ No newline at end of file diff --git a/include/klee/Core/Interpreter.h b/include/klee/Core/Interpreter.h index 5d29496bed..f63c47e62a 100644 --- a/include/klee/Core/Interpreter.h +++ b/include/klee/Core/Interpreter.h @@ -10,8 +10,8 @@ #define KLEE_INTERPRETER_H #include "TerminationTypes.h" -#include "klee/Module/Annotation.h" +#include "klee/Module/AnnotationsData.h" #include "klee/Module/SarifReport.h" #include @@ -122,17 +122,13 @@ class Interpreter { ModuleOptions(const std::string &_LibraryDir, const std::string &_EntryPoint, const std::string &_OptSuffix, const std::string &_MainCurrentName, - const std::string &_MainNameAfterMock, - const std::string &_AnnotationsFile, - const std::string &_TaintAnnotationsFile, bool _Optimize, + const std::string &_MainNameAfterMock, bool _Optimize, bool _Simplify, bool _CheckDivZero, bool _CheckOvershift, bool _AnnotateOnlyExternal, bool _WithFPRuntime, bool _WithPOSIXRuntime) : LibraryDir(_LibraryDir), EntryPoint(_EntryPoint), OptSuffix(_OptSuffix), MainCurrentName(_MainCurrentName), - MainNameAfterMock(_MainNameAfterMock), - AnnotationsFile(_AnnotationsFile), - TaintAnnotationsFile(_TaintAnnotationsFile), Optimize(_Optimize), + MainNameAfterMock(_MainNameAfterMock), Optimize(_Optimize), Simplify(_Simplify), CheckDivZero(_CheckDivZero), CheckOvershift(_CheckOvershift), AnnotateOnlyExternal(_AnnotateOnlyExternal), @@ -157,6 +153,8 @@ class Interpreter { MockPolicy Mock; MockStrategyKind MockStrategy; MockMutableGlobalsPolicy MockMutableGlobals; + std::string AnnotationsFile; + std::string TaintAnnotationsFile; InterpreterOptions(std::optional Paths) : MakeConcreteSymbolic(false), Guidance(GuidanceKind::NoGuidance), diff --git a/include/klee/Core/MockBuilder.h b/include/klee/Core/MockBuilder.h index c25713ea75..f678258870 100644 --- a/include/klee/Core/MockBuilder.h +++ b/include/klee/Core/MockBuilder.h @@ -38,7 +38,7 @@ class MockBuilder { std::set &mainModuleFunctions; std::set &mainModuleGlobals; - AnnotationsData annotationsData; + const AnnotationsData &annotationsData; void initMockModule(); void buildMockMain(); @@ -86,7 +86,8 @@ class MockBuilder { std::vector> &redefinitions, InterpreterHandler *interpreterHandler, std::set &mainModuleFunctions, - std::set &mainModuleGlobals); + std::set &mainModuleGlobals, + const AnnotationsData &annotationsData); std::unique_ptr build(); void buildAllocSource(llvm::Value *prev, llvm::Type *elemType, diff --git a/include/klee/Core/TerminationTypes.h b/include/klee/Core/TerminationTypes.h index 9dc67be69a..0d531c8e2a 100644 --- a/include/klee/Core/TerminationTypes.h +++ b/include/klee/Core/TerminationTypes.h @@ -75,7 +75,8 @@ enum class StateTerminationClass : std::uint8_t { TTMARK(EARLYALGORITHM, 72U) \ TTYPE(SilentExit, 80U, "") \ TTMARK(EARLYUSER, 80U) \ - TTMARK(END, 80U) + TTMARK(END, 80U) \ + TTYPE(Taint, 90U, "taint.err") ///@brief Reason an ExecutionState got terminated. enum class StateTerminationType : std::uint8_t { diff --git a/include/klee/Module/AnnotationsData.h b/include/klee/Module/AnnotationsData.h index 3cdb7d9b82..1ee13a1e69 100644 --- a/include/klee/Module/AnnotationsData.h +++ b/include/klee/Module/AnnotationsData.h @@ -10,8 +10,9 @@ struct AnnotationsData final { AnnotationsMap annotations; TaintAnnotation taintAnnotation; - explicit AnnotationsData(const std::string &annotationsFile, - const std::string &taintAnnotationsFile); + explicit AnnotationsData( + const std::string &annotationsFile = std::string(), + const std::string &taintAnnotationsFile = std::string()); virtual ~AnnotationsData(); }; diff --git a/include/klee/Module/TaintAnnotation.h b/include/klee/Module/TaintAnnotation.h index b10c4c22a8..bc0b71dd3f 100644 --- a/include/klee/Module/TaintAnnotation.h +++ b/include/klee/Module/TaintAnnotation.h @@ -13,6 +13,7 @@ using json = nlohmann::json; namespace klee { +// TODO: set to set>, where pair is sink and target using TaintSinksSourcesMap = std::map>; class TaintAnnotation final { @@ -20,9 +21,9 @@ class TaintAnnotation final { TaintSinksSourcesMap sinksToSources; std::map sinks; std::map sources; + // TODO: add map from size_t target to string - explicit TaintAnnotation(); - explicit TaintAnnotation(const std::string &taintAnnotationsFile); + explicit TaintAnnotation(const std::string &path); virtual ~TaintAnnotation(); }; diff --git a/lib/Core/Executor.cpp b/lib/Core/Executor.cpp index c6a395731c..a2ff33ed48 100644 --- a/lib/Core/Executor.cpp +++ b/lib/Core/Executor.cpp @@ -505,7 +505,9 @@ const std::unordered_set Executor::modelledFPIntrinsics = { Executor::Executor(LLVMContext &ctx, const InterpreterOptions &opts, InterpreterHandler *ih) - : Interpreter(opts), interpreterHandler(ih), searcher(nullptr), + : Interpreter(opts), + annotationsData(opts.AnnotationsFile, opts.TaintAnnotationsFile), + interpreterHandler(ih), searcher(nullptr), externalDispatcher(new ExternalDispatcher(ctx)), statsTracker(0), pathWriter(0), symPathWriter(0), specialFunctionHandler(0), timers{time::Span(TimerInterval)}, @@ -636,7 +638,8 @@ llvm::Module *Executor::setModule( !opts.AnnotationsFile.empty()) { MockBuilder mockBuilder(kmodule->module.get(), opts, interpreterOpts, ignoredExternals, redefinitions, interpreterHandler, - mainModuleFunctions, mainModuleGlobals); + mainModuleFunctions, mainModuleGlobals, + annotationsData); std::unique_ptr mockModule = mockBuilder.build(); std::vector> mockModules; @@ -5022,6 +5025,22 @@ void Executor::terminateStateOnTargetError(ExecutionState &state, state, new ErrorEvent(locationOf(state), terminationType, messaget)); } +// TODO: add taint target errors to taint-annotations.json and change function +void Executor::terminateStateOnTaintError(ExecutionState &state, size_t sink) { + // reportStateOnTargetError(state, error); + + const auto &sinks = annotationsData.taintAnnotation.sinks; + auto taintSink = std::find_if(sinks.begin(), sinks.end(), + [&](const std::pair &i) { + return i.second == sink; + }); + if (taintSink == std::end(sinks)) { + klee_error("Unknown sink index"); + } + terminateStateOnProgramError(state, taintSink->first + " taint error", + StateTerminationType::Taint); +} + void Executor::terminateStateOnError(ExecutionState &state, const llvm::Twine &messaget, StateTerminationType terminationType, diff --git a/lib/Core/Executor.h b/lib/Core/Executor.h index eb769d1831..31b4ff7102 100644 --- a/lib/Core/Executor.h +++ b/lib/Core/Executor.h @@ -31,6 +31,7 @@ #include "klee/Expr/Constraints.h" #include "klee/Expr/SourceBuilder.h" #include "klee/Expr/SymbolicSource.h" +#include "klee/Module/AnnotationsData.h" #include "klee/Module/Cell.h" #include "klee/Module/KInstruction.h" #include "klee/Module/KModule.h" @@ -127,6 +128,8 @@ class Executor : public Interpreter { RNG theRNG; private: + AnnotationsData annotationsData; + int *errno_addr; size_t maxNewWriteableOSSize = 0; @@ -631,6 +634,8 @@ class Executor : public Interpreter { /// Then just call `terminateStateOnError` void terminateStateOnTargetError(ExecutionState &state, ReachWithError error); + void terminateStateOnTaintError(ExecutionState &state, size_t sink); + /// Call error handler and terminate state in case of program errors /// (e.g. free()ing globals, out-of-bound accesses) void terminateStateOnProgramError(ExecutionState &state, diff --git a/lib/Core/MockBuilder.cpp b/lib/Core/MockBuilder.cpp index f4f229a902..979722a498 100644 --- a/lib/Core/MockBuilder.cpp +++ b/lib/Core/MockBuilder.cpp @@ -89,14 +89,14 @@ MockBuilder::MockBuilder( std::vector> &redefinitions, InterpreterHandler *interpreterHandler, std::set &mainModuleFunctions, - std::set &mainModuleGlobals) + std::set &mainModuleGlobals, + const AnnotationsData &annotationsData) : userModule(initModule), ctx(initModule->getContext()), opts(opts), interpreterOptions(interpreterOptions), ignoredExternals(ignoredExternals), redefinitions(redefinitions), interpreterHandler(interpreterHandler), mainModuleFunctions(mainModuleFunctions), - mainModuleGlobals(mainModuleGlobals), - annotationsData(opts.AnnotationsFile, opts.TaintAnnotationsFile) {} + mainModuleGlobals(mainModuleGlobals), annotationsData(annotationsData) {} std::unique_ptr MockBuilder::build() { initMockModule(); @@ -535,7 +535,7 @@ MockBuilder::buildCallKleeTaintFunction(const std::string &functionName, {llvm::Type::getInt8PtrTy(mockModule->getContext()), llvm::Type::getInt64Ty(mockModule->getContext())}, false); - auto kleeAddTaintCallee = + auto kleeTaintFunctionCallee = mockModule->getOrInsertFunction(functionName, kleeTaintFunctionType); // //TODO: that's not all: @@ -579,13 +579,15 @@ MockBuilder::buildCallKleeTaintFunction(const std::string &functionName, if (!source->getType()->isPointerTy() && !source->getType()->isArrayTy()) { beginPtr = builder->CreateAlloca(source->getType()); builder->CreateStore(source, beginPtr); + beginPtr = builder->CreateBitCast( + beginPtr, llvm::Type::getInt8PtrTy(mockModule->getContext())); } else { beginPtr = builder->CreateBitCast( source, llvm::Type::getInt8PtrTy(mockModule->getContext())); } return builder->CreateCall( - kleeAddTaintCallee, + kleeTaintFunctionCallee, {beginPtr, llvm::ConstantInt::get(mockModule->getContext(), llvm::APInt(64, taint, false))}); } @@ -847,6 +849,14 @@ void MockBuilder::buildAnnotationForExternalFunctionReturn( std::string retName = "ret_" + func->getName().str(); llvm::Value *retValuePtr = builder->CreateAlloca(returnType, nullptr); + // TODO: fix strange type ("fopen" mock, store instruction) + // if (func->getName() == "fopen") { + // buildCallKleeMakeSymbolic("klee_make_mock", retValuePtr, returnType, + // func->getName().str()); + // llvm::Value *retValue = builder->CreateLoad(returnType, retValuePtr, + // retName); builder->CreateRet(retValue); return; + // } + if (returnType->isPointerTy() && (allocSourcePtr || mustInitNull)) { processingValue(retValuePtr, returnType, allocSourcePtr, mustInitNull || maybeInitNull); diff --git a/lib/Core/SpecialFunctionHandler.cpp b/lib/Core/SpecialFunctionHandler.cpp index ef64482e52..a80222791e 100644 --- a/lib/Core/SpecialFunctionHandler.cpp +++ b/lib/Core/SpecialFunctionHandler.cpp @@ -135,6 +135,7 @@ static SpecialFunctionHandler::HandlerInfo handlerInfo[] = { add("klee_check_taint_source", handleCheckTaintSource, true), add("klee_check_taint_sink", handleCheckTaintSink, true), add("klee_taint_sink_hit", handleTaintSinkHit, false), + #ifdef SUPPORT_KLEE_EH_CXX add("_klee_eh_Unwind_RaiseException_impl", handleEhUnwindRaiseExceptionImpl, false), @@ -1220,8 +1221,6 @@ void SpecialFunctionHandler::handleFAbs(ExecutionState &state, executor.bindLocal(target, state, result); } -// TODO: update definitions after adding taint memory - void SpecialFunctionHandler::handleAddTaint(klee::ExecutionState &state, klee::KInstruction *target, std::vector> &arguments) { @@ -1231,8 +1230,6 @@ void SpecialFunctionHandler::handleAddTaint(klee::ExecutionState &state, "klee_add_taint(void*, size_t)"); return; } - - // executor.executeMemoryOperation(state, true) } void SpecialFunctionHandler::handleClearTaint( @@ -1244,8 +1241,6 @@ void SpecialFunctionHandler::handleClearTaint( "klee_clear_taint(void*, size_t)"); return; } - - // executor.executeMemoryOperation(state, true) } void SpecialFunctionHandler::handleCheckTaintSource( @@ -1257,9 +1252,6 @@ void SpecialFunctionHandler::handleCheckTaintSource( "klee_check_taint_source(void*, size_t)"); return; } - - // ref result = ConstantExpr::create(true, Expr::Bool); - // executor.bindLocal(target, state, result); } void SpecialFunctionHandler::handleCheckTaintSink( @@ -1285,6 +1277,12 @@ void SpecialFunctionHandler::handleTaintSinkHit( return; } - // executor.terminateStateOnError(state, "FormatString", - // StateTerminationType::User); + char *end = nullptr; + size_t sink = strtoul(arguments[0]->toString().c_str(), &end, 10); + if (*end != '\0' || errno == ERANGE) { + executor.terminateStateOnUserError( + state, "Incorrect argument 0 to klee_taint_sink_hit(size_t)"); + } + + executor.terminateStateOnTaintError(state, sink); } diff --git a/lib/Module/AnnotationsData.cpp b/lib/Module/AnnotationsData.cpp index e314faa8ff..e560503df0 100644 --- a/lib/Module/AnnotationsData.cpp +++ b/lib/Module/AnnotationsData.cpp @@ -2,12 +2,9 @@ namespace klee { -klee::AnnotationsData::AnnotationsData( - const std::string &annotationsFile, - const std::string &taintAnnotationsFile) { - taintAnnotation = taintAnnotationsFile.empty() - ? TaintAnnotation() - : TaintAnnotation(taintAnnotationsFile); +klee::AnnotationsData::AnnotationsData(const std::string &annotationsFile, + const std::string &taintAnnotationsFile) + : taintAnnotation(taintAnnotationsFile) { annotations = parseAnnotations(annotationsFile); } diff --git a/lib/Module/TaintAnnotation.cpp b/lib/Module/TaintAnnotation.cpp index 18a9ba9cfb..a7053a841f 100644 --- a/lib/Module/TaintAnnotation.cpp +++ b/lib/Module/TaintAnnotation.cpp @@ -5,18 +5,18 @@ namespace klee { -TaintAnnotation::TaintAnnotation() = default; +TaintAnnotation::TaintAnnotation(const std::string &path) { + if (path.empty()) { + return; + } -TaintAnnotation::TaintAnnotation(const std::string &taintAnnotationsFilePath) { - std::ifstream taintAnnotationsFile(taintAnnotationsFilePath); + std::ifstream taintAnnotationsFile(path); if (!taintAnnotationsFile.good()) { - klee_error("Taint annotation: Opening %s failed.", - taintAnnotationsFilePath.c_str()); + klee_error("Taint annotation: Opening %s failed.", path.c_str()); } json taintAnnotationsJson = json::parse(taintAnnotationsFile, nullptr, false); if (taintAnnotationsJson.is_discarded()) { - klee_error("Taint annotation: Parsing JSON %s failed.", - taintAnnotationsFilePath.c_str()); + klee_error("Taint annotation: Parsing JSON %s failed.", path.c_str()); } std::set sourcesStrs; diff --git a/tools/klee/main.cpp b/tools/klee/main.cpp index 1d523f9ad0..852f058bde 100644 --- a/tools/klee/main.cpp +++ b/tools/klee/main.cpp @@ -15,6 +15,7 @@ #include "klee/Core/Context.h" #include "klee/Core/Interpreter.h" #include "klee/Core/TargetedExecutionReporter.h" +#include "klee/Module/AnnotationsData.h" #include "klee/Module/LocationInfo.h" #include "klee/Module/SarifReport.h" #include "klee/Module/TargetForest.h" @@ -404,7 +405,8 @@ cl::opt MockMutableGlobals( cl::opt AnnotationsFile("annotations", cl::desc("Path to the annotation JSON file"), - cl::value_desc("path file"), cl::cat(MockCat)); + cl::init(std::string()), cl::value_desc("path file"), + cl::cat(MockCat)); cl::opt AnnotateOnlyExternal( "annotate-only-external", @@ -412,7 +414,7 @@ cl::opt AnnotateOnlyExternal( cl::init(false), cl::cat(MockCat)); cl::opt - TaintAnnotationsFile("taint-annotations", + TaintAnnotationsFile("taint-annotations", cl::init(std::string()), cl::desc("Path to the taint annotations JSON file"), cl::value_desc("path file"), cl::cat(MockCat)); @@ -2179,8 +2181,6 @@ int main(int argc, char **argv, char **envp) { LibraryDir, EntryPoint, opt_suffix, /*MainCurrentName=*/EntryPoint, /*MainNameAfterMock=*/"__klee_mock_wrapped_main", - /*AnnotationsFile=*/AnnotationsFile, - /*TaintAnnotationsFile=*/TaintAnnotationsFile, /*Optimize=*/OptimizeModule, /*Simplify*/ SimplifyModule, /*CheckDivZero=*/CheckDivZero, @@ -2390,6 +2390,8 @@ int main(int argc, char **argv, char **envp) { IOpts.Mock = Mock; IOpts.MockStrategy = MockStrategy; IOpts.MockMutableGlobals = MockMutableGlobals; + IOpts.AnnotationsFile = AnnotationsFile; + IOpts.TaintAnnotationsFile = TaintAnnotationsFile; std::unique_ptr interpreter( Interpreter::create(ctx, IOpts, handler.get())); From 6a872a2496b694322acf1f58b69d60ac15156728 Mon Sep 17 00:00:00 2001 From: Maria Date: Wed, 28 Feb 2024 16:18:50 +0300 Subject: [PATCH 15/28] Fix --- include/klee/Module/TaintAnnotation.h | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/include/klee/Module/TaintAnnotation.h b/include/klee/Module/TaintAnnotation.h index bc0b71dd3f..a20f29c5b1 100644 --- a/include/klee/Module/TaintAnnotation.h +++ b/include/klee/Module/TaintAnnotation.h @@ -2,12 +2,9 @@ #define KLEE_TAINT_ANNOTATION_H #include "nlohmann/json.hpp" -#include "nonstd/optional.hpp" -#include "map" -#include "set" -#include "string" -#include "vector" +#include +#include using json = nlohmann::json; From bc922f5e4d8c12620878fff0e7ac18ef891fd6d7 Mon Sep 17 00:00:00 2001 From: Maria Date: Wed, 28 Feb 2024 19:47:16 +0300 Subject: [PATCH 16/28] Add taint rules --- configs/taint-annotations.json | 15 ++++++-- include/klee/Core/MockBuilder.h | 4 +- include/klee/Module/SarifReport.h | 4 ++ include/klee/Module/TaintAnnotation.h | 30 ++++++++++----- include/klee/klee.h | 12 +++--- lib/Core/Executor.cpp | 18 +++------ lib/Core/Executor.h | 2 +- lib/Core/MockBuilder.cpp | 53 ++++++++++++++------------- lib/Core/SpecialFunctionHandler.cpp | 24 ++++++------ lib/Core/SpecialFunctionHandler.h | 4 +- lib/Module/SarifReport.cpp | 6 +++ lib/Module/TaintAnnotation.cpp | 41 ++++++++++++++++----- scripts/cooddy_annotations.py | 4 +- tools/klee/main.cpp | 2 +- 14 files changed, 135 insertions(+), 84 deletions(-) diff --git a/configs/taint-annotations.json b/configs/taint-annotations.json index df9bcd6965..ca55f73a24 100644 --- a/configs/taint-annotations.json +++ b/configs/taint-annotations.json @@ -1,11 +1,20 @@ { "SensitiveDataLeak": [ - "SensitiveDataSource" + { + "source": "SensitiveDataSource", + "rule": "TAINT.SDE" + } ], "FormatString": [ - "UntrustedSource" + { + "source": "UntrustedSource", + "rule": "SV.STR.FMT.TAINT" + } ], "Execute": [ - "UntrustedSource" + { + "source": "UntrustedSource", + "rule": "TAINT.STRING.CLI" + } ] } diff --git a/include/klee/Core/MockBuilder.h b/include/klee/Core/MockBuilder.h index f678258870..f609c46a9c 100644 --- a/include/klee/Core/MockBuilder.h +++ b/include/klee/Core/MockBuilder.h @@ -50,8 +50,8 @@ class MockBuilder { const std::string &symbolicName); llvm::CallInst *buildCallKleeTaintFunction(const std::string &functionName, llvm::Value *source, size_t taint, - bool returnBool); - void buildCallKleeTaintSinkHit(size_t taintSink); + llvm::Type *returnType); + void buildCallKleeTaintHit(llvm::Value *taintRule); void buildAnnotationTaintOutput(llvm::Value *elem, const Statement::Ptr &statement); diff --git a/include/klee/Module/SarifReport.h b/include/klee/Module/SarifReport.h index 7f80b7ed82..64da27ff3f 100644 --- a/include/klee/Module/SarifReport.h +++ b/include/klee/Module/SarifReport.h @@ -51,6 +51,10 @@ enum ReachWithError { NullCheckAfterDerefException, Reachable, None, + + TaintFormatString, + TaintSensitiveData, + TaintExecute, }; const char *getErrorString(ReachWithError error); diff --git a/include/klee/Module/TaintAnnotation.h b/include/klee/Module/TaintAnnotation.h index a20f29c5b1..9de85e3234 100644 --- a/include/klee/Module/TaintAnnotation.h +++ b/include/klee/Module/TaintAnnotation.h @@ -10,18 +10,30 @@ using json = nlohmann::json; namespace klee { -// TODO: set to set>, where pair is sink and target -using TaintSinksSourcesMap = std::map>; +using source_ty = size_t; +using sink_ty = size_t; +using rule_ty = size_t; -class TaintAnnotation final { -public: - TaintSinksSourcesMap sinksToSources; - std::map sinks; - std::map sources; - // TODO: add map from size_t target to string +struct TaintHitInfo final { + source_ty source; + sink_ty sink; + + explicit TaintHitInfo(source_ty source, sink_ty sink); + + bool operator<(const TaintHitInfo &other) const; + bool operator==(const TaintHitInfo &other) const; +}; + +using TaintHitsMap = std::map; + +struct TaintAnnotation final { + TaintHitsMap hits; + + std::unordered_map sources; + std::unordered_map sinks; + std::vector rules; explicit TaintAnnotation(const std::string &path); - virtual ~TaintAnnotation(); }; } // namespace klee diff --git a/include/klee/klee.h b/include/klee/klee.h index d9ac945910..7ee324c153 100644 --- a/include/klee/klee.h +++ b/include/klee/klee.h @@ -61,19 +61,19 @@ void klee_clear_taint(void *array, size_t taint_source); */ bool klee_check_taint_source(void *array, size_t taint_source); -/* klee_check_taint_sink - Check that the contents of the object pointer - * to \arg addr causes a taint sink \arg taint_sink hit. +/* klee_get_taint_rule - Return taint rule id +1 if contents of the object pointer + * to \arg addr causes a taint sink \arg taint_sink hit, else return 0. * * \arg addr - The start of the object. * \arg taint_sink - Taint sink. */ -bool klee_check_taint_sink(void *array, size_t taint_sink); +size_t klee_get_taint_rule(void *array, size_t taint_sink); -/* klee_taint_sink_hit - Execute taint sink \arg taint_sink hit. +/* klee_taint_hit - Execute taint hit with rule. * - * \arg taint_sink - Taint sink. + * \arg rule - Taint rule id. */ -void klee_taint_sink_hit(size_t taint_sink); +void klee_taint_hit(size_t rule); /* klee_range - Construct a symbolic value in the signed interval * [begin,end). diff --git a/lib/Core/Executor.cpp b/lib/Core/Executor.cpp index a2ff33ed48..7e2bea50a0 100644 --- a/lib/Core/Executor.cpp +++ b/lib/Core/Executor.cpp @@ -5026,18 +5026,12 @@ void Executor::terminateStateOnTargetError(ExecutionState &state, } // TODO: add taint target errors to taint-annotations.json and change function -void Executor::terminateStateOnTaintError(ExecutionState &state, size_t sink) { - // reportStateOnTargetError(state, error); - - const auto &sinks = annotationsData.taintAnnotation.sinks; - auto taintSink = std::find_if(sinks.begin(), sinks.end(), - [&](const std::pair &i) { - return i.second == sink; - }); - if (taintSink == std::end(sinks)) { - klee_error("Unknown sink index"); - } - terminateStateOnProgramError(state, taintSink->first + " taint error", +void Executor::terminateStateOnTargetTaintError(ExecutionState &state, size_t rule) { + const std::string &ruleStr = annotationsData.taintAnnotation.rules[rule]; + +// reportStateOnTargetError(state, rule); + + terminateStateOnProgramError(state, ruleStr + " taint error", StateTerminationType::Taint); } diff --git a/lib/Core/Executor.h b/lib/Core/Executor.h index 31b4ff7102..f61f17c16c 100644 --- a/lib/Core/Executor.h +++ b/lib/Core/Executor.h @@ -634,7 +634,7 @@ class Executor : public Interpreter { /// Then just call `terminateStateOnError` void terminateStateOnTargetError(ExecutionState &state, ReachWithError error); - void terminateStateOnTaintError(ExecutionState &state, size_t sink); + void terminateStateOnTargetTaintError(ExecutionState &state, size_t rule); /// Call error handler and terminate state in case of program errors /// (e.g. free()ing globals, out-of-bound accesses) diff --git a/lib/Core/MockBuilder.cpp b/lib/Core/MockBuilder.cpp index 979722a498..c4ed914487 100644 --- a/lib/Core/MockBuilder.cpp +++ b/lib/Core/MockBuilder.cpp @@ -421,7 +421,8 @@ void MockBuilder::buildAnnotationTaintOutput(llvm::Value *elem, taintOutputPtr->getTaintType().c_str()); return; } - buildCallKleeTaintFunction("klee_add_taint", elem, source->second, false); + buildCallKleeTaintFunction("klee_add_taint", elem, source->second, + llvm::Type::getVoidTy(mockModule->getContext())); } void MockBuilder::buildAnnotationTaintPropagation( @@ -460,11 +461,13 @@ void MockBuilder::buildAnnotationTaintPropagation( llvm::Value *propagationValue = func->getArg(taintPropagationPtr->propagationParameterIndex); auto brValuePropagate = buildCallKleeTaintFunction( - "klee_check_taint_source", propagationValue, source->second, true); + "klee_check_taint_source", propagationValue, source->second, + llvm::Type::getInt1Ty(mockModule->getContext())); builder->CreateCondBr(brValuePropagate, propagateBB, contBB); builder->SetInsertPoint(propagateBB); - buildCallKleeTaintFunction("klee_add_taint", elem, source->second, false); + buildCallKleeTaintFunction("klee_add_taint", elem, source->second, + llvm::Type::getVoidTy(mockModule->getContext())); builder->CreateBr(contBB); curFunc->getBasicBlockList().push_back(contBB); @@ -495,8 +498,13 @@ void MockBuilder::buildAnnotationTaintSink(llvm::Value *elem, llvm::BasicBlock::Create(mockModule->getContext(), sinkCondName, curFunc); llvm::BasicBlock *contBB = llvm::BasicBlock::Create( mockModule->getContext(), "continue_" + sinkCondName); - auto brValueSink = buildCallKleeTaintFunction("klee_check_taint_sink", elem, - sink->second, true); + auto taintRule = buildCallKleeTaintFunction( + "klee_get_taint_rule", elem, sink->second, + llvm::Type::getInt64Ty(mockModule->getContext())); + const auto brValueSink = + builder->CreateCmp(llvm::CmpInst::Predicate::ICMP_NE, taintRule, + llvm::ConstantInt::get(mockModule->getContext(), + llvm::APInt(64, 0, false))); builder->CreateCondBr(brValueSink, sinkBB, contBB); builder->SetInsertPoint(sinkBB); @@ -509,13 +517,16 @@ void MockBuilder::buildAnnotationTaintSink(llvm::Value *elem, sinkHitCondName); fromIf = builder->GetInsertBlock(); curFunc = fromIf->getParent(); - llvm::BasicBlock *sinkHitBB = llvm::BasicBlock::Create( + llvm::BasicBlock *taintHitBB = llvm::BasicBlock::Create( mockModule->getContext(), sinkHitCondName, curFunc); - auto brValueSinkHit = builder->CreateLoad(intType, sinkHitCond); - builder->CreateCondBr(brValueSinkHit, sinkHitBB, contBB); - - builder->SetInsertPoint(sinkHitBB); - buildCallKleeTaintSinkHit(sink->second); + auto brValueTaintHit = builder->CreateLoad(intType, sinkHitCond); + builder->CreateCondBr(brValueTaintHit, taintHitBB, contBB); + + builder->SetInsertPoint(taintHitBB); + const auto taintRuleId = builder->CreateSub( + taintRule, llvm::ConstantInt::get(mockModule->getContext(), + llvm::APInt(64, 1, false))); + buildCallKleeTaintHit(taintRuleId); builder->CreateBr(contBB); curFunc->getBasicBlockList().push_back(contBB); @@ -525,11 +536,7 @@ void MockBuilder::buildAnnotationTaintSink(llvm::Value *elem, llvm::CallInst * MockBuilder::buildCallKleeTaintFunction(const std::string &functionName, llvm::Value *source, size_t taint, - bool returnBool) { - const auto returnType = returnBool - ? llvm::Type::getInt1Ty(mockModule->getContext()) - : llvm::Type::getVoidTy(mockModule->getContext()); - + llvm::Type *returnType) { auto *kleeTaintFunctionType = llvm::FunctionType::get( returnType, {llvm::Type::getInt8PtrTy(mockModule->getContext()), @@ -592,17 +599,13 @@ MockBuilder::buildCallKleeTaintFunction(const std::string &functionName, llvm::APInt(64, taint, false))}); } -void MockBuilder::buildCallKleeTaintSinkHit(size_t taintSink) { - auto *kleeTaintSinkHitType = llvm::FunctionType::get( +void MockBuilder::buildCallKleeTaintHit(llvm::Value *taintRule) { + auto *kleeTaintHitType = llvm::FunctionType::get( llvm::Type::getVoidTy(mockModule->getContext()), {llvm::Type::getInt64Ty(mockModule->getContext())}, false); - auto kleeTaintSinkHitCallee = mockModule->getOrInsertFunction( - "klee_taint_sink_hit", kleeTaintSinkHitType); - - builder->CreateCall( - kleeTaintSinkHitCallee, - {llvm::ConstantInt::get(mockModule->getContext(), - llvm::APInt(64, taintSink, false))}); + auto kleeTaintSinkHitCallee = + mockModule->getOrInsertFunction("klee_taint_hit", kleeTaintHitType); + builder->CreateCall(kleeTaintSinkHitCallee, {taintRule}); } void MockBuilder::buildAnnotationForExternalFunctionArgs( diff --git a/lib/Core/SpecialFunctionHandler.cpp b/lib/Core/SpecialFunctionHandler.cpp index a80222791e..fcf0be47b4 100644 --- a/lib/Core/SpecialFunctionHandler.cpp +++ b/lib/Core/SpecialFunctionHandler.cpp @@ -133,8 +133,8 @@ static SpecialFunctionHandler::HandlerInfo handlerInfo[] = { add("klee_add_taint", handleAddTaint, false), add("klee_clear_taint", handleClearTaint, false), add("klee_check_taint_source", handleCheckTaintSource, true), - add("klee_check_taint_sink", handleCheckTaintSink, true), - add("klee_taint_sink_hit", handleTaintSinkHit, false), + add("klee_get_taint_rule", handleGetTaintRule, true), + add("klee_taint_hit", handleTaintHit, false), #ifdef SUPPORT_KLEE_EH_CXX add("_klee_eh_Unwind_RaiseException_impl", handleEhUnwindRaiseExceptionImpl, @@ -1254,35 +1254,37 @@ void SpecialFunctionHandler::handleCheckTaintSource( } } -void SpecialFunctionHandler::handleCheckTaintSink( +void SpecialFunctionHandler::handleGetTaintRule( klee::ExecutionState &state, klee::KInstruction *target, std::vector> &arguments) { if (arguments.size() != 2) { executor.terminateStateOnUserError(state, "Incorrect number of arguments to " - "klee_check_taint_sink(void*, size_t)"); + "klee_get_taint_rule(void*, size_t)"); return; } - // ref result = ConstantExpr::create(true, Expr::Bool); - // executor.bindLocal(target, state, result); +// ref result = ConstantExpr::create(4, Expr::Int64); +// executor.bindLocal(target, state, result); } -void SpecialFunctionHandler::handleTaintSinkHit( +void SpecialFunctionHandler::handleTaintHit( klee::ExecutionState &state, klee::KInstruction *target, std::vector> &arguments) { if (arguments.size() != 1) { executor.terminateStateOnUserError( - state, "Incorrect number of arguments to klee_taint_sink_hit(size_t)"); + state, "Incorrect number of arguments to klee_taint_hit(size_t)"); return; } char *end = nullptr; - size_t sink = strtoul(arguments[0]->toString().c_str(), &end, 10); + size_t rule = strtoul(arguments[0]->toString().c_str(), &end, 10); if (*end != '\0' || errno == ERANGE) { executor.terminateStateOnUserError( - state, "Incorrect argument 0 to klee_taint_sink_hit(size_t)"); + state, "Incorrect argument 0 to klee_taint_hit(size_t)"); } - executor.terminateStateOnTaintError(state, sink); + klee_warning("!!!: %s\n", arguments[0]->toString().c_str()); + + executor.terminateStateOnTargetTaintError(state, rule); } diff --git a/lib/Core/SpecialFunctionHandler.h b/lib/Core/SpecialFunctionHandler.h index 5a634751ca..4a329f67ed 100644 --- a/lib/Core/SpecialFunctionHandler.h +++ b/lib/Core/SpecialFunctionHandler.h @@ -184,8 +184,8 @@ class SpecialFunctionHandler { HANDLER(handleAddTaint); HANDLER(handleClearTaint); HANDLER(handleCheckTaintSource); - HANDLER(handleCheckTaintSink); - HANDLER(handleTaintSinkHit); + HANDLER(handleGetTaintRule); + HANDLER(handleTaintHit); #undef HANDLER }; } // namespace klee diff --git a/lib/Module/SarifReport.cpp b/lib/Module/SarifReport.cpp index 728e775c24..4d53667743 100644 --- a/lib/Module/SarifReport.cpp +++ b/lib/Module/SarifReport.cpp @@ -114,6 +114,12 @@ tryConvertRuleJson(const std::string &ruleId, const std::string &toolName, return {ReachWithError::DoubleFree}; } else if ("MEM.USE.FREE" == ruleId) { return {ReachWithError::UseAfterFree}; + } else if ("SV.STR.FMT.TAINT" == ruleId) { + return {ReachWithError::TaintFormatString}; + } else if ("TAINT.SDE" == ruleId) { + return {ReachWithError::TaintSensitiveData}; + } else if ("TAINT.STRING.CLI" == ruleId) { + return {ReachWithError::TaintExecute}; } else { return {}; } diff --git a/lib/Module/TaintAnnotation.cpp b/lib/Module/TaintAnnotation.cpp index a7053a841f..3bcaafa727 100644 --- a/lib/Module/TaintAnnotation.cpp +++ b/lib/Module/TaintAnnotation.cpp @@ -5,6 +5,16 @@ namespace klee { +TaintHitInfo::TaintHitInfo(source_ty source, sink_ty sink) + : source(source), sink(sink) {} + +bool TaintHitInfo::operator<(const TaintHitInfo &other) const { + return (sink < other.sink) || (source < other.source); +} +bool TaintHitInfo::operator==(const TaintHitInfo &other) const { + return (source == other.source) && (sink == other.sink); +} + TaintAnnotation::TaintAnnotation(const std::string &path) { if (path.empty()) { return; @@ -19,17 +29,26 @@ TaintAnnotation::TaintAnnotation(const std::string &path) { klee_error("Taint annotation: Parsing JSON %s failed.", path.c_str()); } - std::set sourcesStrs; + std::set sourcesStr; + std::set rulesStr; for (auto &item : taintAnnotationsJson.items()) { if (!item.value().is_array()) { klee_error("Taint annotations: Incorrect file format"); } - const auto sourcesForThisSink = item.value().get>(); - sourcesStrs.insert(sourcesForThisSink.begin(), sourcesForThisSink.end()); + for (auto &taintHitJson : item.value()) { + sourcesStr.insert(taintHitJson["source"]); + rulesStr.insert(taintHitJson["rule"]); + } + } + + rules = std::vector(rulesStr.begin(), rulesStr.end()); + std::map rulesMap; + for (size_t i = 0; i < rules.size(); ++i) { + rulesMap[rules[i]] = i; } size_t sourcesCounter = 0; - for (auto &sourceStr : sourcesStrs) { + for (auto &sourceStr : sourcesStr) { sources[sourceStr] = sourcesCounter; sourcesCounter++; } @@ -37,15 +56,17 @@ TaintAnnotation::TaintAnnotation(const std::string &path) { size_t sinksCounter = 0; for (auto &item : taintAnnotationsJson.items()) { sinks[item.key()] = sinksCounter; - std::set sourcesForThisSink; - for (auto &sourceStr : item.value()) { - sourcesForThisSink.insert(sources[sourceStr]); + if (!item.value().is_array()) { + klee_error("Taint annotations: Incorrect file format"); + } + + for (auto &taintHitJson : item.value()) { + hits[TaintHitInfo(sources[taintHitJson["source"]], sinksCounter)] = + rulesMap[taintHitJson["rule"]]; } - sinksToSources[sinksCounter] = sourcesForThisSink; + sinksCounter++; } } -TaintAnnotation::~TaintAnnotation() = default; - } // namespace klee diff --git a/scripts/cooddy_annotations.py b/scripts/cooddy_annotations.py index 6d55bda1be..fb192a626d 100755 --- a/scripts/cooddy_annotations.py +++ b/scripts/cooddy_annotations.py @@ -65,10 +65,10 @@ def transform_annotation_with_taint_statements(annotation, func_name): return transformed_annotation -def transform(utbot_json, coody_json, process_taint): +def transform(utbot_json, coody_json, with_taints): for coody_name, annotation in coody_json.items(): funcName, mangledName = getNames(coody_name) - if (process_taint): + if (with_taints): annotation = transform_annotation_with_taint_statements(annotation, funcName) utbot_json[mangledName] = {"name": funcName, "annotation": annotation, "properties": []} diff --git a/tools/klee/main.cpp b/tools/klee/main.cpp index 852f058bde..262ea750a2 100644 --- a/tools/klee/main.cpp +++ b/tools/klee/main.cpp @@ -1088,7 +1088,7 @@ static const char *modelledExternals[] = { "klee_get_value_i32", "klee_get_value_i64", "klee_get_obj_size", "klee_is_symbolic", "klee_make_symbolic", "klee_make_mock", "klee_add_taint", "klee_clear_taint", "klee_check_taint_source", - "klee_check_taint_sink", "klee_taint_sink_hit", "klee_mark_global", + "klee_get_taint_rule", "klee_taint_hit", "klee_mark_global", "klee_open_merge", "klee_close_merge", "klee_prefer_cex", "klee_posix_prefer_cex", "klee_print_expr", "klee_print_range", "klee_report_error", "klee_set_forking", "klee_silent_exit", "klee_warning", From 036c02ebf5317c684e9120714bbcab036b39a7d2 Mon Sep 17 00:00:00 2001 From: Maria Date: Thu, 15 Feb 2024 22:27:03 +0300 Subject: [PATCH 17/28] Add custom taint rules from sarif file parsing --- include/klee/Module/SarifReport.h | 19 ++++-- lib/Core/ExecutionState.h | 2 +- lib/Core/Executor.cpp | 65 ++++++++++--------- lib/Core/SpecialFunctionHandler.cpp | 14 ++--- lib/Core/TargetedExecutionManager.cpp | 3 +- lib/Module/SarifReport.cpp | 91 ++++++++++++++++----------- 6 files changed, 116 insertions(+), 78 deletions(-) diff --git a/include/klee/Module/SarifReport.h b/include/klee/Module/SarifReport.h index 64da27ff3f..9df1c78a1c 100644 --- a/include/klee/Module/SarifReport.h +++ b/include/klee/Module/SarifReport.h @@ -43,7 +43,7 @@ template struct adl_serializer> { } // namespace nlohmann namespace klee { -enum ReachWithError { +enum ReachWithErrorType { DoubleFree = 0, UseAfterFree, MayBeNullPointerException, // void f(int *x) { *x = 42; } - should it error? @@ -51,12 +51,23 @@ enum ReachWithError { NullCheckAfterDerefException, Reachable, None, + MaybeTaint, +}; + +struct ReachWithError { + ReachWithErrorType type; + std::optional data; - TaintFormatString, - TaintSensitiveData, - TaintExecute, + explicit ReachWithError(ReachWithErrorType type, + std::optional data = std::nullopt); + + bool operator==(const ReachWithError &other) const; + bool operator!=(const ReachWithError &other) const; + bool operator<(const ReachWithError &other) const; }; +using ReachWithErrors = std::vector; + const char *getErrorString(ReachWithError error); std::string getErrorsString(const std::vector &errors); diff --git a/lib/Core/ExecutionState.h b/lib/Core/ExecutionState.h index 613c376762..5fb5f7c956 100644 --- a/lib/Core/ExecutionState.h +++ b/lib/Core/ExecutionState.h @@ -421,7 +421,7 @@ class ExecutionState { ExprHashMap gepExprBases; - mutable ReachWithError error = ReachWithError::None; + mutable ReachWithError error = ReachWithError(ReachWithErrorType::None); std::atomic terminationReasonType{ HaltExecution::NotHalt}; diff --git a/lib/Core/Executor.cpp b/lib/Core/Executor.cpp index 7e2bea50a0..18e3825903 100644 --- a/lib/Core/Executor.cpp +++ b/lib/Core/Executor.cpp @@ -1294,8 +1294,8 @@ bool mustVisitForkBranches(ref target, KInstruction *instr) { // fork branches here if (auto reprErrorTarget = dyn_cast(target)) { return reprErrorTarget->isTheSameAsIn(instr) && - reprErrorTarget->isThatError( - ReachWithError::NullCheckAfterDerefException); + reprErrorTarget->isThatError(ReachWithError( + ReachWithErrorType::NullCheckAfterDerefException)); } return false; } @@ -2674,8 +2674,9 @@ void Executor::checkNullCheckAfterDeref(ref cond, ExecutionState &state) { if (eqPointerCheck && eqPointerCheck->left->isZero() && state.resolvedPointers.count( makePointer(eqPointerCheck->right)->getBase())) { - reportStateOnTargetError(state, - ReachWithError::NullCheckAfterDerefException); + reportStateOnTargetError( + state, + ReachWithError(ReachWithErrorType::NullCheckAfterDerefException)); } } @@ -2687,10 +2688,11 @@ void Executor::executeInstruction(ExecutionState &state, KInstruction *ki) { auto target = kvp.first; if (target->shouldFailOnThisTarget() && cast(target)->isThatError( - ReachWithError::Reachable) && + ReachWithError(ReachWithErrorType::Reachable)) && target->getBlock() == ki->parent && cast(target)->isTheSameAsIn(ki)) { - terminateStateOnTargetError(state, ReachWithError::Reachable); + terminateStateOnTargetError( + state, ReachWithError(ReachWithErrorType::Reachable)); return; } } @@ -4998,25 +5000,25 @@ void Executor::terminateStateOnTargetError(ExecutionState &state, // Proceed with normal `terminateStateOnError` call std::string messaget; StateTerminationType terminationType; - switch (error) { - case ReachWithError::MayBeNullPointerException: - case ReachWithError::MustBeNullPointerException: + switch (error.type) { + case ReachWithErrorType::MayBeNullPointerException: + case ReachWithErrorType::MustBeNullPointerException: messaget = "memory error: null pointer exception"; terminationType = StateTerminationType::Ptr; break; - case ReachWithError::DoubleFree: + case ReachWithErrorType::DoubleFree: messaget = "double free error"; terminationType = StateTerminationType::Ptr; break; - case ReachWithError::UseAfterFree: + case ReachWithErrorType::UseAfterFree: messaget = "use after free error"; terminationType = StateTerminationType::Ptr; break; - case ReachWithError::Reachable: + case ReachWithErrorType::Reachable: messaget = ""; terminationType = StateTerminationType::Reachable; break; - case ReachWithError::None: + case ReachWithErrorType::None: default: messaget = "unspecified error"; terminationType = StateTerminationType::User; @@ -5025,11 +5027,15 @@ void Executor::terminateStateOnTargetError(ExecutionState &state, state, new ErrorEvent(locationOf(state), terminationType, messaget)); } -// TODO: add taint target errors to taint-annotations.json and change function -void Executor::terminateStateOnTargetTaintError(ExecutionState &state, size_t rule) { - const std::string &ruleStr = annotationsData.taintAnnotation.rules[rule]; +void Executor::terminateStateOnTargetTaintError(ExecutionState &state, + size_t rule) { + if (rule >= annotationsData.taintAnnotation.rules.size()) { + terminateStateOnUserError(state, "Incorrect rule id"); + } -// reportStateOnTargetError(state, rule); + const std::string &ruleStr = annotationsData.taintAnnotation.rules[rule]; + reportStateOnTargetError( + state, ReachWithError(ReachWithErrorType::MaybeTaint, ruleStr)); terminateStateOnProgramError(state, ruleStr + " taint error", StateTerminationType::Taint); @@ -5500,8 +5506,8 @@ void Executor::executeFree(ExecutionState &state, ref address, if (!resolveExact(*zeroPointer.second, address, typeSystemManager->getUnknownType(), rl, "free") && guidanceKind == GuidanceKind::ErrorGuidance) { - terminateStateOnTargetError(*zeroPointer.second, - ReachWithError::DoubleFree); + terminateStateOnTargetError( + *zeroPointer.second, ReachWithError(ReachWithErrorType::DoubleFree)); return; } @@ -5566,9 +5572,9 @@ bool Executor::resolveExact(ExecutionState &estate, ref address, ExecutionState *bound = branches.first; if (bound) { auto error = isReadFromSymbolicArray(uniqueBase) - ? ReachWithError::MayBeNullPointerException - : ReachWithError::MustBeNullPointerException; - terminateStateOnTargetError(*bound, error); + ? ReachWithErrorType::MayBeNullPointerException + : ReachWithErrorType::MustBeNullPointerException; + terminateStateOnTargetError(*bound, ReachWithError(error)); } if (!branches.second) { address = @@ -6248,9 +6254,9 @@ void Executor::executeMemoryOperation( ExecutionState *bound = branches.first; if (bound) { auto error = (isReadFromSymbolicArray(base) && branches.second) - ? ReachWithError::MayBeNullPointerException - : ReachWithError::MustBeNullPointerException; - terminateStateOnTargetError(*bound, error); + ? ReachWithErrorType::MayBeNullPointerException + : ReachWithErrorType::MustBeNullPointerException; + terminateStateOnTargetError(*bound, ReachWithError(error)); } if (!branches.second) return; @@ -6372,7 +6378,8 @@ void Executor::executeMemoryOperation( solver->setTimeout(time::Span()); if (!success) { - terminateStateOnTargetError(*state, ReachWithError::UseAfterFree); + terminateStateOnTargetError( + *state, ReachWithError(ReachWithErrorType::UseAfterFree)); return; } } @@ -6986,7 +6993,7 @@ void Executor::runFunctionAsMain(Function *f, int argc, char **argv, auto kCallBlock = kfIt->second->entryKBlock; forest = new TargetForest(kEntryFunction); forest->add(ReproduceErrorTarget::create( - {ReachWithError::Reachable}, "", + {ReachWithError(ReachWithErrorType::Reachable)}, "", ErrorLocation(kCallBlock->getFirstInstruction()), kCallBlock)); } } @@ -7461,9 +7468,9 @@ bool Executor::getSymbolicSolution(const ExecutionState &state, KTest &res) { // we cannot be sure that an irreproducible state proves the presence of an // error if (uninitObjects.size() > 0 || state.symbolics.size() != symbolics.size()) { - state.error = ReachWithError::None; + state.error = ReachWithError(ReachWithErrorType::None); } else if (FunctionCallReproduce != "" && - state.error == ReachWithError::Reachable) { + state.error.type == ReachWithErrorType::Reachable) { setHaltExecution(HaltExecution::ReachedTarget); } diff --git a/lib/Core/SpecialFunctionHandler.cpp b/lib/Core/SpecialFunctionHandler.cpp index fcf0be47b4..4894202156 100644 --- a/lib/Core/SpecialFunctionHandler.cpp +++ b/lib/Core/SpecialFunctionHandler.cpp @@ -1264,13 +1264,14 @@ void SpecialFunctionHandler::handleGetTaintRule( return; } -// ref result = ConstantExpr::create(4, Expr::Int64); -// executor.bindLocal(target, state, result); + // TODO: now mock + ref result = ConstantExpr::create(1, Expr::Int64); + executor.bindLocal(target, state, result); } -void SpecialFunctionHandler::handleTaintHit( - klee::ExecutionState &state, klee::KInstruction *target, - std::vector> &arguments) { +void SpecialFunctionHandler::handleTaintHit(klee::ExecutionState &state, + klee::KInstruction *target, + std::vector> &arguments) { if (arguments.size() != 1) { executor.terminateStateOnUserError( state, "Incorrect number of arguments to klee_taint_hit(size_t)"); @@ -1283,8 +1284,5 @@ void SpecialFunctionHandler::handleTaintHit( executor.terminateStateOnUserError( state, "Incorrect argument 0 to klee_taint_hit(size_t)"); } - - klee_warning("!!!: %s\n", arguments[0]->toString().c_str()); - executor.terminateStateOnTargetTaintError(state, rule); } diff --git a/lib/Core/TargetedExecutionManager.cpp b/lib/Core/TargetedExecutionManager.cpp index 2ede8edc64..8b5b9cdda1 100644 --- a/lib/Core/TargetedExecutionManager.cpp +++ b/lib/Core/TargetedExecutionManager.cpp @@ -552,7 +552,8 @@ bool TargetedExecutionManager::reportTruePositive(ExecutionState &state, atLeastOneReported = true; assert(!errorTarget->isReported); - if (errorTarget->isThatError(ReachWithError::Reachable)) { + if (errorTarget->isThatError( + ReachWithError(ReachWithErrorType::Reachable))) { klee_warning("100.00%% %s Reachable at trace %s", getErrorString(error), errorTarget->getId().c_str()); } else { diff --git a/lib/Module/SarifReport.cpp b/lib/Module/SarifReport.cpp index 4d53667743..f3ac77966c 100644 --- a/lib/Module/SarifReport.cpp +++ b/lib/Module/SarifReport.cpp @@ -55,76 +55,78 @@ tryConvertRuleJson(const std::string &ruleId, const std::string &toolName, const std::optional &errorMessage) { if (toolName == "SecB") { if ("NullDereference" == ruleId) { - return {ReachWithError::MustBeNullPointerException}; + return {ReachWithError(ReachWithErrorType::MustBeNullPointerException)}; } else if ("CheckAfterDeref" == ruleId) { - return {ReachWithError::NullCheckAfterDerefException}; + return {ReachWithError(ReachWithErrorType::NullCheckAfterDerefException)}; } else if ("DoubleFree" == ruleId) { - return {ReachWithError::DoubleFree}; + return {ReachWithError(ReachWithErrorType::DoubleFree)}; } else if ("UseAfterFree" == ruleId) { - return {ReachWithError::UseAfterFree}; + return {ReachWithError(ReachWithErrorType::UseAfterFree)}; } else if ("Reached" == ruleId) { - return {ReachWithError::Reachable}; + return {ReachWithError(ReachWithErrorType::Reachable)}; } else { - return {}; + return {ReachWithError(ReachWithErrorType::MaybeTaint, ruleId)}; } } else if (toolName == "clang") { if ("core.NullDereference" == ruleId) { - return {ReachWithError::MayBeNullPointerException, - ReachWithError::MustBeNullPointerException}; + return {ReachWithError(ReachWithErrorType::MayBeNullPointerException), + ReachWithError(ReachWithErrorType::MustBeNullPointerException)}; } else if ("unix.Malloc" == ruleId) { if (errorMessage.has_value()) { if (errorMessage->text == "Attempt to free released memory") { - return {ReachWithError::DoubleFree}; + return {ReachWithError(ReachWithErrorType::DoubleFree)}; } else if (errorMessage->text == "Use of memory after it is freed") { - return {ReachWithError::UseAfterFree}; + return {ReachWithError(ReachWithErrorType::UseAfterFree)}; } else { return {}; } } else { - return {ReachWithError::UseAfterFree, ReachWithError::DoubleFree}; + return {ReachWithError(ReachWithErrorType::UseAfterFree), + ReachWithError(ReachWithErrorType::DoubleFree)}; } } else if ("core.Reach" == ruleId) { - return {ReachWithError::Reachable}; + return {ReachWithError(ReachWithErrorType::Reachable)}; } else { - return {}; + return {ReachWithError(ReachWithErrorType::MaybeTaint, ruleId)}; } } else if (toolName == "CppCheck") { if ("nullPointer" == ruleId || "ctunullpointer" == ruleId) { - return {ReachWithError::MayBeNullPointerException, - ReachWithError::MustBeNullPointerException}; // TODO: check it out + return { + ReachWithError(ReachWithErrorType::MayBeNullPointerException), + ReachWithError( + ReachWithErrorType::MustBeNullPointerException)}; // TODO: check + // it out } else if ("doubleFree" == ruleId) { - return {ReachWithError::DoubleFree}; + return {ReachWithError(ReachWithErrorType::DoubleFree)}; } else { - return {}; + return {ReachWithError(ReachWithErrorType::MaybeTaint, ruleId)}; } } else if (toolName == "Infer") { if ("NULL_DEREFERENCE" == ruleId || "NULLPTR_DEREFERENCE" == ruleId) { - return {ReachWithError::MayBeNullPointerException, - ReachWithError::MustBeNullPointerException}; // TODO: check it out + return { + ReachWithError(ReachWithErrorType::MayBeNullPointerException), + ReachWithError( + ReachWithErrorType::MustBeNullPointerException)}; // TODO: check + // it out } else if ("USE_AFTER_DELETE" == ruleId || "USE_AFTER_FREE" == ruleId) { - return {ReachWithError::UseAfterFree, ReachWithError::DoubleFree}; + return {ReachWithError(ReachWithErrorType::UseAfterFree), + ReachWithError(ReachWithErrorType::DoubleFree)}; } else { - return {}; + return {ReachWithError(ReachWithErrorType::MaybeTaint, ruleId)}; } } else if (toolName == "Cooddy") { if ("NULL.DEREF" == ruleId || "NULL.UNTRUSTED.DEREF" == ruleId) { - return {ReachWithError::MayBeNullPointerException, - ReachWithError::MustBeNullPointerException}; + return {ReachWithError(ReachWithErrorType::MayBeNullPointerException), + ReachWithError(ReachWithErrorType::MustBeNullPointerException)}; } else if ("MEM.DOUBLE.FREE" == ruleId) { - return {ReachWithError::DoubleFree}; + return {ReachWithError(ReachWithErrorType::DoubleFree)}; } else if ("MEM.USE.FREE" == ruleId) { - return {ReachWithError::UseAfterFree}; - } else if ("SV.STR.FMT.TAINT" == ruleId) { - return {ReachWithError::TaintFormatString}; - } else if ("TAINT.SDE" == ruleId) { - return {ReachWithError::TaintSensitiveData}; - } else if ("TAINT.STRING.CLI" == ruleId) { - return {ReachWithError::TaintExecute}; + return {ReachWithError(ReachWithErrorType::UseAfterFree)}; } else { - return {}; + return {ReachWithError(ReachWithErrorType::MaybeTaint, ruleId)}; } } else { - return {}; + return {ReachWithError(ReachWithErrorType::MaybeTaint, ruleId)}; } } @@ -133,7 +135,7 @@ std::optional tryConvertResultJson(const ResultJson &resultJson, const std::string &id) { std::vector errors = {}; if (!resultJson.ruleId.has_value()) { - errors = {ReachWithError::Reachable}; + errors = {ReachWithError(ReachWithErrorType::Reachable)}; } else { errors = tryConvertRuleJson(*resultJson.ruleId, toolName, resultJson.message); @@ -190,8 +192,27 @@ static const char *ReachWithErrorNames[] = { "None", }; +ReachWithError::ReachWithError(ReachWithErrorType type, + std::optional data) + : type(type), data(std::move(data)) {} + +bool ReachWithError::operator==(const ReachWithError &other) const { + if (type == other.type && ReachWithErrorType::MaybeTaint == type) { + return data == other.data; + } + return (type == other.type); +} + +bool ReachWithError::operator!=(const ReachWithError &other) const { + return !(*this == other); +} + +bool ReachWithError::operator<(const ReachWithError &other) const { + return type < other.type; +} + const char *getErrorString(ReachWithError error) { - return ReachWithErrorNames[error]; + return ReachWithErrorNames[error.type]; } std::string getErrorsString(const std::vector &errors) { From add9e41d18009eb0b87f959bff9073f88d203bf5 Mon Sep 17 00:00:00 2001 From: Maria Date: Wed, 22 May 2024 23:52:23 +0300 Subject: [PATCH 18/28] Add taint for PointerExpr --- include/klee/Expr/Expr.h | 55 +++++++++++++++------ lib/Expr/Expr.cpp | 103 ++++++++++++++++++++++++++++----------- 2 files changed, 115 insertions(+), 43 deletions(-) diff --git a/include/klee/Expr/Expr.h b/include/klee/Expr/Expr.h index 080c0f90a4..2ca83faaaa 100644 --- a/include/klee/Expr/Expr.h +++ b/include/klee/Expr/Expr.h @@ -413,6 +413,8 @@ class Expr { static ref createTrue(); static ref createFalse(); + static ref createEmptyTaint(); + /// Create a little endian read of the given type at offset 0 of the /// given object. static ref createTempRead(const Array *array, Expr::Width w, @@ -1676,25 +1678,33 @@ class ConstantExpr : public Expr { class PointerExpr : public NonConstantExpr { public: static const Kind kind = Expr::Pointer; - static const unsigned numKids = 2; + static const unsigned numKids = 3; + ref base; ref value; - static ref alloc(const ref &b, const ref &v) { - ref r(new PointerExpr(b, v)); + ref taint; + + static ref + alloc(const ref &b, const ref &v, + const ref &t = createEmptyTaint()) { + ref r(new PointerExpr(b, v, t)); r->computeHash(); r->computeHeight(); return r; } - static ref create(const ref &b, const ref &o); - static ref create(const ref &v); + static ref create(const ref &b, const ref &v, + const ref &t = createEmptyTaint()); + static ref create(const ref &expr); static ref createSymbolic(const ref &expr, const ref &pointer, const ref &off); Width getWidth() const { return value->getWidth(); } Kind getKind() const { return Expr::Pointer; } + ref getBase() const { return base; } ref getValue() const { return value; } + ref getTaint() const { return taint; } ref getOffset() const { assert(value->getWidth() == base->getWidth() && "Invalid getOffset() call!"); @@ -1707,12 +1717,14 @@ class PointerExpr : public NonConstantExpr { return base; if (i == 1) return value; + if (i == 2) + return taint; return 0; } int compareContents(const Expr &b) const { return 0; } virtual ref rebuild(ref kids[]) const { - return create(kids[0], kids[1]); + return create(kids[0], kids[1], kids[2]); } static bool classof(const Expr *E) { return E->getKind() == Expr::Pointer || @@ -1722,6 +1734,10 @@ class PointerExpr : public NonConstantExpr { bool isKnownValue() const { return getBase()->isZero(); } + ref combineTaints(const ref &RHS) { + return OrExpr::create(getTaint(), RHS->getTaint()); + } + ref Add(const ref &RHS); ref Sub(const ref &RHS); ref Mul(const ref &RHS); @@ -1750,24 +1766,29 @@ class PointerExpr : public NonConstantExpr { ref Not(); protected: - PointerExpr(const ref &b, const ref &v) : base(b), value(v) {} + PointerExpr(const ref &b, const ref &v, const ref &t) + : base(b), value(v), taint(t) {} }; class ConstantPointerExpr : public PointerExpr { public: static const Kind kind = Expr::ConstantPointer; - static const unsigned numKids = 2; - static ref alloc(const ref &b, - const ref &o) { - ref r = new ConstantPointerExpr(b, o); + static const unsigned numKids = 3; + + static ref + alloc(const ref &b, const ref &v, + const ref &t = createEmptyTaint()) { + ref r = new ConstantPointerExpr(b, v, t); r->computeHash(); r->computeHeight(); return r; } - static ref create(const ref &b, - const ref &o); + static ref + create(const ref &b, const ref &v, + const ref &t = createEmptyTaint()); Kind getKind() const { return Expr::ConstantPointer; } + ref getConstantBase() const { return cast(base); } ref getConstantOffset() const { return getConstantValue()->Sub(getConstantBase()); @@ -1775,6 +1796,9 @@ class ConstantPointerExpr : public PointerExpr { ref getConstantValue() const { return cast(value); } + ref getConstantTaint() const { + return cast(taint); + } static bool classof(const Expr *E) { return E->getKind() == Expr::ConstantPointer; @@ -1782,8 +1806,9 @@ class ConstantPointerExpr : public PointerExpr { static bool classof(const ConstantPointerExpr *) { return true; } private: - ConstantPointerExpr(const ref &b, const ref &v) - : PointerExpr(b, v) {} + ConstantPointerExpr(const ref &b, const ref &v, + const ref &t) + : PointerExpr(b, v, t) {} }; // Implementations diff --git a/lib/Expr/Expr.cpp b/lib/Expr/Expr.cpp index 15b836bd11..8b02b39d18 100644 --- a/lib/Expr/Expr.cpp +++ b/lib/Expr/Expr.cpp @@ -549,6 +549,10 @@ ref Expr::createFalse() { return ConstantExpr::create(0, Expr::Bool); } +ref Expr::createEmptyTaint() { + return ConstantExpr::create(0, Expr::Int64); +} + Expr::ByteWidth Expr::getByteWidth() const { return (getWidth() + CHAR_BIT - 1) / CHAR_BIT; } @@ -1694,7 +1698,25 @@ ref SelectExpr::create(ref c, ref t, ref f) { SelectExpr::create(c, truePointer->getBase(), falsePointer->getBase()); ref value = SelectExpr::create(c, truePointer->getValue(), falsePointer->getValue()); - return PointerExpr::create(base, value); + ref taint = SelectExpr::create(c, truePointer->getTaint(), + falsePointer->getTaint()); + return PointerExpr::create(base, value, taint); + } else if (isa(t) && !isa(f)) { + ref truePointer = cast(t); + ref base = SelectExpr::create(c, truePointer->getBase(), + ConstantExpr::create(0, f->getWidth())); + ref value = SelectExpr::create(c, truePointer->getValue(), f); + ref taint = + SelectExpr::create(c, truePointer->getTaint(), createEmptyTaint()); + return PointerExpr::create(base, value, taint); + } else if (!isa(t) && isa(f)) { + ref falsePointer = cast(f); + ref base = SelectExpr::create( + c, ConstantExpr::create(0, t->getWidth()), falsePointer->getBase()); + ref value = SelectExpr::create(c, t, falsePointer->getValue()); + ref taint = + SelectExpr::create(c, createEmptyTaint(), falsePointer->getTaint()); + return PointerExpr::create(base, value, taint); } else if (!isa(t) && isa(f)) { return SelectExpr::alloc(Expr::createIsZero(c), f, t); } @@ -1797,7 +1819,8 @@ ref ConcatExpr::create(const ref &l, const ref &r) { if (PointerExpr *ee_right = dyn_cast(r)) { return PointerExpr::create( convolution(ee_left->getBase(), ee_right->getBase()), - ConcatExpr::create(ee_left->getValue(), ee_right->getValue())); + ConcatExpr::create(ee_left->getValue(), ee_right->getValue()), + ee_left->combineTaints(ee_right)); } } @@ -1849,7 +1872,8 @@ ref ExtractExpr::create(ref expr, unsigned off, Width w) { return CE->Extract(off, w); } else if (PointerExpr *pe = dyn_cast(expr)) { return PointerExpr::create(pe->getBase(), - ExtractExpr::create(pe->getValue(), off, w)); + ExtractExpr::create(pe->getValue(), off, w), + pe->getTaint()); } else { // Extract(Concat) if (ConcatExpr *ce = dyn_cast(expr)) { @@ -1916,8 +1940,8 @@ ref ZExtExpr::create(const ref &e, Width w) { } else if (ConstantExpr *CE = dyn_cast(e)) { return CE->ZExt(w); } else if (PointerExpr *pe = dyn_cast(e)) { - return PointerExpr::create(pe->getBase(), - ZExtExpr::create(pe->getValue(), w)); + return PointerExpr::create( + pe->getBase(), ZExtExpr::create(pe->getValue(), w), pe->getTaint()); } else if (SelectExpr *se = dyn_cast(e)) { if (isa(se->trueExpr)) { return SelectExpr::create(se->cond, ZExtExpr::create(se->trueExpr, w), @@ -1937,8 +1961,8 @@ ref SExtExpr::create(const ref &e, Width w) { } else if (ConstantExpr *CE = dyn_cast(e)) { return CE->SExt(w); } else if (PointerExpr *pe = dyn_cast(e)) { - return PointerExpr::create(pe->getBase(), - SExtExpr::create(pe->getValue(), w)); + return PointerExpr::create( + pe->getBase(), SExtExpr::create(pe->getValue(), w), pe->getTaint()); } else if (SelectExpr *se = dyn_cast(e)) { if (isa(se->trueExpr)) { return SelectExpr::create(se->cond, SExtExpr::create(se->trueExpr, w), @@ -2049,7 +2073,8 @@ static ref AddExpr_createPartial(Expr *l, const ref &cr) { } static ref AddExpr_createPointerR(const ref &pl, Expr *r) { - return PointerExpr::create(pl->getBase(), AddExpr::create(pl->getValue(), r)); + return PointerExpr::create(pl->getBase(), AddExpr::create(pl->getValue(), r), + pl->getTaint()); } static ref AddExpr_createPointer(Expr *l, const ref &pr) { @@ -2110,11 +2135,13 @@ static ref SubExpr_createPartial(Expr *l, const ref &cr) { } static ref SubExpr_createPointerR(const ref &pl, Expr *r) { - return PointerExpr::create(pl->getBase(), SubExpr::create(pl->getValue(), r)); + return PointerExpr::create(pl->getBase(), SubExpr::create(pl->getValue(), r), + pl->getTaint()); } static ref SubExpr_createPointer(Expr *l, const ref &pr) { - return PointerExpr::create(pr->getBase(), SubExpr::create(l, pr->getValue())); + return PointerExpr::create(pr->getBase(), SubExpr::create(l, pr->getValue()), + pr->getTaint()); } static ref SubExpr_create(Expr *l, Expr *r) { @@ -2174,7 +2201,8 @@ static ref MulExpr_createPartial(Expr *l, const ref &cr) { } static ref MulExpr_createPointerR(const ref &pl, Expr *r) { - return PointerExpr::create(pl->getBase(), MulExpr::create(pl->getValue(), r)); + return PointerExpr::create(pl->getBase(), MulExpr::create(pl->getValue(), r), + pl->getTaint()); } static ref MulExpr_createPointer(Expr *l, const ref &pr) { @@ -2205,7 +2233,8 @@ static ref AndExpr_createPartialR(const ref &cl, Expr *r) { } static ref AndExpr_createPointerR(const ref &pl, Expr *r) { - return PointerExpr::create(pl->getBase(), AndExpr::create(pl->getValue(), r)); + return PointerExpr::create(pl->getBase(), AndExpr::create(pl->getValue(), r), + pl->getTaint()); } static ref AndExpr_createPointer(Expr *l, const ref &pr) { @@ -2233,7 +2262,8 @@ static ref OrExpr_createPartialR(const ref &cl, Expr *r) { } static ref OrExpr_createPointerR(const ref &pl, Expr *r) { - return PointerExpr::create(pl->getBase(), OrExpr::create(pl->getValue(), r)); + return PointerExpr::create(pl->getBase(), OrExpr::create(pl->getValue(), r), + pl->getTaint()); } static ref OrExpr_createPointer(Expr *l, const ref &pr) { @@ -2262,7 +2292,8 @@ static ref XorExpr_createPartial(Expr *l, const ref &cr) { } static ref XorExpr_createPointerR(const ref &pl, Expr *r) { - return PointerExpr::create(pl->getBase(), XorExpr::create(pl->getValue(), r)); + return PointerExpr::create(pl->getBase(), XorExpr::create(pl->getValue(), r), + pl->getTaint()); } static ref XorExpr_createPointer(Expr *l, const ref &pr) { @@ -2424,9 +2455,11 @@ static ref AShrExpr_create(const ref &l, const ref &r) { if (PointerExpr *pl = dyn_cast(l)) { \ if (PointerExpr *pr = dyn_cast(r)) \ return pl->_op(pr); \ - return _e_op::create(pl->getValue(), r); \ + return PointerExpr::create( \ + pl->getBase(), _e_op::create(pl->getValue(), r), pl->getTaint()); \ } else if (PointerExpr *pr = dyn_cast(r)) { \ - return _e_op::create(l, pr->getValue()); \ + return PointerExpr::create( \ + pr->getBase(), _e_op::create(l, pr->getValue()), pr->getTaint()); \ } \ if (ConstantExpr *cl = dyn_cast(l)) \ if (ConstantExpr *cr = dyn_cast(r)) \ @@ -2864,14 +2897,17 @@ ref IsSubnormalExpr::either(const ref &e0, const ref &e1) { /***/ -ref PointerExpr::create(const ref &b, const ref &v) { +ref PointerExpr::create(const ref &b, const ref &v, + const ref &t) { assert(!isa(b)); assert(!isa(v)); - if (isa(b) && isa(v)) { - return ConstantPointerExpr::create(cast(b), - cast(v)); + assert(!isa(t)); + + if (isa(b) && isa(v) && isa(t)) { + return ConstantPointerExpr::create( + cast(b), cast(v), cast(t)); } else { - return PointerExpr::alloc(b, v); + return PointerExpr::alloc(b, v, t); } } @@ -2913,10 +2949,12 @@ ref PointerExpr::create(const ref &expr) { } ref ConstantPointerExpr::create(const ref &b, - const ref &v) { + const ref &v, + const ref &t) { assert(!isa(b)); assert(!isa(v)); - return ConstantPointerExpr::alloc(b, v); + assert(!isa(t)); + return ConstantPointerExpr::alloc(b, v, t); } #define BCREATE_P(_e_op, _op) \ @@ -2926,14 +2964,22 @@ ref ConstantPointerExpr::create(const ref &b, if (!RHS->isKnownValue()) { \ return _e_op::create(getValue(), RHS->getValue()); \ } else { \ - return PointerExpr::create( \ - getBase(), _e_op::create(getValue(), RHS->getValue())); \ + return PointerExpr::create(getBase(), \ + _e_op::create(getValue(), RHS->getValue()), \ + combineTaints(RHS)); \ } \ } else if (!RHS->isKnownValue()) { \ return PointerExpr::create(RHS->getBase(), \ - _e_op::create(getValue(), RHS->getValue())); \ + _e_op::create(getValue(), RHS->getValue()), \ + combineTaints(RHS)); \ } else { \ - return _e_op::create(getValue(), RHS->getValue()); \ + auto value = _e_op::create(getValue(), RHS->getValue()); \ + if (getTaint().isNull() && RHS->getTaint().isNull()) { \ + return value; \ + } else { \ + return PointerExpr::create(ConstantExpr::create(0, value->getWidth()), \ + value, combineTaints(RHS)); \ + } \ } \ } @@ -2952,7 +2998,8 @@ BCREATE_P(LShrExpr, LShr) BCREATE_P(AShrExpr, AShr) ref PointerExpr::Not() { - return PointerExpr::create(getBase(), NotExpr::create(getValue())); + return PointerExpr::create(getBase(), NotExpr::create(getValue()), + getTaint()); } ref PointerExpr::Eq(const ref &RHS) { From 787d94d967f82a52509cda2260825e3b30794825 Mon Sep 17 00:00:00 2001 From: Maria Date: Thu, 23 May 2024 13:06:09 +0300 Subject: [PATCH 19/28] Small fix --- include/klee/Expr/Expr.h | 19 +++++++++++-------- lib/Core/SpecialFunctionHandler.cpp | 14 ++++++-------- lib/Expr/Expr.cpp | 19 ++++++++++++++++++- 3 files changed, 35 insertions(+), 17 deletions(-) diff --git a/include/klee/Expr/Expr.h b/include/klee/Expr/Expr.h index 2ca83faaaa..be53be7d17 100644 --- a/include/klee/Expr/Expr.h +++ b/include/klee/Expr/Expr.h @@ -183,6 +183,8 @@ class Expr { static const Width Fl80 = 80; + static const Width TaintWidth = 64; + enum States { Undefined, True, False }; enum Kind { @@ -414,6 +416,8 @@ class Expr { static ref createFalse(); static ref createEmptyTaint(); + static ref combineTaints(const ref &taintL, + const ref &taintR); /// Create a little endian read of the given type at offset 0 of the /// given object. @@ -1684,9 +1688,8 @@ class PointerExpr : public NonConstantExpr { ref value; ref taint; - static ref - alloc(const ref &b, const ref &v, - const ref &t = createEmptyTaint()) { + static ref alloc(const ref &b, const ref &v, + const ref &t = createEmptyTaint()) { ref r(new PointerExpr(b, v, t)); r->computeHash(); r->computeHeight(); @@ -1734,8 +1737,8 @@ class PointerExpr : public NonConstantExpr { bool isKnownValue() const { return getBase()->isZero(); } - ref combineTaints(const ref &RHS) { - return OrExpr::create(getTaint(), RHS->getTaint()); + ref combineTaints(const ref &RHS) { + return Expr::combineTaints(getTaint(), RHS->getTaint()); } ref Add(const ref &RHS); @@ -1783,9 +1786,9 @@ class ConstantPointerExpr : public PointerExpr { r->computeHeight(); return r; } - static ref - create(const ref &b, const ref &v, - const ref &t = createEmptyTaint()); + static ref create(const ref &b, + const ref &v, + const ref &t = createEmptyTaint()); Kind getKind() const { return Expr::ConstantPointer; } diff --git a/lib/Core/SpecialFunctionHandler.cpp b/lib/Core/SpecialFunctionHandler.cpp index 4894202156..83446754df 100644 --- a/lib/Core/SpecialFunctionHandler.cpp +++ b/lib/Core/SpecialFunctionHandler.cpp @@ -808,7 +808,8 @@ void SpecialFunctionHandler::handleRealloc(ExecutionState &state, if (zeroSize.first) { // size == 0 executor.executeFree(*zeroSize.first, PointerExpr::create(addressPointer->getValue(), - addressPointer->getValue()), + addressPointer->getValue(), + addressPointer->getTaint()), target); } if (zeroSize.second) { // size != 0 @@ -1278,11 +1279,8 @@ void SpecialFunctionHandler::handleTaintHit(klee::ExecutionState &state, return; } - char *end = nullptr; - size_t rule = strtoul(arguments[0]->toString().c_str(), &end, 10); - if (*end != '\0' || errno == ERANGE) { - executor.terminateStateOnUserError( - state, "Incorrect argument 0 to klee_taint_hit(size_t)"); - } - executor.terminateStateOnTargetTaintError(state, rule); +// printf("klee_taint_hit for rule: %s\n", arguments[0]->toString().c_str()); + + executor.terminateStateOnTargetTaintError( + state, dyn_cast(arguments[0])->getZExtValue()); } diff --git a/lib/Expr/Expr.cpp b/lib/Expr/Expr.cpp index 8b02b39d18..5938daa946 100644 --- a/lib/Expr/Expr.cpp +++ b/lib/Expr/Expr.cpp @@ -553,6 +553,23 @@ ref Expr::createEmptyTaint() { return ConstantExpr::create(0, Expr::Int64); } +ref Expr::combineTaints(const ref &taintL, + const ref &taintR) { + if (SelectExpr *sel = dyn_cast(taintL)) { + taintL->dump(); + } + if (PointerExpr *sel = dyn_cast(taintL)) { + taintR->dump(); + } + if (ConstantExpr *sel = dyn_cast(taintL)) { + if (ConstantExpr *ser = dyn_cast(taintR)) { + sel->getAPValue().dump(); + ser->getAPValue().dump(); + } + } + return OrExpr::create(taintL, taintR); +} + Expr::ByteWidth Expr::getByteWidth() const { return (getWidth() + CHAR_BIT - 1) / CHAR_BIT; } @@ -2974,7 +2991,7 @@ ref ConstantPointerExpr::create(const ref &b, combineTaints(RHS)); \ } else { \ auto value = _e_op::create(getValue(), RHS->getValue()); \ - if (getTaint().isNull() && RHS->getTaint().isNull()) { \ + if (getTaint()->isZero() && RHS->getTaint()->isZero()) { \ return value; \ } else { \ return PointerExpr::create(ConstantExpr::create(0, value->getWidth()), \ From 202f6cfabbea9adbfa45e895c54cb55ea2d70e55 Mon Sep 17 00:00:00 2001 From: Maria Date: Thu, 23 May 2024 14:50:04 +0300 Subject: [PATCH 20/28] Add taint to Memory --- lib/Core/Memory.cpp | 117 ++++++++++++++++++++++++---- lib/Core/Memory.h | 15 +++- lib/Core/SpecialFunctionHandler.cpp | 17 ++-- 3 files changed, 129 insertions(+), 20 deletions(-) diff --git a/lib/Core/Memory.cpp b/lib/Core/Memory.cpp index b27ad36eee..6e2b5976db 100644 --- a/lib/Core/Memory.cpp +++ b/lib/Core/Memory.cpp @@ -110,8 +110,10 @@ ObjectState::ObjectState(const MemoryObject *mo, const Array *array, KType *dt) : copyOnWriteOwner(0), object(mo), valueOS(ObjectStage(array, nullptr)), baseOS(ObjectStage(array->size, Expr::createPointer(0), false, Context::get().getPointerWidth())), + taintOS(ObjectStage(array->size, Expr::createEmptyTaint(), false, Expr::TaintWidth)), lastUpdate(nullptr), size(array->size), dynamicType(dt), readOnly(false) { baseOS.initializeToZero(); + taintOS.initializeToZero(); } ObjectState::ObjectState(const MemoryObject *mo, KType *dt) @@ -119,15 +121,17 @@ ObjectState::ObjectState(const MemoryObject *mo, KType *dt) valueOS(ObjectStage(mo->getSizeExpr(), nullptr)), baseOS(ObjectStage(mo->getSizeExpr(), Expr::createPointer(0), false, Context::get().getPointerWidth())), + taintOS(ObjectStage(mo->getSizeExpr(), Expr::createEmptyTaint(), false, Expr::TaintWidth)), lastUpdate(nullptr), size(mo->getSizeExpr()), dynamicType(dt), readOnly(false) { baseOS.initializeToZero(); + taintOS.initializeToZero(); } ObjectState::ObjectState(const ObjectState &os) : copyOnWriteOwner(0), object(os.object), valueOS(os.valueOS), - baseOS(os.baseOS), lastUpdate(os.lastUpdate), size(os.size), - dynamicType(os.dynamicType), readOnly(os.readOnly), + baseOS(os.baseOS), taintOS(os.taintOS), lastUpdate(os.lastUpdate), + size(os.size), dynamicType(os.dynamicType), readOnly(os.readOnly), wasWritten(os.wasWritten) {} /***/ @@ -135,15 +139,17 @@ ObjectState::ObjectState(const ObjectState &os) void ObjectState::initializeToZero() { valueOS.initializeToZero(); baseOS.initializeToZero(); + taintOS.initializeToZero(); } ref ObjectState::read8(unsigned offset) const { ref val = valueOS.readWidth(offset); ref base = baseOS.readWidth(offset); - if (base->isZero()) { + ref taint = taintOS.readWidth(offset); + if (base->isZero() && taint->isZero()) { return val; } else { - return PointerExpr::create(base, val); + return PointerExpr::create(base, val, taint); } } @@ -155,6 +161,10 @@ ref ObjectState::readBase8(unsigned offset) const { return baseOS.readWidth(offset); } +ref ObjectState::readTaint8(unsigned offset) const { + return taintOS.readWidth(offset); +} + ref ObjectState::read8(ref offset) const { assert(!isa(offset) && "constant offset passed to symbolic read8"); @@ -177,10 +187,11 @@ ref ObjectState::read8(ref offset) const { } ref val = valueOS.readWidth(offset); ref base = baseOS.readWidth(offset); - if (base->isZero()) { + ref taint = taintOS.readWidth(offset); + if (base->isZero() && taint->isZero()) { return val; } else { - return PointerExpr::create(base, val); + return PointerExpr::create(base, val, taint); } } @@ -230,10 +241,35 @@ ref ObjectState::readBase8(ref offset) const { return baseOS.readWidth(offset); } +ref ObjectState::readTaint8(ref offset) const { + assert(!isa(offset) && + "constant offset passed to symbolic read8"); + + if (object) { + if (ref sizeExpr = + dyn_cast(object->getSizeExpr())) { + auto moSize = sizeExpr->getZExtValue(); + if (object && moSize > 4096) { + std::string allocInfo; + object->getAllocInfo(allocInfo); + klee_warning_once(nullptr, + "Symbolic memory access will send the following " + "array of %lu bytes to " + "the constraint solver -- large symbolic arrays may " + "cause significant " + "performance issues: %s", + moSize, allocInfo.c_str()); + } + } + } + return taintOS.readWidth(offset); +} + void ObjectState::write8(unsigned offset, uint8_t value) { valueOS.writeWidth(offset, value); baseOS.writeWidth(offset, ConstantExpr::create(0, Context::get().getPointerWidth())); + taintOS.writeWidth(offset, Expr::createEmptyTaint()); } void ObjectState::write8(unsigned offset, ref value) { @@ -241,10 +277,12 @@ void ObjectState::write8(unsigned offset, ref value) { if (auto pointer = dyn_cast(value)) { valueOS.writeWidth(offset, pointer->getValue()); baseOS.writeWidth(offset, pointer->getBase()); + taintOS.writeWidth(offset, pointer->getTaint()); } else { valueOS.writeWidth(offset, value); baseOS.writeWidth( offset, ConstantExpr::create(0, Context::get().getPointerWidth())); + taintOS.writeWidth(offset, Expr::createEmptyTaint()); } } @@ -272,17 +310,22 @@ void ObjectState::write8(ref offset, ref value) { if (auto pointer = dyn_cast(value)) { valueOS.writeWidth(offset, pointer->getValue()); baseOS.writeWidth(offset, pointer->getBase()); + taintOS.writeWidth(offset, pointer->getTaint()); } else { valueOS.writeWidth(offset, value); baseOS.writeWidth( offset, ConstantExpr::create(0, Context::get().getPointerWidth())); + taintOS.writeWidth(offset, Expr::createEmptyTaint()); } } void ObjectState::write(ref os) { wasWritten = true; + valueOS.write(os->valueOS); baseOS.write(os->baseOS); + taintOS.write(os->taintOS); + lastUpdate = os->lastUpdate; } @@ -295,20 +338,22 @@ ref ObjectState::read(ref offset, Expr::Width width) const { ref val = readValue(offset, width); ref base = readBase(offset, width); - if (base->isZero()) { + ref taint = readTaint(offset, width); + if (base->isZero() && taint->isZero()) { return val; } else { - return PointerExpr::create(base, val); + return PointerExpr::create(base, val, taint); } } ref ObjectState::read(unsigned offset, Expr::Width width) const { ref val = readValue(offset, width); ref base = readBase(offset, width); - if (base->isZero()) { + ref taint = readTaint(offset, width); + if (base->isZero() && taint->isZero()) { return val; } else { - return PointerExpr::create(base, val); + return PointerExpr::create(base, val, taint); } } @@ -368,10 +413,6 @@ ref ObjectState::readBase(ref offset, Expr::Width width) const { if (width == Expr::Bool) return ExtractExpr::create(readBase8(offset), 0, Expr::Bool); - // Treat bool specially, it is the only non-byte sized write we allow. - if (width == Expr::Bool) - return ExtractExpr::create(readBase8(offset), 0, Expr::Bool); - // Otherwise, follow the slow general case. unsigned NumBytes = width / 8; assert(width == NumBytes * 8 && "Invalid read size!"); @@ -416,6 +457,52 @@ ref ObjectState::readBase(unsigned offset, Expr::Width width) const { return Res; } +ref ObjectState::readTaint(ref offset, Expr::Width width) const { + // Truncate offset to 32-bits. + offset = ZExtExpr::create(offset, Expr::Int32); + + // Check for reads at constant offsets. + if (ConstantExpr *CE = dyn_cast(offset)) + return readTaint(CE->getZExtValue(32), width); + + // Treat bool specially, it is the only non-byte sized write we allow. + if (width == Expr::Bool) + return ExtractExpr::create(readTaint8(offset), 0, Expr::Bool); + + // Otherwise, follow the slow general case. + unsigned NumBytes = width / 8; + assert(width == NumBytes * 8 && "Invalid read size!"); + ref Res(0); + ref null = Expr::createPointer(0); + for (unsigned i = 0; i != NumBytes; ++i) { + unsigned idx = Context::get().isLittleEndian() ? i : (NumBytes - i - 1); + ref Byte = readTaint8( + AddExpr::create(offset, ConstantExpr::create(idx, Expr::Int32))); + Res = i ? OrExpr::create(Byte, Res) : Byte; + } + + return Res; +} + +ref ObjectState::readTaint(unsigned offset, Expr::Width width) const { + // Treat bool specially, it is the only non-byte sized write we allow. + if (width == Expr::Bool) + return ExtractExpr::create(readTaint8(offset), 0, Expr::Bool); + + // Otherwise, follow the slow general case. + unsigned NumBytes = width / 8; + assert(width == NumBytes * 8 && "Invalid width for read size!"); + ref Res(0); + ref null = Expr::createPointer(0); + for (unsigned i = 0; i != NumBytes; ++i) { + unsigned idx = Context::get().isLittleEndian() ? i : (NumBytes - i - 1); + ref Byte = readTaint8(offset + idx); + Res = i ? OrExpr::create(Byte, Res) : Byte; + } + + return Res; +} + void ObjectState::write(ref offset, ref value) { // Truncate offset to 32-bits. offset = ZExtExpr::create(offset, Expr::Int32); @@ -516,6 +603,8 @@ void ObjectState::print() const { valueOS.print(); llvm::errs() << "\tOffset ObjectStage:\n"; baseOS.print(); + llvm::errs() << "\tTaint ObjectStage:\n"; + taintOS.print(); } KType *ObjectState::getDynamicType() const { return dynamicType; } diff --git a/lib/Core/Memory.h b/lib/Core/Memory.h index 80127c399a..b0b728372b 100644 --- a/lib/Core/Memory.h +++ b/lib/Core/Memory.h @@ -267,6 +267,11 @@ class ObjectStage { } void initializeToZero(); + void reset(ref newDefault) { + knownSymbolics->reset(std::move(newDefault)); + unflushedMask->reset(false); + } + private: const UpdateList &getUpdates() const; @@ -291,6 +296,7 @@ class ObjectState { ObjectStage valueOS; ObjectStage baseOS; + ObjectStage taintOS; ref lastUpdate; @@ -318,7 +324,8 @@ class ObjectState { void initializeToZero(); size_t getSparseStorageEntries() { - return valueOS.getSparseStorageEntries() + baseOS.getSparseStorageEntries(); + return valueOS.getSparseStorageEntries() + + baseOS.getSparseStorageEntries() + taintOS.getSparseStorageEntries(); } void swapObjectHack(MemoryObject *mo) { object = mo; } @@ -328,10 +335,13 @@ class ObjectState { ref read8(unsigned offset) const; ref readValue(ref offset, Expr::Width width) const; ref readBase(ref offset, Expr::Width width) const; + ref readTaint(ref offset, Expr::Width width) const; ref readValue(unsigned offset, Expr::Width width) const; ref readBase(unsigned offset, Expr::Width width) const; + ref readTaint(unsigned offset, Expr::Width width) const; ref readValue8(unsigned offset) const; ref readBase8(unsigned offset) const; + ref readTaint8(unsigned offset) const; void write(unsigned offset, ref value); void write(ref offset, ref value); @@ -347,10 +357,13 @@ class ObjectState { KType *getDynamicType() const; + void resetTaint(ref newTaint) { taintOS.reset(std::move(newTaint)); } + private: ref read8(ref offset) const; ref readValue8(ref offset) const; ref readBase8(ref offset) const; + ref readTaint8(ref offset) const; void write8(unsigned offset, ref value); void write8(ref offset, ref value); }; diff --git a/lib/Core/SpecialFunctionHandler.cpp b/lib/Core/SpecialFunctionHandler.cpp index 83446754df..7434ac451d 100644 --- a/lib/Core/SpecialFunctionHandler.cpp +++ b/lib/Core/SpecialFunctionHandler.cpp @@ -1253,6 +1253,10 @@ void SpecialFunctionHandler::handleCheckTaintSource( "klee_check_taint_source(void*, size_t)"); return; } + +// uint64_t taintSource = dyn_cast(arguments[1])->getZExtValue(); +// executor.executeCheckTaintSource(state, target, +// executor.makePointer(arguments[0]), taintSource); } void SpecialFunctionHandler::handleGetTaintRule( @@ -1265,9 +1269,13 @@ void SpecialFunctionHandler::handleGetTaintRule( return; } - // TODO: now mock +// // TODO: now mock ref result = ConstantExpr::create(1, Expr::Int64); executor.bindLocal(target, state, result); + +// uint64_t taintSink = dyn_cast(arguments[1])->getZExtValue(); +// executor.executeGetTaintRule(state, target, +// executor.makePointer(arguments[0]), taintSink); } void SpecialFunctionHandler::handleTaintHit(klee::ExecutionState &state, @@ -1279,8 +1287,7 @@ void SpecialFunctionHandler::handleTaintHit(klee::ExecutionState &state, return; } -// printf("klee_taint_hit for rule: %s\n", arguments[0]->toString().c_str()); - - executor.terminateStateOnTargetTaintError( - state, dyn_cast(arguments[0])->getZExtValue()); + uint64_t ruleId = dyn_cast(arguments[0])->getZExtValue(); +// printf("klee_taint_hit for rule: %zu\n", ruleId); + executor.terminateStateOnTargetTaintError(state, ruleId); } From 238fa5e1628e9861660385c8242e3fc616c4f95f Mon Sep 17 00:00:00 2001 From: Maria Date: Thu, 23 May 2024 19:14:22 +0300 Subject: [PATCH 21/28] Add taint to lazy object init and small methods --- include/klee/Core/BranchTypes.h | 3 ++- include/klee/Expr/Expr.h | 1 + lib/Core/AddressSpace.cpp | 14 +++++++++----- lib/Core/AddressSpace.h | 7 +++++-- lib/Core/Executor.cpp | 2 +- lib/Core/Memory.cpp | 12 ++++++++---- lib/Core/Memory.h | 6 ++++-- lib/Expr/Expr.cpp | 6 +++++- 8 files changed, 35 insertions(+), 16 deletions(-) diff --git a/include/klee/Core/BranchTypes.h b/include/klee/Core/BranchTypes.h index 1c8af978c4..0a695b3ca8 100644 --- a/include/klee/Core/BranchTypes.h +++ b/include/klee/Core/BranchTypes.h @@ -25,7 +25,8 @@ BTYPE(Realloc, 8U) \ BTYPE(Free, 9U) \ BTYPE(GetVal, 10U) \ - BMARK(END, 10U) + BTYPE(Taint, 11U) \ + BMARK(END, 11U) /// \endcond /** @enum BranchType diff --git a/include/klee/Expr/Expr.h b/include/klee/Expr/Expr.h index be53be7d17..07a0223264 100644 --- a/include/klee/Expr/Expr.h +++ b/include/klee/Expr/Expr.h @@ -416,6 +416,7 @@ class Expr { static ref createFalse(); static ref createEmptyTaint(); + static ref createTaintBySource(uint64_t source); static ref combineTaints(const ref &taintL, const ref &taintR); diff --git a/lib/Core/AddressSpace.cpp b/lib/Core/AddressSpace.cpp index d92c5bc094..d283539092 100644 --- a/lib/Core/AddressSpace.cpp +++ b/lib/Core/AddressSpace.cpp @@ -9,6 +9,8 @@ #include "AddressSpace.h" +#include + #include "ExecutionState.h" #include "Memory.h" #include "TimingSolver.h" @@ -80,19 +82,21 @@ ObjectPair AddressSpace::findObject(const MemoryObject *mo) const { : ObjectPair(nullptr, nullptr); } -RefObjectPair AddressSpace::lazyInitializeObject(const MemoryObject *mo) const { - return RefObjectPair(mo, new ObjectState(mo, mo->content, mo->type)); +RefObjectPair AddressSpace::lazyInitializeObject(const MemoryObject *mo, + ref taint) const { + return RefObjectPair( + mo, new ObjectState(mo, mo->content, mo->type, std::move(taint))); } -RefObjectPair -AddressSpace::findOrLazyInitializeObject(const MemoryObject *mo) const { +RefObjectPair AddressSpace::findOrLazyInitializeObject(const MemoryObject *mo, + ref taint) const { ObjectPair op = findObject(mo); if (op.first && op.second) { return RefObjectPair(op.first, op.second); } assert(!op.first && !op.second); if (mo->isLazyInitialized) { - return lazyInitializeObject(mo); + return lazyInitializeObject(mo, std::move(taint)); } return RefObjectPair(nullptr, nullptr); } diff --git a/lib/Core/AddressSpace.h b/lib/Core/AddressSpace.h index 6374950814..396c5f9edd 100644 --- a/lib/Core/AddressSpace.h +++ b/lib/Core/AddressSpace.h @@ -136,8 +136,11 @@ class AddressSpace { /// Lookup a binding from a MemoryObject. ObjectPair findObject(const MemoryObject *mo) const; - RefObjectPair lazyInitializeObject(const MemoryObject *mo) const; - RefObjectPair findOrLazyInitializeObject(const MemoryObject *mo) const; + RefObjectPair lazyInitializeObject(const MemoryObject *mo, + ref taint) const; + RefObjectPair + findOrLazyInitializeObject(const MemoryObject *mo, + ref taint = Expr::createEmptyTaint()) const; /// Copy the concrete values of all managed ObjectStates into the /// actual system memory location they were allocated at. diff --git a/lib/Core/Executor.cpp b/lib/Core/Executor.cpp index 18e3825903..62b665352b 100644 --- a/lib/Core/Executor.cpp +++ b/lib/Core/Executor.cpp @@ -5985,7 +5985,7 @@ bool Executor::resolveMemoryObjects( state, basePointer, target, baseTargetType, minObjectSize, sizeExpr, false, checkOutOfBounds, UseSymbolicSizeLazyInit); RefObjectPair op = state.addressSpace.findOrLazyInitializeObject( - idLazyInitialization.get()); + idLazyInitialization.get(), address->getTaint()); state.addressSpace.bindObject(op.first, op.second.get()); mayBeResolvedMemoryObjects.push_back(idLazyInitialization); } diff --git a/lib/Core/Memory.cpp b/lib/Core/Memory.cpp index 6e2b5976db..192d86faf0 100644 --- a/lib/Core/Memory.cpp +++ b/lib/Core/Memory.cpp @@ -106,22 +106,26 @@ std::string MemoryObject::getAllocInfo() const { /***/ -ObjectState::ObjectState(const MemoryObject *mo, const Array *array, KType *dt) +ObjectState::ObjectState(const MemoryObject *mo, const Array *array, KType *dt, + ref defaultTaintValue) : copyOnWriteOwner(0), object(mo), valueOS(ObjectStage(array, nullptr)), baseOS(ObjectStage(array->size, Expr::createPointer(0), false, Context::get().getPointerWidth())), - taintOS(ObjectStage(array->size, Expr::createEmptyTaint(), false, Expr::TaintWidth)), + taintOS( + ObjectStage(array->size, defaultTaintValue, false, Expr::TaintWidth)), lastUpdate(nullptr), size(array->size), dynamicType(dt), readOnly(false) { baseOS.initializeToZero(); taintOS.initializeToZero(); } -ObjectState::ObjectState(const MemoryObject *mo, KType *dt) +ObjectState::ObjectState(const MemoryObject *mo, KType *dt, + ref defaultTaintValue) : copyOnWriteOwner(0), object(mo), valueOS(ObjectStage(mo->getSizeExpr(), nullptr)), baseOS(ObjectStage(mo->getSizeExpr(), Expr::createPointer(0), false, Context::get().getPointerWidth())), - taintOS(ObjectStage(mo->getSizeExpr(), Expr::createEmptyTaint(), false, Expr::TaintWidth)), + taintOS(ObjectStage(mo->getSizeExpr(), defaultTaintValue, false, + Expr::TaintWidth)), lastUpdate(nullptr), size(mo->getSizeExpr()), dynamicType(dt), readOnly(false) { baseOS.initializeToZero(); diff --git a/lib/Core/Memory.h b/lib/Core/Memory.h index b0b728372b..79a5947814 100644 --- a/lib/Core/Memory.h +++ b/lib/Core/Memory.h @@ -310,8 +310,10 @@ class ObjectState { /// Create a new object state for the given memory // For objects in memory - ObjectState(const MemoryObject *mo, const Array *array, KType *dt); - ObjectState(const MemoryObject *mo, KType *dt); + ObjectState(const MemoryObject *mo, const Array *array, KType *dt, + ref defaultTaintValue = Expr::createEmptyTaint()); + ObjectState(const MemoryObject *mo, KType *dt, + ref defaultTaintValue = Expr::createEmptyTaint()); // For symbolic objects not in memory (hack) diff --git a/lib/Expr/Expr.cpp b/lib/Expr/Expr.cpp index 5938daa946..ef44172e0e 100644 --- a/lib/Expr/Expr.cpp +++ b/lib/Expr/Expr.cpp @@ -553,6 +553,10 @@ ref Expr::createEmptyTaint() { return ConstantExpr::create(0, Expr::Int64); } +ref Expr::createTaintBySource(uint64_t source) { + return ConstantExpr::create((1 << source), Expr::Int64); +} + ref Expr::combineTaints(const ref &taintL, const ref &taintR) { if (SelectExpr *sel = dyn_cast(taintL)) { @@ -2991,7 +2995,7 @@ ref ConstantPointerExpr::create(const ref &b, combineTaints(RHS)); \ } else { \ auto value = _e_op::create(getValue(), RHS->getValue()); \ - if (getTaint()->isZero() && RHS->getTaint()->isZero()) { \ + if (getTaint()->isZero() && RHS->getTaint()->isZero()) { \ return value; \ } else { \ return PointerExpr::create(ConstantExpr::create(0, value->getWidth()), \ From 0eb3ce6831ebc693c43a6e7779bef6b546bde6de Mon Sep 17 00:00:00 2001 From: Maria Date: Thu, 23 May 2024 21:14:31 +0300 Subject: [PATCH 22/28] Add klee_mock without chaking size before add_taint --- include/klee/Core/MockBuilder.h | 2 + lib/Core/MockBuilder.cpp | 78 ++++++++++-------------- lib/Core/SpecialFunctionHandler.cpp | 94 ++++++++++++++++++++++++++--- lib/Core/SpecialFunctionHandler.h | 1 + runtime/Runtest/intrinsics.c | 11 ++-- tools/klee/main.cpp | 12 ++-- 6 files changed, 133 insertions(+), 65 deletions(-) diff --git a/include/klee/Core/MockBuilder.h b/include/klee/Core/MockBuilder.h index f609c46a9c..163490c194 100644 --- a/include/klee/Core/MockBuilder.h +++ b/include/klee/Core/MockBuilder.h @@ -48,6 +48,8 @@ class MockBuilder { buildCallKleeMakeSymbolic(const std::string &kleeMakeSymbolicFunctionName, llvm::Value *source, llvm::Type *type, const std::string &symbolicName); + void buildCallKleeMakeMockAll(llvm::Value *source, + const std::string &symbolicName); llvm::CallInst *buildCallKleeTaintFunction(const std::string &functionName, llvm::Value *source, size_t taint, llvm::Type *returnType); diff --git a/lib/Core/MockBuilder.cpp b/lib/Core/MockBuilder.cpp index c4ed914487..24b09a0705 100644 --- a/lib/Core/MockBuilder.cpp +++ b/lib/Core/MockBuilder.cpp @@ -55,6 +55,21 @@ void MockBuilder::buildCallKleeMakeSymbolic( {bitCastInst, llvm::ConstantInt::get(ctx, sz), gep}); } +void MockBuilder::buildCallKleeMakeMockAll(llvm::Value *source, + const std::string &symbolicName) { + auto *kleeMakeSymbolicName = llvm::FunctionType::get( + llvm::Type::getVoidTy(ctx), + {llvm::Type::getInt8PtrTy(ctx), llvm::Type::getInt8PtrTy(ctx)}, false); + auto kleeMakeSymbolicCallee = mockModule->getOrInsertFunction( + "klee_make_mock_all", kleeMakeSymbolicName); + auto bitCastInst = + builder->CreateBitCast(source, llvm::Type::getInt8PtrTy(ctx)); + auto globalSymbolicName = builder->CreateGlobalString("@" + symbolicName); + auto gep = builder->CreateConstInBoundsGEP2_64( + globalSymbolicName->getValueType(), globalSymbolicName, 0, 0); + builder->CreateCall(kleeMakeSymbolicCallee, {bitCastInst, gep}); +} + std::map MockBuilder::getExternalFunctions() { std::map externals; @@ -544,44 +559,6 @@ MockBuilder::buildCallKleeTaintFunction(const std::string &functionName, false); auto kleeTaintFunctionCallee = mockModule->getOrInsertFunction(functionName, kleeTaintFunctionType); - - // //TODO: that's not all: - // // - add var arg list (now it is not even considered - // // when passing through the function - // // parameters and never gets here) - // // - think about ** - // // - add going by pointers - // llvm::Value *beginPtr; - // llvm::Value *countBytes; - // if (!source->getType()->isPointerTy() && !source->getType()->isArrayTy()) - // { - // beginPtr = builder->CreateAlloca(source->getType()); - // builder->CreateStore(source, beginPtr); - // - // const size_t bytes = mockModule->getDataLayout().getTypeStoreSize( - // source->getType()->getPointerElementType()); - // countBytes = llvm::ConstantInt::get( - // mockModule->getContext(), - // llvm::APInt(64, bytes, false)); - // } else if (source->getType()->isPointerTy()) { - // beginPtr = builder->CreateBitCast( - // source, llvm::Type::getInt8PtrTy(mockModule->getContext())); - // - // if (source->getType()->getPointerElementType()->isIntegerTy(8)) { - // auto *TLI = new - // llvm::TargetLibraryInfo(llvm::TargetLibraryInfoImpl()); countBytes = - // llvm::emitStrLen(source, *builder, - // mockModule->getDataLayout(),TLI); - // } - // else { - // const size_t bytes = mockModule->getDataLayout().getTypeStoreSize( - // source->getType()->getPointerElementType()); - // countBytes = llvm::ConstantInt::get( - // mockModule->getContext(), - // llvm::APInt(64, bytes, false)); - // } - // } - llvm::Value *beginPtr; if (!source->getType()->isPointerTy() && !source->getType()->isArrayTy()) { beginPtr = builder->CreateAlloca(source->getType()); @@ -624,6 +601,7 @@ void MockBuilder::buildAnnotationForExternalFunctionArgs( #else const auto arg = &func->arg_begin()[i]; #endif + size_t offsetIndex = 0; auto statementsMap = unifyByOffset(statements[i]); for (const auto &[offset, statementsOffset] : statementsMap) { auto [prev, elem] = goByOffset(arg, offset); @@ -632,6 +610,11 @@ void MockBuilder::buildAnnotationForExternalFunctionArgs( Statement::Free *freePtr = nullptr; Statement::InitNull *initNullPtr = nullptr; + bool isMocked = false; + std::string mockName = "klee_mock" + func->getName().str() + "_arg_" + + std::to_string(i) + "_" + + std::to_string(offsetIndex); + for (const auto &statement : statementsOffset) { switch (statement->getKind()) { case Statement::Kind::Deref: { @@ -697,6 +680,11 @@ void MockBuilder::buildAnnotationForExternalFunctionArgs( if (!elem->getType()->isPointerTy()) { klee_error("Annotation: TaintOutput arg is not pointer"); } + + if (!isMocked) { + buildCallKleeMakeMockAll(elem, mockName); + isMocked = true; + } buildAnnotationTaintOutput(elem, statement); break; } @@ -704,6 +692,11 @@ void MockBuilder::buildAnnotationForExternalFunctionArgs( if (!elem->getType()->isPointerTy()) { klee_error("Annotation: TaintPropagation arg is not pointer"); } + + if (!isMocked) { + buildCallKleeMakeMockAll(elem, mockName); + isMocked = true; + } buildAnnotationTaintPropagation(elem, statement, func, "_arg_" + std::to_string(i) + "_"); break; @@ -724,6 +717,7 @@ void MockBuilder::buildAnnotationForExternalFunctionArgs( buildFree(elem, freePtr); } processingValue(prev, elem->getType(), allocSourcePtr, initNullPtr); + offsetIndex++; } } } @@ -852,14 +846,6 @@ void MockBuilder::buildAnnotationForExternalFunctionReturn( std::string retName = "ret_" + func->getName().str(); llvm::Value *retValuePtr = builder->CreateAlloca(returnType, nullptr); - // TODO: fix strange type ("fopen" mock, store instruction) - // if (func->getName() == "fopen") { - // buildCallKleeMakeSymbolic("klee_make_mock", retValuePtr, returnType, - // func->getName().str()); - // llvm::Value *retValue = builder->CreateLoad(returnType, retValuePtr, - // retName); builder->CreateRet(retValue); return; - // } - if (returnType->isPointerTy() && (allocSourcePtr || mustInitNull)) { processingValue(retValuePtr, returnType, allocSourcePtr, mustInitNull || maybeInitNull); diff --git a/lib/Core/SpecialFunctionHandler.cpp b/lib/Core/SpecialFunctionHandler.cpp index 7434ac451d..2f03f3e206 100644 --- a/lib/Core/SpecialFunctionHandler.cpp +++ b/lib/Core/SpecialFunctionHandler.cpp @@ -116,6 +116,7 @@ static SpecialFunctionHandler::HandlerInfo handlerInfo[] = { add("klee_is_symbolic", handleIsSymbolic, true), add("klee_make_symbolic", handleMakeSymbolic, false), add("klee_make_mock", handleMakeMock, false), + add("klee_make_mock_all", handleMakeMockAll, false), add("klee_mark_global", handleMarkGlobal, false), add("klee_prefer_cex", handlePreferCex, false), add("klee_posix_prefer_cex", handlePosixPreferCex, false), @@ -1077,6 +1078,71 @@ void SpecialFunctionHandler::handleMakeMock(ExecutionState &state, } } +void SpecialFunctionHandler::handleMakeMockAll( + ExecutionState &state, KInstruction *target, + std::vector> &arguments) { + std::string name; + + if (arguments.size() != 2) { + executor.terminateStateOnUserError(state, + "Incorrect number of arguments to " + "klee_make_mock_all(void*, char*)"); + return; + } + + name = arguments[1]->isZero() + ? "" + : readStringAtAddress(state, executor.makePointer(arguments[1])); + + if (name.empty()) { + executor.terminateStateOnUserError( + state, "Empty name of function in klee_make_mock_all"); + return; + } + + KFunction *kf = target->parent->parent; + + Executor::ExactResolutionList rl; + executor.resolveExact(state, arguments[0], + executor.typeSystemManager->getUnknownType(), rl, + "make_symbolic"); + + for (auto &it : rl) { + ObjectPair op = it.second->addressSpace.findObject(it.first); + const MemoryObject *mo = op.first; + mo->setName(name); + mo->updateTimestamp(); + + const ObjectState *old = op.second; + ExecutionState *s = it.second; + + if (old->readOnly) { + executor.terminateStateOnUserError( + *s, "cannot make readonly object symbolic"); + return; + } + + ref source; + switch (executor.interpreterOpts.MockStrategy) { + case MockStrategyKind::Naive: + source = + SourceBuilder::mockNaive(executor.kmodule.get(), *kf->function(), + executor.updateNameVersion(state, name)); + break; + case MockStrategyKind::Deterministic: + std::vector> args(kf->getNumArgs()); + for (size_t i = 0; i < kf->getNumArgs(); i++) { + args[i] = executor.getArgumentCell(state, kf, i).value; + } + source = SourceBuilder::mockDeterministic(executor.kmodule.get(), + *kf->function(), args); + break; + } + executor.executeMakeSymbolic(state, mo, old->getDynamicType(), source, + false); + } +} + void SpecialFunctionHandler::handleMarkGlobal( ExecutionState &state, KInstruction *target, std::vector> &arguments) { @@ -1231,6 +1297,11 @@ void SpecialFunctionHandler::handleAddTaint(klee::ExecutionState &state, "klee_add_taint(void*, size_t)"); return; } + +// uint64_t taintSource = dyn_cast(arguments[1])->getZExtValue(); +// printf("klee_add_taint source: %zu\n", taintSource); +// executor.executeChangeTaintSource( +// state, target, executor.makePointer(arguments[0]), taintSource, true); } void SpecialFunctionHandler::handleClearTaint( @@ -1242,6 +1313,11 @@ void SpecialFunctionHandler::handleClearTaint( "klee_clear_taint(void*, size_t)"); return; } + +// uint64_t taintSource = dyn_cast(arguments[1])->getZExtValue(); +// printf("klee_clear_taint source: %zu\n", taintSource); +// executor.executeChangeTaintSource( +// state, target, executor.makePointer(arguments[0]), taintSource, false); } void SpecialFunctionHandler::handleCheckTaintSource( @@ -1255,8 +1331,9 @@ void SpecialFunctionHandler::handleCheckTaintSource( } // uint64_t taintSource = dyn_cast(arguments[1])->getZExtValue(); -// executor.executeCheckTaintSource(state, target, -// executor.makePointer(arguments[0]), taintSource); +// printf("klee_check_taint_source source: %zu\n", taintSource); +// executor.executeCheckTaintSource( +// state, target, executor.makePointer(arguments[0]), taintSource); } void SpecialFunctionHandler::handleGetTaintRule( @@ -1269,11 +1346,12 @@ void SpecialFunctionHandler::handleGetTaintRule( return; } -// // TODO: now mock - ref result = ConstantExpr::create(1, Expr::Int64); - executor.bindLocal(target, state, result); + // // TODO: now mock + ref result = ConstantExpr::create(1, Expr::Int64); + executor.bindLocal(target, state, result); // uint64_t taintSink = dyn_cast(arguments[1])->getZExtValue(); +// printf("klee_get_taint_rule source: %zu\n", taintSink); // executor.executeGetTaintRule(state, target, // executor.makePointer(arguments[0]), taintSink); } @@ -1287,7 +1365,7 @@ void SpecialFunctionHandler::handleTaintHit(klee::ExecutionState &state, return; } - uint64_t ruleId = dyn_cast(arguments[0])->getZExtValue(); -// printf("klee_taint_hit for rule: %zu\n", ruleId); - executor.terminateStateOnTargetTaintError(state, ruleId); + uint64_t taintRule = dyn_cast(arguments[0])->getZExtValue(); + printf("klee_taint_hit rule: %zu\n", taintRule); + executor.terminateStateOnTargetTaintError(state, taintRule); } diff --git a/lib/Core/SpecialFunctionHandler.h b/lib/Core/SpecialFunctionHandler.h index 4a329f67ed..5372e3c235 100644 --- a/lib/Core/SpecialFunctionHandler.h +++ b/lib/Core/SpecialFunctionHandler.h @@ -130,6 +130,7 @@ class SpecialFunctionHandler { HANDLER(handleIsSymbolic); HANDLER(handleMakeSymbolic); HANDLER(handleMakeMock); + HANDLER(handleMakeMockAll); HANDLER(handleMalloc); HANDLER(handleMemalign); HANDLER(handleMarkGlobal); diff --git a/runtime/Runtest/intrinsics.c b/runtime/Runtest/intrinsics.c index dd02cb9ac7..43936f655a 100644 --- a/runtime/Runtest/intrinsics.c +++ b/runtime/Runtest/intrinsics.c @@ -165,11 +165,12 @@ void klee_make_mock(void *ret_array, size_t ret_nbytes, const char *fname) { } // TODO: add for tests -void klee_add_taint(void *array, size_t taint_source) {} -void klee_clear_taint(void *array, size_t taint_source) {} -bool klee_check_taint_source(void *array, size_t taint_source) {} -bool klee_check_taint_sink(void *array, size_t taint_sink) {} -void klee_taint_sink_hit(size_t taint_sink) {} +//void klee_make_mock_all(void *ret_array, const char *fname); +//void klee_add_taint(void *array, size_t taint_source) {} +//void klee_clear_taint(void *array, size_t taint_source) {} +//bool klee_check_taint_source(void *array, size_t taint_source) {} +//size_t klee_get_taint_rule(void *array, size_t taint_sink) {} +//void klee_taint_hit(size_t rule) {} void klee_silent_exit(int x) { exit(x); } diff --git a/tools/klee/main.cpp b/tools/klee/main.cpp index 262ea750a2..b35bebc888 100644 --- a/tools/klee/main.cpp +++ b/tools/klee/main.cpp @@ -1087,12 +1087,12 @@ static const char *modelledExternals[] = { "klee_get_valuef", "klee_get_valued", "klee_get_valuel", "klee_get_valuell", "klee_get_value_i32", "klee_get_value_i64", "klee_get_obj_size", "klee_is_symbolic", "klee_make_symbolic", "klee_make_mock", - "klee_add_taint", "klee_clear_taint", "klee_check_taint_source", - "klee_get_taint_rule", "klee_taint_hit", "klee_mark_global", - "klee_open_merge", "klee_close_merge", "klee_prefer_cex", - "klee_posix_prefer_cex", "klee_print_expr", "klee_print_range", - "klee_report_error", "klee_set_forking", "klee_silent_exit", "klee_warning", - "klee_warning_once", "klee_stack_trace", + "klee_make_mock_all", "klee_add_taint", "klee_clear_taint", + "klee_check_taint_source", "klee_get_taint_rule", "klee_taint_hit", + "klee_mark_global", "klee_open_merge", "klee_close_merge", + "klee_prefer_cex", "klee_posix_prefer_cex", "klee_print_expr", + "klee_print_range", "klee_report_error", "klee_set_forking", + "klee_silent_exit", "klee_warning", "klee_warning_once", "klee_stack_trace", #ifdef SUPPORT_KLEE_EH_CXX "_klee_eh_Unwind_RaiseException_impl", "klee_eh_typeid_for", #endif From 40d4a65f8f905af2d00a9d735e220061ef416bd6 Mon Sep 17 00:00:00 2001 From: Maria Date: Sat, 25 May 2024 21:09:50 +0300 Subject: [PATCH 23/28] Add methods with taintOS --- lib/Core/Memory.cpp | 61 +++++++++++++++++++++++++++++++++++++++++++++ lib/Core/Memory.h | 20 +++++++++++---- 2 files changed, 76 insertions(+), 5 deletions(-) diff --git a/lib/Core/Memory.cpp b/lib/Core/Memory.cpp index 192d86faf0..5893640cd2 100644 --- a/lib/Core/Memory.cpp +++ b/lib/Core/Memory.cpp @@ -814,3 +814,64 @@ void ObjectStage::print() const { llvm::errs() << "\t\t[" << un->index << "] = " << un->value << "\n"; } } + +/***/ + +void ObjectStage::reset(ref newDefault) { + knownSymbolics->reset(std::move(newDefault)); + unflushedMask->reset(false); + updates = UpdateList(nullptr, nullptr); +} + +void ObjectStage::reset(ref updateForDefault, bool isAdd) { + ref oldDefault = knownSymbolics->defaultV(); + ref newDefault = + isAdd ? OrExpr::create(oldDefault, updateForDefault) + : AndExpr::create(oldDefault, NotExpr::create(updateForDefault)); + knownSymbolics->reset(std::move(newDefault)); + unflushedMask->reset(false); + updates = UpdateList(nullptr, nullptr); +} + +ref ObjectStage::combineAll() const { + ref result = knownSymbolics->defaultV(); + for (auto [index, value] : knownSymbolics->storage()) { + result = OrExpr::create(result, value); + } + for (const auto *un = updates.head.get(); un; un = un->next.get()) { + result = OrExpr::create(result, un->value); + } + return result; +} + +void ObjectStage::updateAll(ref updateExpr, bool isAdd) { + std::vector>> newKnownSymbolics; + for (auto [index, value] : knownSymbolics->storage()) { + ref newValue = + isAdd ? OrExpr::create(value, updateExpr) + : AndExpr::create(value, NotExpr::create(updateExpr)); + newKnownSymbolics.emplace_back(index, value); + } + + ref oldDefault = knownSymbolics->defaultV(); + ref newDefault = + isAdd ? OrExpr::create(oldDefault, updateExpr) + : AndExpr::create(oldDefault, NotExpr::create(updateExpr)); + knownSymbolics->reset(std::move(newDefault)); + + for (auto [index, value] : newKnownSymbolics) { + knownSymbolics->store(index, value); + } + + std::vector, ref>> newUpdates; + for (auto *un = updates.head.get(); un; un = un->next.get()) { + ref newValue = + isAdd ? OrExpr::create(un->value, updateExpr) + : AndExpr::create(un->value, NotExpr::create(updateExpr)); + newUpdates.emplace_back(un->index, newValue); + } + updates = UpdateList(nullptr, nullptr); + for (auto [index, value] : newUpdates) { + updates.extend(index, value); + } +} diff --git a/lib/Core/Memory.h b/lib/Core/Memory.h index 79a5947814..bccf1139df 100644 --- a/lib/Core/Memory.h +++ b/lib/Core/Memory.h @@ -267,10 +267,11 @@ class ObjectStage { } void initializeToZero(); - void reset(ref newDefault) { - knownSymbolics->reset(std::move(newDefault)); - unflushedMask->reset(false); - } + void reset(ref newDefault); + void reset(ref updateForDefault, bool isAdd); + + ref combineAll() const; + void updateAll(ref updateExpr, bool isAdd); private: const UpdateList &getUpdates() const; @@ -359,7 +360,11 @@ class ObjectState { KType *getDynamicType() const; - void resetTaint(ref newTaint) { taintOS.reset(std::move(newTaint)); } + ref readTaint() const { return taintOS.combineAll(); } + void updateTaint(ref updateForTaint, bool isAdd) { + // resetTaint(updateForTaint, isAdd); + taintOS.updateAll(updateForTaint, isAdd); + } private: ref read8(ref offset) const; @@ -368,6 +373,11 @@ class ObjectState { ref readTaint8(ref offset) const; void write8(unsigned offset, ref value); void write8(ref offset, ref value); + + void resetTaint(ref newTaint) { taintOS.reset(std::move(newTaint)); } + void resetTaint(ref updateForTaint, bool isAdd) { + taintOS.reset(std::move(updateForTaint), isAdd); + } }; } // namespace klee From 82252b572690949651c3d1478f47a24a34c056c9 Mon Sep 17 00:00:00 2001 From: Maria Date: Sun, 26 May 2024 00:01:22 +0300 Subject: [PATCH 24/28] Add handlers and fix --- include/klee/Module/TaintAnnotation.h | 15 +-- include/klee/klee.h | 2 +- lib/Core/Executor.cpp | 129 +++++++++++++++++++++++++- lib/Core/Executor.h | 14 ++- lib/Core/Memory.cpp | 6 +- lib/Core/MockBuilder.cpp | 18 ++-- lib/Core/SpecialFunctionHandler.cpp | 38 ++++---- lib/Expr/Expr.cpp | 24 ++--- lib/Module/TaintAnnotation.cpp | 15 +-- 9 files changed, 190 insertions(+), 71 deletions(-) diff --git a/include/klee/Module/TaintAnnotation.h b/include/klee/Module/TaintAnnotation.h index 9de85e3234..ab06ea9874 100644 --- a/include/klee/Module/TaintAnnotation.h +++ b/include/klee/Module/TaintAnnotation.h @@ -14,19 +14,10 @@ using source_ty = size_t; using sink_ty = size_t; using rule_ty = size_t; -struct TaintHitInfo final { - source_ty source; - sink_ty sink; - - explicit TaintHitInfo(source_ty source, sink_ty sink); - - bool operator<(const TaintHitInfo &other) const; - bool operator==(const TaintHitInfo &other) const; -}; - -using TaintHitsMap = std::map; - struct TaintAnnotation final { + using TaintHitsSink = std::map; + using TaintHitsMap = std::map; + TaintHitsMap hits; std::unordered_map sources; diff --git a/include/klee/klee.h b/include/klee/klee.h index 7ee324c153..5b39804bd4 100644 --- a/include/klee/klee.h +++ b/include/klee/klee.h @@ -67,7 +67,7 @@ bool klee_check_taint_source(void *array, size_t taint_source); * \arg addr - The start of the object. * \arg taint_sink - Taint sink. */ -size_t klee_get_taint_rule(void *array, size_t taint_sink); +uint64_t klee_get_taint_rule(void *array, size_t taint_sink); /* klee_taint_hit - Execute taint hit with rule. * diff --git a/lib/Core/Executor.cpp b/lib/Core/Executor.cpp index 62b665352b..a53db55a76 100644 --- a/lib/Core/Executor.cpp +++ b/lib/Core/Executor.cpp @@ -5028,7 +5028,7 @@ void Executor::terminateStateOnTargetError(ExecutionState &state, } void Executor::terminateStateOnTargetTaintError(ExecutionState &state, - size_t rule) { + uint64_t rule) { if (rule >= annotationsData.taintAnnotation.rules.size()) { terminateStateOnUserError(state, "Incorrect rule id"); } @@ -5541,6 +5541,133 @@ void Executor::executeFree(ExecutionState &state, ref address, } } +void Executor::executeChangeTaintSource(ExecutionState &state, + klee::KInstruction *target, + ref address, + uint64_t source, bool isAdd) { + address = optimizer.optimizeExpr(address, true); + ref isNullPointer = Expr::createIsZero(address->getValue()); + StatePair zeroPointer = + forkInternal(state, isNullPointer, BranchType::ResolvePointer); + if (zeroPointer.first) { + auto error = + (isReadFromSymbolicArray(address->getBase()) && zeroPointer.second) + ? ReachWithErrorType::MayBeNullPointerException + : ReachWithErrorType::MustBeNullPointerException; + terminateStateOnTargetError(*zeroPointer.first, ReachWithError(error)); + } + if (zeroPointer.second) { // address != 0 + ExactResolutionList rl; + resolveExact(*zeroPointer.second, address, + typeSystemManager->getUnknownType(), rl, "сhangeTaintSource"); + for (Executor::ExactResolutionList::iterator it = rl.begin(), ie = rl.end(); + it != ie; ++it) { + const MemoryObject *mo = it->first; + RefObjectPair op = + it->second->addressSpace.findOrLazyInitializeObject(mo); + ref os = op.second; + + ObjectState *wos = it->second->addressSpace.getWriteable(mo, os.get()); + if (wos->readOnly) { + terminateStateOnProgramError(*(it->second), + "memory error: object read only", + StateTerminationType::ReadOnly); + } else { + wos->updateTaint(Expr::createTaintBySource(source), isAdd); + } + } + } +} + +void Executor::executeCheckTaintSource(ExecutionState &state, + klee::KInstruction *target, + ref address, + uint64_t source) { + address = optimizer.optimizeExpr(address, true); + ref isNullPointer = Expr::createIsZero(address->getValue()); + StatePair zeroPointer = + forkInternal(state, isNullPointer, BranchType::ResolvePointer); + if (zeroPointer.first) { + auto error = + (isReadFromSymbolicArray(address->getBase()) && zeroPointer.second) + ? ReachWithErrorType::MayBeNullPointerException + : ReachWithErrorType::MustBeNullPointerException; + terminateStateOnTargetError(*zeroPointer.first, ReachWithError(error)); + } + if (zeroPointer.second) { + ExactResolutionList rl; + resolveExact(*zeroPointer.second, address, + typeSystemManager->getUnknownType(), rl, "checkTaintSource"); + + for (Executor::ExactResolutionList::iterator it = rl.begin(), ie = rl.end(); + it != ie; ++it) { + const MemoryObject *mo = it->first; + RefObjectPair op = + it->second->addressSpace.findOrLazyInitializeObject(mo); + ref os = op.second; + + ref taintSource = + ExtractExpr::create(os->readTaint(), source, Expr::Bool); + bindLocal(target, *it->second, taintSource); + } + } +} + +void Executor::executeGetTaintRule(ExecutionState &state, + klee::KInstruction *target, + ref address, uint64_t sink) { + const auto &hitsBySink = annotationsData.taintAnnotation.hits[sink]; + ref hitsBySinkTaint = Expr::createEmptyTaint(); + for (const auto [source, rule] : hitsBySink) { + hitsBySinkTaint = + OrExpr::create(hitsBySinkTaint, Expr::createTaintBySource(source)); + } + + address = optimizer.optimizeExpr(address, true); + ref isNullPointer = Expr::createIsZero(address->getValue()); + StatePair zeroPointer = + forkInternal(state, isNullPointer, BranchType::ResolvePointer); + if (zeroPointer.first) { + auto error = + (isReadFromSymbolicArray(address->getBase()) && zeroPointer.second) + ? ReachWithErrorType::MayBeNullPointerException + : ReachWithErrorType::MustBeNullPointerException; + terminateStateOnTargetError(*zeroPointer.first, ReachWithError(error)); + } + if (zeroPointer.second) { + ExactResolutionList rl; + resolveExact(*zeroPointer.second, address, + typeSystemManager->getUnknownType(), rl, "getTaintRule"); + + for (Executor::ExactResolutionList::iterator it = rl.begin(), ie = rl.end(); + it != ie; ++it) { + const MemoryObject *mo = it->first; + RefObjectPair op = + it->second->addressSpace.findOrLazyInitializeObject(mo); + ref os = op.second; + + ref hits = AndExpr::create(os->readTaint(), hitsBySinkTaint); + + auto curState = it->second; + for (size_t source = 0; + source < annotationsData.taintAnnotation.sources.size(); source++) { + ref taintSource = ExtractExpr::create(hits, source, Expr::Bool); + StatePair taintSourceStates = + forkInternal(*curState, taintSource, BranchType::Taint); + if (taintSourceStates.first) { + bindLocal(target, *taintSourceStates.first, + ConstantExpr::create(hitsBySink.at(source) + 1, + Expr::Int64)); // return (rule + 1) + } + if (taintSourceStates.second) { + curState = taintSourceStates.second; + } + } + bindLocal(target, *curState, ConstantExpr::create(0, Expr::Int64)); + } + } +} + bool Executor::resolveExact(ExecutionState &estate, ref address, KType *type, ExactResolutionList &results, const std::string &name) { diff --git a/lib/Core/Executor.h b/lib/Core/Executor.h index f61f17c16c..9b0c16ebf1 100644 --- a/lib/Core/Executor.h +++ b/lib/Core/Executor.h @@ -361,6 +361,18 @@ class Executor : public Interpreter { void executeFree(ExecutionState &state, ref address, KInstruction *target = 0); + void executeChangeTaintSource(ExecutionState &state, + klee::KInstruction *target, + ref address, uint64_t source, + bool isAdd); + + void executeCheckTaintSource(ExecutionState &state, + klee::KInstruction *target, + ref address, uint64_t source); + + void executeGetTaintRule(ExecutionState &state, klee::KInstruction *target, + ref address, uint64_t sink); + /// Serialize a landingpad instruction so it can be handled by the /// libcxxabi-runtime MemoryObject *serializeLandingpad(ExecutionState &state, @@ -634,7 +646,7 @@ class Executor : public Interpreter { /// Then just call `terminateStateOnError` void terminateStateOnTargetError(ExecutionState &state, ReachWithError error); - void terminateStateOnTargetTaintError(ExecutionState &state, size_t rule); + void terminateStateOnTargetTaintError(ExecutionState &state, uint64_t rule); /// Call error handler and terminate state in case of program errors /// (e.g. free()ing globals, out-of-bound accesses) diff --git a/lib/Core/Memory.cpp b/lib/Core/Memory.cpp index 5893640cd2..58b1179de8 100644 --- a/lib/Core/Memory.cpp +++ b/lib/Core/Memory.cpp @@ -476,8 +476,7 @@ ref ObjectState::readTaint(ref offset, Expr::Width width) const { // Otherwise, follow the slow general case. unsigned NumBytes = width / 8; assert(width == NumBytes * 8 && "Invalid read size!"); - ref Res(0); - ref null = Expr::createPointer(0); + ref Res = Expr::createEmptyTaint(); for (unsigned i = 0; i != NumBytes; ++i) { unsigned idx = Context::get().isLittleEndian() ? i : (NumBytes - i - 1); ref Byte = readTaint8( @@ -496,8 +495,7 @@ ref ObjectState::readTaint(unsigned offset, Expr::Width width) const { // Otherwise, follow the slow general case. unsigned NumBytes = width / 8; assert(width == NumBytes * 8 && "Invalid width for read size!"); - ref Res(0); - ref null = Expr::createPointer(0); + ref Res = Expr::createEmptyTaint(); for (unsigned i = 0; i != NumBytes; ++i) { unsigned idx = Context::get().isLittleEndian() ? i : (NumBytes - i - 1); ref Byte = readTaint8(offset + idx); diff --git a/lib/Core/MockBuilder.cpp b/lib/Core/MockBuilder.cpp index 24b09a0705..0d21c04ee8 100644 --- a/lib/Core/MockBuilder.cpp +++ b/lib/Core/MockBuilder.cpp @@ -611,7 +611,7 @@ void MockBuilder::buildAnnotationForExternalFunctionArgs( Statement::InitNull *initNullPtr = nullptr; bool isMocked = false; - std::string mockName = "klee_mock" + func->getName().str() + "_arg_" + + std::string mockName = "klee_mock_" + func->getName().str() + "_arg_" + std::to_string(i) + "_" + std::to_string(offsetIndex); @@ -681,10 +681,10 @@ void MockBuilder::buildAnnotationForExternalFunctionArgs( klee_error("Annotation: TaintOutput arg is not pointer"); } - if (!isMocked) { - buildCallKleeMakeMockAll(elem, mockName); - isMocked = true; - } +// if (!isMocked) { +// buildCallKleeMakeMockAll(elem, mockName); +// isMocked = true; +// } buildAnnotationTaintOutput(elem, statement); break; } @@ -693,10 +693,10 @@ void MockBuilder::buildAnnotationForExternalFunctionArgs( klee_error("Annotation: TaintPropagation arg is not pointer"); } - if (!isMocked) { - buildCallKleeMakeMockAll(elem, mockName); - isMocked = true; - } +// if (!isMocked) { +// buildCallKleeMakeMockAll(elem, mockName); +// isMocked = true; +// } buildAnnotationTaintPropagation(elem, statement, func, "_arg_" + std::to_string(i) + "_"); break; diff --git a/lib/Core/SpecialFunctionHandler.cpp b/lib/Core/SpecialFunctionHandler.cpp index 2f03f3e206..9d3990ca2e 100644 --- a/lib/Core/SpecialFunctionHandler.cpp +++ b/lib/Core/SpecialFunctionHandler.cpp @@ -1298,10 +1298,10 @@ void SpecialFunctionHandler::handleAddTaint(klee::ExecutionState &state, return; } -// uint64_t taintSource = dyn_cast(arguments[1])->getZExtValue(); -// printf("klee_add_taint source: %zu\n", taintSource); -// executor.executeChangeTaintSource( -// state, target, executor.makePointer(arguments[0]), taintSource, true); + uint64_t taintSource = dyn_cast(arguments[1])->getZExtValue(); + printf("klee_add_taint source: %zu\n", taintSource); + executor.executeChangeTaintSource( + state, target, executor.makePointer(arguments[0]), taintSource, true); } void SpecialFunctionHandler::handleClearTaint( @@ -1314,10 +1314,10 @@ void SpecialFunctionHandler::handleClearTaint( return; } -// uint64_t taintSource = dyn_cast(arguments[1])->getZExtValue(); -// printf("klee_clear_taint source: %zu\n", taintSource); -// executor.executeChangeTaintSource( -// state, target, executor.makePointer(arguments[0]), taintSource, false); + uint64_t taintSource = dyn_cast(arguments[1])->getZExtValue(); + printf("klee_clear_taint source: %zu\n", taintSource); + executor.executeChangeTaintSource( + state, target, executor.makePointer(arguments[0]), taintSource, false); } void SpecialFunctionHandler::handleCheckTaintSource( @@ -1330,10 +1330,10 @@ void SpecialFunctionHandler::handleCheckTaintSource( return; } -// uint64_t taintSource = dyn_cast(arguments[1])->getZExtValue(); -// printf("klee_check_taint_source source: %zu\n", taintSource); -// executor.executeCheckTaintSource( -// state, target, executor.makePointer(arguments[0]), taintSource); + uint64_t taintSource = dyn_cast(arguments[1])->getZExtValue(); + printf("klee_check_taint_source source: %zu\n", taintSource); + executor.executeCheckTaintSource( + state, target, executor.makePointer(arguments[0]), taintSource); } void SpecialFunctionHandler::handleGetTaintRule( @@ -1346,14 +1346,14 @@ void SpecialFunctionHandler::handleGetTaintRule( return; } - // // TODO: now mock - ref result = ConstantExpr::create(1, Expr::Int64); - executor.bindLocal(target, state, result); +// // // TODO: now mock +// ref result = ConstantExpr::create(1, Expr::Int64); +// executor.bindLocal(target, state, result); -// uint64_t taintSink = dyn_cast(arguments[1])->getZExtValue(); -// printf("klee_get_taint_rule source: %zu\n", taintSink); -// executor.executeGetTaintRule(state, target, -// executor.makePointer(arguments[0]), taintSink); + uint64_t taintSink = dyn_cast(arguments[1])->getZExtValue(); + printf("klee_get_taint_rule sink: %zu\n", taintSink); + executor.executeGetTaintRule(state, target, + executor.makePointer(arguments[0]), taintSink); } void SpecialFunctionHandler::handleTaintHit(klee::ExecutionState &state, diff --git a/lib/Expr/Expr.cpp b/lib/Expr/Expr.cpp index ef44172e0e..ed14f54620 100644 --- a/lib/Expr/Expr.cpp +++ b/lib/Expr/Expr.cpp @@ -559,18 +559,18 @@ ref Expr::createTaintBySource(uint64_t source) { ref Expr::combineTaints(const ref &taintL, const ref &taintR) { - if (SelectExpr *sel = dyn_cast(taintL)) { - taintL->dump(); - } - if (PointerExpr *sel = dyn_cast(taintL)) { - taintR->dump(); - } - if (ConstantExpr *sel = dyn_cast(taintL)) { - if (ConstantExpr *ser = dyn_cast(taintR)) { - sel->getAPValue().dump(); - ser->getAPValue().dump(); - } - } +// if (SelectExpr *sel = dyn_cast(taintL)) { +// taintL->dump(); +// } +// if (PointerExpr *sel = dyn_cast(taintL)) { +// taintR->dump(); +// } +// if (ConstantExpr *sel = dyn_cast(taintL)) { +// if (ConstantExpr *ser = dyn_cast(taintR)) { +// sel->getAPValue().dump(); +// ser->getAPValue().dump(); +// } +// } return OrExpr::create(taintL, taintR); } diff --git a/lib/Module/TaintAnnotation.cpp b/lib/Module/TaintAnnotation.cpp index 3bcaafa727..b019cca5cd 100644 --- a/lib/Module/TaintAnnotation.cpp +++ b/lib/Module/TaintAnnotation.cpp @@ -5,16 +5,6 @@ namespace klee { -TaintHitInfo::TaintHitInfo(source_ty source, sink_ty sink) - : source(source), sink(sink) {} - -bool TaintHitInfo::operator<(const TaintHitInfo &other) const { - return (sink < other.sink) || (source < other.source); -} -bool TaintHitInfo::operator==(const TaintHitInfo &other) const { - return (source == other.source) && (sink == other.sink); -} - TaintAnnotation::TaintAnnotation(const std::string &path) { if (path.empty()) { return; @@ -60,11 +50,12 @@ TaintAnnotation::TaintAnnotation(const std::string &path) { klee_error("Taint annotations: Incorrect file format"); } + std::map hitsForSink; for (auto &taintHitJson : item.value()) { - hits[TaintHitInfo(sources[taintHitJson["source"]], sinksCounter)] = + hitsForSink[sources[taintHitJson["source"]]] = rulesMap[taintHitJson["rule"]]; } - + hits[sinksCounter] = hitsForSink; sinksCounter++; } } From 47eaebbeee4ced8b2214553f5217cb93bf9f7270 Mon Sep 17 00:00:00 2001 From: Maria Date: Sun, 26 May 2024 17:58:08 +0300 Subject: [PATCH 25/28] Change klee_get_taint_rule to klee_get_taint_hits, fix memory and some Pointer creations --- configs/annotations.json | 11 +++++ include/klee/Core/MockBuilder.h | 2 +- include/klee/Expr/Expr.h | 1 + include/klee/klee.h | 13 +++--- lib/Core/Executor.cpp | 62 ++++++++++++--------------- lib/Core/Executor.h | 5 ++- lib/Core/Memory.cpp | 65 ++++++++++++++++++++++------- lib/Core/Memory.h | 5 +-- lib/Core/MockBuilder.cpp | 39 +++++++++-------- lib/Core/SpecialFunctionHandler.cpp | 32 +++++++------- lib/Core/SpecialFunctionHandler.h | 2 +- lib/Expr/Expr.cpp | 17 +++----- runtime/Runtest/intrinsics.c | 4 +- test/Feature/TaintTest.cpp | 12 ++++++ test/lit.cfg | 4 ++ tools/klee/main.cpp | 2 +- 16 files changed, 161 insertions(+), 115 deletions(-) create mode 100644 test/Feature/TaintTest.cpp diff --git a/configs/annotations.json b/configs/annotations.json index 76f6825a6b..1df2c2f62c 100644 --- a/configs/annotations.json +++ b/configs/annotations.json @@ -2326,5 +2326,16 @@ [] ], "properties": [] + }, + "printf": { + "name": "printf", + "annotation": [ + [], + [ + "TaintSink::FormatString", + "TaintSink::SensitiveDataLeak" + ] + ], + "properties": [] } } \ No newline at end of file diff --git a/include/klee/Core/MockBuilder.h b/include/klee/Core/MockBuilder.h index 163490c194..b224254267 100644 --- a/include/klee/Core/MockBuilder.h +++ b/include/klee/Core/MockBuilder.h @@ -53,7 +53,7 @@ class MockBuilder { llvm::CallInst *buildCallKleeTaintFunction(const std::string &functionName, llvm::Value *source, size_t taint, llvm::Type *returnType); - void buildCallKleeTaintHit(llvm::Value *taintRule); + void buildCallKleeTaintHit(llvm::Value *taintHits, size_t taintSink); void buildAnnotationTaintOutput(llvm::Value *elem, const Statement::Ptr &statement); diff --git a/include/klee/Expr/Expr.h b/include/klee/Expr/Expr.h index 07a0223264..20a31ec1d3 100644 --- a/include/klee/Expr/Expr.h +++ b/include/klee/Expr/Expr.h @@ -396,6 +396,7 @@ class Expr { ref hasOrderedReads(bool stride) const; ref hasOrderedReads() const; ref getValue() const; + ref getTaint() const; /* Static utility methods */ diff --git a/include/klee/klee.h b/include/klee/klee.h index 5b39804bd4..7470493c24 100644 --- a/include/klee/klee.h +++ b/include/klee/klee.h @@ -61,19 +61,20 @@ void klee_clear_taint(void *array, size_t taint_source); */ bool klee_check_taint_source(void *array, size_t taint_source); -/* klee_get_taint_rule - Return taint rule id +1 if contents of the object pointer - * to \arg addr causes a taint sink \arg taint_sink hit, else return 0. +/* klee_get_taint_hits - Return taint hits if contents of the object pointer + * to \arg addr causes a taint sink \arg taint_sink hit. * * \arg addr - The start of the object. * \arg taint_sink - Taint sink. */ -uint64_t klee_get_taint_rule(void *array, size_t taint_sink); +uint64_t klee_get_taint_hits(void *array, size_t taint_sink); -/* klee_taint_hit - Execute taint hit with rule. +/* klee_taint_hit - Execute taint hits. * - * \arg rule - Taint rule id. + * \arg taint_hits - Actual taint hits. + * \arg taint_sink - Taint sink. */ -void klee_taint_hit(size_t rule); +void klee_taint_hit(uint64_t taint_hits, size_t taint_sink); /* klee_range - Construct a symbolic value in the signed interval * [begin,end). diff --git a/lib/Core/Executor.cpp b/lib/Core/Executor.cpp index a53db55a76..ccb8680877 100644 --- a/lib/Core/Executor.cpp +++ b/lib/Core/Executor.cpp @@ -509,9 +509,9 @@ Executor::Executor(LLVMContext &ctx, const InterpreterOptions &opts, annotationsData(opts.AnnotationsFile, opts.TaintAnnotationsFile), interpreterHandler(ih), searcher(nullptr), externalDispatcher(new ExternalDispatcher(ctx)), statsTracker(0), - pathWriter(0), symPathWriter(0), - specialFunctionHandler(0), timers{time::Span(TimerInterval)}, - guidanceKind(opts.Guidance), codeGraphInfo(new CodeGraphInfo()), + pathWriter(0), symPathWriter(0), specialFunctionHandler(0), + timers{time::Span(TimerInterval)}, guidanceKind(opts.Guidance), + codeGraphInfo(new CodeGraphInfo()), distanceCalculator(new DistanceCalculator(*codeGraphInfo)), targetCalculator(new TargetCalculator(*codeGraphInfo)), targetManager(new TargetManager(guidanceKind, *distanceCalculator, @@ -5028,17 +5028,21 @@ void Executor::terminateStateOnTargetError(ExecutionState &state, } void Executor::terminateStateOnTargetTaintError(ExecutionState &state, - uint64_t rule) { - if (rule >= annotationsData.taintAnnotation.rules.size()) { - terminateStateOnUserError(state, "Incorrect rule id"); + uint64_t hits, size_t sink) { + std::string error = "Taint error:"; + const auto &sinkData = annotationsData.taintAnnotation.hits.at(sink); + for (size_t source = 0; source < annotationsData.taintAnnotation.sources.size(); source++) { + if ((hits >> source) & 1u) { + error += " " + annotationsData.taintAnnotation.rules[sinkData.at(source)]; + } } - const std::string &ruleStr = annotationsData.taintAnnotation.rules[rule]; reportStateOnTargetError( - state, ReachWithError(ReachWithErrorType::MaybeTaint, ruleStr)); + state, ReachWithError(ReachWithErrorType::MaybeTaint, error)); - terminateStateOnProgramError(state, ruleStr + " taint error", - StateTerminationType::Taint); + terminateStateOnProgramError( + state, new ErrorEvent(locationOf(state), StateTerminationType::Taint, + error)); } void Executor::terminateStateOnError(ExecutionState &state, @@ -5569,9 +5573,10 @@ void Executor::executeChangeTaintSource(ExecutionState &state, ObjectState *wos = it->second->addressSpace.getWriteable(mo, os.get()); if (wos->readOnly) { - terminateStateOnProgramError(*(it->second), - "memory error: object read only", - StateTerminationType::ReadOnly); + terminateStateOnProgramError( + *(it->second), new ErrorEvent(locationOf(*(it->second)), + StateTerminationType::ReadOnly, + "memory error: object read only")); } else { wos->updateTaint(Expr::createTaintBySource(source), isAdd); } @@ -5613,11 +5618,11 @@ void Executor::executeCheckTaintSource(ExecutionState &state, } } -void Executor::executeGetTaintRule(ExecutionState &state, +void Executor::executeGetTaintHits(ExecutionState &state, klee::KInstruction *target, ref address, uint64_t sink) { const auto &hitsBySink = annotationsData.taintAnnotation.hits[sink]; - ref hitsBySinkTaint = Expr::createEmptyTaint(); + ref hitsBySinkTaint = Expr::createEmptyTaint(); for (const auto [source, rule] : hitsBySink) { hitsBySinkTaint = OrExpr::create(hitsBySinkTaint, Expr::createTaintBySource(source)); @@ -5637,7 +5642,7 @@ void Executor::executeGetTaintRule(ExecutionState &state, if (zeroPointer.second) { ExactResolutionList rl; resolveExact(*zeroPointer.second, address, - typeSystemManager->getUnknownType(), rl, "getTaintRule"); + typeSystemManager->getUnknownType(), rl, "getTaintHits"); for (Executor::ExactResolutionList::iterator it = rl.begin(), ie = rl.end(); it != ie; ++it) { @@ -5647,23 +5652,7 @@ void Executor::executeGetTaintRule(ExecutionState &state, ref os = op.second; ref hits = AndExpr::create(os->readTaint(), hitsBySinkTaint); - - auto curState = it->second; - for (size_t source = 0; - source < annotationsData.taintAnnotation.sources.size(); source++) { - ref taintSource = ExtractExpr::create(hits, source, Expr::Bool); - StatePair taintSourceStates = - forkInternal(*curState, taintSource, BranchType::Taint); - if (taintSourceStates.first) { - bindLocal(target, *taintSourceStates.first, - ConstantExpr::create(hitsBySink.at(source) + 1, - Expr::Int64)); // return (rule + 1) - } - if (taintSourceStates.second) { - curState = taintSourceStates.second; - } - } - bindLocal(target, *curState, ConstantExpr::create(0, Expr::Int64)); + bindLocal(target, *it->second, hits); } } } @@ -5671,11 +5660,12 @@ void Executor::executeGetTaintRule(ExecutionState &state, bool Executor::resolveExact(ExecutionState &estate, ref address, KType *type, ExactResolutionList &results, const std::string &name) { - ref pointer = - PointerExpr::create(address->getValue(), address->getValue()); + ref pointer = PointerExpr::create( + address->getValue(), address->getValue(), address->getTaint()); address = pointer->getValue(); ref base = pointer->getBase(); - ref basePointer = PointerExpr::create(base, base); + ref basePointer = + PointerExpr::create(base, base, address->getTaint()); ref zeroPointer = PointerExpr::create(Expr::createPointer(0)); if (SimplifySymIndices) { diff --git a/lib/Core/Executor.h b/lib/Core/Executor.h index 9b0c16ebf1..cac10ecab4 100644 --- a/lib/Core/Executor.h +++ b/lib/Core/Executor.h @@ -370,7 +370,7 @@ class Executor : public Interpreter { klee::KInstruction *target, ref address, uint64_t source); - void executeGetTaintRule(ExecutionState &state, klee::KInstruction *target, + void executeGetTaintHits(ExecutionState &state, klee::KInstruction *target, ref address, uint64_t sink); /// Serialize a landingpad instruction so it can be handled by the @@ -646,7 +646,8 @@ class Executor : public Interpreter { /// Then just call `terminateStateOnError` void terminateStateOnTargetError(ExecutionState &state, ReachWithError error); - void terminateStateOnTargetTaintError(ExecutionState &state, uint64_t rule); + void terminateStateOnTargetTaintError(ExecutionState &state, uint64_t hits, + size_t sink); /// Call error handler and terminate state in case of program errors /// (e.g. free()ing globals, out-of-bound accesses) diff --git a/lib/Core/Memory.cpp b/lib/Core/Memory.cpp index 58b1179de8..e7fb664ff6 100644 --- a/lib/Core/Memory.cpp +++ b/lib/Core/Memory.cpp @@ -41,6 +41,7 @@ DISABLE_WARNING_POP #include #include #include +#include namespace klee { llvm::cl::opt MemoryBackend( @@ -111,11 +112,10 @@ ObjectState::ObjectState(const MemoryObject *mo, const Array *array, KType *dt, : copyOnWriteOwner(0), object(mo), valueOS(ObjectStage(array, nullptr)), baseOS(ObjectStage(array->size, Expr::createPointer(0), false, Context::get().getPointerWidth())), - taintOS( - ObjectStage(array->size, defaultTaintValue, false, Expr::TaintWidth)), + taintOS(ObjectStage(array->size, std::move(defaultTaintValue), false, + Expr::TaintWidth)), lastUpdate(nullptr), size(array->size), dynamicType(dt), readOnly(false) { baseOS.initializeToZero(); - taintOS.initializeToZero(); } ObjectState::ObjectState(const MemoryObject *mo, KType *dt, @@ -124,12 +124,11 @@ ObjectState::ObjectState(const MemoryObject *mo, KType *dt, valueOS(ObjectStage(mo->getSizeExpr(), nullptr)), baseOS(ObjectStage(mo->getSizeExpr(), Expr::createPointer(0), false, Context::get().getPointerWidth())), - taintOS(ObjectStage(mo->getSizeExpr(), defaultTaintValue, false, - Expr::TaintWidth)), + taintOS(ObjectStage(mo->getSizeExpr(), std::move(defaultTaintValue), + false, Expr::TaintWidth)), lastUpdate(nullptr), size(mo->getSizeExpr()), dynamicType(dt), readOnly(false) { baseOS.initializeToZero(); - taintOS.initializeToZero(); } ObjectState::ObjectState(const ObjectState &os) @@ -254,8 +253,7 @@ ref ObjectState::readTaint8(ref offset) const { dyn_cast(object->getSizeExpr())) { auto moSize = sizeExpr->getZExtValue(); if (object && moSize > 4096) { - std::string allocInfo; - object->getAllocInfo(allocInfo); + std::string allocInfo = object->getAllocInfo(); klee_warning_once(nullptr, "Symbolic memory access will send the following " "array of %lu bytes to " @@ -832,17 +830,29 @@ void ObjectStage::reset(ref updateForDefault, bool isAdd) { } ref ObjectStage::combineAll() const { - ref result = knownSymbolics->defaultV(); + ref result = Expr::createEmptyTaint(); + if (knownSymbolics->defaultV()) { + result = knownSymbolics->defaultV(); + } for (auto [index, value] : knownSymbolics->storage()) { result = OrExpr::create(result, value); } + if (updates.root) { + if (ref constantSource = + cast(updates.root->source)) { + for (const auto &[index, value] : + constantSource->constantValues->storage()) { + result = OrExpr::create(result, value); + } + } + } for (const auto *un = updates.head.get(); un; un = un->next.get()) { result = OrExpr::create(result, un->value); } return result; } -void ObjectStage::updateAll(ref updateExpr, bool isAdd) { +void ObjectStage::updateAll(const ref &updateExpr, bool isAdd) { std::vector>> newKnownSymbolics; for (auto [index, value] : knownSymbolics->storage()) { ref newValue = @@ -851,11 +861,13 @@ void ObjectStage::updateAll(ref updateExpr, bool isAdd) { newKnownSymbolics.emplace_back(index, value); } - ref oldDefault = knownSymbolics->defaultV(); - ref newDefault = - isAdd ? OrExpr::create(oldDefault, updateExpr) - : AndExpr::create(oldDefault, NotExpr::create(updateExpr)); - knownSymbolics->reset(std::move(newDefault)); + if (knownSymbolics->defaultV()) { + ref oldDefault = knownSymbolics->defaultV(); + ref newDefault = + isAdd ? OrExpr::create(oldDefault, updateExpr) + : AndExpr::create(oldDefault, NotExpr::create(updateExpr)); + knownSymbolics->reset(std::move(newDefault)); + } for (auto [index, value] : newKnownSymbolics) { knownSymbolics->store(index, value); @@ -868,7 +880,28 @@ void ObjectStage::updateAll(ref updateExpr, bool isAdd) { : AndExpr::create(un->value, NotExpr::create(updateExpr)); newUpdates.emplace_back(un->index, newValue); } - updates = UpdateList(nullptr, nullptr); + + const Array *array = nullptr; + if (updates.root) { + if (ref constantSource = + cast(updates.root->source)) { + SparseStorage> *newStorage = constructStorage( + size, ConstantExpr::create(0, width), MaxFixedSizeStructureSize); + + for (const auto &[index, value] : + constantSource->constantValues->storage()) { + ref newValue = + isAdd ? OrExpr::create(value, updateExpr) + : AndExpr::create(value, NotExpr::create(updateExpr)); + newStorage->store(index, newValue); + } + + array = Array::create(size, SourceBuilder::constant(newStorage), + Expr::Int32, width); + } + } + + updates = UpdateList(array, nullptr); for (auto [index, value] : newUpdates) { updates.extend(index, value); } diff --git a/lib/Core/Memory.h b/lib/Core/Memory.h index bccf1139df..e813eaa147 100644 --- a/lib/Core/Memory.h +++ b/lib/Core/Memory.h @@ -271,7 +271,7 @@ class ObjectStage { void reset(ref updateForDefault, bool isAdd); ref combineAll() const; - void updateAll(ref updateExpr, bool isAdd); + void updateAll(const ref &updateExpr, bool isAdd); private: const UpdateList &getUpdates() const; @@ -361,8 +361,7 @@ class ObjectState { KType *getDynamicType() const; ref readTaint() const { return taintOS.combineAll(); } - void updateTaint(ref updateForTaint, bool isAdd) { - // resetTaint(updateForTaint, isAdd); + void updateTaint(const ref &updateForTaint, bool isAdd) { taintOS.updateAll(updateForTaint, isAdd); } diff --git a/lib/Core/MockBuilder.cpp b/lib/Core/MockBuilder.cpp index 0d21c04ee8..e9a94e33fa 100644 --- a/lib/Core/MockBuilder.cpp +++ b/lib/Core/MockBuilder.cpp @@ -513,11 +513,11 @@ void MockBuilder::buildAnnotationTaintSink(llvm::Value *elem, llvm::BasicBlock::Create(mockModule->getContext(), sinkCondName, curFunc); llvm::BasicBlock *contBB = llvm::BasicBlock::Create( mockModule->getContext(), "continue_" + sinkCondName); - auto taintRule = buildCallKleeTaintFunction( - "klee_get_taint_rule", elem, sink->second, + auto taintHits = buildCallKleeTaintFunction( + "klee_get_taint_hits", elem, sink->second, llvm::Type::getInt64Ty(mockModule->getContext())); const auto brValueSink = - builder->CreateCmp(llvm::CmpInst::Predicate::ICMP_NE, taintRule, + builder->CreateCmp(llvm::CmpInst::Predicate::ICMP_NE, taintHits, llvm::ConstantInt::get(mockModule->getContext(), llvm::APInt(64, 0, false))); builder->CreateCondBr(brValueSink, sinkBB, contBB); @@ -538,10 +538,7 @@ void MockBuilder::buildAnnotationTaintSink(llvm::Value *elem, builder->CreateCondBr(brValueTaintHit, taintHitBB, contBB); builder->SetInsertPoint(taintHitBB); - const auto taintRuleId = builder->CreateSub( - taintRule, llvm::ConstantInt::get(mockModule->getContext(), - llvm::APInt(64, 1, false))); - buildCallKleeTaintHit(taintRuleId); + buildCallKleeTaintHit(taintHits, sink->second); builder->CreateBr(contBB); curFunc->getBasicBlockList().push_back(contBB); @@ -576,13 +573,19 @@ MockBuilder::buildCallKleeTaintFunction(const std::string &functionName, llvm::APInt(64, taint, false))}); } -void MockBuilder::buildCallKleeTaintHit(llvm::Value *taintRule) { +void MockBuilder::buildCallKleeTaintHit(llvm::Value *taintHits, + size_t taintSink) { auto *kleeTaintHitType = llvm::FunctionType::get( llvm::Type::getVoidTy(mockModule->getContext()), - {llvm::Type::getInt64Ty(mockModule->getContext())}, false); + {llvm::Type::getInt64Ty(mockModule->getContext()), + llvm::Type::getInt64Ty(mockModule->getContext())}, + false); auto kleeTaintSinkHitCallee = mockModule->getOrInsertFunction("klee_taint_hit", kleeTaintHitType); - builder->CreateCall(kleeTaintSinkHitCallee, {taintRule}); + builder->CreateCall( + kleeTaintSinkHitCallee, + {taintHits, llvm::ConstantInt::get(mockModule->getContext(), + llvm::APInt(64, taintSink, false))}); } void MockBuilder::buildAnnotationForExternalFunctionArgs( @@ -681,10 +684,10 @@ void MockBuilder::buildAnnotationForExternalFunctionArgs( klee_error("Annotation: TaintOutput arg is not pointer"); } -// if (!isMocked) { -// buildCallKleeMakeMockAll(elem, mockName); -// isMocked = true; -// } + if (!isMocked) { + buildCallKleeMakeMockAll(elem, mockName); + isMocked = true; + } buildAnnotationTaintOutput(elem, statement); break; } @@ -693,10 +696,10 @@ void MockBuilder::buildAnnotationForExternalFunctionArgs( klee_error("Annotation: TaintPropagation arg is not pointer"); } -// if (!isMocked) { -// buildCallKleeMakeMockAll(elem, mockName); -// isMocked = true; -// } + if (!isMocked) { + buildCallKleeMakeMockAll(elem, mockName); + isMocked = true; + } buildAnnotationTaintPropagation(elem, statement, func, "_arg_" + std::to_string(i) + "_"); break; diff --git a/lib/Core/SpecialFunctionHandler.cpp b/lib/Core/SpecialFunctionHandler.cpp index 9d3990ca2e..50960177d3 100644 --- a/lib/Core/SpecialFunctionHandler.cpp +++ b/lib/Core/SpecialFunctionHandler.cpp @@ -134,7 +134,7 @@ static SpecialFunctionHandler::HandlerInfo handlerInfo[] = { add("klee_add_taint", handleAddTaint, false), add("klee_clear_taint", handleClearTaint, false), add("klee_check_taint_source", handleCheckTaintSource, true), - add("klee_get_taint_rule", handleGetTaintRule, true), + add("klee_get_taint_hits", handleGetTaintHits, true), add("klee_taint_hit", handleTaintHit, false), #ifdef SUPPORT_KLEE_EH_CXX @@ -1299,7 +1299,7 @@ void SpecialFunctionHandler::handleAddTaint(klee::ExecutionState &state, } uint64_t taintSource = dyn_cast(arguments[1])->getZExtValue(); - printf("klee_add_taint source: %zu\n", taintSource); +// printf("klee_add_taint source: %zu\n", taintSource); executor.executeChangeTaintSource( state, target, executor.makePointer(arguments[0]), taintSource, true); } @@ -1315,7 +1315,7 @@ void SpecialFunctionHandler::handleClearTaint( } uint64_t taintSource = dyn_cast(arguments[1])->getZExtValue(); - printf("klee_clear_taint source: %zu\n", taintSource); +// printf("klee_clear_taint source: %zu\n", taintSource); executor.executeChangeTaintSource( state, target, executor.makePointer(arguments[0]), taintSource, false); } @@ -1331,41 +1331,39 @@ void SpecialFunctionHandler::handleCheckTaintSource( } uint64_t taintSource = dyn_cast(arguments[1])->getZExtValue(); - printf("klee_check_taint_source source: %zu\n", taintSource); +// printf("klee_check_taint_source source: %zu\n", taintSource); executor.executeCheckTaintSource( state, target, executor.makePointer(arguments[0]), taintSource); } -void SpecialFunctionHandler::handleGetTaintRule( +void SpecialFunctionHandler::handleGetTaintHits( klee::ExecutionState &state, klee::KInstruction *target, std::vector> &arguments) { if (arguments.size() != 2) { executor.terminateStateOnUserError(state, "Incorrect number of arguments to " - "klee_get_taint_rule(void*, size_t)"); + "klee_get_taint_hits(void*, size_t)"); return; } -// // // TODO: now mock -// ref result = ConstantExpr::create(1, Expr::Int64); -// executor.bindLocal(target, state, result); - uint64_t taintSink = dyn_cast(arguments[1])->getZExtValue(); - printf("klee_get_taint_rule sink: %zu\n", taintSink); - executor.executeGetTaintRule(state, target, +// printf("klee_get_taint_hits sink: %zu\n", taintSink); + executor.executeGetTaintHits(state, target, executor.makePointer(arguments[0]), taintSink); } void SpecialFunctionHandler::handleTaintHit(klee::ExecutionState &state, klee::KInstruction *target, std::vector> &arguments) { - if (arguments.size() != 1) { + if (arguments.size() != 2) { executor.terminateStateOnUserError( - state, "Incorrect number of arguments to klee_taint_hit(size_t)"); + state, + "Incorrect number of arguments to klee_taint_hit(uint64_t, size_t)"); return; } - uint64_t taintRule = dyn_cast(arguments[0])->getZExtValue(); - printf("klee_taint_hit rule: %zu\n", taintRule); - executor.terminateStateOnTargetTaintError(state, taintRule); + uint64_t taintHits = dyn_cast(arguments[0])->getZExtValue(); + size_t taintSink = dyn_cast(arguments[1])->getZExtValue(); +// printf("klee_taint_hit hits: %zu sink: %zu\n", taintHits, taintSink); + executor.terminateStateOnTargetTaintError(state, taintHits, taintSink); } diff --git a/lib/Core/SpecialFunctionHandler.h b/lib/Core/SpecialFunctionHandler.h index 5372e3c235..301053f93a 100644 --- a/lib/Core/SpecialFunctionHandler.h +++ b/lib/Core/SpecialFunctionHandler.h @@ -185,7 +185,7 @@ class SpecialFunctionHandler { HANDLER(handleAddTaint); HANDLER(handleClearTaint); HANDLER(handleCheckTaintSource); - HANDLER(handleGetTaintRule); + HANDLER(handleGetTaintHits); HANDLER(handleTaintHit); #undef HANDLER }; diff --git a/lib/Expr/Expr.cpp b/lib/Expr/Expr.cpp index ed14f54620..cbf43a0139 100644 --- a/lib/Expr/Expr.cpp +++ b/lib/Expr/Expr.cpp @@ -559,18 +559,6 @@ ref Expr::createTaintBySource(uint64_t source) { ref Expr::combineTaints(const ref &taintL, const ref &taintR) { -// if (SelectExpr *sel = dyn_cast(taintL)) { -// taintL->dump(); -// } -// if (PointerExpr *sel = dyn_cast(taintL)) { -// taintR->dump(); -// } -// if (ConstantExpr *sel = dyn_cast(taintL)) { -// if (ConstantExpr *ser = dyn_cast(taintR)) { -// sel->getAPValue().dump(); -// ser->getAPValue().dump(); -// } -// } return OrExpr::create(taintL, taintR); } @@ -1811,6 +1799,11 @@ ref Expr::getValue() const { : const_cast(this); } +ref Expr::getTaint() const { + return isa(this) ? cast(this)->getTaint() + : cast(Expr::createEmptyTaint()); +} + ref convolution(const ref &l, const ref &r) { ref null = ConstantExpr::create(0, l->getWidth()); return SelectExpr::create(EqExpr::create(l, r), l, null); diff --git a/runtime/Runtest/intrinsics.c b/runtime/Runtest/intrinsics.c index 43936f655a..4e7ba00cf0 100644 --- a/runtime/Runtest/intrinsics.c +++ b/runtime/Runtest/intrinsics.c @@ -169,8 +169,8 @@ void klee_make_mock(void *ret_array, size_t ret_nbytes, const char *fname) { //void klee_add_taint(void *array, size_t taint_source) {} //void klee_clear_taint(void *array, size_t taint_source) {} //bool klee_check_taint_source(void *array, size_t taint_source) {} -//size_t klee_get_taint_rule(void *array, size_t taint_sink) {} -//void klee_taint_hit(size_t rule) {} +//uint64_t klee_get_taint_hits(void *array, size_t taint_sink) {} +//void klee_taint_hit(uint64_t taint_hits, size_t taint_sink) {} void klee_silent_exit(int x) { exit(x); } diff --git a/test/Feature/TaintTest.cpp b/test/Feature/TaintTest.cpp new file mode 100644 index 0000000000..9f7deb516a --- /dev/null +++ b/test/Feature/TaintTest.cpp @@ -0,0 +1,12 @@ +// RUN: %clangxx %s -emit-llvm %O0opt -c -o %t1.bc +// RUN: rm -rf %t.klee-out +// RUN: %klee --output-dir=%t.klee-out --cex-cache-validity-cores --solver-backend=z3 --check-out-of-memory --suppress-external-warnings --libc=klee --skip-not-lazy-initialized --external-calls=all --output-source=true --output-istats=false --output-stats=false --max-time=1200s --max-sym-size-alloc=32 --max-forks=6400 --max-solver-time=5s --smart-resolve-entry-function --extern-calls-can-return-null --align-symbolic-pointers=false --use-lazy-initialization=only --min-number-elements-li=18 --use-sym-size-li=false --rewrite-equalities=simple --symbolic-allocation-threshold=2048 --search=random-path --max-memory=16000 --mock-mutable-globals=all --mock-strategy=naive --mock-policy=all --annotate-only-external=false --annotations=%annotations --taint-annotations=%taint_annotations %t1.bc + +#include +#include + +int main() +{ + const char *libvar = std::getenv("PATH"); + printf(libvar); +} diff --git a/test/lit.cfg b/test/lit.cfg index 94c94e0059..91001edcda 100644 --- a/test/lit.cfg +++ b/test/lit.cfg @@ -189,6 +189,10 @@ config.substitutions.append( ('%annotations', os.path.join(klee_src_root, 'configs/annotations.json')) ) +config.substitutions.append( + ('%taint_annotations', os.path.join(klee_src_root, 'configs/taint-annotations.json')) +) + config.substitutions.append( ('%testcomp_defs', os.path.join(klee_src_root, 'include/klee-test-comp.c')) ) diff --git a/tools/klee/main.cpp b/tools/klee/main.cpp index b35bebc888..ece517e5eb 100644 --- a/tools/klee/main.cpp +++ b/tools/klee/main.cpp @@ -1088,7 +1088,7 @@ static const char *modelledExternals[] = { "klee_get_value_i32", "klee_get_value_i64", "klee_get_obj_size", "klee_is_symbolic", "klee_make_symbolic", "klee_make_mock", "klee_make_mock_all", "klee_add_taint", "klee_clear_taint", - "klee_check_taint_source", "klee_get_taint_rule", "klee_taint_hit", + "klee_check_taint_source", "klee_get_taint_hits", "klee_taint_hit", "klee_mark_global", "klee_open_merge", "klee_close_merge", "klee_prefer_cex", "klee_posix_prefer_cex", "klee_print_expr", "klee_print_range", "klee_report_error", "klee_set_forking", From 84af116b3434effc0aed592356e7673b88386f83 Mon Sep 17 00:00:00 2001 From: Maria Date: Mon, 27 May 2024 20:20:54 +0300 Subject: [PATCH 26/28] Fix --- lib/Core/Executor.cpp | 27 +++++++++++++++++---------- lib/Core/MockBuilder.cpp | 16 ++++++++-------- runtime/Runtest/intrinsics.c | 2 +- 3 files changed, 26 insertions(+), 19 deletions(-) diff --git a/lib/Core/Executor.cpp b/lib/Core/Executor.cpp index ccb8680877..8638c190b8 100644 --- a/lib/Core/Executor.cpp +++ b/lib/Core/Executor.cpp @@ -5030,8 +5030,9 @@ void Executor::terminateStateOnTargetError(ExecutionState &state, void Executor::terminateStateOnTargetTaintError(ExecutionState &state, uint64_t hits, size_t sink) { std::string error = "Taint error:"; - const auto &sinkData = annotationsData.taintAnnotation.hits.at(sink); - for (size_t source = 0; source < annotationsData.taintAnnotation.sources.size(); source++) { + const auto &sinkData = annotationsData.taintAnnotation.hits[sink]; + for (size_t source = 0; + source < annotationsData.taintAnnotation.sources.size(); source++) { if ((hits >> source) & 1u) { error += " " + annotationsData.taintAnnotation.rules[sinkData.at(source)]; } @@ -5041,8 +5042,8 @@ void Executor::terminateStateOnTargetTaintError(ExecutionState &state, state, ReachWithError(ReachWithErrorType::MaybeTaint, error)); terminateStateOnProgramError( - state, new ErrorEvent(locationOf(state), StateTerminationType::Taint, - error)); + state, + new ErrorEvent(locationOf(state), StateTerminationType::Taint, error)); } void Executor::terminateStateOnError(ExecutionState &state, @@ -5550,6 +5551,8 @@ void Executor::executeChangeTaintSource(ExecutionState &state, ref address, uint64_t source, bool isAdd) { address = optimizer.optimizeExpr(address, true); + ref base = PointerExpr::create( + address->getBase(), address->getBase(), address->getTaint()); ref isNullPointer = Expr::createIsZero(address->getValue()); StatePair zeroPointer = forkInternal(state, isNullPointer, BranchType::ResolvePointer); @@ -5562,8 +5565,8 @@ void Executor::executeChangeTaintSource(ExecutionState &state, } if (zeroPointer.second) { // address != 0 ExactResolutionList rl; - resolveExact(*zeroPointer.second, address, - typeSystemManager->getUnknownType(), rl, "сhangeTaintSource"); + resolveExact(*zeroPointer.second, base, typeSystemManager->getUnknownType(), + rl, "сhangeTaintSource"); for (Executor::ExactResolutionList::iterator it = rl.begin(), ie = rl.end(); it != ie; ++it) { const MemoryObject *mo = it->first; @@ -5589,6 +5592,8 @@ void Executor::executeCheckTaintSource(ExecutionState &state, ref address, uint64_t source) { address = optimizer.optimizeExpr(address, true); + ref base = PointerExpr::create( + address->getBase(), address->getBase(), address->getTaint()); ref isNullPointer = Expr::createIsZero(address->getValue()); StatePair zeroPointer = forkInternal(state, isNullPointer, BranchType::ResolvePointer); @@ -5601,8 +5606,8 @@ void Executor::executeCheckTaintSource(ExecutionState &state, } if (zeroPointer.second) { ExactResolutionList rl; - resolveExact(*zeroPointer.second, address, - typeSystemManager->getUnknownType(), rl, "checkTaintSource"); + resolveExact(*zeroPointer.second, base, typeSystemManager->getUnknownType(), + rl, "checkTaintSource"); for (Executor::ExactResolutionList::iterator it = rl.begin(), ie = rl.end(); it != ie; ++it) { @@ -5629,6 +5634,8 @@ void Executor::executeGetTaintHits(ExecutionState &state, } address = optimizer.optimizeExpr(address, true); + ref base = PointerExpr::create( + address->getBase(), address->getBase(), address->getTaint()); ref isNullPointer = Expr::createIsZero(address->getValue()); StatePair zeroPointer = forkInternal(state, isNullPointer, BranchType::ResolvePointer); @@ -5641,8 +5648,8 @@ void Executor::executeGetTaintHits(ExecutionState &state, } if (zeroPointer.second) { ExactResolutionList rl; - resolveExact(*zeroPointer.second, address, - typeSystemManager->getUnknownType(), rl, "getTaintHits"); + resolveExact(*zeroPointer.second, base, typeSystemManager->getUnknownType(), + rl, "getTaintHits"); for (Executor::ExactResolutionList::iterator it = rl.begin(), ie = rl.end(); it != ie; ++it) { diff --git a/lib/Core/MockBuilder.cpp b/lib/Core/MockBuilder.cpp index e9a94e33fa..8bf546c7d7 100644 --- a/lib/Core/MockBuilder.cpp +++ b/lib/Core/MockBuilder.cpp @@ -684,10 +684,10 @@ void MockBuilder::buildAnnotationForExternalFunctionArgs( klee_error("Annotation: TaintOutput arg is not pointer"); } - if (!isMocked) { - buildCallKleeMakeMockAll(elem, mockName); - isMocked = true; - } +// if (!isMocked) { +// buildCallKleeMakeMockAll(elem, mockName); +// isMocked = true; +// } buildAnnotationTaintOutput(elem, statement); break; } @@ -696,10 +696,10 @@ void MockBuilder::buildAnnotationForExternalFunctionArgs( klee_error("Annotation: TaintPropagation arg is not pointer"); } - if (!isMocked) { - buildCallKleeMakeMockAll(elem, mockName); - isMocked = true; - } +// if (!isMocked) { +// buildCallKleeMakeMockAll(elem, mockName); +// isMocked = true; +// } buildAnnotationTaintPropagation(elem, statement, func, "_arg_" + std::to_string(i) + "_"); break; diff --git a/runtime/Runtest/intrinsics.c b/runtime/Runtest/intrinsics.c index 4e7ba00cf0..ee4822af44 100644 --- a/runtime/Runtest/intrinsics.c +++ b/runtime/Runtest/intrinsics.c @@ -165,7 +165,7 @@ void klee_make_mock(void *ret_array, size_t ret_nbytes, const char *fname) { } // TODO: add for tests -//void klee_make_mock_all(void *ret_array, const char *fname); +//void klee_make_mock_all(void *ret_array, const char *fname) {} //void klee_add_taint(void *array, size_t taint_source) {} //void klee_clear_taint(void *array, size_t taint_source) {} //bool klee_check_taint_source(void *array, size_t taint_source) {} From cf083b67cfabf465dbee5c5b8b40da07f0091eeb Mon Sep 17 00:00:00 2001 From: Maria Date: Mon, 10 Jun 2024 20:55:02 +0300 Subject: [PATCH 27/28] Add taint offset and fix --- include/klee/Expr/Expr.h | 2 +- lib/Core/SpecialFunctionHandler.cpp | 49 +++++++++++++++++++++-------- lib/Module/Annotation.cpp | 9 ++---- 3 files changed, 39 insertions(+), 21 deletions(-) diff --git a/include/klee/Expr/Expr.h b/include/klee/Expr/Expr.h index 20a31ec1d3..8f683b16c7 100644 --- a/include/klee/Expr/Expr.h +++ b/include/klee/Expr/Expr.h @@ -1739,7 +1739,7 @@ class PointerExpr : public NonConstantExpr { bool isKnownValue() const { return getBase()->isZero(); } - ref combineTaints(const ref &RHS) { + ref combineTaints(const ref &RHS) { return Expr::combineTaints(getTaint(), RHS->getTaint()); } diff --git a/lib/Core/SpecialFunctionHandler.cpp b/lib/Core/SpecialFunctionHandler.cpp index 50960177d3..aca0f5029f 100644 --- a/lib/Core/SpecialFunctionHandler.cpp +++ b/lib/Core/SpecialFunctionHandler.cpp @@ -1299,9 +1299,15 @@ void SpecialFunctionHandler::handleAddTaint(klee::ExecutionState &state, } uint64_t taintSource = dyn_cast(arguments[1])->getZExtValue(); -// printf("klee_add_taint source: %zu\n", taintSource); - executor.executeChangeTaintSource( - state, target, executor.makePointer(arguments[0]), taintSource, true); + + ref pointer = executor.makePointer(arguments[0]); + if (auto *p = dyn_cast(arguments[0])) { + if (p->isKnownValue()) { + pointer = + PointerExpr::create(p->getValue(), p->getValue(), p->getTaint()); + } + } + executor.executeChangeTaintSource(state, target, pointer, taintSource, true); } void SpecialFunctionHandler::handleClearTaint( @@ -1315,9 +1321,15 @@ void SpecialFunctionHandler::handleClearTaint( } uint64_t taintSource = dyn_cast(arguments[1])->getZExtValue(); -// printf("klee_clear_taint source: %zu\n", taintSource); - executor.executeChangeTaintSource( - state, target, executor.makePointer(arguments[0]), taintSource, false); + + ref pointer = executor.makePointer(arguments[0]); + if (auto *p = dyn_cast(arguments[0])) { + if (p->isKnownValue()) { + pointer = + PointerExpr::create(p->getValue(), p->getValue(), p->getTaint()); + } + } + executor.executeChangeTaintSource(state, target, pointer, taintSource, false); } void SpecialFunctionHandler::handleCheckTaintSource( @@ -1331,9 +1343,15 @@ void SpecialFunctionHandler::handleCheckTaintSource( } uint64_t taintSource = dyn_cast(arguments[1])->getZExtValue(); -// printf("klee_check_taint_source source: %zu\n", taintSource); - executor.executeCheckTaintSource( - state, target, executor.makePointer(arguments[0]), taintSource); + + ref pointer = executor.makePointer(arguments[0]); + if (auto *p = dyn_cast(arguments[0])) { + if (p->isKnownValue()) { + pointer = + PointerExpr::create(p->getValue(), p->getValue(), p->getTaint()); + } + } + executor.executeCheckTaintSource(state, target, pointer, taintSource); } void SpecialFunctionHandler::handleGetTaintHits( @@ -1347,9 +1365,15 @@ void SpecialFunctionHandler::handleGetTaintHits( } uint64_t taintSink = dyn_cast(arguments[1])->getZExtValue(); -// printf("klee_get_taint_hits sink: %zu\n", taintSink); - executor.executeGetTaintHits(state, target, - executor.makePointer(arguments[0]), taintSink); + + ref pointer = executor.makePointer(arguments[0]); + if (auto *p = dyn_cast(arguments[0])) { + if (p->isKnownValue()) { + pointer = + PointerExpr::create(p->getValue(), p->getValue(), p->getTaint()); + } + } + executor.executeGetTaintHits(state, target, pointer, taintSink); } void SpecialFunctionHandler::handleTaintHit(klee::ExecutionState &state, @@ -1364,6 +1388,5 @@ void SpecialFunctionHandler::handleTaintHit(klee::ExecutionState &state, uint64_t taintHits = dyn_cast(arguments[0])->getZExtValue(); size_t taintSink = dyn_cast(arguments[1])->getZExtValue(); -// printf("klee_taint_hit hits: %zu sink: %zu\n", taintHits, taintSink); executor.terminateStateOnTargetTaintError(state, taintHits, taintSink); } diff --git a/lib/Module/Annotation.cpp b/lib/Module/Annotation.cpp index 6a40c6c6fa..ad9ab16c06 100644 --- a/lib/Module/Annotation.cpp +++ b/lib/Module/Annotation.cpp @@ -140,12 +140,7 @@ Free::Free(const std::string &str) : Unknown(str) { Kind Free::getKind() const { return Kind::Free; } Taint::Taint(const std::string &str) : Unknown(str) { - if (!rawOffset.empty()) { - klee_error("Annotation Taint: Incorrect offset format, must be empty"); - } - taintType = rawValue.substr(0, rawValue.find(':')); - // TODO: in the future, support typeless annotations (meaning all types) if (taintType.empty()) { klee_error("Annotation Taint: Incorrect value format, must has taint type"); } @@ -166,7 +161,7 @@ TaintOutput::TaintOutput(const std::string &str) : Taint(str) {} Kind TaintOutput::getKind() const { return Kind::TaintOutput; } /* - * Format: TaintPropagation::{type}:{data} + * Format: TaintPropagation:{offset}:{type}:{data} */ TaintPropagation::TaintPropagation(const std::string &str) : Taint(str) { @@ -201,7 +196,7 @@ TaintPropagation::TaintPropagation(const std::string &str) : Taint(str) { Kind TaintPropagation::getKind() const { return Kind::TaintPropagation; } /* - * Format: TaintSink::{type} + * Format: TaintSink:{offset}:{type} */ TaintSink::TaintSink(const std::string &str) : Taint(str) {} From 3c9715cf187aa40e9f3517ef270acdbf9babff9d Mon Sep 17 00:00:00 2001 From: Maria Date: Tue, 11 Jun 2024 05:40:12 +0300 Subject: [PATCH 28/28] Update annotations --- configs/annotations.json | 13087 +++++++++++++++++++++++++++++-- configs/taint-annotations.json | 6 + lib/Core/MockBuilder.cpp | 3 +- 3 files changed, 12239 insertions(+), 857 deletions(-) diff --git a/configs/annotations.json b/configs/annotations.json index 1df2c2f62c..8245d7eb45 100644 --- a/configs/annotations.json +++ b/configs/annotations.json @@ -1,1069 +1,1096 @@ { - "atof": { - "name": "atof", + "__builtin_clz": { + "name": "__builtin_clz", "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [ - "Deref" - ] + [], + [] ], "properties": [] }, - "atoi": { - "name": "atoi", + "__builtin_clzl": { + "name": "__builtin_clzl", "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [ - "Deref" - ] + [], + [] ], "properties": [] }, - "atol": { - "name": "atol", + "__builtin_clzll": { + "name": "__builtin_clzll", "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [ - "Deref" - ] + [], + [] ], "properties": [] }, - "atoll": { - "name": "atoll", + "__builtin_ffs": { + "name": "__builtin_ffs", "annotation": [ - [ - "TaintPropagation::UntrustedSource:1" - ], - [ - "Deref" - ] + [], + [] ], "properties": [] }, - "bcmp": { - "name": "bcmp", + "__builtin_ffsll": { + "name": "__builtin_ffsll", "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [ - "Deref" - ], - [ - "Deref" - ], + [], [] ], "properties": [] }, - "calloc": { - "name": "calloc", + "__builtin_va_end": { + "name": "__builtin_va_end", "annotation": [ - [ - "AllocSource::1", - "InitNull" - ], - [], [] ], "properties": [] }, - "fclose": { - "name": "fclose", + "__builtin_va_start": { + "name": "__builtin_va_start", "annotation": [ [], [ - "Deref" - ] + "TaintPropagation::UntrustedSource:1" + ], + [] ], "properties": [] }, - "fcvt": { - "name": "fcvt", + "_ZNSt8__detail12__int_limitsIiLb1EE3maxEv": { + "name": "__int_limits::max", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNSt8__detail12__int_limitsIiLb1EE3minEv": { + "name": "__int_limits::min", + "annotation": [ + [] + ], + "properties": [] + }, + "_execl": { + "name": "_execl", "annotation": [ + [], [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2", - "TaintPropagation::UntrustedSource:3", - "TaintPropagation::UntrustedSource:4" + "TaintSink::Execute" ], - [], - [], [ - "Deref" + "TaintSink::Execute" ], [ - "Deref" + "TaintSink::Execute" ] ], "properties": [] }, - "feof": { - "name": "feof", + "_execle": { + "name": "_execle", "annotation": [ [], [ - "Deref" + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" ] ], "properties": [] }, - "ferror": { - "name": "ferror", + "_execlp": { + "name": "_execlp", "annotation": [ [], [ - "Deref" - ] - ], - "properties": [] - }, - "fgetc": { - "name": "fgetc", - "annotation": [ + "TaintSink::Execute" + ], [ - "TaintOutput::UntrustedSource" + "TaintSink::Execute" ], [ - "Deref" + "TaintSink::Execute" ] ], "properties": [] }, - "fgetpos": { - "name": "fgetpos", + "_execlpe": { + "name": "_execlpe", "annotation": [ [], [ - "Deref" + "TaintSink::Execute" ], [ - "Deref" + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" ] ], "properties": [] }, - "fgetpos64": { - "name": "fgetpos64", + "_execv": { + "name": "_execv", "annotation": [ [], [ - "Deref" + "TaintSink::Execute" ], [ - "Deref" + "TaintSink::Execute" ] ], "properties": [] }, - "fgets": { - "name": "fgets", + "_execve": { + "name": "_execve", "annotation": [ + [], [ - "InitNull", - "TaintOutput::UntrustedSource" + "TaintSink::Execute" ], [ - "Deref", - "TaintOutput::UntrustedSource" + "TaintSink::Execute" ], - [], [ - "Deref" + "TaintSink::Execute" ] ], "properties": [] }, - "fgetwc": { - "name": "fgetwc", + "_execvp": { + "name": "_execvp", "annotation": [ + [], [ - "TaintOutput::UntrustedSource" + "TaintSink::Execute" ], [ - "Deref" + "TaintSink::Execute" ] ], "properties": [] }, - "fgetws": { - "name": "fgetws", + "_execvpe": { + "name": "_execvpe", "annotation": [ + [], [ - "InitNull", - "TaintOutput::UntrustedSource" + "TaintSink::Execute" ], [ - "Deref", - "TaintOutput::UntrustedSource" + "TaintSink::Execute" ], - [], [ - "Deref" + "TaintSink::Execute" ] ], "properties": [] }, - "fileno": { - "name": "fileno", + "_ZNSt14_Fnv_hash_impl4hashEPKvyy": { + "name": "_Fnv_hash_impl::hash", "annotation": [ [], - [ - "Deref" - ] + [], + [], + [] ], "properties": [] }, - "fopen": { - "name": "fopen", + "_ZNSt10_Hash_impl4hashEPKvyy": { + "name": "_Hash_impl::hash", "annotation": [ - [ - "InitNull" - ], + [], + [], [], [] ], "properties": [] }, - "fopen64": { - "name": "fopen64", + "_ZNSt10_Hash_impl4hashIdEEyRKT_": { + "name": "_Hash_impl::hash", "annotation": [ - [ - "InitNull" - ], [], [] ], "properties": [] }, - "fopen_s": { - "name": "fopen_s", + "_ZNSt10_Hash_impl4hashIfEEyRKT_": { + "name": "_Hash_impl::hash", "annotation": [ [], - [ - "InitNull:*:!=0" - ], + [] + ], + "properties": [] + }, + "_ZNSt10_Hash_impl4hashIiEEyRKT_": { + "name": "_Hash_impl::hash", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_popen": { + "name": "_popen", + "annotation": [ [], [ - "FreeSink::4" - ] + "TaintSink::Execute" + ], + [] ], "properties": [] }, - "fprintf": { - "name": "fprintf", + "_spawnl": { + "name": "_spawnl", "annotation": [ + [], [], [ - "Deref" + "TaintSink::Execute" ], [ - "TaintSink::FormatString", - "TaintSink::SensitiveDataLeak" + "TaintSink::Execute" ], [ - "TaintSink::SensitiveDataLeak" + "TaintSink::Execute" ] ], "properties": [] }, - "fputc": { - "name": "fputc", + "_spawnle": { + "name": "_spawnle", "annotation": [ [], [], [ - "Deref" + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" ] ], "properties": [] }, - "fputs": { - "name": "fputs", + "_spawnlp": { + "name": "_spawnlp", "annotation": [ + [], [], [ - "Deref" + "TaintSink::Execute" ], [ - "Deref" + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" ] ], "properties": [] }, - "fputwc": { - "name": "fputwc", + "_spawnlpe": { + "name": "_spawnlpe", "annotation": [ [], [], [ - "Deref" + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" ] ], "properties": [] }, - "fputws": { - "name": "fputws", + "_spawnv": { + "name": "_spawnv", "annotation": [ + [], [], [ - "Deref" + "TaintSink::Execute" ], [ - "Deref" + "TaintSink::Execute" ] ], "properties": [] }, - "fread": { - "name": "fread", + "_spawnve": { + "name": "_spawnve", "annotation": [ + [], + [], [ - "TaintOutput::UntrustedSource" + "TaintSink::Execute" ], [ - "Deref", - "TaintOutput::UntrustedSource" + "TaintSink::Execute" ], - [], - [], [ - "Deref" + "TaintSink::Execute" ] ], "properties": [] }, - "free": { - "name": "free", + "_spawnvp": { + "name": "_spawnvp", "annotation": [ + [], [], [ - "FreeSink::1" + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" ] ], "properties": [] }, - "freopen": { - "name": "freopen", + "_spawnvpe": { + "name": "_spawnvpe", "annotation": [ - [ - "InitNull" - ], [], [], [ - "Deref" + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" ] ], "properties": [] }, - "freopen64": { - "name": "freopen64", + "_stricmp": { + "name": "_stricmp", "annotation": [ [ - "InitNull" + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" ], [], - [], - [ - "Deref" - ] + [] ], "properties": [] }, - "freopen_s": { - "name": "freopen_s", + "_strnicmp": { + "name": "_strnicmp", "annotation": [ - [], [ - "InitNull:*:!=0" + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" ], [], [], - [ - "FreeSink::4" - ] + [] ], "properties": [] }, - "fscanf": { - "name": "fscanf", + "_texecl": { + "name": "_texecl", "annotation": [ + [], [ - "TaintOutput::UntrustedSource" - ], - [ - "Deref" + "TaintSink::Execute" ], [ - "TaintSink::FormatString" + "TaintSink::Execute" ], [ - "TaintOutput::UntrustedSource" + "TaintSink::Execute" ] ], "properties": [] }, - "fscanf_s": { - "name": "fscanf_s", + "_texecle": { + "name": "_texecle", "annotation": [ + [], [ - "TaintOutput::UntrustedSource" + "TaintSink::Execute" ], [ - "Deref" + "TaintSink::Execute" ], [ - "TaintSink::FormatString" + "TaintSink::Execute" ], [ - "TaintOutput::UntrustedSource" + "TaintSink::Execute" ] ], "properties": [] }, - "fseek": { - "name": "fseek", + "_texeclp": { + "name": "_texeclp", "annotation": [ [], [ - "Deref" + "TaintSink::Execute" ], - [], - [] + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ] ], "properties": [] }, - "fsetpos": { - "name": "fsetpos", + "_texeclpe": { + "name": "_texeclpe", "annotation": [ [], [ - "Deref" + "TaintSink::Execute" ], [ - "Deref" + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" ] ], "properties": [] }, - "fsetpos64": { - "name": "fsetpos64", + "_texecv": { + "name": "_texecv", "annotation": [ [], [ - "Deref" + "TaintSink::Execute" ], [ - "Deref" + "TaintSink::Execute" ] ], "properties": [] }, - "ftell": { - "name": "ftell", + "_texecve": { + "name": "_texecve", "annotation": [ [], [ - "Deref" + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" ] ], "properties": [] }, - "fwide": { - "name": "fwide", + "_texecvp": { + "name": "_texecvp", "annotation": [ [], [ - "Deref" + "TaintSink::Execute" ], - [] + [ + "TaintSink::Execute" + ] ], "properties": [] }, - "fwprintf": { - "name": "fwprintf", + "_texecvpe": { + "name": "_texecvpe", "annotation": [ [], [ - "Deref" + "TaintSink::Execute" ], [ - "TaintSink::FormatString", - "TaintSink::SensitiveDataLeak" + "TaintSink::Execute" ], [ - "TaintSink::SensitiveDataLeak" + "TaintSink::Execute" ] ], "properties": [] }, - "fwrite": { - "name": "fwrite", + "_tolower": { + "name": "_tolower", "annotation": [ - [], [ - "Deref", - "TaintSink::SensitiveDataLeak" + "TaintPropagation::UntrustedSource:1" ], - [], - [], - [ - "Deref" - ] + [] ], "properties": [] }, - "fwscanf": { - "name": "fwscanf", + "_toupper": { + "name": "_toupper", "annotation": [ [ - "TaintOutput::UntrustedSource" - ], - [ - "Deref" + "TaintPropagation::UntrustedSource:1" ], + [] + ], + "properties": [] + }, + "_tpopen": { + "name": "_tpopen", + "annotation": [ + [], [ - "TaintSink::FormatString" + "TaintSink::Execute" ], - [ - "TaintOutput::UntrustedSource" - ] + [] ], "properties": [] }, - "getc": { - "name": "getc", + "_tspawnl": { + "name": "_tspawnl", "annotation": [ + [], + [], [ - "TaintOutput::UntrustedSource" + "TaintSink::Execute" ], [ - "Deref" + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" ] ], "properties": [] }, - "getenv": { - "name": "getenv", + "_tspawnle": { + "name": "_tspawnle", "annotation": [ + [], + [], [ - "TaintOutput::UntrustedSource", - "TaintOutput::SensitiveDataSource" + "TaintSink::Execute" ], [ - "Deref" + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" ] ], "properties": [] }, - "getenv_s": { - "name": "getenv_s", + "_tspawnlp": { + "name": "_tspawnlp", "annotation": [ + [], [], [ - "Deref" + "TaintSink::Execute" ], [ - "Deref", - "TaintOutput::UntrustedSource", - "TaintOutput::SensitiveDataSource" + "TaintSink::Execute" ], - [], - [] + [ + "TaintSink::Execute" + ] ], "properties": [] }, - "gets": { - "name": "gets", + "_tspawnlpe": { + "name": "_tspawnlpe", "annotation": [ + [], + [], [ - "TaintOutput::UntrustedSource" + "TaintSink::Execute" ], [ - "Deref", - "TaintOutput::UntrustedSource" + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" ] ], "properties": [] }, - "localtime": { - "name": "localtime", + "_tspawnv": { + "name": "_tspawnv", "annotation": [ + [], + [], [ - "InitNull::Must" + "TaintSink::Execute" ], - [] + [ + "TaintSink::Execute" + ] ], "properties": [] }, - "gets_s": { - "name": "gets_s", + "_tspawnve": { + "name": "_tspawnve", "annotation": [ + [], + [], [ - "TaintOutput::UntrustedSource" + "TaintSink::Execute" ], [ - "Deref", - "TaintOutput::UntrustedSource" + "TaintSink::Execute" ], - [] + [ + "TaintSink::Execute" + ] ], "properties": [] }, - "getw": { - "name": "getw", + "_tspawnvp": { + "name": "_tspawnvp", "annotation": [ + [], + [], [ - "TaintOutput::UntrustedSource" + "TaintSink::Execute" ], [ - "Deref" + "TaintSink::Execute" ] ], "properties": [] }, - "getwc": { - "name": "getwc", + "_tspawnvpe": { + "name": "_tspawnvpe", "annotation": [ + [], + [], [ - "TaintOutput::UntrustedSource" + "TaintSink::Execute" ], [ - "Deref" + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" ] ], "properties": [] }, - "itoa": { - "name": "itoa", + "_tsystem": { + "name": "_tsystem", "annotation": [ - [], [], [ - "Deref" - ], - [] + "TaintSink::Execute" + ] ], "properties": [] }, - "malloc": { - "name": "malloc", + "_wexecl": { + "name": "_wexecl", "annotation": [ + [], [ - "AllocSource::1", - "InitNull" + "TaintSink::Execute" ], - [] + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ] ], "properties": [] }, - "memccpy": { - "name": "memccpy", + "_wexecle": { + "name": "_wexecle", "annotation": [ [], [ - "Deref", - "TaintPropagation::UntrustedSource:2" + "TaintSink::Execute" ], [ - "Deref" + "TaintSink::Execute" ], - [], - [] + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ] ], "properties": [] }, - "memchr": { - "name": "memchr", + "_wexeclp": { + "name": "_wexeclp", "annotation": [ + [], [ - "InitNull", - "TaintPropagation::UntrustedSource:1" + "TaintSink::Execute" ], [ - "Deref" + "TaintSink::Execute" ], - [], - [] + [ + "TaintSink::Execute" + ] ], "properties": [] }, - "memcmp": { - "name": "memcmp", + "_wexeclpe": { + "name": "_wexeclpe", "annotation": [ + [], [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" + "TaintSink::Execute" ], [ - "Deref" + "TaintSink::Execute" ], [ - "Deref" + "TaintSink::Execute" ], - [] + [ + "TaintSink::Execute" + ] ], "properties": [] }, - "memcpy": { - "name": "memcpy", + "_wexecv": { + "name": "_wexecv", "annotation": [ [], [ - "Deref", - "TaintPropagation::UntrustedSource:2" + "TaintSink::Execute" ], [ - "Deref" - ], - [] + "TaintSink::Execute" + ] ], "properties": [] }, - "memcpy_s": { - "name": "memcpy_s", + "_wexecve": { + "name": "_wexecve", "annotation": [ [], [ - "Deref", - "TaintPropagation::UntrustedSource:3" + "TaintSink::Execute" ], - [], [ - "Deref" + "TaintSink::Execute" ], - [] + [ + "TaintSink::Execute" + ] ], "properties": [] }, - "memicmp": { - "name": "memicmp", + "_wexecvp": { + "name": "_wexecvp", "annotation": [ + [], [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [ - "Deref" + "TaintSink::Execute" ], [ - "Deref" - ], - [], - [] + "TaintSink::Execute" + ] ], "properties": [] }, - "memmem": { - "name": "memmem", + "_wexecvpe": { + "name": "_wexecvpe", "annotation": [ + [], [ - "InitNull", - "TaintPropagation::UntrustedSource:1" + "TaintSink::Execute" ], [ - "Deref" + "TaintSink::Execute" ], + [ + "TaintSink::Execute" + ] + ], + "properties": [] + }, + "_wpopen": { + "name": "_wpopen", + "annotation": [ [], [ - "Deref" + "TaintSink::Execute" ], [] ], "properties": [] }, - "memmove": { - "name": "memmove", + "_wspawnl": { + "name": "_wspawnl", "annotation": [ + [], [], [ - "Deref", - "TaintPropagation::UntrustedSource:2" + "TaintSink::Execute" ], [ - "Deref" + "TaintSink::Execute" ], - [] + [ + "TaintSink::Execute" + ] ], "properties": [] }, - "memmove_s": { - "name": "memmove_s", + "_wspawnle": { + "name": "_wspawnle", "annotation": [ + [], [], [ - "Deref", - "TaintPropagation::UntrustedSource:3" + "TaintSink::Execute" ], - [], [ - "Deref" + "TaintSink::Execute" ], - [] + [ + "TaintSink::Execute" + ] ], "properties": [] }, - "mempcpy": { - "name": "mempcpy", + "_wspawnlp": { + "name": "_wspawnlp", "annotation": [ + [], [], [ - "Deref", - "TaintPropagation::UntrustedSource:2" + "TaintSink::Execute" ], [ - "Deref" + "TaintSink::Execute" ], - [] + [ + "TaintSink::Execute" + ] ], "properties": [] }, - "memset": { - "name": "memset", + "_wspawnlpe": { + "name": "_wspawnlpe", "annotation": [ + [], [], [ - "Deref", - "TaintPropagation::UntrustedSource:1" + "TaintSink::Execute" ], - [], - [] + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ] ], "properties": [] }, - "memset_s": { - "name": "memset_s", + "_wspawnv": { + "name": "_wspawnv", "annotation": [ + [], [], [ - "Deref", - "TaintPropagation::UntrustedSource:1" + "TaintSink::Execute" ], - [], - [], - [] + [ + "TaintSink::Execute" + ] ], "properties": [] }, - "pthread_mutex_lock": { - "name": "pthread_mutex_lock", + "_wspawnve": { + "name": "_wspawnve", "annotation": [ + [], [], [ - "InitNull::!=0" + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" ] ], "properties": [] }, - "pthread_mutex_trylock": { - "name": "pthread_mutex_trylock", + "_wspawnvp": { + "name": "_wspawnvp", "annotation": [ + [], [], [ - "InitNull::!=0" + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" ] ], "properties": [] }, - "putc": { - "name": "putc", + "_wspawnvpe": { + "name": "_wspawnvpe", "annotation": [ [], [], [ - "Deref" + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" ] ], "properties": [] }, - "puts": { - "name": "puts", + "_wsystem": { + "name": "_wsystem", "annotation": [ [], [ - "Deref" + "TaintSink::Execute" ] ], "properties": [] }, - "qsort": { - "name": "qsort", + "abort": { + "name": "abort", "annotation": [ - [], - [ - "Deref" - ], - [], - [], [] ], "properties": [] }, - "rawmemchr": { - "name": "rawmemchr", + "abs": { + "name": "abs", "annotation": [ [ - "InitNull", "TaintPropagation::UntrustedSource:1" ], - [ - "Deref" - ], - [], [] ], "properties": [] }, - "realloc": { - "name": "realloc", + "acos": { + "name": "acos", "annotation": [ [ - "AllocSource::1", - "InitNull" + "TaintPropagation::UntrustedSource:1" ], - [], [] ], "properties": [] }, - "setbuf": { - "name": "setbuf", + "acosf": { + "name": "acosf", "annotation": [ - [], [ - "Deref" + "TaintPropagation::UntrustedSource:1" ], [] ], "properties": [] }, - "setlocale": { - "name": "setlocale", + "acosh": { + "name": "acosh", "annotation": [ [ - "InitNull" + "TaintPropagation::UntrustedSource:1" ], - [], [] ], "properties": [] }, - "snprintf": { - "name": "snprintf", + "acoshf": { + "name": "acoshf", "annotation": [ - [], [ - "Deref", - "TaintPropagation::UntrustedSource:4" + "TaintPropagation::UntrustedSource:1" ], - [], - [ - "TaintSink::FormatString" - ] + [] ], "properties": [] }, - "snprintf_s": { - "name": "snprintf_s", + "acoshl": { + "name": "acoshl", "annotation": [ - [], [ - "Deref", - "TaintPropagation::UntrustedSource:4" + "TaintPropagation::UntrustedSource:1" ], - [], - [ - "TaintSink::FormatString" - ] + [] ], "properties": [] }, - "snwprintf": { - "name": "snwprintf", + "acosl": { + "name": "acosl", "annotation": [ - [], [ - "Deref" + "TaintPropagation::UntrustedSource:1" ], - [], - [ - "TaintSink::FormatString" - ] + [] ], "properties": [] }, - "sprintf": { - "name": "sprintf", + "asin": { + "name": "asin", "annotation": [ [ "TaintPropagation::UntrustedSource:1" ], - [ - "Deref", - "TaintPropagation::UntrustedSource:3" - ], - [ - "TaintSink::FormatString" - ] + [] ], "properties": [] }, - "sprintf_s": { - "name": "sprintf_s", + "asinf": { + "name": "asinf", "annotation": [ [ "TaintPropagation::UntrustedSource:1" ], - [ - "Deref", - "TaintPropagation::UntrustedSource:4" - ], - [], - [ - "TaintSink::FormatString" - ] + [] ], "properties": [] }, - "sscanf": { - "name": "sscanf", + "asinh": { + "name": "asinh", "annotation": [ - [ - "TaintOutput::UntrustedSource" - ], - [ - "Deref" - ], - [ - "TaintSink::FormatString" - ], [ "TaintPropagation::UntrustedSource:1" - ] + ], + [] ], "properties": [] }, - "sscanf_s": { - "name": "sscanf_s", + "asinhf": { + "name": "asinhf", "annotation": [ - [ - "TaintOutput::UntrustedSource" - ], - [ - "Deref" - ], - [ - "TaintSink::FormatString" - ], [ "TaintPropagation::UntrustedSource:1" ], @@ -1071,499 +1098,11374 @@ ], "properties": [] }, - "std::from_chars": { - "name": "std::from_chars", + "asinhl": { + "name": "asinhl", "annotation": [ [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:4" - ], - [ - "Deref" - ], - [], - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:4" + "TaintPropagation::UntrustedSource:1" ], [] ], "properties": [] }, - "std::to_chars": { - "name": "std::to_chars", + "asinl": { + "name": "asinl", "annotation": [ [ - "TaintPropagation::UntrustedSource:3", - "TaintPropagation::UntrustedSource:4" - ], - [ - "Deref", - "TaintPropagation::UntrustedSource:3", - "TaintPropagation::UntrustedSource:4" + "TaintPropagation::UntrustedSource:1" ], - [], - [], [] ], "properties": [] }, - "stpcpy": { - "name": "stpcpy", + "atan": { + "name": "atan", "annotation": [ [ - "TaintPropagation::UntrustedSource:2" - ], - [ - "Deref", - "TaintPropagation::UntrustedSource:2" + "TaintPropagation::UntrustedSource:1" ], [] ], "properties": [] }, - "strcat": { - "name": "strcat", + "atan2": { + "name": "atan2", "annotation": [ [ "TaintPropagation::UntrustedSource:1", "TaintPropagation::UntrustedSource:2" ], - [ - "Deref", - "TaintPropagation::UntrustedSource:2" - ], - [ - "Deref" - ] + [], + [] ], "properties": [] }, - "strcat_s": { - "name": "strcat_s", + "atan2l": { + "name": "atan2l", "annotation": [ [ "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:3" - ], - [ - "Deref", - "TaintPropagation::UntrustedSource:3" + "TaintPropagation::UntrustedSource:2" ], - [], - [ - "Deref" - ] + [] ], "properties": [] }, - "strchr": { - "name": "strchr", + "atanf": { + "name": "atanf", "annotation": [ [ - "InitNull", "TaintPropagation::UntrustedSource:1" ], - [ - "Deref" - ], [] ], "properties": [] }, - "strchrnul": { - "name": "strchrnul", + "atanh": { + "name": "atanh", "annotation": [ [ "TaintPropagation::UntrustedSource:1" ], - [ - "Deref" - ], [] ], "properties": [] }, - "strcmp": { - "name": "strcmp", + "atanhf": { + "name": "atanhf", "annotation": [ [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [ - "Deref" + "TaintPropagation::UntrustedSource:1" ], - [ - "Deref" - ] + [] ], "properties": [] }, - "strcpy": { - "name": "strcpy", + "atanhl": { + "name": "atanhl", "annotation": [ - [], + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "atanl": { + "name": "atanl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "atexit": { + "name": "atexit", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "atof": { + "name": "atof", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ] + ], + "properties": [] + }, + "atoi": { + "name": "atoi", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ] + ], + "properties": [] + }, + "atol": { + "name": "atol", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ] + ], + "properties": [] + }, + "atoll": { + "name": "atoll", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ] + ], + "properties": [] + }, + "_ZSt13back_inserterINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEESt20back_insert_iteratorIT_ERS7_": { + "name": "back_inserter", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "_ZNKSt9bad_alloc4whatEv": { + "name": "bad_alloc::what", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt20bad_array_new_length4whatEv": { + "name": "bad_array_new_length::what", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt8bad_cast4whatEv": { + "name": "bad_cast::what", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt13bad_exception4whatEv": { + "name": "bad_exception::what", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt10bad_typeid4whatEv": { + "name": "bad_typeid::what", + "annotation": [ + [] + ], + "properties": [] + }, + "basename": { + "name": "basename", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "_ZNSi6ignoreEx": { + "name": "basic_istream::ignore", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSi6ignoreExi": { + "name": "basic_istream::ignore", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt13basic_istreamIwSt11char_traitsIwEE6ignoreEx": { + "name": "basic_istream::ignore", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt13basic_istreamIwSt11char_traitsIwEE6ignoreExt": { + "name": "basic_istream::ignore", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEC1EOS4_": { + "name": "basic_string::basic_string", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEC1EPKcRKS3_": { + "name": "basic_string::basic_string", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:2" + ], + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEEC1EPKwRKS3_": { + "name": "basic_string::basic_string", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:2" + ], + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE5c_strEv": { + "name": "basic_string::c_str", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "_ZNKSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEE5c_strEv": { + "name": "basic_string::c_str", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE5clearEv": { + "name": "basic_string::clear", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE4dataEv": { + "name": "basic_string::data", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt7__cxx1112basic_stringIDiSt11char_traitsIDiESaIDiEE4dataEv": { + "name": "basic_string::data", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt7__cxx1112basic_stringIDsSt11char_traitsIDsESaIDsEE4dataEv": { + "name": "basic_string::data", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEE4dataEv": { + "name": "basic_string::data", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE6lengthEv": { + "name": "basic_string::length", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt7__cxx1112basic_stringIDiSt11char_traitsIDiESaIDiEE6lengthEv": { + "name": "basic_string::length", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt7__cxx1112basic_stringIDsSt11char_traitsIDsESaIDsEE6lengthEv": { + "name": "basic_string::length", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEE6lengthEv": { + "name": "basic_string::length", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEpLEc": { + "name": "basic_string::operator+=", + "annotation": [ + [], + [ + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEpLERKS4_": { + "name": "basic_string::operator+=", + "annotation": [ + [], + [ + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEixEy": { + "name": "basic_string::operator[]", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE7reserveEy": { + "name": "basic_string::reserve", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE4sizeEv": { + "name": "basic_string::size", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt17basic_string_viewIcSt11char_traitsIcEE4dataEv": { + "name": "basic_string_view::data", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt17basic_string_viewIDiSt11char_traitsIDiEE4dataEv": { + "name": "basic_string_view::data", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt17basic_string_viewIDsSt11char_traitsIDsEE4dataEv": { + "name": "basic_string_view::data", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt17basic_string_viewIwSt11char_traitsIwEE4dataEv": { + "name": "basic_string_view::data", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt17basic_string_viewIcSt11char_traitsIcEE6lengthEv": { + "name": "basic_string_view::length", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt17basic_string_viewIDiSt11char_traitsIDiEE6lengthEv": { + "name": "basic_string_view::length", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt17basic_string_viewIDsSt11char_traitsIDsEE6lengthEv": { + "name": "basic_string_view::length", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt17basic_string_viewIwSt11char_traitsIwEE6lengthEv": { + "name": "basic_string_view::length", + "annotation": [ + [] + ], + "properties": [] + }, + "bcmp": { + "name": "bcmp", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [ + "Deref" + ], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "_ZSt9boolalphaRSt8ios_base": { + "name": "boolalpha", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "bsearch": { + "name": "bsearch", + "annotation": [ + [], + [], + [], + [], + [], + [] + ], + "properties": [] + }, + "btowc": { + "name": "btowc", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "cabf": { + "name": "cabf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "cabl": { + "name": "cabl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "cabs": { + "name": "cabs", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "cacos": { + "name": "cacos", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "cacosf": { + "name": "cacosf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "cacosh": { + "name": "cacosh", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "cacoshf": { + "name": "cacoshf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "cacoshl": { + "name": "cacoshl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "cacosl": { + "name": "cacosl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "calloc": { + "name": "calloc", + "annotation": [ + [ + "AllocSource::1", + "InitNull" + ], + [], + [] + ], + "properties": [] + }, + "canonicalize": { + "name": "canonicalize", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "canonicalizef": { + "name": "canonicalizef", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "canonicalizel": { + "name": "canonicalizel", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "carg": { + "name": "carg", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "cargf": { + "name": "cargf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "cargl": { + "name": "cargl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "casin": { + "name": "casin", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "casinf": { + "name": "casinf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "casinh": { + "name": "casinh", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "casinhf": { + "name": "casinhf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "casinhl": { + "name": "casinhl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "casinl": { + "name": "casinl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "catan": { + "name": "catan", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "catanf": { + "name": "catanf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "catanh": { + "name": "catanh", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "catanhf": { + "name": "catanhf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "catanhl": { + "name": "catanhl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "catanl": { + "name": "catanl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "cbrt": { + "name": "cbrt", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "cbrtf": { + "name": "cbrtf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "cbrtl": { + "name": "cbrtl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "ccosh": { + "name": "ccosh", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "ccoshf": { + "name": "ccoshf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "ccoshl": { + "name": "ccoshl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "ceil": { + "name": "ceil", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "ceilf": { + "name": "ceilf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "ceill": { + "name": "ceill", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "cexp": { + "name": "cexp", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "cexpf": { + "name": "cexpf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "cexpl": { + "name": "cexpl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIcE6assignEPcyc": { + "name": "char_traits::assign", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIcE6assignERcRKc": { + "name": "char_traits::assign", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIDiE6assignEPDiyDi": { + "name": "char_traits::assign", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIDiE6assignERDiRKDi": { + "name": "char_traits::assign", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIDsE6assignEPDsyDs": { + "name": "char_traits::assign", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIDsE6assignERDsRKDs": { + "name": "char_traits::assign", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIwE6assignEPwyw": { + "name": "char_traits::assign", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIwE6assignERwRKw": { + "name": "char_traits::assign", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZN9__gnu_cxx11char_traitsIcE7compareEPKcS3_y": { + "name": "char_traits::compare", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZN9__gnu_cxx11char_traitsIwE7compareEPKwS3_y": { + "name": "char_traits::compare", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIcE7compareEPKcS2_y": { + "name": "char_traits::compare", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIDiE7compareEPKDiS2_y": { + "name": "char_traits::compare", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIDsE7compareEPKDsS2_y": { + "name": "char_traits::compare", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIwE7compareEPKwS2_y": { + "name": "char_traits::compare", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIcE4copyEPcPKcy": { + "name": "char_traits::copy", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIDiE4copyEPDiPKDiy": { + "name": "char_traits::copy", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIDsE4copyEPDsPKDsy": { + "name": "char_traits::copy", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIwE4copyEPwPKwy": { + "name": "char_traits::copy", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIcE3eofEv": { + "name": "char_traits::eof", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIDiE3eofEv": { + "name": "char_traits::eof", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIDsE3eofEv": { + "name": "char_traits::eof", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIwE3eofEv": { + "name": "char_traits::eof", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIcE2eqERKcS2_": { + "name": "char_traits::eq", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIDiE2eqERKDiS2_": { + "name": "char_traits::eq", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIDsE2eqERKDsS2_": { + "name": "char_traits::eq", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIwE2eqERKwS2_": { + "name": "char_traits::eq", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIcE11eq_int_typeERKiS2_": { + "name": "char_traits::eq_int_type", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIDiE11eq_int_typeERKjS2_": { + "name": "char_traits::eq_int_type", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIDsE11eq_int_typeERKtS2_": { + "name": "char_traits::eq_int_type", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIwE11eq_int_typeERKtS2_": { + "name": "char_traits::eq_int_type", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZN9__gnu_cxx11char_traitsIcE4findEPKcyRS2_": { + "name": "char_traits::find", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZN9__gnu_cxx11char_traitsIwE4findEPKwyRS2_": { + "name": "char_traits::find", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIcE4findEPKcyRS1_": { + "name": "char_traits::find", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIDiE4findEPKDiyRS1_": { + "name": "char_traits::find", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIDsE4findEPKDsyRS1_": { + "name": "char_traits::find", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIwE4findEPKwyRS1_": { + "name": "char_traits::find", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZN9__gnu_cxx11char_traitsIcE6lengthEPKc": { + "name": "char_traits::length", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZN9__gnu_cxx11char_traitsIwE6lengthEPKw": { + "name": "char_traits::length", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIcE6lengthEPKc": { + "name": "char_traits::length", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIDiE6lengthEPKDi": { + "name": "char_traits::length", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIDsE6lengthEPKDs": { + "name": "char_traits::length", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIwE6lengthEPKw": { + "name": "char_traits::length", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIcE2ltERKcS2_": { + "name": "char_traits::lt", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIDiE2ltERKDiS2_": { + "name": "char_traits::lt", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIDsE2ltERKDsS2_": { + "name": "char_traits::lt", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIwE2ltERKwS2_": { + "name": "char_traits::lt", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIcE4moveEPcPKcy": { + "name": "char_traits::move", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIDiE4moveEPDiPKDiy": { + "name": "char_traits::move", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIDsE4moveEPDsPKDsy": { + "name": "char_traits::move", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIwE4moveEPwPKwy": { + "name": "char_traits::move", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIcE7not_eofERKi": { + "name": "char_traits::not_eof", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIDiE7not_eofERKj": { + "name": "char_traits::not_eof", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIDsE7not_eofERKt": { + "name": "char_traits::not_eof", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIwE7not_eofERKt": { + "name": "char_traits::not_eof", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIcE12to_char_typeERKi": { + "name": "char_traits::to_char_type", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIDiE12to_char_typeERKj": { + "name": "char_traits::to_char_type", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIDsE12to_char_typeERKt": { + "name": "char_traits::to_char_type", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIwE12to_char_typeERKt": { + "name": "char_traits::to_char_type", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIcE11to_int_typeERKc": { + "name": "char_traits::to_int_type", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIDiE11to_int_typeERKDi": { + "name": "char_traits::to_int_type", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIDsE11to_int_typeERKDs": { + "name": "char_traits::to_int_type", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt11char_traitsIwE11to_int_typeERKw": { + "name": "char_traits::to_int_type", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "cimag": { + "name": "cimag", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "cimagf": { + "name": "cimagf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "cimagl": { + "name": "cimagl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "clearerr": { + "name": "clearerr", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "clearerr_s": { + "name": "clearerr_s", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "clog": { + "name": "clog", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "clog10": { + "name": "clog10", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "clog10f": { + "name": "clog10f", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "clog10l": { + "name": "clog10l", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "clogf": { + "name": "clogf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "clogl": { + "name": "clogl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "close": { + "name": "close", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "conj": { + "name": "conj", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "conjf": { + "name": "conjf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "conjl": { + "name": "conjl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "copysign": { + "name": "copysign", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "copysignf": { + "name": "copysignf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "copysignl": { + "name": "copysignl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "cosh": { + "name": "cosh", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "coshf": { + "name": "coshf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "coshl": { + "name": "coshl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "cpow": { + "name": "cpow", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "cpowf": { + "name": "cpowf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "cpowl": { + "name": "cpowl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "cproj": { + "name": "cproj", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "cprojf": { + "name": "cprojf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "cprojl": { + "name": "cprojl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "creal": { + "name": "creal", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "crealf": { + "name": "crealf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "creall": { + "name": "creall", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "CreateProcessA": { + "name": "CreateProcessA", + "annotation": [ + [], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [], + [], + [], + [], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [], + [] + ], + "properties": [] + }, + "CreateProcessAsUserA": { + "name": "CreateProcessAsUserA", + "annotation": [ + [], + [], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [], + [], + [], + [], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [], + [] + ], + "properties": [] + }, + "CreateProcessAsUserW": { + "name": "CreateProcessAsUserW", + "annotation": [ + [], + [], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [], + [], + [], + [], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [], + [] + ], + "properties": [] + }, + "CreateProcessW": { + "name": "CreateProcessW", + "annotation": [ + [], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [], + [], + [], + [], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [], + [] + ], + "properties": [] + }, + "CreateProcessWithLogonW": { + "name": "CreateProcessWithLogonW", + "annotation": [ + [], + [], + [], + [], + [], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [], + [] + ], + "properties": [] + }, + "CreateProcessWithTokenW": { + "name": "CreateProcessWithTokenW", + "annotation": [ + [], + [], + [], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [], + [] + ], + "properties": [] + }, + "csinh": { + "name": "csinh", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "csinhf": { + "name": "csinhf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "csinhl": { + "name": "csinhl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "csqrt": { + "name": "csqrt", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "csqrtf": { + "name": "csqrtf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "csqrtl": { + "name": "csqrtl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "ctanh": { + "name": "ctanh", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "ctanhf": { + "name": "ctanhf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "ctanhl": { + "name": "ctanhl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "_ZNSt5ctypeIcE13classic_tableEv": { + "name": "ctype::classic_table", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIwE5do_isEPKwS2_Pt": { + "name": "ctype::do_is", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIwE5do_isEtw": { + "name": "ctype::do_is", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIcE9do_narrowEcc": { + "name": "ctype::do_narrow", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIcE9do_narrowEPKcS2_cPc": { + "name": "ctype::do_narrow", + "annotation": [ + [], + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIwE9do_narrowEPKwS2_cPc": { + "name": "ctype::do_narrow", + "annotation": [ + [], + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIwE9do_narrowEwc": { + "name": "ctype::do_narrow", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIwE10do_scan_isEtPKwS2_": { + "name": "ctype::do_scan_is", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIwE11do_scan_notEtPKwS2_": { + "name": "ctype::do_scan_not", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIcE10do_tolowerEc": { + "name": "ctype::do_tolower", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIcE10do_tolowerEPcPKc": { + "name": "ctype::do_tolower", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIwE10do_tolowerEPwPKw": { + "name": "ctype::do_tolower", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIwE10do_tolowerEw": { + "name": "ctype::do_tolower", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIcE10do_toupperEc": { + "name": "ctype::do_toupper", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIcE10do_toupperEPcPKc": { + "name": "ctype::do_toupper", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIwE10do_toupperEPwPKw": { + "name": "ctype::do_toupper", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIwE10do_toupperEw": { + "name": "ctype::do_toupper", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIcE8do_widenEc": { + "name": "ctype::do_widen", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIcE8do_widenEPKcS2_Pc": { + "name": "ctype::do_widen", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIwE8do_widenEc": { + "name": "ctype::do_widen", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIwE8do_widenEPKcS2_Pw": { + "name": "ctype::do_widen", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIcE2isEPKcS2_Pt": { + "name": "ctype::is", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIcE2isEtc": { + "name": "ctype::is", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIcE6narrowEcc": { + "name": "ctype::narrow", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIcE6narrowEPKcS2_cPc": { + "name": "ctype::narrow", + "annotation": [ + [], + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIcE7scan_isEtPKcS2_": { + "name": "ctype::scan_is", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIcE8scan_notEtPKcS2_": { + "name": "ctype::scan_not", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIcE5tableEv": { + "name": "ctype::table", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIcE7tolowerEc": { + "name": "ctype::tolower", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIcE7tolowerEPcPKc": { + "name": "ctype::tolower", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIcE7toupperEc": { + "name": "ctype::toupper", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIcE7toupperEPcPKc": { + "name": "ctype::toupper", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIcE5widenEc": { + "name": "ctype::widen", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt5ctypeIcE5widenEPKcS2_Pc": { + "name": "ctype::widen", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZSt17current_exceptionv": { + "name": "current_exception", + "annotation": [ + [] + ], + "properties": [] + }, + "cwait": { + "name": "cwait", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "daddl": { + "name": "daddl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "ddivl": { + "name": "ddivl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "_ZSt3decRSt8ios_base": { + "name": "dec", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZSt12defaultfloatRSt8ios_base": { + "name": "defaultfloat", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "dfmal": { + "name": "dfmal", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "dirname": { + "name": "dirname", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "_ZN9__gnu_cxx3divExx": { + "name": "div", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZSt3divll": { + "name": "div", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "div": { + "name": "div", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "dmull": { + "name": "dmull", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "dpax_popen_s": { + "name": "dpax_popen_s", + "annotation": [ + [], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [] + ], + "properties": [] + }, + "dpax_system_s": { + "name": "dpax_system_s", + "annotation": [ + [], + [ + "TaintSink::Execute" + ], + [] + ], + "properties": [] + }, + "drem": { + "name": "drem", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "dremf": { + "name": "dremf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "dreml": { + "name": "dreml", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "dsqrtl": { + "name": "dsqrtl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "dsubl": { + "name": "dsubl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "ecvt": { + "name": "ecvt", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2", + "TaintPropagation::UntrustedSource:3", + "TaintPropagation::UntrustedSource:4" + ], + [], + [], + [], + [] + ], + "properties": [] + }, + "erf": { + "name": "erf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "erfc": { + "name": "erfc", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "erfcf": { + "name": "erfcf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "erfcl": { + "name": "erfcl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "erff": { + "name": "erff", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "erfl": { + "name": "erfl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "_ZNKSt3_V214error_category23default_error_conditionEi": { + "name": "error_category::default_error_condition", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt3_V214error_category10equivalentEiRKSt15error_condition": { + "name": "error_category::equivalent", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt3_V214error_category10equivalentERKSt10error_codei": { + "name": "error_category::equivalent", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt3_V214error_category7messageB5cxx11Ei": { + "name": "error_category::message", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt3_V214error_category4nameEv": { + "name": "error_category::name", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt3_V214error_categoryneERKS0_": { + "name": "error_category::operator!=", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt3_V214error_categoryltERKS0_": { + "name": "error_category::operator<", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt3_V214error_categoryeqERKS0_": { + "name": "error_category::operator==", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt10error_code6assignEiRKNSt3_V214error_categoryE": { + "name": "error_code::assign", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt10error_code8categoryEv": { + "name": "error_code::category", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNSt10error_code5clearEv": { + "name": "error_code::clear", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt10error_code23default_error_conditionEv": { + "name": "error_code::default_error_condition", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt10error_code7messageB5cxx11Ev": { + "name": "error_code::message", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt10error_code5valueEv": { + "name": "error_code::value", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNSt15error_condition6assignEiRKNSt3_V214error_categoryE": { + "name": "error_condition::assign", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt15error_condition8categoryEv": { + "name": "error_condition::category", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNSt15error_condition5clearEv": { + "name": "error_condition::clear", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt15error_condition7messageB5cxx11Ev": { + "name": "error_condition::message", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt15error_condition5valueEv": { + "name": "error_condition::value", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt9exception4whatEv": { + "name": "exception::what", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNSt15__exception_ptr13exception_ptr4swapERS0_": { + "name": "exception_ptr::swap", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "execl": { + "name": "execl", + "annotation": [ + [], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ] + ], + "properties": [] + }, + "execle": { + "name": "execle", + "annotation": [ + [], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ] + ], + "properties": [] + }, + "execlp": { + "name": "execlp", + "annotation": [ + [], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ] + ], + "properties": [] + }, + "execlpe": { + "name": "execlpe", + "annotation": [ + [], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ] + ], + "properties": [] + }, + "execv": { + "name": "execv", + "annotation": [ + [], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ] + ], + "properties": [] + }, + "execve": { + "name": "execve", + "annotation": [ + [], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ] + ], + "properties": [] + }, + "execvp": { + "name": "execvp", + "annotation": [ + [], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ] + ], + "properties": [] + }, + "execvpe": { + "name": "execvpe", + "annotation": [ + [], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ] + ], + "properties": [] + }, + "exit": { + "name": "exit", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "exp": { + "name": "exp", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "exp10": { + "name": "exp10", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "exp10f": { + "name": "exp10f", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "exp10l": { + "name": "exp10l", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "exp2": { + "name": "exp2", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "exp2f": { + "name": "exp2f", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "exp2l": { + "name": "exp2l", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "expf": { + "name": "expf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "expl": { + "name": "expl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "expm1": { + "name": "expm1", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "expm1f": { + "name": "expm1f", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "expm1l": { + "name": "expm1l", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "fabs": { + "name": "fabs", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "fabsf": { + "name": "fabsf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "fabsl": { + "name": "fabsl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "fadd": { + "name": "fadd", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "faddl": { + "name": "faddl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fclose": { + "name": "fclose", + "annotation": [ + [], + [ + "Deref" + ] + ], + "properties": [] + }, + "fcloseall": { + "name": "fcloseall", + "annotation": [ + [] + ], + "properties": [] + }, + "fcvt": { + "name": "fcvt", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2", + "TaintPropagation::UntrustedSource:3", + "TaintPropagation::UntrustedSource:4" + ], + [], + [], + [ + "Deref" + ], + [ + "Deref" + ] + ], + "properties": [] + }, + "fdim": { + "name": "fdim", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fdimf": { + "name": "fdimf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fdiml": { + "name": "fdiml", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fdiv": { + "name": "fdiv", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fdivl": { + "name": "fdivl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fdopen": { + "name": "fdopen", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "feof": { + "name": "feof", + "annotation": [ + [], + [ + "Deref" + ] + ], + "properties": [] + }, + "ferror": { + "name": "ferror", + "annotation": [ + [], + [ + "Deref" + ] + ], + "properties": [] + }, + "fflush": { + "name": "fflush", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "ffma": { + "name": "ffma", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "ffmal": { + "name": "ffmal", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fgetc": { + "name": "fgetc", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [ + "Deref" + ] + ], + "properties": [] + }, + "fgetchar": { + "name": "fgetchar", + "annotation": [ + [] + ], + "properties": [] + }, + "fgetpos": { + "name": "fgetpos", + "annotation": [ + [], + [ + "Deref" + ], + [ + "Deref" + ] + ], + "properties": [] + }, + "fgetpos64": { + "name": "fgetpos64", + "annotation": [ + [], + [ + "Deref" + ], + [ + "Deref" + ] + ], + "properties": [] + }, + "fgets": { + "name": "fgets", + "annotation": [ + [ + "InitNull", + "TaintOutput::UntrustedSource" + ], + [ + "Deref", + "TaintOutput::UntrustedSource" + ], + [], + [ + "Deref" + ] + ], + "properties": [] + }, + "fgetwc": { + "name": "fgetwc", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [ + "Deref" + ] + ], + "properties": [] + }, + "fgetws": { + "name": "fgetws", + "annotation": [ + [ + "InitNull", + "TaintOutput::UntrustedSource" + ], + [ + "Deref", + "TaintOutput::UntrustedSource" + ], + [], + [ + "Deref" + ] + ], + "properties": [] + }, + "fileno": { + "name": "fileno", + "annotation": [ + [], + [ + "Deref" + ] + ], + "properties": [] + }, + "_ZSt5fixedRSt8ios_base": { + "name": "fixed", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "floor": { + "name": "floor", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "floorf": { + "name": "floorf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "floorl": { + "name": "floorl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "flushall": { + "name": "flushall", + "annotation": [ + [] + ], + "properties": [] + }, + "fma": { + "name": "fma", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fmaf": { + "name": "fmaf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fmal": { + "name": "fmal", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fmax": { + "name": "fmax", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fmaxf": { + "name": "fmaxf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fmaximum": { + "name": "fmaximum", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fmaximum_mag": { + "name": "fmaximum_mag", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fmaximum_mag_num": { + "name": "fmaximum_mag_num", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fmaximum_mag_numf": { + "name": "fmaximum_mag_numf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fmaximum_mag_numl": { + "name": "fmaximum_mag_numl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fmaximum_magf": { + "name": "fmaximum_magf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fmaximum_magl": { + "name": "fmaximum_magl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fmaximum_num": { + "name": "fmaximum_num", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fmaximum_numf": { + "name": "fmaximum_numf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fmaximum_numl": { + "name": "fmaximum_numl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fmaximumf": { + "name": "fmaximumf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fmaximuml": { + "name": "fmaximuml", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fmaxl": { + "name": "fmaxl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fmaxmag": { + "name": "fmaxmag", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fmaxmagf": { + "name": "fmaxmagf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fmaxmagl": { + "name": "fmaxmagl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fmemopen": { + "name": "fmemopen", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "fmin": { + "name": "fmin", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fminf": { + "name": "fminf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fminimum": { + "name": "fminimum", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fminimum_mag": { + "name": "fminimum_mag", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fminimum_mag_num": { + "name": "fminimum_mag_num", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fminimum_mag_numf": { + "name": "fminimum_mag_numf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fminimum_mag_numl": { + "name": "fminimum_mag_numl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fminimum_magf": { + "name": "fminimum_magf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fminimum_magl": { + "name": "fminimum_magl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fminimum_num": { + "name": "fminimum_num", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fminimum_numf": { + "name": "fminimum_numf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fminimum_numl": { + "name": "fminimum_numl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fminimumf": { + "name": "fminimumf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fminimuml": { + "name": "fminimuml", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fminl": { + "name": "fminl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fminmag": { + "name": "fminmag", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fminmagf": { + "name": "fminmagf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fminmagl": { + "name": "fminmagl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fmod": { + "name": "fmod", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fmodf": { + "name": "fmodf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fmodl": { + "name": "fmodl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fmul": { + "name": "fmul", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fmull": { + "name": "fmull", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fopen": { + "name": "fopen", + "annotation": [ + [ + "InitNull" + ], + [ + "TaintSink::PathString" + ], + [] + ], + "properties": [] + }, + "fopen64": { + "name": "fopen64", + "annotation": [ + [ + "InitNull" + ], + [ + "TaintSink::PathString" + ], + [] + ], + "properties": [] + }, + "fopen_s": { + "name": "fopen_s", + "annotation": [ + [], + [ + "InitNull:*:!=0" + ], + [ + "TaintSink::PathString" + ], + [ + "FreeSink::4" + ] + ], + "properties": [] + }, + "_Z7fprintfP6_iobufPKcz": { + "name": "fprintf", + "annotation": [ + [], + [ + "Deref" + ], + [ + "TaintSink::FormatString", + "TaintSink::SensitiveDataLeak" + ], + [ + "TaintSink::SensitiveDataLeak" + ] + ], + "properties": [] + }, + "fprintf": { + "name": "fprintf", + "annotation": [ + [], + [ + "Deref" + ], + [ + "TaintSink::FormatString", + "TaintSink::SensitiveDataLeak" + ], + [ + "TaintSink::SensitiveDataLeak" + ] + ], + "properties": [] + }, + "fprintf_s": { + "name": "fprintf_s", + "annotation": [ + [], + [], + [ + "TaintSink::FormatString", + "TaintSink::SensitiveDataLeak" + ], + [ + "TaintSink::SensitiveDataLeak" + ] + ], + "properties": [] + }, + "fputc": { + "name": "fputc", + "annotation": [ + [], + [], + [ + "Deref" + ] + ], + "properties": [] + }, + "fputchar": { + "name": "fputchar", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "fputs": { + "name": "fputs", + "annotation": [ + [], + [ + "Deref" + ], + [ + "Deref" + ] + ], + "properties": [] + }, + "fputwc": { + "name": "fputwc", + "annotation": [ + [], + [], + [ + "Deref" + ] + ], + "properties": [] + }, + "fputws": { + "name": "fputws", + "annotation": [ + [], + [ + "Deref" + ], + [ + "Deref" + ] + ], + "properties": [] + }, + "fread": { + "name": "fread", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [ + "Deref", + "TaintOutput::UntrustedSource" + ], + [], + [], + [ + "Deref" + ] + ], + "properties": [] + }, + "fread_s": { + "name": "fread_s", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [ + "TaintOutput::UntrustedSource" + ], + [], + [], + [], + [] + ], + "properties": [] + }, + "free": { + "name": "free", + "annotation": [ + [], + [ + "FreeSink::1" + ] + ], + "properties": [] + }, + "freopen": { + "name": "freopen", + "annotation": [ + [ + "InitNull" + ], + [], + [], + [ + "Deref" + ] + ], + "properties": [] + }, + "freopen64": { + "name": "freopen64", + "annotation": [ + [ + "InitNull" + ], + [], + [], + [ + "Deref" + ] + ], + "properties": [] + }, + "freopen_s": { + "name": "freopen_s", + "annotation": [ + [], + [ + "InitNull:*:!=0" + ], + [], + [], + [ + "FreeSink::4" + ] + ], + "properties": [] + }, + "fromfp": { + "name": "fromfp", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "fromfpf": { + "name": "fromfpf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "fromfpl": { + "name": "fromfpl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "fromfpx": { + "name": "fromfpx", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "fromfpxf": { + "name": "fromfpxf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "fromfpxl": { + "name": "fromfpxl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "fscanf": { + "name": "fscanf", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [ + "Deref" + ], + [ + "TaintSink::FormatString" + ], + [ + "TaintOutput::UntrustedSource" + ] + ], + "properties": [] + }, + "fscanf_s": { + "name": "fscanf_s", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [ + "Deref" + ], + [ + "TaintSink::FormatString" + ], + [ + "TaintOutput::UntrustedSource" + ] + ], + "properties": [] + }, + "fseek": { + "name": "fseek", + "annotation": [ + [], + [ + "Deref" + ], + [], + [] + ], + "properties": [] + }, + "fseeko": { + "name": "fseeko", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "fseeko64": { + "name": "fseeko64", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "fsetpos": { + "name": "fsetpos", + "annotation": [ + [], + [ + "Deref" + ], + [ + "Deref" + ] + ], + "properties": [] + }, + "fsetpos64": { + "name": "fsetpos64", + "annotation": [ + [], + [ + "Deref" + ], + [ + "Deref" + ] + ], + "properties": [] + }, + "fsqrt": { + "name": "fsqrt", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fsqrtl": { + "name": "fsqrtl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fstat": { + "name": "fstat", + "annotation": [ + [], + [], + [ + "TaintPropagation::UntrustedSource:1" + ] + ], + "properties": [] + }, + "fsub": { + "name": "fsub", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "fsubl": { + "name": "fsubl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "ftell": { + "name": "ftell", + "annotation": [ + [], + [ + "Deref" + ] + ], + "properties": [] + }, + "ftello": { + "name": "ftello", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "ftello64": { + "name": "ftello64", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "ftime": { + "name": "ftime", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "fwide": { + "name": "fwide", + "annotation": [ + [], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "fwprintf": { + "name": "fwprintf", + "annotation": [ + [], + [ + "Deref" + ], + [ + "TaintSink::FormatString", + "TaintSink::SensitiveDataLeak" + ], + [ + "TaintSink::SensitiveDataLeak" + ] + ], + "properties": [] + }, + "fwprintf_s": { + "name": "fwprintf_s", + "annotation": [ + [], + [], + [ + "TaintSink::FormatString", + "TaintSink::SensitiveDataLeak" + ], + [ + "TaintSink::SensitiveDataLeak" + ] + ], + "properties": [] + }, + "fwrite": { + "name": "fwrite", + "annotation": [ + [], + [ + "Deref", + "TaintSink::SensitiveDataLeak" + ], + [], + [], + [ + "Deref" + ] + ], + "properties": [] + }, + "fwscanf": { + "name": "fwscanf", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [ + "Deref" + ], + [ + "TaintSink::FormatString" + ], + [ + "TaintOutput::UntrustedSource" + ] + ], + "properties": [] + }, + "g_spawn_async": { + "name": "g_spawn_async", + "annotation": [ + [], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [], + [], + [], + [], + [] + ], + "properties": [] + }, + "g_spawn_command_line_async": { + "name": "g_spawn_command_line_async", + "annotation": [ + [], + [ + "TaintSink::Execute" + ], + [] + ], + "properties": [] + }, + "g_spawn_command_line_sync": { + "name": "g_spawn_command_line_sync", + "annotation": [ + [], + [ + "TaintSink::Execute" + ], + [] + ], + "properties": [] + }, + "g_spawn_sync": { + "name": "g_spawn_sync", + "annotation": [ + [], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [], + [], + [], + [], + [], + [], + [] + ], + "properties": [] + }, + "gamma": { + "name": "gamma", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "gammaf": { + "name": "gammaf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "gammal": { + "name": "gammal", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "gcvt": { + "name": "gcvt", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt3_V216generic_categoryEv": { + "name": "generic_category", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZSt15get_new_handlerv": { + "name": "get_new_handler", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZSt13get_terminatev": { + "name": "get_terminate", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZSt14get_unexpectedv": { + "name": "get_unexpected", + "annotation": [ + [] + ], + "properties": [] + }, + "getc": { + "name": "getc", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [ + "Deref" + ] + ], + "properties": [] + }, + "getchar": { + "name": "getchar", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ] + ], + "properties": [] + }, + "getenv": { + "name": "getenv", + "annotation": [ + [ + "TaintOutput::UntrustedSource", + "TaintOutput::SensitiveDataSource" + ], + [ + "Deref" + ] + ], + "properties": [] + }, + "getenv_s": { + "name": "getenv_s", + "annotation": [ + [], + [ + "Deref" + ], + [ + "Deref", + "TaintOutput::UntrustedSource", + "TaintOutput::SensitiveDataSource" + ], + [], + [] + ], + "properties": [] + }, + "getpid": { + "name": "getpid", + "annotation": [ + [] + ], + "properties": [] + }, + "gets": { + "name": "gets", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [ + "TaintOutput::UntrustedSource", + "Deref" + ] + ], + "properties": [] + }, + "gets_s": { + "name": "gets_s", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [ + "TaintOutput::UntrustedSource", + "Deref" + ], + [] + ], + "properties": [] + }, + "getw": { + "name": "getw", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [ + "Deref" + ] + ], + "properties": [] + }, + "getwc": { + "name": "getwc", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [ + "Deref" + ] + ], + "properties": [] + }, + "getwchar": { + "name": "getwchar", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ] + ], + "properties": [] + }, + "_ZNKSt7greaterIPVKvEclES1_S1_": { + "name": "greater::operator()", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt13greater_equalIPVKvEclES1_S1_": { + "name": "greater_equal::operator()", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashIaEclEa": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashIbEclEb": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashIcEclEc": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashIdEclEd": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashIDiEclEDi": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashIDnEclEDn": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashIDsEclEDs": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashIeEclEe": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashIfEclEf": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashIhEclEh": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashIiEclEi": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashIjEclEj": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashIlEclEl": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashImEclEm": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashInEclEn": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEEclERKS5_": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashINSt7__cxx1112basic_stringIDiSt11char_traitsIDiESaIDiEEEEclERKS5_": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashINSt7__cxx1112basic_stringIDsSt11char_traitsIDsESaIDsEEEEclERKS5_": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashINSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEEEEclERKS5_": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashIoEclEo": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashIsEclEs": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashISt10error_codeEclERKS0_": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashISt15error_conditionEclERKS0_": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashISt17basic_string_viewIcSt11char_traitsIcEEEclERKS3_": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashISt17basic_string_viewIDiSt11char_traitsIDiEEEclERKS3_": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashISt17basic_string_viewIDsSt11char_traitsIDsEEEclERKS3_": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashISt17basic_string_viewIwSt11char_traitsIwEEEclERKS3_": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashItEclEt": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashIwEclEw": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashIxEclEx": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4hashIyEclEy": { + "name": "hash::operator()", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZSt3hexRSt8ios_base": { + "name": "hex", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZSt8hexfloatRSt8ios_base": { + "name": "hexfloat", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "htonl": { + "name": "htonl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "htons": { + "name": "htons", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "hypot": { + "name": "hypot", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "hypotf": { + "name": "hypotf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "hypotl": { + "name": "hypotl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "ilogb": { + "name": "ilogb", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "ilogbf": { + "name": "ilogbf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "ilogbl": { + "name": "ilogbl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "_ZSt8internalRSt8ios_base": { + "name": "internal", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt8ios_base5flagsEv": { + "name": "ios_base::flags", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNSt8ios_base5flagsESt13_Ios_Fmtflags": { + "name": "ios_base::flags", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt8ios_base6getlocEv": { + "name": "ios_base::getloc", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNSt8ios_base5imbueERKSt6locale": { + "name": "ios_base::imbue", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt8ios_base5iwordEi": { + "name": "ios_base::iword", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt8ios_base9precisionEv": { + "name": "ios_base::precision", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNSt8ios_base9precisionEx": { + "name": "ios_base::precision", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt8ios_base5pwordEi": { + "name": "ios_base::pword", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt8ios_base17register_callbackEPFvNS_5eventERS_iEi": { + "name": "ios_base::register_callback", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt8ios_base4setfESt13_Ios_Fmtflags": { + "name": "ios_base::setf", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt8ios_base4setfESt13_Ios_FmtflagsS0_": { + "name": "ios_base::setf", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt8ios_base15sync_with_stdioEb": { + "name": "ios_base::sync_with_stdio", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt8ios_base6unsetfESt13_Ios_Fmtflags": { + "name": "ios_base::unsetf", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt8ios_base5widthEv": { + "name": "ios_base::width", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNSt8ios_base5widthEx": { + "name": "ios_base::width", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt8ios_base6xallocEv": { + "name": "ios_base::xalloc", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZSt17iostream_categoryv": { + "name": "iostream_category", + "annotation": [ + [] + ], + "properties": [] + }, + "is_wctype": { + "name": "is_wctype", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "isalnum": { + "name": "isalnum", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "isalpha": { + "name": "isalpha", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "isblank": { + "name": "isblank", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "iscntrl": { + "name": "iscntrl", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "isdigit": { + "name": "isdigit", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "isgraph": { + "name": "isgraph", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "isleadbyte": { + "name": "isleadbyte", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "islower": { + "name": "islower", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "isprint": { + "name": "isprint", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "ispunct": { + "name": "ispunct", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "isspace": { + "name": "isspace", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "isupper": { + "name": "isupper", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "iswalnum": { + "name": "iswalnum", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "iswalpha": { + "name": "iswalpha", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "iswascii": { + "name": "iswascii", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "iswblank": { + "name": "iswblank", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "iswcntrl": { + "name": "iswcntrl", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "iswctype": { + "name": "iswctype", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "iswdigit": { + "name": "iswdigit", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "iswgraph": { + "name": "iswgraph", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "iswlower": { + "name": "iswlower", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "iswprint": { + "name": "iswprint", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "iswpunct": { + "name": "iswpunct", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "iswspace": { + "name": "iswspace", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "iswupper": { + "name": "iswupper", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "iswxdigit": { + "name": "iswxdigit", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "isxdigit": { + "name": "isxdigit", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "itoa": { + "name": "itoa", + "annotation": [ + [], + [], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "j0": { + "name": "j0", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "j0f": { + "name": "j0f", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "j0l": { + "name": "j0l", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "j1": { + "name": "j1", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "j1f": { + "name": "j1f", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "j1l": { + "name": "j1l", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "jn": { + "name": "jn", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "jnf": { + "name": "jnf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "jnl": { + "name": "jnl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "labs": { + "name": "labs", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "_ZSt7launderPKv": { + "name": "launder", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZSt7launderPv": { + "name": "launder", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZSt7launderPVKv": { + "name": "launder", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZSt7launderPVv": { + "name": "launder", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "ldiv": { + "name": "ldiv", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZSt4leftRSt8ios_base": { + "name": "left", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt4lessIPKNSt3_V214error_categoryEEclES3_S3_": { + "name": "less::operator()", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt4lessIPVKvEclES1_S1_": { + "name": "less::operator()", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNKSt10less_equalIPVKvEclES1_S1_": { + "name": "less_equal::operator()", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "lgamma": { + "name": "lgamma", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "lgamma_r": { + "name": "lgamma_r", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "lgammaf": { + "name": "lgammaf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "lgammaf_r": { + "name": "lgammaf_r", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "lgammal": { + "name": "lgammal", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "lgammal_r": { + "name": "lgammal_r", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "llabs": { + "name": "llabs", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "lldiv": { + "name": "lldiv", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "llogb": { + "name": "llogb", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "llogbf": { + "name": "llogbf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "llogbl": { + "name": "llogbl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "llrint": { + "name": "llrint", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "llrintf": { + "name": "llrintf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "llrintl": { + "name": "llrintl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "llround": { + "name": "llround", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "llroundf": { + "name": "llroundf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "llroundl": { + "name": "llroundl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "lltoa": { + "name": "lltoa", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "lltow": { + "name": "lltow", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt6locale7classicEv": { + "name": "locale::classic", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNSt6locale6globalERKS_": { + "name": "locale::global", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt6locale4nameB5cxx11Ev": { + "name": "locale::name", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt6localeneERKS_": { + "name": "locale::operator!=", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNKSt6localeeqERKS_": { + "name": "locale::operator==", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "localeconv": { + "name": "localeconv", + "annotation": [ + [] + ], + "properties": [] + }, + "log": { + "name": "log", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "log10f": { + "name": "log10f", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "log10l": { + "name": "log10l", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "log1p": { + "name": "log1p", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "log1pf": { + "name": "log1pf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "log1pl": { + "name": "log1pl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "log2": { + "name": "log2", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "log2f": { + "name": "log2f", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "log2l": { + "name": "log2l", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "logb": { + "name": "logb", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "logbf": { + "name": "logbf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "logbl": { + "name": "logbl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "logf": { + "name": "logf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "_ZNKSt11logic_error4whatEv": { + "name": "logic_error::what", + "annotation": [ + [] + ], + "properties": [] + }, + "logl": { + "name": "logl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "LogonUserA": { + "name": "LogonUserA", + "annotation": [ + [], + [], + [], + [ + "TaintOutput::SensitiveDataSource" + ], + [], + [], + [] + ], + "properties": [] + }, + "LogonUserW": { + "name": "LogonUserW", + "annotation": [ + [], + [], + [], + [ + "TaintOutput::SensitiveDataSource" + ], + [], + [], + [] + ], + "properties": [] + }, + "lrint": { + "name": "lrint", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "lrintf": { + "name": "lrintf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "lrintl": { + "name": "lrintl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "lround": { + "name": "lround", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "lroundf": { + "name": "lroundf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "lroundl": { + "name": "lroundl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "lseek": { + "name": "lseek", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:2" + ], + [], + [], + [] + ], + "properties": [] + }, + "ltoa": { + "name": "ltoa", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "main": { + "name": "main", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZSt15make_error_codeSt4errc": { + "name": "make_error_code", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZSt15make_error_codeSt7io_errc": { + "name": "make_error_code", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZSt20make_error_conditionSt4errc": { + "name": "make_error_condition", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZSt20make_error_conditionSt7io_errc": { + "name": "make_error_condition", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "malloc": { + "name": "malloc", + "annotation": [ + [ + "AllocSource::1", + "InitNull" + ], + [ + "TaintSink::Execute" + ] + ], + "properties": [] + }, + "mblen": { + "name": "mblen", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "mbrlen": { + "name": "mbrlen", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "mbrtowc": { + "name": "mbrtowc", + "annotation": [ + [], + [], + [], + [], + [] + ], + "properties": [] + }, + "mbsinit": { + "name": "mbsinit", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "mbsnrtowcs": { + "name": "mbsnrtowcs", + "annotation": [ + [], + [ + "TaintPropagation::UntrustedSource:2" + ], + [], + [], + [] + ], + "properties": [] + }, + "mbsrtowcs": { + "name": "mbsrtowcs", + "annotation": [ + [], + [ + "TaintPropagation::UntrustedSource:2" + ], + [], + [], + [] + ], + "properties": [] + }, + "mbsrtowcs_s": { + "name": "mbsrtowcs_s", + "annotation": [ + [], + [ + "TaintPropagation::UntrustedSource:2" + ], + [], + [], + [], + [], + [] + ], + "properties": [] + }, + "mbstowcs": { + "name": "mbstowcs", + "annotation": [ + [], + [ + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "mbstowcs_s": { + "name": "mbstowcs_s", + "annotation": [ + [], + [ + "TaintPropagation::UntrustedSource:2" + ], + [], + [], + [], + [] + ], + "properties": [] + }, + "mbtowc": { + "name": "mbtowc", + "annotation": [ + [], + [ + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "memccpy": { + "name": "memccpy", + "annotation": [ + [], + [ + "Deref", + "TaintPropagation::UntrustedSource:2" + ], + [ + "Deref" + ], + [], + [] + ], + "properties": [] + }, + "memchr": { + "name": "memchr", + "annotation": [ + [ + "InitNull", + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [], + [] + ], + "properties": [] + }, + "memcmp": { + "name": "memcmp", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [ + "Deref" + ], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "memcpy": { + "name": "memcpy", + "annotation": [ + [], + [ + "Deref", + "TaintPropagation::UntrustedSource:2" + ], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "memcpy_s": { + "name": "memcpy_s", + "annotation": [ + [], + [ + "Deref", + "TaintPropagation::UntrustedSource:3" + ], + [], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "memicmp": { + "name": "memicmp", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [ + "Deref" + ], + [ + "Deref" + ], + [], + [] + ], + "properties": [] + }, + "memmem": { + "name": "memmem", + "annotation": [ + [ + "InitNull", + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "memmove": { + "name": "memmove", + "annotation": [ + [], + [ + "Deref", + "TaintPropagation::UntrustedSource:2" + ], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "memmove_s": { + "name": "memmove_s", + "annotation": [ + [], + [ + "Deref", + "TaintPropagation::UntrustedSource:3" + ], + [], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "mempcpy": { + "name": "mempcpy", + "annotation": [ + [], + [ + "Deref", + "TaintPropagation::UntrustedSource:2" + ], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "memset": { + "name": "memset", + "annotation": [ + [], + [ + "Deref", + "TaintPropagation::UntrustedSource:1" + ], + [], + [] + ], + "properties": [] + }, + "memset_s": { + "name": "memset_s", + "annotation": [ + [], + [ + "Deref", + "TaintPropagation::UntrustedSource:1" + ], + [], + [], + [] + ], + "properties": [] + }, + "_ZSt3minIxERKT_S2_S2_": { + "name": "min", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZSt3minIyERKT_S2_S2_": { + "name": "min", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "mkstemp": { + "name": "mkstemp", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "modf": { + "name": "modf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "modff": { + "name": "modff", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "modfl": { + "name": "modfl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "nearbyint": { + "name": "nearbyint", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "nearbyintf": { + "name": "nearbyintf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "nearbyintl": { + "name": "nearbyintl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "_ZNKSt16nested_exception10nested_ptrEv": { + "name": "nested_exception::nested_ptr", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt16nested_exception14rethrow_nestedEv": { + "name": "nested_exception::rethrow_nested", + "annotation": [ + [] + ], + "properties": [] + }, + "nextafter": { + "name": "nextafter", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "nextafterf": { + "name": "nextafterf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "nextafterl": { + "name": "nextafterl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "nextdown": { + "name": "nextdown", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [], + [] + ], + "properties": [] + }, + "nextdownf": { + "name": "nextdownf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [], + [] + ], + "properties": [] + }, + "nextdownl": { + "name": "nextdownl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [], + [] + ], + "properties": [] + }, + "nexttoward": { + "name": "nexttoward", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "nexttowardf": { + "name": "nexttowardf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "nexttowardl": { + "name": "nexttowardl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "nextup": { + "name": "nextup", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [], + [] + ], + "properties": [] + }, + "nextupf": { + "name": "nextupf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [], + [] + ], + "properties": [] + }, + "nextupl": { + "name": "nextupl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [], + [] + ], + "properties": [] + }, + "_ZSt11noboolalphaRSt8ios_base": { + "name": "noboolalpha", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZSt10noshowbaseRSt8ios_base": { + "name": "noshowbase", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZSt11noshowpointRSt8ios_base": { + "name": "noshowpoint", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZSt9noshowposRSt8ios_base": { + "name": "noshowpos", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZSt8noskipwsRSt8ios_base": { + "name": "noskipws", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZSt9nounitbufRSt8ios_base": { + "name": "nounitbuf", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZSt11nouppercaseRSt8ios_base": { + "name": "nouppercase", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "ntohl": { + "name": "ntohl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "ntohs": { + "name": "ntohs", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "_ZSt3octRSt8ios_base": { + "name": "oct", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "onexit": { + "name": "onexit", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "open": { + "name": "open", + "annotation": [ + [], + [ + "TaintSink::PathString" + ], + [] + ], + "properties": [] + }, + "open64": { + "name": "open64", + "annotation": [ + [], + [ + "TaintSink::PathString" + ], + [] + ], + "properties": [] + }, + "open_memstream": { + "name": "open_memstream", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZdlPv": { + "name": "operator delete", + "annotation": [ + [], + [ + "FreeSink::2" + ] + ], + "properties": [] + }, + "_ZdlPvRKSt9nothrow_t": { + "name": "operator delete", + "annotation": [ + [], + [], + [ + "FreeSink::2" + ] + ], + "properties": [] + }, + "_ZdlPvS_": { + "name": "operator delete", + "annotation": [ + [], + [], + [ + "FreeSink::2" + ] + ], + "properties": [] + }, + "_ZdaPv": { + "name": "operator delete[]", + "annotation": [ + [], + [ + "FreeSink::3" + ] + ], + "properties": [] + }, + "_ZdaPvRKSt9nothrow_t": { + "name": "operator delete[]", + "annotation": [ + [], + [], + [ + "FreeSink::3" + ] + ], + "properties": [] + }, + "_ZdaPvS_": { + "name": "operator delete[]", + "annotation": [ + [], + [], + [ + "FreeSink::3" + ] + ], + "properties": [] + }, + "_Znwm": { + "name": "operator new", + "annotation": [ + [ + "AllocSource::2" + ], + [] + ], + "properties": [] + }, + "_Znwy": { + "name": "operator new", + "annotation": [ + [ + "AllocSource::2" + ], + [] + ], + "properties": [] + }, + "_ZnwyPv": { + "name": "operator new", + "annotation": [ + [ + "AllocSource::2" + ], + [], + [] + ], + "properties": [] + }, + "_ZnwyRKSt9nothrow_t": { + "name": "operator new", + "annotation": [ + [ + "AllocSource::2" + ], + [], + [] + ], + "properties": [] + }, + "_Znam": { + "name": "operator new[]", + "annotation": [ + [ + "AllocSource::3" + ], + [], + [] + ], + "properties": [] + }, + "_Znay": { + "name": "operator new[]", + "annotation": [ + [ + "AllocSource::3" + ], + [] + ], + "properties": [] + }, + "_ZnayPv": { + "name": "operator new[]", + "annotation": [ + [ + "AllocSource::3" + ], + [], + [] + ], + "properties": [] + }, + "_ZnayRKSt9nothrow_t": { + "name": "operator new[]", + "annotation": [ + [ + "AllocSource::3" + ], + [], + [] + ], + "properties": [] + }, + "_ZNSt15__exception_ptrneERKNS_13exception_ptrES2_": { + "name": "operator!=", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZStneRKSt10error_codeRKSt15error_condition": { + "name": "operator!=", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZStneRKSt10error_codeS1_": { + "name": "operator!=", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZStneRKSt15error_conditionRKSt10error_code": { + "name": "operator!=", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZStneRKSt15error_conditionS1_": { + "name": "operator!=", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZStanSt12_Ios_IostateS_": { + "name": "operator&", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZStanSt13_Ios_FmtflagsS_": { + "name": "operator&", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZStanSt13_Ios_OpenmodeS_": { + "name": "operator&", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZStaNRSt12_Ios_IostateS_": { + "name": "operator&=", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZStaNRSt13_Ios_FmtflagsS_": { + "name": "operator&=", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZStaNRSt13_Ios_OpenmodeS_": { + "name": "operator&=", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZStplIcSt11char_traitsIcESaIcEENSt7__cxx1112basic_stringIT_T0_T1_EEOS8_PKS5_": { + "name": "operator+", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "_ZStplIcSt11char_traitsIcESaIcEENSt7__cxx1112basic_stringIT_T0_T1_EEOS8_RKS8_": { + "name": "operator+", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "_ZStplIcSt11char_traitsIcESaIcEENSt7__cxx1112basic_stringIT_T0_T1_EEOS8_S9_": { + "name": "operator+", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "_ZStplIcSt11char_traitsIcESaIcEENSt7__cxx1112basic_stringIT_T0_T1_EEPKS5_OS8_": { + "name": "operator+", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "_ZStplIcSt11char_traitsIcESaIcEENSt7__cxx1112basic_stringIT_T0_T1_EERKS8_PKS5_": { + "name": "operator+", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "_ZStplIcSt11char_traitsIcESaIcEENSt7__cxx1112basic_stringIT_T0_T1_EERKS8_SA_": { + "name": "operator+", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "_ZStltRKSt10error_codeS1_": { + "name": "operator<", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZStltRKSt15error_conditionS1_": { + "name": "operator<", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt15__exception_ptreqERKNS_13exception_ptrES2_": { + "name": "operator==", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZSteqRKSt10error_codeRKSt15error_condition": { + "name": "operator==", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZSteqRKSt10error_codeS1_": { + "name": "operator==", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZSteqRKSt15error_conditionRKSt10error_code": { + "name": "operator==", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZSteqRKSt15error_conditionS1_": { + "name": "operator==", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZStrsIcSt11char_traitsIcEERSt13basic_istreamIT_T0_ES6_PS3_": { + "name": "operator>>", + "annotation": [ + [], + [], + [ + "TaintOutput::UntrustedSource" + ] + ], + "properties": [] + }, + "_ZStrsIcSt11char_traitsIcESaIcEERSt13basic_istreamIT_T0_ES7_RNSt7__cxx1112basic_stringIS4_S5_T1_EE": { + "name": "operator>>", + "annotation": [ + [], + [], + [ + "TaintOutput::UntrustedSource" + ] + ], + "properties": [] + }, + "_ZSteoSt12_Ios_IostateS_": { + "name": "operator^", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZSteoSt13_Ios_FmtflagsS_": { + "name": "operator^", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZSteoSt13_Ios_OpenmodeS_": { + "name": "operator^", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZSteORSt12_Ios_IostateS_": { + "name": "operator^=", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZSteORSt13_Ios_FmtflagsS_": { + "name": "operator^=", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZSteORSt13_Ios_OpenmodeS_": { + "name": "operator^=", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZStorSt12_Ios_IostateS_": { + "name": "operator|", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZStorSt13_Ios_FmtflagsS_": { + "name": "operator|", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZStorSt13_Ios_OpenmodeS_": { + "name": "operator|", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZStoRRSt12_Ios_IostateS_": { + "name": "operator|=", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZStoRRSt13_Ios_FmtflagsS_": { + "name": "operator|=", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZStoRRSt13_Ios_OpenmodeS_": { + "name": "operator|=", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZStcoSt12_Ios_Iostate": { + "name": "operator~", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZStcoSt13_Ios_Fmtflags": { + "name": "operator~", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZStcoSt13_Ios_Openmode": { + "name": "operator~", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "perror": { + "name": "perror", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "popen": { + "name": "popen", + "annotation": [ + [], + [ + "TaintSink::Execute" + ], + [] + ], + "properties": [] + }, + "popen_s": { + "name": "popen_s", + "annotation": [ + [], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [] + ], + "properties": [] + }, + "posix_spawn": { + "name": "posix_spawn", + "annotation": [ + [], + [ + "TaintSink::Execute" + ], + [], + [], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ] + ], + "properties": [] + }, + "posix_spawnp": { + "name": "posix_spawnp", + "annotation": [ + [], + [ + "TaintSink::Execute" + ], + [], + [], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ] + ], + "properties": [] + }, + "pow": { + "name": "pow", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "powf": { + "name": "powf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "powl": { + "name": "powl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "printf": { + "name": "printf", + "annotation": [ + [], + [ + "TaintSink::FormatString", + "TaintSink::SensitiveDataLeak" + ], + [ + "TaintSink::SensitiveDataLeak" + ] + ], + "properties": [] + }, + "printf_s": { + "name": "printf_s", + "annotation": [ + [], + [ + "TaintSink::FormatString", + "TaintSink::SensitiveDataLeak" + ], + [ + "TaintSink::SensitiveDataLeak" + ] + ], + "properties": [] + }, + "pthread_attr_destroy": { + "name": "pthread_attr_destroy", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_attr_getdetachstate": { + "name": "pthread_attr_getdetachstate", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_attr_getinheritsched": { + "name": "pthread_attr_getinheritsched", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_attr_getschedparam": { + "name": "pthread_attr_getschedparam", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_attr_getschedpolicy": { + "name": "pthread_attr_getschedpolicy", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_attr_getscope": { + "name": "pthread_attr_getscope", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_attr_getstackaddr": { + "name": "pthread_attr_getstackaddr", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_attr_getstacksize": { + "name": "pthread_attr_getstacksize", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_attr_init": { + "name": "pthread_attr_init", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_attr_setdetachstate": { + "name": "pthread_attr_setdetachstate", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_attr_setinheritsched": { + "name": "pthread_attr_setinheritsched", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_attr_setschedparam": { + "name": "pthread_attr_setschedparam", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_attr_setschedpolicy": { + "name": "pthread_attr_setschedpolicy", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_attr_setscope": { + "name": "pthread_attr_setscope", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_attr_setstackaddr": { + "name": "pthread_attr_setstackaddr", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_attr_setstacksize": { + "name": "pthread_attr_setstacksize", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_barrier_destroy": { + "name": "pthread_barrier_destroy", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_barrier_init": { + "name": "pthread_barrier_init", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "pthread_barrier_wait": { + "name": "pthread_barrier_wait", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_barrierattr_destroy": { + "name": "pthread_barrierattr_destroy", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_barrierattr_getpshared": { + "name": "pthread_barrierattr_getpshared", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_barrierattr_init": { + "name": "pthread_barrierattr_init", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_barrierattr_setpshared": { + "name": "pthread_barrierattr_setpshared", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_cancel": { + "name": "pthread_cancel", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_cond_broadcast": { + "name": "pthread_cond_broadcast", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_cond_destroy": { + "name": "pthread_cond_destroy", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_cond_init": { + "name": "pthread_cond_init", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_cond_signal": { + "name": "pthread_cond_signal", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_cond_timedwait": { + "name": "pthread_cond_timedwait", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "pthread_cond_timedwait_relative_np": { + "name": "pthread_cond_timedwait_relative_np", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "pthread_cond_wait": { + "name": "pthread_cond_wait", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_condattr_destroy": { + "name": "pthread_condattr_destroy", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_condattr_getclock": { + "name": "pthread_condattr_getclock", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_condattr_getpshared": { + "name": "pthread_condattr_getpshared", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_condattr_init": { + "name": "pthread_condattr_init", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_condattr_setclock": { + "name": "pthread_condattr_setclock", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_condattr_setpshared": { + "name": "pthread_condattr_setpshared", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_create": { + "name": "pthread_create", + "annotation": [ + [], + [], + [], + [], + [] + ], + "properties": [] + }, + "pthread_create_wrapper": { + "name": "pthread_create_wrapper", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_delay_np": { + "name": "pthread_delay_np", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_detach": { + "name": "pthread_detach", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_equal": { + "name": "pthread_equal", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_exit": { + "name": "pthread_exit", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_get_concurrency": { + "name": "pthread_get_concurrency", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_getclean": { + "name": "pthread_getclean", + "annotation": [ + [] + ], + "properties": [] + }, + "pthread_getconcurrency": { + "name": "pthread_getconcurrency", + "annotation": [ + [] + ], + "properties": [] + }, + "pthread_getevent": { + "name": "pthread_getevent", + "annotation": [ + [] + ], + "properties": [] + }, + "pthread_gethandle": { + "name": "pthread_gethandle", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_getname_np": { + "name": "pthread_getname_np", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "pthread_getschedparam": { + "name": "pthread_getschedparam", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "pthread_getspecific": { + "name": "pthread_getspecific", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_join": { + "name": "pthread_join", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_key_create": { + "name": "pthread_key_create", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_key_delete": { + "name": "pthread_key_delete", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_kill": { + "name": "pthread_kill", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_mutex_destroy": { + "name": "pthread_mutex_destroy", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_mutex_init": { + "name": "pthread_mutex_init", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_mutex_lock": { + "name": "pthread_mutex_lock", + "annotation": [ + [], + [ + "InitNull::!=0" + ] + ], + "properties": [] + }, + "pthread_mutex_timedlock": { + "name": "pthread_mutex_timedlock", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_mutex_trylock": { + "name": "pthread_mutex_trylock", + "annotation": [ + [], + [ + "InitNull::!=0" + ] + ], + "properties": [] + }, + "pthread_mutex_unlock": { + "name": "pthread_mutex_unlock", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_mutexattr_destroy": { + "name": "pthread_mutexattr_destroy", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_mutexattr_getprioceiling": { + "name": "pthread_mutexattr_getprioceiling", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_mutexattr_getprotocol": { + "name": "pthread_mutexattr_getprotocol", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_mutexattr_getpshared": { + "name": "pthread_mutexattr_getpshared", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_mutexattr_gettype": { + "name": "pthread_mutexattr_gettype", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_mutexattr_init": { + "name": "pthread_mutexattr_init", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_mutexattr_setprioceiling": { + "name": "pthread_mutexattr_setprioceiling", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_mutexattr_setprotocol": { + "name": "pthread_mutexattr_setprotocol", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_mutexattr_setpshared": { + "name": "pthread_mutexattr_setpshared", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_mutexattr_settype": { + "name": "pthread_mutexattr_settype", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_num_processors_np": { + "name": "pthread_num_processors_np", + "annotation": [ + [] + ], + "properties": [] + }, + "pthread_once": { + "name": "pthread_once", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_rwlock_destroy": { + "name": "pthread_rwlock_destroy", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_rwlock_init": { + "name": "pthread_rwlock_init", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_rwlock_rdlock": { + "name": "pthread_rwlock_rdlock", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_rwlock_timedrdlock": { + "name": "pthread_rwlock_timedrdlock", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_rwlock_timedwrlock": { + "name": "pthread_rwlock_timedwrlock", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_rwlock_tryrdlock": { + "name": "pthread_rwlock_tryrdlock", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_rwlock_trywrlock": { + "name": "pthread_rwlock_trywrlock", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_rwlock_unlock": { + "name": "pthread_rwlock_unlock", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_rwlock_wrlock": { + "name": "pthread_rwlock_wrlock", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_rwlockattr_destroy": { + "name": "pthread_rwlockattr_destroy", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_rwlockattr_getpshared": { + "name": "pthread_rwlockattr_getpshared", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_rwlockattr_init": { + "name": "pthread_rwlockattr_init", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_rwlockattr_setpshared": { + "name": "pthread_rwlockattr_setpshared", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_self": { + "name": "pthread_self", + "annotation": [ + [] + ], + "properties": [] + }, + "pthread_set_concurrency": { + "name": "pthread_set_concurrency", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_set_num_processors_np": { + "name": "pthread_set_num_processors_np", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_setcancelstate": { + "name": "pthread_setcancelstate", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_setcanceltype": { + "name": "pthread_setcanceltype", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_setconcurrency": { + "name": "pthread_setconcurrency", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_setname_np": { + "name": "pthread_setname_np", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_setschedparam": { + "name": "pthread_setschedparam", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "pthread_setspecific": { + "name": "pthread_setspecific", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_spin_destroy": { + "name": "pthread_spin_destroy", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_spin_init": { + "name": "pthread_spin_init", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "pthread_spin_lock": { + "name": "pthread_spin_lock", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_spin_trylock": { + "name": "pthread_spin_trylock", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_spin_unlock": { + "name": "pthread_spin_unlock", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_testcancel": { + "name": "pthread_testcancel", + "annotation": [ + [] + ], + "properties": [] + }, + "pthread_timechange_handler_np": { + "name": "pthread_timechange_handler_np", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "pthread_tls_init": { + "name": "pthread_tls_init", + "annotation": [ + [] + ], + "properties": [] + }, + "putc": { + "name": "putc", + "annotation": [ + [], + [], + [ + "Deref" + ] + ], + "properties": [] + }, + "putchar": { + "name": "putchar", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "putenv": { + "name": "putenv", + "annotation": [ + [], + [ + "TaintSink::Execute" + ] + ], + "properties": [] + }, + "puts": { + "name": "puts", + "annotation": [ + [], + [ + "Deref" + ] + ], + "properties": [] + }, + "putw": { + "name": "putw", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "putwc": { + "name": "putwc", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "putwchar": { + "name": "putwchar", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "qsort": { + "name": "qsort", + "annotation": [ + [], + [ + "Deref" + ], + [], + [], + [] + ], + "properties": [] + }, + "qsort_s": { + "name": "qsort_s", + "annotation": [ + [], + [], + [], + [], + [], + [] + ], + "properties": [] + }, + "raise": { + "name": "raise", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "rand": { + "name": "rand", + "annotation": [ + [] + ], + "properties": [] + }, + "rawmemchr": { + "name": "rawmemchr", + "annotation": [ + [ + "InitNull", + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [], + [] + ], + "properties": [] + }, + "read": { + "name": "read", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "readlink": { + "name": "readlink", + "annotation": [ + [], + [], + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "realloc": { + "name": "realloc", + "annotation": [ + [ + "AllocSource::1", + "InitNull" + ], + [], + [] + ], + "properties": [] + }, + "realpath": { + "name": "realpath", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "remainder": { + "name": "remainder", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "remainderf": { + "name": "remainderf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "remainderl": { + "name": "remainderl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "remove": { + "name": "remove", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "rename": { + "name": "rename", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZSt17rethrow_exceptionNSt15__exception_ptr13exception_ptrE": { + "name": "rethrow_exception", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "rewind": { + "name": "rewind", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZSt5rightRSt8ios_base": { + "name": "right", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "rint": { + "name": "rint", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "rintf": { + "name": "rintf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "rintl": { + "name": "rintl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "rmtmp": { + "name": "rmtmp", + "annotation": [ + [] + ], + "properties": [] + }, + "round": { + "name": "round", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "roundeven": { + "name": "roundeven", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "roundevenf": { + "name": "roundevenf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "roundevenl": { + "name": "roundevenl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "roundf": { + "name": "roundf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "roundl": { + "name": "roundl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "_ZNKSt13runtime_error4whatEv": { + "name": "runtime_error::what", + "annotation": [ + [] + ], + "properties": [] + }, + "scanf": { + "name": "scanf", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [ + "TaintSink::FormatString" + ], + [ + "TaintOutput::UntrustedSource" + ] + ], + "properties": [] + }, + "scanf_s": { + "name": "scanf_s", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [ + "TaintSink::FormatString" + ], + [ + "TaintOutput::UntrustedSource" + ] + ], + "properties": [] + }, + "sched_get_priority_max": { + "name": "sched_get_priority_max", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "sched_get_priority_min": { + "name": "sched_get_priority_min", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "sched_getscheduler": { + "name": "sched_getscheduler", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "sched_setscheduler": { + "name": "sched_setscheduler", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "sched_yield": { + "name": "sched_yield", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZSt10scientificRSt8ios_base": { + "name": "scientific", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZSt15set_new_handlerPFvvE": { + "name": "set_new_handler", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZSt13set_terminatePFvvE": { + "name": "set_terminate", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZSt14set_unexpectedPFvvE": { + "name": "set_unexpected", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "setbuf": { + "name": "setbuf", + "annotation": [ + [], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "setlocale": { + "name": "setlocale", + "annotation": [ + [ + "InitNull" + ], + [], + [] + ], + "properties": [] + }, + "setvbuf": { + "name": "setvbuf", + "annotation": [ + [], + [], + [], + [], + [] + ], + "properties": [] + }, + "ShellExecuteA": { + "name": "ShellExecuteA", + "annotation": [ + [], + [], + [], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [] + ], + "properties": [] + }, + "ShellExecuteExA": { + "name": "ShellExecuteExA", + "annotation": [ + [], + [ + "TaintSink::Execute" + ] + ], + "properties": [] + }, + "ShellExecuteExW": { + "name": "ShellExecuteExW", + "annotation": [ + [], + [ + "TaintSink::Execute" + ] + ], + "properties": [] + }, + "ShellExecuteW": { + "name": "ShellExecuteW", + "annotation": [ + [], + [], + [], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [] + ], + "properties": [] + }, + "_ZSt8showbaseRSt8ios_base": { + "name": "showbase", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZSt9showpointRSt8ios_base": { + "name": "showpoint", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZSt7showposRSt8ios_base": { + "name": "showpos", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "signal": { + "name": "signal", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "sinh": { + "name": "sinh", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "sinhf": { + "name": "sinhf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "sinhl": { + "name": "sinhl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [], + [] + ], + "properties": [] + }, + "_ZSt6skipwsRSt8ios_base": { + "name": "skipws", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_Z8snprintfPcyPKcz": { + "name": "snprintf", + "annotation": [ + [], + [ + "Deref", + "TaintPropagation::UntrustedSource:4" + ], + [], + [ + "TaintSink::FormatString" + ] + ], + "properties": [] + }, + "snprintf": { + "name": "snprintf", + "annotation": [ + [], + [ + "Deref", + "TaintPropagation::UntrustedSource:4" + ], + [], + [ + "TaintSink::FormatString" + ] + ], + "properties": [] + }, + "snprintf_s": { + "name": "snprintf_s", + "annotation": [ + [], + [ + "Deref", + "TaintPropagation::UntrustedSource:4" + ], + [], + [ + "TaintSink::FormatString" + ] + ], + "properties": [] + }, + "snwprintf": { + "name": "snwprintf", + "annotation": [ + [], + [ + "Deref" + ], + [], + [ + "TaintSink::FormatString" + ] + ], + "properties": [] + }, + "spawnl": { + "name": "spawnl", + "annotation": [ + [], + [], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ] + ], + "properties": [] + }, + "spawnle": { + "name": "spawnle", + "annotation": [ + [], + [], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ] + ], + "properties": [] + }, + "spawnlp": { + "name": "spawnlp", + "annotation": [ + [], + [], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ] + ], + "properties": [] + }, + "spawnlpe": { + "name": "spawnlpe", + "annotation": [ + [], + [], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ] + ], + "properties": [] + }, + "spawnv": { + "name": "spawnv", + "annotation": [ + [], + [], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ] + ], + "properties": [] + }, + "spawnve": { + "name": "spawnve", + "annotation": [ + [], + [], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ] + ], + "properties": [] + }, + "spawnvp": { + "name": "spawnvp", + "annotation": [ + [], + [], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ] + ], + "properties": [] + }, + "spawnvpe": { + "name": "spawnvpe", + "annotation": [ + [], + [], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ], + [ + "TaintSink::Execute" + ] + ], + "properties": [] + }, + "sprintf": { + "name": "sprintf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref", + "TaintPropagation::UntrustedSource:3" + ], + [ + "TaintSink::FormatString" + ] + ], + "properties": [] + }, + "sprintf_s": { + "name": "sprintf_s", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref", + "TaintPropagation::UntrustedSource:4" + ], + [], + [ + "TaintSink::FormatString" + ] + ], + "properties": [] + }, + "sqrt": { + "name": "sqrt", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "sqrtf": { + "name": "sqrtf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "sqrtl": { + "name": "sqrtl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "srand": { + "name": "srand", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "sscanf": { + "name": "sscanf", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [ + "Deref" + ], + [ + "TaintSink::FormatString" + ], + [ + "TaintPropagation::UntrustedSource:1" + ] + ], + "properties": [] + }, + "sscanf_s": { + "name": "sscanf_s", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [ + "Deref" + ], + [ + "TaintSink::FormatString" + ], + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "std::basic_ios::fill": { + "name": "std::basic_ios::fill", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [], + [] + ], + "properties": [] + }, + "std::basic_ios::narrow": { + "name": "std::basic_ios::narrow", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [], + [], + [] + ], + "properties": [] + }, + "std::basic_ios::widen": { + "name": "std::basic_ios::widen", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [], + [] + ], + "properties": [] + }, + "std::basic_istream::gcount": { + "name": "std::basic_istream::gcount", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ] + ], + "properties": [] + }, + "std::basic_istream::get": { + "name": "std::basic_istream::get", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [], + [ + "TaintOutput::UntrustedSource" + ], + [], + [] + ], + "properties": [] + }, + "std::basic_istream::getline": { + "name": "std::basic_istream::getline", + "annotation": [ + [], + [], + [ + "TaintOutput::UntrustedSource" + ], + [] + ], + "properties": [] + }, + "std::basic_istream::operator<<": { + "name": "std::basic_istream::operator<<", + "annotation": [ + [], + [], + [ + "TaintSink::SensitiveDataLeak" + ] + ], + "properties": [] + }, + "std::basic_istream::operator>>": { + "name": "std::basic_istream::operator>>", + "annotation": [ + [], + [], + [ + "TaintOutput::UntrustedSource" + ] + ], + "properties": [] + }, + "std::basic_istream::peek": { + "name": "std::basic_istream::peek", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ] + ], + "properties": [] + }, + "std::basic_istream::read": { + "name": "std::basic_istream::read", + "annotation": [ + [], + [], + [ + "TaintOutput::UntrustedSource" + ], + [] + ], + "properties": [] + }, + "std::basic_istream::readsome": { + "name": "std::basic_istream::readsome", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [], + [ + "TaintOutput::UntrustedSource" + ], + [] + ], + "properties": [] + }, + "std::basic_istream::tellg": { + "name": "std::basic_istream::tellg", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [] + ], + "properties": [] + }, + "std::basic_string::copy": { + "name": "std::basic_string::copy", + "annotation": [ + [], + [], + [ + "TaintPropagation::UntrustedSource:1" + ], + [], + [] + ], + "properties": [] + }, + "std::deque::deque<_Tp, _Alloc>": { + "name": "std::deque::deque<_Tp, _Alloc>", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "std::deque::resize": { + "name": "std::deque::resize", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "std::forward_list::forward_list<_Tp, _Alloc>": { + "name": "std::forward_list::forward_list<_Tp, _Alloc>", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "std::forward_list::resize": { + "name": "std::forward_list::resize", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "std::fpos::operator long": { + "name": "std::fpos::operator long", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ] + ], + "properties": [] + }, + "std::fpos::operator long long": { + "name": "std::fpos::operator long long", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ] + ], + "properties": [] + }, + "std::from_chars": { + "name": "std::from_chars", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:4" + ], + [ + "Deref" + ], + [], + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:4" + ], + [] + ], + "properties": [] + }, + "std::list::list<_Tp, _Alloc>": { + "name": "std::list::list<_Tp, _Alloc>", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "std::list::resize": { + "name": "std::list::resize", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "std::make_shared": { + "name": "std::make_shared", + "annotation": [ + [] + ], + "properties": [] + }, + "std::make_unique": { + "name": "std::make_unique", + "annotation": [ + [] + ], + "properties": [] + }, + "std::max": { + "name": "std::max", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "std::min": { + "name": "std::min", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "std::shared_ptr::get": { + "name": "std::shared_ptr::get", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "std::shared_ptr::shared_ptr<_Tp>": { + "name": "std::shared_ptr::shared_ptr<_Tp>", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "std::to_chars": { + "name": "std::to_chars", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:3", + "TaintPropagation::UntrustedSource:4" + ], + [ + "Deref", + "TaintPropagation::UntrustedSource:3", + "TaintPropagation::UntrustedSource:4" + ], + [], + [], + [] + ], + "properties": [] + }, + "std::unique_ptr::get": { + "name": "std::unique_ptr::get", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "std::unique_ptr::unique_ptr<_Tp, _Dp>": { + "name": "std::unique_ptr::unique_ptr<_Tp, _Dp>", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "std::vector::reserve": { + "name": "std::vector::reserve", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "std::vector::resize": { + "name": "std::vector::resize", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "std::vector::vector<_Tp, _Alloc>": { + "name": "std::vector::vector<_Tp, _Alloc>", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx114stodERKNS_12basic_stringIcSt11char_traitsIcESaIcEEEPy": { + "name": "stod", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx114stodERKNS_12basic_stringIwSt11char_traitsIwESaIwEEEPy": { + "name": "stod", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx114stofERKNS_12basic_stringIcSt11char_traitsIcESaIcEEEPy": { + "name": "stof", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx114stofERKNS_12basic_stringIwSt11char_traitsIwESaIwEEEPy": { + "name": "stof", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx114stoiERKNS_12basic_stringIcSt11char_traitsIcESaIcEEEPyi": { + "name": "stoi", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx114stoiERKNS_12basic_stringIwSt11char_traitsIwESaIwEEEPyi": { + "name": "stoi", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx114stolERKNS_12basic_stringIcSt11char_traitsIcESaIcEEEPyi": { + "name": "stol", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx114stolERKNS_12basic_stringIwSt11char_traitsIwESaIwEEEPyi": { + "name": "stol", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx115stoldERKNS_12basic_stringIcSt11char_traitsIcESaIcEEEPy": { + "name": "stold", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx115stoldERKNS_12basic_stringIwSt11char_traitsIwESaIwEEEPy": { + "name": "stold", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx115stollERKNS_12basic_stringIcSt11char_traitsIcESaIcEEEPyi": { + "name": "stoll", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx115stollERKNS_12basic_stringIwSt11char_traitsIwESaIwEEEPyi": { + "name": "stoll", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx115stoulERKNS_12basic_stringIcSt11char_traitsIcESaIcEEEPyi": { + "name": "stoul", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx115stoulERKNS_12basic_stringIwSt11char_traitsIwESaIwEEEPyi": { + "name": "stoul", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx116stoullERKNS_12basic_stringIcSt11char_traitsIcESaIcEEEPyi": { + "name": "stoull", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx116stoullERKNS_12basic_stringIwSt11char_traitsIwESaIwEEEPyi": { + "name": "stoull", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [], + [] + ], + "properties": [] + }, + "stpcpy": { + "name": "stpcpy", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:2" + ], + [ + "Deref", + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, + "strcasecmp": { + "name": "strcasecmp", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "strcasestr": { + "name": "strcasestr", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [], + [] + ], + "properties": [] + }, + "strcat": { + "name": "strcat", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [ + "Deref", + "TaintPropagation::UntrustedSource:2" + ], + [ + "Deref" + ] + ], + "properties": [] + }, + "strcat_s": { + "name": "strcat_s", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:3" + ], + [ + "Deref", + "TaintPropagation::UntrustedSource:3" + ], + [], + [ + "Deref" + ] + ], + "properties": [] + }, + "strchr": { + "name": "strchr", + "annotation": [ + [ + "InitNull", + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "strchrnul": { + "name": "strchrnul", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "strcmp": { + "name": "strcmp", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [ + "Deref" + ], + [ + "Deref" + ] + ], + "properties": [] + }, + "strcoll": { + "name": "strcoll", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "strcpy": { + "name": "strcpy", + "annotation": [ + [], + [ + "Deref", + "TaintPropagation::UntrustedSource:2" + ], + [ + "Deref" + ] + ], + "properties": [] + }, + "strcpy_s": { + "name": "strcpy_s", + "annotation": [ + [], + [ + "Deref", + "TaintPropagation::UntrustedSource:3" + ], + [], + [ + "Deref" + ] + ], + "properties": [] + }, + "strcspn": { + "name": "strcspn", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [], + [] + ], + "properties": [] + }, + "strdup": { + "name": "strdup", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ] + ], + "properties": [] + }, + "strfromd": { + "name": "strfromd", + "annotation": [ + [], + [ + "TaintPropagation::UntrustedSource:4" + ], + [] + ], + "properties": [] + }, + "strfromf": { + "name": "strfromf", + "annotation": [ + [], + [ + "TaintPropagation::UntrustedSource:4" + ], + [] + ], + "properties": [] + }, + "strfroml": { + "name": "strfroml", + "annotation": [ + [], + [ + "TaintPropagation::UntrustedSource:4" + ], + [] + ], + "properties": [] + }, + "strlen": { + "name": "strlen", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ] + ], + "properties": [] + }, + "strncasecmp": { + "name": "strncasecmp", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [ + "Deref" + ], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "strncat": { + "name": "strncat", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], [ "Deref", "TaintPropagation::UntrustedSource:2" ], [ "Deref" + ], + [] + ], + "properties": [] + }, + "strncat_s": { + "name": "strncat_s", + "annotation": [ + [], + [ + "Deref" + ], + [], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "strncmp": { + "name": "strncmp", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [ + "Deref" + ], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "strncpy": { + "name": "strncpy", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:2", + "TaintPropagation::UntrustedSource:1" + ], + [ + "TaintPropagation::UntrustedSource:2", + "Deref" + ], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "strncpy_s": { + "name": "strncpy_s", + "annotation": [ + [], + [ + "TaintPropagation::UntrustedSource:3", + "Deref" + ], + [], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "strndup": { + "name": "strndup", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ] + ], + "properties": [] + }, + "strnlen": { + "name": "strnlen", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ] + ], + "properties": [] + }, + "strnset": { + "name": "strnset", + "annotation": [ + [], + [ + "Deref" + ], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "strpbrk": { + "name": "strpbrk", + "annotation": [ + [ + "InitNull", + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "strrchr": { + "name": "strrchr", + "annotation": [ + [ + "InitNull", + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "strsep": { + "name": "strsep", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [], + [] + ], + "properties": [] + }, + "strset": { + "name": "strset", + "annotation": [ + [], + [ + "Deref" + ], + [ + "Deref" + ] + ], + "properties": [] + }, + "strspn": { + "name": "strspn", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [ + "Deref" + ] + ], + "properties": [] + }, + "strstr": { + "name": "strstr", + "annotation": [ + [ + "InitNull", + "TaintPropagation::UntrustedSource:1" + ], + [], + [] + ], + "properties": [] + }, + "_ZL6strtodPKcPPc": { + "name": "strtod", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "strtod": { + "name": "strtod", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "_ZL6strtofPKcPPc": { + "name": "strtof", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "strtok": { + "name": "strtok", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [], + [] + ], + "properties": [] + }, + "strtok_r": { + "name": "strtok_r", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [], + [] + ], + "properties": [] + }, + "strtok_s": { + "name": "strtok_s", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [ + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "strtol": { + "name": "strtol", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [], + [] + ], + "properties": [] + }, + "strtold": { + "name": "strtold", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "strtoll": { + "name": "strtoll", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [], + [] + ], + "properties": [] + }, + "strtoul": { + "name": "strtoul", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [], + [] + ], + "properties": [] + }, + "strtoull": { + "name": "strtoull", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [], + [] + ], + "properties": [] + }, + "strverscmp": { + "name": "strverscmp", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "strxfrm": { + "name": "strxfrm", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:2", + "TaintPropagation::UntrustedSource:1" + ], + [ + "TaintPropagation::UntrustedSource:2", + "Deref" + ], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "swab": { + "name": "swab", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt15__exception_ptr4swapERNS_13exception_ptrES1_": { + "name": "swap", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZL8swprintfPwPKwz": { + "name": "swprintf", + "annotation": [ + [], + [ + "Deref", + "TaintPropagation::UntrustedSource:3" + ], + [ + "TaintSink::FormatString" + ] + ], + "properties": [] + }, + "_ZL8swprintfPwyPKwz": { + "name": "swprintf", + "annotation": [ + [], + [ + "Deref", + "TaintPropagation::UntrustedSource:3" + ], + [ + "TaintSink::FormatString" + ] + ], + "properties": [] + }, + "swprintf": { + "name": "swprintf", + "annotation": [ + [], + [ + "Deref", + "TaintPropagation::UntrustedSource:3" + ], + [ + "TaintSink::FormatString" + ] + ], + "properties": [] + }, + "swprintf_s": { + "name": "swprintf_s", + "annotation": [ + [], + [ + "Deref", + "TaintPropagation::UntrustedSource:3" + ], + [], + [ + "TaintSink::FormatString" + ] + ], + "properties": [] + }, + "swscanf": { + "name": "swscanf", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [ + "Deref" + ], + [ + "TaintSink::FormatString" + ], + [ + "TaintPropagation::UntrustedSource:1" + ] + ], + "properties": [] + }, + "swscanf_s": { + "name": "swscanf_s", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [ + "Deref" + ], + [ + "TaintSink::FormatString" + ], + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "system": { + "name": "system", + "annotation": [ + [], + [ + "TaintSink::Execute" ] ], "properties": [] }, - "strcpy_s": { - "name": "strcpy_s", + "_ZNSt3_V215system_categoryEv": { + "name": "system_category", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt12system_error4codeEv": { + "name": "system_error::code", + "annotation": [ + [] + ], + "properties": [] + }, + "system_s": { + "name": "system_s", + "annotation": [ + [], + [ + "TaintSink::Execute" + ], + [] + ], + "properties": [] + }, + "tanh": { + "name": "tanh", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "tanhf": { + "name": "tanhf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "tanhl": { + "name": "tanhl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [], + [] + ], + "properties": [] + }, + "tempnam": { + "name": "tempnam", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZSt9terminatev": { + "name": "terminate", + "annotation": [ + [] + ], + "properties": [] + }, + "tgamma": { + "name": "tgamma", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "tgammaf": { + "name": "tgammaf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "tgammal": { + "name": "tgammal", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "tmpfile": { + "name": "tmpfile", + "annotation": [ + [] + ], + "properties": [] + }, + "tmpnam": { + "name": "tmpnam", + "annotation": [ + [ + "InitNull" + ], + [] + ], + "properties": [] + }, + "tmpnam_s": { + "name": "tmpnam_s", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx119to_stringEd": { + "name": "to_string", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx119to_stringEe": { + "name": "to_string", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx119to_stringEf": { + "name": "to_string", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx119to_stringEi": { + "name": "to_string", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx119to_stringEj": { + "name": "to_string", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx119to_stringEl": { + "name": "to_string", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx119to_stringEm": { + "name": "to_string", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx119to_stringEx": { + "name": "to_string", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx119to_stringEy": { + "name": "to_string", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx1110to_wstringEd": { + "name": "to_wstring", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx1110to_wstringEe": { + "name": "to_wstring", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx1110to_wstringEf": { + "name": "to_wstring", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx1110to_wstringEi": { + "name": "to_wstring", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx1110to_wstringEj": { + "name": "to_wstring", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx1110to_wstringEl": { + "name": "to_wstring", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx1110to_wstringEm": { + "name": "to_wstring", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx1110to_wstringEx": { + "name": "to_wstring", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZNSt7__cxx1110to_wstringEy": { + "name": "to_wstring", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "toascii": { + "name": "toascii", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "tolower": { + "name": "tolower", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "toupper": { + "name": "toupper", "annotation": [ - [], [ - "Deref", - "TaintPropagation::UntrustedSource:3" + "TaintPropagation::UntrustedSource:1" ], - [], - [ - "Deref" - ] + [] ], "properties": [] }, - "strdup": { - "name": "strdup", + "towctrans": { + "name": "towctrans", "annotation": [ [ "TaintPropagation::UntrustedSource:1" ], - [ - "Deref" - ] + [], + [] ], "properties": [] }, - "strlen": { - "name": "strlen", + "towlower": { + "name": "towlower", "annotation": [ [ "TaintPropagation::UntrustedSource:1" ], - [ - "Deref" - ] + [] ], "properties": [] }, - "strncasecmp": { - "name": "strncasecmp", + "towupper": { + "name": "towupper", "annotation": [ [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [ - "Deref" - ], - [ - "Deref" + "TaintPropagation::UntrustedSource:1" ], [] ], "properties": [] }, - "strncat": { - "name": "strncat", + "trunc": { + "name": "trunc", "annotation": [ [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" + "TaintPropagation::UntrustedSource:1" ], + [] + ], + "properties": [] + }, + "truncf": { + "name": "truncf", + "annotation": [ [ - "Deref", - "TaintPropagation::UntrustedSource:2" + "TaintPropagation::UntrustedSource:1" ], + [] + ], + "properties": [] + }, + "truncl": { + "name": "truncl", + "annotation": [ [ - "Deref" + "TaintPropagation::UntrustedSource:1" ], [] ], "properties": [] }, - "strncat_s": { - "name": "strncat_s", + "_ZNKSt9type_info6beforeERKS_": { + "name": "type_info::before", "annotation": [ [], - [ - "Deref" - ], + [] + ], + "properties": [] + }, + "_ZNKSt9type_info9hash_codeEv": { + "name": "type_info::hash_code", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt9type_info4nameEv": { + "name": "type_info::name", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZNKSt9type_infoneERKS_": { + "name": "type_info::operator!=", + "annotation": [ [], - [ - "Deref" - ], [] ], "properties": [] }, - "strncmp": { - "name": "strncmp", + "_ZNKSt9type_infoeqERKS_": { + "name": "type_info::operator==", "annotation": [ - [ - "TaintPropagation::UntrustedSource:1", - "TaintPropagation::UntrustedSource:2" - ], - [ - "Deref" - ], - [ - "Deref" - ], + [], [] ], "properties": [] }, - "strncpy": { - "name": "strncpy", + "ufromfp": { + "name": "ufromfp", "annotation": [ [ - "TaintPropagation::UntrustedSource:2", "TaintPropagation::UntrustedSource:1" ], + [] + ], + "properties": [] + }, + "ufromfpf": { + "name": "ufromfpf", + "annotation": [ [ - "Deref", - "TaintPropagation::UntrustedSource:2" + "TaintPropagation::UntrustedSource:1" ], + [] + ], + "properties": [] + }, + "ufromfpl": { + "name": "ufromfpl", + "annotation": [ [ - "Deref" + "TaintPropagation::UntrustedSource:1" ], [] ], "properties": [] }, - "strncpy_s": { - "name": "strncpy_s", + "ulltoa": { + "name": "ulltoa", "annotation": [ [], - [ - "Deref", - "TaintPropagation::UntrustedSource:3" - ], [], - [ - "Deref" - ], + [], [] ], "properties": [] }, - "strndup": { - "name": "strndup", + "ulltow": { + "name": "ulltow", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "ultoa": { + "name": "ultoa", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZSt18uncaught_exceptionv": { + "name": "uncaught_exception", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZSt19uncaught_exceptionsv": { + "name": "uncaught_exceptions", + "annotation": [ + [] + ], + "properties": [] + }, + "_ZSt10unexpectedv": { + "name": "unexpected", + "annotation": [ + [] + ], + "properties": [] + }, + "ungetc": { + "name": "ungetc", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "ungetwc": { + "name": "ungetwc", "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "_ZSt7unitbufRSt8ios_base": { + "name": "unitbuf", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "unlink": { + "name": "unlink", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_ZSt9uppercaseRSt8ios_base": { + "name": "uppercase", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "_Z8vfprintfP6_iobufPKcPc": { + "name": "vfprintf", + "annotation": [ + [], [ - "TaintPropagation::UntrustedSource:1" + "Deref" ], [ - "Deref" + "TaintSink::FormatString" ] ], "properties": [] }, - "strnlen": { - "name": "strnlen", + "vfprintf_s": { + "name": "vfprintf_s", "annotation": [ + [], [ - "TaintPropagation::UntrustedSource:1" + "Deref" ], + [], [ - "Deref" + "TaintSink::FormatString" ] ], "properties": [] }, - "strnset": { - "name": "strnset", + "vfscanf": { + "name": "vfscanf", "annotation": [ - [], [ - "Deref" + "TaintOutput::UntrustedSource" ], [ "Deref" ], - [] + [ + "TaintSink::FormatString" + ], + [ + "TaintOutput::UntrustedSource" + ] ], "properties": [] }, - "strpbrk": { - "name": "strpbrk", + "_Z7vfscanfP6_iobufPKcPc": { + "name": "vfscanf", "annotation": [ [ - "InitNull", - "TaintPropagation::UntrustedSource:1" + "TaintOutput::UntrustedSource" ], [ "Deref" ], - [] + [ + "TaintSink::FormatString" + ], + [ + "TaintOutput::UntrustedSource" + ] ], "properties": [] }, - "strrchr": { - "name": "strrchr", + "vfscanf_s": { + "name": "vfscanf_s", "annotation": [ [ - "InitNull", - "TaintPropagation::UntrustedSource:1" + "TaintOutput::UntrustedSource" ], + [], [ - "Deref" + "TaintSink::FormatString" + ], + [ + "TaintOutput::UntrustedSource" ], [] ], "properties": [] }, - "strset": { - "name": "strset", + "vfwprintf": { + "name": "vfwprintf", "annotation": [ [], [ "Deref" ], + [ + "TaintSink::FormatString" + ] + ], + "properties": [] + }, + "vfwprintf_s": { + "name": "vfwprintf_s", + "annotation": [ + [], [ "Deref" + ], + [], + [ + "TaintSink::FormatString" ] ], "properties": [] }, - "strspn": { - "name": "strspn", + "vfwscanf": { + "name": "vfwscanf", "annotation": [ [ - "TaintPropagation::UntrustedSource:1" + "TaintOutput::UntrustedSource" ], [ "Deref" ], [ - "Deref" + "TaintSink::FormatString" + ], + [ + "TaintOutput::UntrustedSource" ] ], "properties": [] }, - "strstr": { - "name": "strstr", + "_Z7vprintfPKcPc": { + "name": "vprintf", "annotation": [ - [ - "InitNull", - "TaintPropagation::UntrustedSource:1" - ], [], - [] + [], + [ + "TaintSink::FormatString" + ] ], "properties": [] }, - "strtod": { - "name": "strtod", + "vprintf": { + "name": "vprintf", "annotation": [ + [], + [], [ - "TaintPropagation::UntrustedSource:1" - ], + "TaintSink::FormatString" + ] + ], + "properties": [] + }, + "vprintf_s": { + "name": "vprintf_s", + "annotation": [ + [], + [], [ - "Deref" - ], - [] + "TaintSink::FormatString" + ] ], "properties": [] }, - "strtol": { - "name": "strtol", + "vscanf": { + "name": "vscanf", "annotation": [ [ - "TaintPropagation::UntrustedSource:1" + "TaintOutput::UntrustedSource" ], [ - "Deref" + "TaintSink::FormatString" ], - [], - [] + [ + "TaintOutput::UntrustedSource" + ] ], "properties": [] }, - "strtold": { - "name": "strtold", + "vscanf_s": { + "name": "vscanf_s", "annotation": [ [ - "TaintPropagation::UntrustedSource:1" + "TaintOutput::UntrustedSource" ], [ - "Deref" + "TaintSink::FormatString" + ], + [ + "TaintOutput::UntrustedSource" ], [] ], "properties": [] }, - "strtoll": { - "name": "strtoll", + "_Z9vsnprintfPcyPKcS_": { + "name": "vsnprintf", "annotation": [ + [], [ - "TaintPropagation::UntrustedSource:1" - ], - [ - "Deref" + "Deref", + "TaintPropagation::UntrustedSource:4" ], [], - [] + [ + "TaintSink::FormatString" + ] ], "properties": [] }, - "strtoul": { - "name": "strtoul", + "vsnprintf_s": { + "name": "vsnprintf_s", "annotation": [ + [], [ - "TaintPropagation::UntrustedSource:1" - ], - [ - "Deref" + "Deref", + "TaintPropagation::UntrustedSource:5" ], [], - [] + [], + [ + "TaintSink::FormatString" + ] ], "properties": [] }, - "strtoull": { - "name": "strtoull", + "vsnwprintf": { + "name": "vsnwprintf", "annotation": [ + [], [ - "TaintPropagation::UntrustedSource:1" - ], - [ - "Deref" + "Deref", + "TaintPropagation::UntrustedSource:4" ], [], - [] + [ + "TaintSink::FormatString" + ] ], "properties": [] }, - "strxfrm": { - "name": "strxfrm", + "_Z8vsprintfPcPKcS_": { + "name": "vsprintf", "annotation": [ [ - "TaintPropagation::UntrustedSource:2", "TaintPropagation::UntrustedSource:1" ], [ "Deref", - "TaintPropagation::UntrustedSource:2" + "TaintPropagation::UntrustedSource:3" ], [ - "Deref" - ], - [] + "TaintSink::FormatString" + ] ], "properties": [] }, - "swprintf": { - "name": "swprintf", + "vsprintf": { + "name": "vsprintf", "annotation": [ - [], + [ + "TaintPropagation::UntrustedSource:1" + ], [ "Deref", "TaintPropagation::UntrustedSource:3" @@ -1574,13 +12476,15 @@ ], "properties": [] }, - "swprintf_s": { - "name": "swprintf_s", + "vsprintf_s": { + "name": "vsprintf_s", "annotation": [ - [], + [ + "TaintPropagation::UntrustedSource:1" + ], [ "Deref", - "TaintPropagation::UntrustedSource:3" + "TaintPropagation::UntrustedSource:4" ], [], [ @@ -1589,8 +12493,8 @@ ], "properties": [] }, - "swscanf": { - "name": "swscanf", + "vsscanf": { + "name": "vsscanf", "annotation": [ [ "TaintOutput::UntrustedSource" @@ -1602,46 +12506,35 @@ "TaintSink::FormatString" ], [ + "Deref", "TaintPropagation::UntrustedSource:1" ] ], "properties": [] }, - "swscanf_s": { - "name": "swscanf_s", + "vsscanf_s": { + "name": "vsscanf_s", "annotation": [ [ "TaintOutput::UntrustedSource" ], - [ - "Deref" - ], + [], [ "TaintSink::FormatString" ], [ - "TaintPropagation::UntrustedSource:1" - ], - [] - ], - "properties": [] - }, - "tmpnam": { - "name": "tmpnam", - "annotation": [ - [ - "InitNull" + "TaintOutput::UntrustedSource" ], [] ], "properties": [] }, - "vfprintf_s": { - "name": "vfprintf_s", + "_ZL9vswprintfPwPKwPc": { + "name": "vswprintf", "annotation": [ [], [ - "Deref" + "TaintPropagation::UntrustedSource:4" ], [], [ @@ -1650,43 +12543,25 @@ ], "properties": [] }, - "vfscanf": { - "name": "vfscanf", - "annotation": [ - [ - "TaintOutput::UntrustedSource" - ], - [ - "Deref" - ], - [ - "TaintSink::FormatString" - ], - [ - "TaintOutput::UntrustedSource" - ] - ], - "properties": [] - }, - "vfwprintf": { - "name": "vfwprintf", + "_ZL9vswprintfPwyPKwPc": { + "name": "vswprintf", "annotation": [ [], - [ - "Deref" - ], + [], + [], + [], [ "TaintSink::FormatString" ] ], "properties": [] }, - "vfwprintf_s": { - "name": "vfwprintf_s", + "vswprintf_s": { + "name": "vswprintf_s", "annotation": [ [], [ - "Deref" + "TaintPropagation::UntrustedSource:4" ], [], [ @@ -1695,8 +12570,8 @@ ], "properties": [] }, - "vfwscanf": { - "name": "vfwscanf", + "vswscanf": { + "name": "vswscanf", "annotation": [ [ "TaintOutput::UntrustedSource" @@ -1708,19 +12583,15 @@ "TaintSink::FormatString" ], [ - "TaintOutput::UntrustedSource" + "Deref", + "TaintPropagation::UntrustedSource:1" ] ], "properties": [] }, - "vsnprintf_s": { - "name": "vsnprintf_s", + "vwprintf": { + "name": "vwprintf", "annotation": [ - [], - [ - "Deref", - "TaintPropagation::UntrustedSource:5" - ], [], [], [ @@ -1729,14 +12600,10 @@ ], "properties": [] }, - "vsnwprintf": { - "name": "vsnwprintf", + "vwprintf_s": { + "name": "vwprintf_s", "annotation": [ [], - [ - "Deref", - "TaintPropagation::UntrustedSource:4" - ], [], [ "TaintSink::FormatString" @@ -1744,74 +12611,65 @@ ], "properties": [] }, - "vsprintf": { - "name": "vsprintf", + "vwscanf": { + "name": "vwscanf", "annotation": [ [ - "TaintPropagation::UntrustedSource:1" + "TaintOutput::UntrustedSource" ], [ - "Deref", - "TaintPropagation::UntrustedSource:3" + "TaintSink::FormatString" ], [ - "TaintSink::FormatString" + "TaintOutput::UntrustedSource" ] ], "properties": [] }, - "vsprintf_s": { - "name": "vsprintf_s", + "wcpcpy": { + "name": "wcpcpy", "annotation": [ [ - "TaintPropagation::UntrustedSource:1" + "TaintPropagation::UntrustedSource:2" ], [ - "Deref", - "TaintPropagation::UntrustedSource:4" + "TaintPropagation::UntrustedSource:2" ], + [] + ], + "properties": [] + }, + "wcrtomb": { + "name": "wcrtomb", + "annotation": [ [], - [ - "TaintSink::FormatString" - ] + [], + [], + [] ], "properties": [] }, - "vsscanf": { - "name": "vsscanf", + "wcrtomb_s": { + "name": "wcrtomb_s", "annotation": [ - [ - "TaintOutput::UntrustedSource" - ], - [ - "Deref" - ], - [ - "TaintSink::FormatString" - ], - [ - "Deref", - "TaintPropagation::UntrustedSource:1" - ] + [], + [], + [], + [], + [], + [] ], "properties": [] }, - "vswscanf": { - "name": "vswscanf", + "wcscasecmp": { + "name": "wcscasecmp", "annotation": [ [ - "TaintOutput::UntrustedSource" - ], - [ - "Deref" - ], - [ - "TaintSink::FormatString" + "TaintPropagation::UntrustedSource:1", + "TaintPropagation::UntrustedSource:2" ], - [ - "Deref", - "TaintPropagation::UntrustedSource:1" - ] + [], + [] ], "properties": [] }, @@ -1848,6 +12706,20 @@ ], "properties": [] }, + "_ZSt6wcschrPww": { + "name": "wcschr", + "annotation": [ + [ + "InitNull", + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [] + ], + "properties": [] + }, "wcschr": { "name": "wcschr", "annotation": [ @@ -1947,6 +12819,16 @@ ], "properties": [] }, + "wcsdup": { + "name": "wcsdup", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, "wcsftime": { "name": "wcsftime", "annotation": [ @@ -1960,6 +12842,42 @@ ], "properties": [] }, + "wcsicmp": { + "name": "wcsicmp", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "wcsicoll": { + "name": "wcsicoll", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "wcslen": { + "name": "wcslen", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "wcslwr": { + "name": "wcslwr", + "annotation": [ + [], + [] + ], + "properties": [] + }, "wcsncasecmp": { "name": "wcsncasecmp", "annotation": [ @@ -2037,8 +12955,8 @@ "TaintPropagation::UntrustedSource:1" ], [ - "Deref", - "TaintPropagation::UntrustedSource:2" + "TaintPropagation::UntrustedSource:2", + "Deref" ], [ "Deref" @@ -2055,8 +12973,8 @@ "TaintPropagation::UntrustedSource:1" ], [ - "Deref", - "TaintPropagation::UntrustedSource:2" + "TaintPropagation::UntrustedSource:2", + "Deref" ], [], [ @@ -2066,29 +12984,224 @@ ], "properties": [] }, + "wcsnicmp": { + "name": "wcsnicmp", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "wcsnlen": { + "name": "wcsnlen", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "wcsnlen_s": { + "name": "wcsnlen_s", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "wcsnrtombs": { + "name": "wcsnrtombs", + "annotation": [ + [], + [ + "TaintPropagation::UntrustedSource:2" + ], + [], + [], + [] + ], + "properties": [] + }, + "wcsnset": { + "name": "wcsnset", + "annotation": [ + [], + [], + [], + [] + ], + "properties": [] + }, + "_ZSt7wcspbrkPwPKw": { + "name": "wcspbrk", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "InitNull" + ], + [ + "Deref" + ], + [ + "Deref" + ] + ], + "properties": [] + }, "wcspbrk": { "name": "wcspbrk", "annotation": [ [ - "InitNull", + "TaintPropagation::UntrustedSource:1", + "InitNull" + ], + [ + "Deref" + ], + [ + "Deref" + ] + ], + "properties": [] + }, + "_ZSt7wcsrchrPww": { + "name": "wcsrchr", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "InitNull" + ], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "wcsrchr": { + "name": "wcsrchr", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "InitNull" + ], + [ + "Deref" + ], + [] + ], + "properties": [] + }, + "wcsrev": { + "name": "wcsrev", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "wcsrtombs": { + "name": "wcsrtombs", + "annotation": [ + [], + [ + "TaintPropagation::UntrustedSource:2" + ], + [], + [], + [] + ], + "properties": [] + }, + "wcsrtombs_s": { + "name": "wcsrtombs_s", + "annotation": [ + [], + [ + "TaintPropagation::UntrustedSource:2" + ], + [], + [], + [], + [], + [] + ], + "properties": [] + }, + "wcsset": { + "name": "wcsset", + "annotation": [ + [], + [], + [] + ], + "properties": [] + }, + "wcsspn": { + "name": "wcsspn", + "annotation": [ + [ "TaintPropagation::UntrustedSource:1" ], [ "Deref" ], - [ - "Deref" - ] + [ + "Deref" + ] + ], + "properties": [] + }, + "_ZSt6wcsstrPwPKw": { + "name": "wcsstr", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "InitNull" + ], + [ + "Deref" + ], + [ + "Deref" + ] + ], + "properties": [] + }, + "wcsstr": { + "name": "wcsstr", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1", + "InitNull" + ], + [ + "Deref" + ], + [ + "Deref" + ] + ], + "properties": [] + }, + "_ZL6wcstodPKwPPw": { + "name": "wcstod", + "annotation": [ + [], + [ + "Deref" + ], + [] ], "properties": [] }, - "wcsrchr": { - "name": "wcsrchr", + "_ZL6wcstofPKwPPw": { + "name": "wcstof", "annotation": [ - [ - "InitNull", - "TaintPropagation::UntrustedSource:1" - ], + [], [ "Deref" ], @@ -2096,34 +13209,26 @@ ], "properties": [] }, - "wcsspn": { - "name": "wcsspn", + "wcstok": { + "name": "wcstok", "annotation": [ [ "TaintPropagation::UntrustedSource:1" ], - [ - "Deref" - ], - [ - "Deref" - ] + [], + [] ], "properties": [] }, - "wcsstr": { - "name": "wcsstr", + "wcstok_s": { + "name": "wcstok_s", "annotation": [ [ - "InitNull", "TaintPropagation::UntrustedSource:1" ], - [ - "Deref" - ], - [ - "Deref" - ] + [], + [], + [] ], "properties": [] }, @@ -2162,6 +13267,32 @@ ], "properties": [] }, + "wcstombs": { + "name": "wcstombs", + "annotation": [ + [], + [ + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "wcstombs_s": { + "name": "wcstombs_s", + "annotation": [ + [], + [ + "TaintPropagation::UntrustedSource:2" + ], + [], + [], + [], + [] + ], + "properties": [] + }, "wcstoul": { "name": "wcstoul", "annotation": [ @@ -2186,6 +13317,14 @@ ], "properties": [] }, + "wcsupr": { + "name": "wcsupr", + "annotation": [ + [], + [] + ], + "properties": [] + }, "wcsxfrm": { "name": "wcsxfrm", "annotation": [ @@ -2198,6 +13337,27 @@ ], "properties": [] }, + "wctob": { + "name": "wctob", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "wctomb": { + "name": "wctomb", + "annotation": [ + [], + [ + "TaintPropagation::UntrustedSource:2" + ], + [] + ], + "properties": [] + }, "wctrans": { "name": "wctrans", "annotation": [ @@ -2218,6 +13378,32 @@ ], "properties": [] }, + "WinExec": { + "name": "WinExec", + "annotation": [ + [], + [ + "TaintSink::Execute" + ], + [] + ], + "properties": [] + }, + "_ZSt7wmemchrPwwy": { + "name": "wmemchr", + "annotation": [ + [ + "InitNull", + "TaintPropagation::UntrustedSource:1" + ], + [ + "Deref" + ], + [], + [] + ], + "properties": [] + }, "wmemchr": { "name": "wmemchr", "annotation": [ @@ -2327,15 +13513,206 @@ ], "properties": [] }, - "printf": { - "name": "printf", + "wmemset": { + "name": "wmemset", + "annotation": [ + [], + [ + "TaintPropagation::UntrustedSource:2" + ], + [], + [] + ], + "properties": [] + }, + "wprintf": { + "name": "wprintf", "annotation": [ [], [ "TaintSink::FormatString", "TaintSink::SensitiveDataLeak" + ], + [ + "TaintSink::SensitiveDataLeak" + ] + ], + "properties": [] + }, + "wprintf_s": { + "name": "wprintf_s", + "annotation": [ + [], + [ + "TaintSink::FormatString", + "TaintSink::SensitiveDataLeak" + ], + [ + "TaintSink::SensitiveDataLeak" + ] + ], + "properties": [] + }, + "wscanf": { + "name": "wscanf", + "annotation": [ + [ + "TaintOutput::UntrustedSource" + ], + [ + "TaintSink::FormatString" + ], + [ + "TaintOutput::UntrustedSource" ] ], "properties": [] + }, + "wtoll": { + "name": "wtoll", + "annotation": [ + [], + [] + ], + "properties": [] + }, + "y0": { + "name": "y0", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "y0f": { + "name": "y0f", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "y0l": { + "name": "y0l", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "y1": { + "name": "y1", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "y1f": { + "name": "y1f", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "y1l": { + "name": "y1l", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "yn": { + "name": "yn", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "ynf": { + "name": "ynf", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "ynl": { + "name": "ynl", + "annotation": [ + [ + "TaintPropagation::UntrustedSource:1" + ], + [] + ], + "properties": [] + }, + "recv": { + "name": "recv", + "annotation": [ + [], + [], + [ + "TaintOutput::UntrustedSource" + ], + [], + [] + ], + "properties": [] + }, + "_ZNSt14basic_ifstreamIcSt11char_traitsIcEE4openEPKcSt13_Ios_Openmode": { + "name": "basic_ifstream::char_traits::open", + "annotation": [ + [], + [], + [ + "TaintSink::PathString" + ], + [] + ], + "properties": [] + }, + "_ZNSt14basic_ofstreamIcSt11char_traitsIcEE4openEPKcSt13_Ios_Openmode": { + "name": "basic_ofstream::char_traits::open", + "annotation": [ + [], + [], + [ + "TaintSink::PathString" + ], + [] + ], + "properties": [] + }, + "_ZNSt14basic_fstreamIcSt11char_traitsIcEE4openEPKcSt13_Ios_Openmode": { + "name": "basic_fstream::char_traits::open", + "annotation": [ + [], + [], + [ + "TaintSink::PathString" + ], + [] + ], + "properties": [] } } \ No newline at end of file diff --git a/configs/taint-annotations.json b/configs/taint-annotations.json index ca55f73a24..58f99ce08a 100644 --- a/configs/taint-annotations.json +++ b/configs/taint-annotations.json @@ -16,5 +16,11 @@ "source": "UntrustedSource", "rule": "TAINT.STRING.CLI" } + ], + "PathString": [ + { + "source": "UntrustedSource", + "rule": "TAINT.STRING.PATH" + } ] } diff --git a/lib/Core/MockBuilder.cpp b/lib/Core/MockBuilder.cpp index 8bf546c7d7..bed5187d6e 100644 --- a/lib/Core/MockBuilder.cpp +++ b/lib/Core/MockBuilder.cpp @@ -596,9 +596,8 @@ void MockBuilder::buildAnnotationForExternalFunctionArgs( if (!flag) { klee_warning("Annotation: can't align function arguments %s", func->getName().str().c_str()); - return; } - for (size_t i = 0; i < statements.size(); i++) { + for (size_t i = 0; i < std::min(statements.size(), func->arg_size()); i++) { #if LLVM_VERSION_CODE >= LLVM_VERSION(10, 0) const auto arg = func->getArg(i); #else