Scalable Language Agnostic Taint Tracking using Explicit Data Dependencies
By: Sedick David Baker Effendi , Xavier Pinho , Andrei Michael Dreyer and more
Potential Business Impact:
Finds computer bugs faster without manual work.
Taint analysis using explicit whole-program data-dependence graphs is powerful for vulnerability discovery but faces two major challenges. First, accurately modeling taint propagation through calls to external library procedures requires extensive manual annotations, which becomes impractical for large ecosystems. Second, the sheer size of whole-program graph representations leads to serious scalability and performance issues, particularly when quick analysis is needed in continuous development pipelines. This paper presents the design and implementation of a system for a language-agnostic data-dependence representation. The system accommodates missing annotations describing the behavior of library procedures by over-approximating data flows, allowing annotations to be added later without recalculation. We contribute this data-flow analysis system to the open-source code analysis platform Joern making it available to the community.
Similar Papers
Practical Type-Based Taint Checking and Inference (Extended Version)
Programming Languages
Finds secret data leaks in computer programs faster.
Taint Analysis for Graph APIs Focusing on Broken Access Control
Cryptography and Security
Finds secret data leaks in computer programs.
TraceLens: Question-Driven Debugging for Taint Flow Understanding
Software Engineering
Helps find hidden computer security problems faster.