1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
|
tainted.c: (in function f)
tainted.c:5:20: Invalid transfer from tainted s to untainted (Possibly tainted
storage used as untainted.): f(..., s, ...)
tainted.c:3:48: s becomes tainted
tainted.c:3:74: us becomes untainted
tainted.c: (in function test)
tainted.c:12:18: Invalid transfer from tainted s to untainted (Possibly tainted
storage used as untainted.): system(..., s, ...)
tainted.c:9:34: s becomes tainted
tainted.xh:26:55: s becomes untainted
tainted.c:17:18: Invalid transfer from tainted t to untainted (Possibly tainted
storage used as untainted.): system(..., t, ...)
tainted.c:15:3: t becomes tainted
tainted.xh:26:55: s becomes untainted
tainted.c:20:18: Invalid transfer from tainted t to untainted (Possibly tainted
storage used as untainted.): system(..., t, ...)
tainted.c:19:3: t becomes tainted
tainted.xh:26:55: s becomes untainted
Finished checking --- 4 code warnings, as expected
tainted-bad.mts:18:7: Transfer clause uses unrecognized result state peach:
untainted as tainted ==> peach
tainted-bad.mts:14:17: Merge clause uses unrecognized second value junky:
tainted X junky ==> error "Splat!"
tainted-bad.mts:11:7: Annotation declaration uses unrecognized value name blue:
maybetainted reference ==> blue
tainted-bad.mts:5:21: Defaults declaration uses unrecognized value name
stainted: stainted reference
tainted-bad.mts:7:21: Duplicate defaults declaration for context parameter:
untainted parameter
tainted.c: (in function f)
tainted.c:5:20: Invalid transfer from tainted s to untainted (Possibly tainted
storage used as untainted.): f(..., s, ...)
tainted.c:3:48: s becomes tainted
tainted.c:3:74: us becomes untainted
tainted.c: (in function test)
tainted.c:12:18: Invalid transfer from tainted s to untainted (Possibly tainted
storage used as untainted.): system(..., s, ...)
tainted.c:9:34: s becomes tainted
tainted.xh:26:55: s becomes untainted
tainted.c:17:18: Invalid transfer from tainted t to untainted (Possibly tainted
storage used as untainted.): system(..., t, ...)
tainted.c:15:3: t becomes tainted
tainted.xh:26:55: s becomes untainted
tainted.c:20:18: Invalid transfer from tainted t to untainted (Possibly tainted
storage used as untainted.): system(..., t, ...)
tainted.c:15:3: t becomes tainted
tainted.xh:26:55: s becomes untainted
Finished checking --- 9 code warnings, as expected
tainted2.c: (in function test)
tainted2.c:20:10: Invalid transfer from tainted stk to untainted (Possibly
tainted storage used as untainted.): return stk
tainted2.c:17:14: stk becomes tainted
tainted2.c:4:2: becomes untainted
Finished checking --- 1 code warning, as expected
tainted3.c: (in function test)
tainted3.c:7:19: Invalid transfer from tainted def to untainted (Possibly
tainted storage used as untainted.): checkUntainted(..., def, ...)
tainted3.c:4:36: def becomes tainted
tainted3.c:1:53: def becomes untainted
Finished checking --- 1 code warning, as expected
tainted4.c: (in function test)
tainted4.c:9:19: Invalid transfer from tainted def to untainted (*def):
Possibly tainted storage used as untainted.
tainted4.c:6:36: def becomes tainted
Finished checking --- 1 code warning, as expected
Finished checking --- no warnings
taintedmerge.c: (in function f)
taintedmerge.c:11:18: Invalid transfer from tainted t to untainted (Possibly
tainted storage used as untainted.): system(..., t, ...)
taintedmerge.c:10:3: t becomes tainted
tainted.xh:26:55: s becomes untainted
taintedmerge.c:14:18: Invalid transfer from tainted t to untainted (Possibly
tainted storage used as untainted.): system(..., t, ...)
taintedmerge.c:13:3: t becomes tainted
tainted.xh:26:55: s becomes untainted
taintedmerge.c:16:10: Stack-allocated storage t reachable from return value: t
Finished checking --- 3 code warnings, as expected
taintedimplicit.c: (in function dangerouscall)
taintedimplicit.c:17:18: Invalid transfer from tainted [result of taintme] to
untainted (Possibly tainted storage used as untainted.):
system(..., taintme(s), ...)
taintedimplicit.c:17:18: becomes tainted
tainted.xh:26:55: s becomes untainted
Finished checking --- 1 code warning, as expected
sprintf.c: (in function sp)
sprintf.c:7:3: Buffer overflow possible with sprintf. Recommend using snprintf
instead: sprintf
sprintf.c:10:3: Buffer overflow possible with sprintf. Recommend using
snprintf instead: sprintf
sprintf.c:11:18: Invalid transfer from tainted s to untainted (Possibly tainted
storage used as untainted.): system(..., s, ...)
sprintf.c:10:37: s becomes tainted
tainted.xh:26:55: s1 becomes untainted
sprintf.c:13:3: Buffer overflow possible with sprintf. Recommend using
snprintf instead: sprintf
sprintf.c:14:18: Invalid transfer from tainted s to untainted (Possibly tainted
storage used as untainted.): system(..., s, ...)
sprintf.c:13:61: s becomes tainted
tainted.xh:26:55: s1 becomes untainted
Finished checking --- 5 code warnings, as expected
|
