Oracle Corporation
Taint analysis with access paths

Abstract:

A method that involves generating, for source code, a set of nodes for a set of statements comprising a first statement and a second statement, wherein each node of the set of nodes comprises a dataflow fact and a statement of the set of statements; identifying a source node and a sink node of the set of nodes; determining that the source node is backward reachable from the sink node by analyzing an incoming access path; and, in response to the determination, identifying a potential taint flow from the source node to the sink node.