JavaScript is not currently enabled, but is required for full CodeSonar manual search and browse functionality.
If you are viewing this file in your hub's Web GUI, enable JavaScript in your browser: you will also need it for GUI functionality.
If you opened this file directly from disk, your browser may be directly suppressing JavaScript functionality: certain browsers perform this suppression on local files (but not files delivered by web servers) for security reasons.
| CodeSonar® 9.2p0 | CONFIDENTIAL | CodeSecure Inc |
CodeSonar distinguishes between different kinds of taint.
There are a variety of origins for taint. For example, tainted values may enter a program through user input, or through the value of an environment variable. The CodeSonar taint kind (or kinds) associated with a tainted value reflect how the taint originated.
Some CodeSonar warning classes are specific to a particular taint kind. Even for warning classes that are not, data annotations for important tainted values may vary depending on the kind of taint.
The library models shipped with CodeSonar use the following set of taint kinds. Some are suitable for use in your own custom checks. Others are special-purpose taint kinds that are not suitable for use in custom checks.
| Taint Kind | Indicates taint introduced... | Enabled by Default? |
|---|---|---|
| time | ...through the system clock. | no |
| dns | ...through the result of a DNS query, hostname query, or similar. | YES |
| environment | ...through the execution environment. | YES |
| fd | ...by the contents of a resource referred to by a file descriptor. | YES |
| file | ...by the contents of a resouce referred to by a FILE*, Windows file handle, or similar. | YES |
| file_metadata | ...through the result of a query on file metadata. | YES |
| generic | ... in an undetermined manner. This taint kind is used to classify the taint associated with cs_untrusted_value(). | YES |
| network | ...by receiving data over a network. | YES |
| registry | ...through the system registry. | YES |
| userland | ...by originating user code (userland-tainted values cannot be trusted in kernel code). | YES |
Special-purpose built-in taint kinds are tightly coupled to specific CodeSonar warning classes and are automatically enabled and disabled depending on whether or not those warning classes are enabled. Therefore:
The special-purpose taint kinds are:
To refer to taint kind kname, use function csonar_taint_source_kname().
The Extension API also provides two special taint kind values:
| csonar_taint_source_any() | Matches any taint kind (including user-defined ones) except add_overflow, mult_overflow, sub_underflow, and truncation_overflow. |
| csonar_taint_source_any_no_time() | Matches any taint kind (including user-defined ones) except time, add_overflow, mult_overflow, sub_underflow, and truncation_overflow. |
If you are writing a library model that involves consideration of taint kind, use a built-in taint kind if one is suitable: this will ensure that your model is included in existing CodeSonar checks associated with that taint kind. If no built-in taint kinds are suitable, you can define a new one with CSONAR_DEFINE_TAINT_SOURCE().
Taint kind is...
To disable taint checking involving taint kind k, specify DISABLED_TAINT_KINDS += k in the configuration file.
To report problems with this documentation, please visit https://support.codesecure.com/.