JavaScript is not currently enabled, but is required for full CodeSonar manual search and browse functionality.
If you are viewing this file in your hub's Web GUI, enable JavaScript in your browser: you will also need it for GUI functionality.
If you opened this file directly from disk, your browser may be directly suppressing JavaScript functionality: certain browsers perform this suppression on local files (but not files delivered by web servers) for security reasons.
| CodeSonar® 9.2p0 | CONFIDENTIAL | CodeSecure Inc |
Taint sinks are program locations at which some kind of harm will be caused if a tainted value is used.
This section lists the methods that the CodeSonar C# analysis automatically recognizes as sinks, and explains how to specify additional methods that the analysis should treat as sinks.
Taint sinks are program locations at which some kind of harm will be caused if a tainted value is used.
CodeSonar will issue a warning when a value is produced by a taint source and reaches a taint sink without first passing through a suitable taint sanitizer. The warning class will depend on the kind of taint associated with the sink, as described in the table in the Specifying Additional Sinks section, below. For example, if a tainted value is passed into a parameter with the [UrlTrusted] attribute, CodeSonar will issue a Tainted URL (C#) warning.
If you have a sink that is not automatically recognized, you can instruct the CodeSonar analysis to treat it as a sink by applying one of the attributes from the following table to the corresponding parameter.
| Attribute | Indicates | Class of warning issued, if value is tainted |
|---|---|---|
| [com.juliasoft.julia.checkers.injection.AddressTrusted] | Parameters passed to IP address factory methods. | Tainted Network Address (C#) |
| [com.juliasoft.julia.checkers.injection.AttributeTrusted] | First parameter of System.DirectoryServices.DirectoryEntry(). | Tainted LDAP Attribute (C#) |
| [com.juliasoft.julia.checkers.injection.BoundaryTrusted] | Tainted Bundle (C#) | |
| [com.juliasoft.julia.checkers.injection.CodeTrusted] | Parameters containing code that is to be executed. | Code Injection (C#) |
| [com.juliasoft.julia.checkers.injection.CommandTrusted] | Parameters passed to command or process execution methods. | Command Injection (C#) |
| [com.juliasoft.julia.checkers.injection.ControlTrusted] | Parameters passed as names of native libraries loaded at runtime. | Tainted Control (C#) |
| [com.juliasoft.julia.checkers.injection.CrossSiteTrusted] | Parameters passed to the output stream of servlets. | Cross Site Scripting (C#) |
| [com.juliasoft.julia.checkers.injection.DenialTrusted] | Parameters passed to methods that might induce an indefinite wait and consequently a denial-of service, such as System.Threading.Thread.Sleep(). | DOS Injection (C#) |
| [com.juliasoft.julia.checkers.injection.DeviceTrusted] | Tainted Hardware Device Property (C#) | |
| [com.juliasoft.julia.checkers.injection.EvalTrusted] | Tainted Expression Evaluation (C#) | |
| [com.juliasoft.julia.checkers.injection.FilterTrusted] | Parameters passed as filters to LDAP directory methods that might induce unconstrained listing of files. | Tainted LDAP Filter (C#) |
| [com.juliasoft.julia.checkers.injection.HttpResponseImmediatelyTrusted] | ||
| [com.juliasoft.julia.checkers.injection.HttpResponseTrusted] | Parameters passed to the HTTP response object of servlets. | Tainted HTTP Response (C#) |
| [com.juliasoft.julia.checkers.injection.LogTrusted] | Parameters passed to logging functions. | Tainted Log (C#) |
| [com.juliasoft.julia.checkers.injection.MessageTrusted] | Tainted Message (C#) | |
| [com.juliasoft.julia.checkers.flows.OsTrusted] | ||
| [com.juliasoft.julia.checkers.injection.PathTrusted] | Parameters passed as names to file or file stream constructors. | Tainted Path (C#) |
| [com.juliasoft.julia.checkers.injection.ReflectionTrusted] | Parameters passed to reflection methods. | Reflection Injection (C#) |
| [com.juliasoft.julia.checkers.injection.ResourceTrusted] | Parameters passed to constructors, bind and connect methods of sockets. | Tainted Resource (C#) |
| [com.juliasoft.julia.checkers.injection.SessionTrusted] | Parameters passed to value/attribute manipulation methods of servlet session objects. | Tainted Session (C#) |
| [com.juliasoft.julia.checkers.injection.SqlTrusted] | Parameters passed to SQL database query methods. | SQL Injection (C#) |
| [com.juliasoft.julia.checkers.injection.Trusted] | A generic location where untrusted data should not flow. | Tainted @Trusted Value (C#) |
| [com.juliasoft.julia.checkers.injection.UrlTrusted] | Parameters passed as addresses to URL constructors. | Tainted URL (C#) |
| [com.juliasoft.julia.checkers.injection.XPathTrusted] | Parameters passed to xpath compilation and evaluation methods. | Tainted Xpath (C#) |
For example, suppose we have a method issueMyQuery that constructs and submits an SQL query based on its String parameter. Such a method is vulnerable to SQL injection attacks, so we want to indicate that its parameter cannot be tainted.
String issueMyQuery(String instr){
// ...
}
Injection is possible if the parameter has SQL taint, so we apply the [SqlTrusted] attribute:
String mySqlSanitizer([SqlTrusted] String instr){
// ...
}
The methods listed below are automatically recognized as taint sinks by CodeSonar. The relevant attribute from the table above is shown for each method. For example,
indicates that the value passed to this function must be trusted to construct a URL: either it does not originate from a taint source, or it has subsequently been sanitized by passing through a taint sanitizer that is also has the [UrlTrusted] attribute.
To report problems with this documentation, please visit https://support.codesecure.com/.