JavaScript is not currently enabled, but is required for full CodeSonar manual search and browse functionality.
If you are viewing this file in your hub's Web GUI, enable JavaScript in your browser: you will also need it for GUI functionality.
If you opened this file directly from disk, your browser may be directly suppressing JavaScript functionality: certain browsers perform this suppression on local files (but not files delivered by web servers) for security reasons.
| CodeSonar® 9.2p0 | CONFIDENTIAL | CodeSecure Inc |
Taint sources are locations where data from an untrusted origin may enter a program. Such data can be used to construct injection attacks.
This section lists the methods that the CodeSonar C# analysis automatically recognizes as sources, and explains how to specify additional methods that the analysis should treat as sanitizers.
Taint sources are locations where data from an untrusted origin may enter a progam. This tainted data can be used to construct injection attacks, unless it is subsequently sanitized.
If you have a method that is a taint source but not automatically recognized, you can instruct the CodeSonar analysis to treat it as a source by applying one of the following attributes.
| Attribute | Notes |
|---|---|
| [com.juliasoft.julia.checkers.flows.UntrustedDatabase] | Results of database queries. Taint of this kind is not tracked if CSHARP_ANALYSIS_TRUST_DATABASE=Yes. |
| [com.juliasoft.julia.checkers.flows.UntrustedDevice] | Data about the specific device where the program is running,
such as its phone number, its geographical location and its IMEI
code. Taint of this kind is not tracked if CSHARP_ANALYSIS_TRUST_DEVICE=Yes. |
| [com.juliasoft.julia.checkers.flows.UntrustedEnvironment] | Files from the file system, system properties and arguments
to main methods. Taint of this kind is not tracked if CSHARP_ANALYSIS_TRUST_ENVIRONMENT=Yes. |
| [com.juliasoft.julia.checkers.flows.UntrustedExternalStream] | Input streams from sockets or URL are considered as source
locations of untrusted data. Taint of this kind is not tracked if CSHARP_ANALYSIS_TRUST_EXTERNAL_STREAMS=Yes. |
| [com.juliasoft.julia.checkers.flows.UntrustedUserInput] | Request objects to servlets and input read from console are
considered as source locations of untrusted data. Taint of this kind is not tracked if CSHARP_ANALYSIS_TRUST_USER_INPUT=Yes. |
The methods listed below are automatically recognized as taint sources by CodeSonar. The relevant annotation from the table above is shown for each method.
To report problems with this documentation, please visit https://support.codesecure.com/.