pro: tainting: Track taint through tuple/list (un)packing #10175

IagoAbal · 2024-04-27T09:34:31Z

DRAFT

def foo():
  return (ok, tainted)

def bar():
  x = foo()
  sink(x[1])

github-actions · 2024-04-27T09:34:44Z

PR checklist:

Purpose of the code is evident to future readers
Tests included or PR comment includes a reproducible test plan
Documentation is up-to-date
A changelog entry was added to changelog.d for any user-facing change
Change has no security implications (otherwise, ping security team)

If you're unsure about any of this, please see:

r2c-argo · 2024-05-08T17:39:10Z

semgrep-compare-github-h9aqp results

Ran benchmark on 38 repositories

The number of findings differs for 3 repos

Whole benchmark is 2.1% slower (a bit of noise is expected)

Relative speed improvement is 0.99 on average

3% of scans are significantly faster
5% of scans are significantly slower

Relative memory improvement is 1.00 on average

This reverts commit f5979ec.

IagoAbal added the Do not merge label Apr 27, 2024

IagoAbal changed the title ~~pro: tainting: Track taint through list/tuple construction and unpacking~~ pro: tainting: Track taint through tuple/list (un)packing Apr 27, 2024

IagoAbal force-pushed the iago/taint-shapes branch 6 times, most recently from 5073754 to 3af05c3 Compare May 7, 2024 11:17

IagoAbal force-pushed the iago/taint-shapes branch from 3af05c3 to f600fef Compare May 7, 2024 14:41

IagoAbal added 3 commits May 7, 2024 19:58

WIP

9d12aa3

WIP cleanup

7c1b3a4

WIP cleanup

260d7ae

IagoAbal force-pushed the iago/taint-shapes branch from f600fef to f783244 Compare May 8, 2024 17:10

WIP cleanup

e2deec0

IagoAbal force-pushed the iago/taint-shapes branch from f783244 to e2deec0 Compare May 8, 2024 17:24

IagoAbal added 3 commits May 9, 2024 00:31

WIP tests

c6edf1f

WIP cleanup

808bc94

WIP cleanup

ea46cfe

IagoAbal force-pushed the iago/taint-shapes branch from c4e1063 to ea46cfe Compare May 10, 2024 11:55

WIP gather_all_taints_args_taints

da4073b

IagoAbal force-pushed the iago/taint-shapes branch from cc20ca3 to da4073b Compare May 10, 2024 14:00

IagoAbal added 5 commits May 10, 2024 16:46

WIP taints_of_lval

750a158

WIP cleanup

ae55677

WIP fix last cleanup

f5979ec

Revert "WIP fix last cleanup"

55c3c2f

This reverts commit f5979ec.

WIP fixes (need smaller test)

e6f0de6

aryx added the before-oss-pro-merge label May 16, 2024

aryx closed this May 16, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

pro: tainting: Track taint through tuple/list (un)packing #10175

pro: tainting: Track taint through tuple/list (un)packing #10175

IagoAbal commented Apr 27, 2024 •

edited

github-actions bot commented Apr 27, 2024

r2c-argo bot commented May 8, 2024

pro: tainting: Track taint through tuple/list (un)packing #10175

pro: tainting: Track taint through tuple/list (un)packing #10175

Conversation

IagoAbal commented Apr 27, 2024 • edited

github-actions bot commented Apr 27, 2024

r2c-argo bot commented May 8, 2024

semgrep-compare-github-h9aqp results

IagoAbal commented Apr 27, 2024 •

edited