Qodana is able to display the taint flow both as a graph or by annotating your code. PHP taint analysis in Qodana can generate a dataflow graph to visualize the taint flow and is integrated with JetBrains PHP IDE PhpStorm to make it easier to jump to taint locations in your code.
Taint analysis consists thus in analyzing the flow of untrusted user input to identify vulnerable locations with the objective of either sanitizing the data or validate it before using it or further propagating it through the system. This means that taints form a chain or list that spreads potentially vulnerable locations throughout a program. The word taint hints at the property of a taint to make suspicious, that is convert into a taint, any other variable with which it has any relation. Depending on their context, taints could be exploited to cause SQL injection, arithmetic overflow, cross-site scripting, and other kinds of undesired effects. spots that are vulnerable to malicious inputs.Ī taint is any variable that can be modified based on data provided by an external user. The feature aims to allow developers to detect taints in their programs, i.e. Qodana, JetBrains' code quality platform, now provides support for PHP taint analysis in early preview.
0 kommentar(er)
