From 5b4287221a136aaf7e7241ccf3040e56e7da09a5 Mon Sep 17 00:00:00 2001 From: rajeevgopalakrishna Date: Wed, 27 Feb 2019 15:43:51 +0530 Subject: [PATCH] Made inclusion of GENERIC_TAINT sources (msg.*, tx.origin) optional in taintedness checking by adding ignore_generic_taint parameter to is_tainted() and is_tainted_ssa() functions, with the default value being FALSE. --- slither/analyses/data_dependency/data_dependency.py | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/slither/analyses/data_dependency/data_dependency.py b/slither/analyses/data_dependency/data_dependency.py index d22c737737..f439c4b12d 100644 --- a/slither/analyses/data_dependency/data_dependency.py +++ b/slither/analyses/data_dependency/data_dependency.py @@ -63,7 +63,7 @@ def is_dependent_ssa(variable, source, context, only_unprotected=False): SolidityVariableComposed('msg.data'), SolidityVariableComposed('tx.origin')} -def is_tainted(variable, context, only_unprotected=False): +def is_tainted(variable, context, only_unprotected=False, ignore_generic_taint=False): ''' Args: variable @@ -78,10 +78,11 @@ def is_tainted(variable, context, only_unprotected=False): return False slither = context.slither taints = slither.context[KEY_INPUT] - taints |= GENERIC_TAINT + if not ignore_generic_taint: + taints |= GENERIC_TAINT return variable in taints or any(is_dependent(variable, t, context, only_unprotected) for t in taints) -def is_tainted_ssa(variable, context, only_unprotected=False): +def is_tainted_ssa(variable, context, only_unprotected=False, ignore_generic_taint=False): ''' Args: variable @@ -96,7 +97,8 @@ def is_tainted_ssa(variable, context, only_unprotected=False): return False slither = context.slither taints = slither.context[KEY_INPUT_SSA] - taints |= GENERIC_TAINT + if not ignore_generic_taint: + taints |= GENERIC_TAINT return variable in taints or any(is_dependent_ssa(variable, t, context, only_unprotected) for t in taints)