Is there an open source tainting tool? [closed]

Question

As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.

Closed 6 years ago.

is there an open source tainting tool? I am trying to analyze a Java project and it's java source code. Therefore I can see where and which purpose are parameters used for. For instance, is it used in an if statement or is it assigned to another variable etc.

Thanks

Answer 1

You could try using the Checker Framework.

Answer 2

Modern java IDEs provide such information. IMHO, best one is IntelliJ IDEA , but comemrcial license will cost you about 130$ (there is free community edition wuth somehow reduced functionality with source code published, or 30 day free trial of full version)

Eclipse and netbean also provide similar functionality, but are not as good. ( IMHO of course )

Answer 3

If you want a general purpose tool to track how a an arbitrary variable is used, or the source of values that feed into a variable, what you want is a program slicer. (Tainting is a special case, where one only wants to slice on certain inputs, usually from a source outside the program).

There is one called Indus. I've never used it, and I don't know its status.