Is there an open source tainting tool? [closed]
-
16-12-2019 - |
Question
is there an open source tainting tool? I am trying to analyze a Java project and it's java source code. Therefore I can see where and which purpose are parameters used for. For instance, is it used in an if statement or is it assigned to another variable etc.
Thanks
Solution
You could try using the Checker Framework.
OTHER TIPS
Modern java IDEs provide such information. IMHO, best one is IntelliJ IDEA , but comemrcial license will cost you about 130$ (there is free community edition wuth somehow reduced functionality with source code published, or 30 day free trial of full version)
Eclipse and netbean also provide similar functionality, but are not as good. ( IMHO of course )
If you want a general purpose tool to track how a an arbitrary variable is used, or the source of values that feed into a variable, what you want is a program slicer. (Tainting is a special case, where one only wants to slice on certain inputs, usually from a source outside the program).
There is one called Indus. I've never used it, and I don't know its status.