Do not propagate taint through sanitizers. (#280)

google · Feb 16, 2021 · a278ac7 · a278ac7
1 parent 2436ffd
commit a278ac7
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 4 deletions.
diff --git a/internal/pkg/levee/testdata/src/levee_analysistest/example/tests/sanitization/tests.go b/internal/pkg/levee/testdata/src/levee_analysistest/example/tests/sanitization/tests.go
@@ -83,8 +83,7 @@ func TestMaybeTaintedInLoopButSanitizedBeforeLoopExit() {
 		}
 		e = core.Sanitize(e)[0]
 	}
-	// TODO(#155) want no report here
-	core.Sink(e) // want "a source has reached a sink"
+	core.Sink(e)
 }
 
 func TestTaintedInIfButSanitizedBeforeIfExit() {
@@ -93,8 +92,7 @@ func TestTaintedInIfButSanitizedBeforeIfExit() {
 		e = core.Source{}
 		e = core.Sanitize(e)[0]
 	}
-	// TODO(#155) want no report here
-	core.Sink(e) // want "a source has reached a sink"
+	core.Sink(e)
 }
 
 func TestPointerTaintedInIfButSanitizedBeforeIfExit() {

diff --git a/internal/pkg/propagation/propagation.go b/internal/pkg/propagation/propagation.go
@@ -251,6 +251,7 @@ func (prop *Propagation) taintCall(call *ssa.Call, maxInstrReached map[*ssa.Basi
 
 	if callee := call.Call.StaticCallee(); callee != nil && prop.config.IsSanitizer(utils.DecomposeFunction(callee)) {
 		prop.sanitizers = append(prop.sanitizers, &sanitizer.Sanitizer{Call: call})
+		return
 	}
 
 	// Do not traverse through a method call if it is being reached via a Source receiver.
-Original file line number
+Diff line change
@@ Expand Up @@
     	if callee := call.Call.StaticCallee(); callee != nil && prop.config.IsSanitizer(utils.DecomposeFunction(callee)) {
     		prop.sanitizers = append(prop.sanitizers, &sanitizer.Sanitizer{Call: call})
+    		return
     	}
     	// Do not traverse through a method call if it is being reached via a Source receiver.
@@ Expand Down @@