TaintEngineFactory class

Factory to create a taint tracking analysis engine.

Input Facts (EDB)

• TaintSource(varId, label): Marks a variable as a taint source. Label is a category like "user_input", "network", "file", etc.

• TaintSink(varId, label): Marks a variable as a security-sensitive sink. Label is a category like "sql_query", "html_output", "exec", etc.

• Assign(target, source): Variable assignment.

• Alloc(exprId, heapId): Heap allocation (for field-sensitive tracking).

• StoreField(base, field, source): Field store.

• LoadField(base, field, target): Field load.

Output Facts (IDB)

• TaintedVar(varId, sourceId, label): Variable is tainted.

• TaintedHeap(heapId, field, sourceId, label): Heap field is tainted.

• TaintViolation(sinkId, sourceId, taintLabel, sinkLabel): Tainted data reached a sink (security vulnerability).

Constructors

TaintEngineFactory()

Properties

hashCode → int

The hash code for this object.

no setter, inherited

runtimeType → Type

A representation of the runtime type of the object.

no setter, inherited

Methods

noSuchMethod(Invocation invocation) → dynamic

Invoked when a nonexistent method or property is accessed.

inherited

toString() → String

A string representation of this object.

inherited

Operators

operator ==(Object other) → bool

The equality operator.

inherited

Static Methods

create() → InMemoryDatalogEngine

Creates an engine for basic taint tracking (no heap sensitivity).

createWithPointsTo() → InMemoryDatalogEngine

Creates an engine with full points-to-based taint tracking.