Made inclusion of GENERIC_TAINT sources (msg.*, tx.origin) optional in taintedness checking by adding ignore_generic_taint parameter to is_tainted() and is_tainted_ssa() functions, with the default value being FALSE.

6 years ago · 5b4287221a
parent 6ca0cc1f67
commit 5b4287221a
1 changed files with 6 additions and 4 deletions
--- a/slither/analyses/data_dependency/data_dependency.py
+++ b/slither/analyses/data_dependency/data_dependency.py
@ -63,7 +63,7 @@ GENERIC_TAINT = {SolidityVariableComposed('msg.sender'),
                 SolidityVariableComposed('msg.data'),
                 SolidityVariableComposed('tx.origin')}

-def is_tainted(variable, context, only_unprotected=False):
+def is_tainted(variable, context, only_unprotected=False, ignore_generic_taint=False):
    '''
        Args:
        variable
@ -78,10 +78,11 @@ def is_tainted(variable, context, only_unprotected=False):
        return False
    slither = context.slither
    taints = slither.context[KEY_INPUT]
+    if not ignore_generic_taint:
        taints |= GENERIC_TAINT
    return variable in taints or any(is_dependent(variable, t, context, only_unprotected) for t in taints)

-def is_tainted_ssa(variable, context, only_unprotected=False):
+def is_tainted_ssa(variable, context, only_unprotected=False, ignore_generic_taint=False):
    '''
    Args:
        variable
@ -96,6 +97,7 @@ def is_tainted_ssa(variable, context, only_unprotected=False):
        return False
    slither = context.slither
    taints = slither.context[KEY_INPUT_SSA]
+    if not ignore_generic_taint:
        taints |= GENERIC_TAINT
    return variable in taints or any(is_dependent_ssa(variable, t, context, only_unprotected) for t in taints)