You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: python/ql/src/experimental/dataflow/internal/readme.md
+8-5Lines changed: 8 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -116,14 +116,17 @@ Try recovering an existing taint tracking query by implementing sources, sinks,
116
116
117
117
## Achieved
118
118
119
-
- Simple flow into, out of, and through functions
119
+
- Copy of shared library; implemented enough predicates to make it compile.
120
+
- Simple flow into, out of, and through functions.
121
+
- Some tests, in particular a sceleton for something comprehensive.
120
122
121
123
## TODO
122
124
123
-
- Consider replacing def-use with def-to-first-use and use-to-next-use in local flow
125
+
- Implementation has largely been done by finding a plausibly-sounding predicate in the python library to refer to. We should review that we actually have the intended semantics in all places.
126
+
- Comprehensive testing.
124
127
- The regression tests track the value of guards in order to eliminate impossible data flow. We currently have regressions because of this. We cannot readily replicate the existing method, as it uses the interdefinedness of data flow and taint tracking (there is a boolean taint kind). C++ does something similar for eliminating impossible control flow, which we might be able to replicate (they infer values of "interesting" control flow nodes, which are those needed to determine values of guards).
125
-
- Flow for some syntactis constructs is done via extra taint steps in the existing implementation, we shoudl find a way to get data flow for it. Much of this should be covered by field flow.
126
-
- A document is being written about proper use of the shared data flow library, this should be adhered to.
128
+
- Flow for some syntactic constructs are done via extra taint steps in the existing implementation, we should find a way to get data flow for it. Some of this should be covered by field flow.
129
+
- A document is being written about proper use of the shared data flow library, this should be adhered to. In particular, we should consider replacing def-use with def-to-first-use and use-to-next-use in local flow.
127
130
- We seem to get duplicated results for global flow, as well as flow with and without type (so four times the "unique" results).
128
131
- We currently consider control flow nodes like exit nodes for functions, we should probably filter down which ones are of interest.
129
-
- We should probably override ToString for a number of data flow nodes
132
+
- We should probably override ToString for a number of data flow nodes.
0 commit comments