This commit is contained in:
Jean-Marie 'Histausse' Mineau
parent
d34e403ca5
commit
3b5df50248
GPG key ID:
B66AEEDA9B645AD2
16 changed files with 1629 additions and 248 deletions
|
|
@ -119,7 +119,7 @@ This time, instead of methods, the nodes represent instructions, and the edges i
|
|||
@fig:bg-fizzbuzz-cg-cfg c) represents the control-flow graph of @fig:bg-fizzbuzz-cg-cfg a), with code statements instead of bytecode instructions.
|
||||
|
||||
Once the control-flow graph is computed, it can be used to compute data-flows.
|
||||
Data-flow analysis, also called taint-tracking, is used to follow the flow of information in the application.
|
||||
Data-flow analysis/*, also called taint-tracking, reviewer note: not really, taint-tracking \in data flow analysis*/is used to follow the flow of information in the application.
|
||||
By defining a list of methods and fields that can generate critical information (taint sources) and a list of methods that can consume information (taint sinks), taint-tracking detects potential data leaks (if a data flow links a taint source and a taint sink).
|
||||
For example, `TelephonyManager.getImei()` returns a unique, persistent, device identifier.
|
||||
This can be used to identify the user, and it cannot be changed if compromised.
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue