Taint tracking tracks how arbitrary values, "taint", flow throughout the program. This is useful for finding whether potentially malicious input can be used in an insecure way, whether dangerous arguments are passed to vulnerable functions, and whether confidential or sensitive data can leak. It is also useful for tracking invalid, insecure, or untrusted data in other analyses.
Mark Shannon markshannon
markshannon
/ dynattr.py
Created
November 29, 2014 20:31
Pure Python module with dynamic attributes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import sys | |
| original = sys.modules[__name__] | |
| class M(object): | |
| __class__ = type(original) | |
| #Define __str__, __repr__, etc. here | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import sys | |
| import warnings | |
| from types import ModuleType | |
| from importlib import import_module | |
| try: | |
| basestring | |
| except NameError: | |
| basestring = str |
markshannon
/ Reload patch
Last active
September 4, 2015 21:26
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| diff -r aa2517e9f9ce Lib/importlib/__init__.py | |
| --- a/Lib/importlib/__init__.py Thu Jul 30 00:04:11 2015 +0300 | |
| +++ b/Lib/importlib/__init__.py Fri Sep 04 22:14:03 2015 +0100 | |
| @@ -135,12 +135,13 @@ | |
| The module must have been successfully imported before. | |
| """ | |
| - if not module or not isinstance(module, types.ModuleType): | |
| - raise TypeError("reload() argument must be module") | |
| try: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """ Display endless waves on the LED display. | |
| You can press the left button to have the waves go faster, | |
| the right button to slow down things. | |
| MAL 2016-01-06. | |
| """ | |
| import microbit | |
| import math |
markshannon
/ speech.py
Last active
July 11, 2016 18:02
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| class Voice: | |
| def __init__(self, **config_options): | |
| self.config(config_options) | |
| def say(phonemes): | |
| # This returns a generator (or C implemented iterator) of audio frames | |
| ... | |
markshannon
/ microbit-micropython.hex
Created
July 16, 2016 18:39
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| :020000040000FA | |
| :10000000004000208D590100C9590100CB59010061 | |
| :1000100000000000000000000000000000000000E0 | |
| :10002000000000000000000000000000CD590100A9 | |
| :100030000000000000000000CF590100D15901006C | |
| :10004000D3590100E914010095550100D35901006D | |
| :10005000D359010000000000C1910100D3590100F3 | |
| :10006000AD100000D35901000D940100D3590100D7 | |
| :10007000D3590100D3590100D3590100D3590100CC | |
| :10008000D359010081520100D3590100D359010015 |
markshannon
/ taint-tracking.rst
Created
March 6, 2019 14:26
markshannon
/ Speed_up_range_and_list.md
Created
April 2, 2019 19:28
markshannon
/ IterationExtension.qll
Created
June 20, 2019 10:55
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Extending taint-tracking to support tracking through iteration is a bit fiddly prior in 1.20 and earlier | |
| // We need to track both getting an item from the iterable *and* the assignment to the target variable. | |
| /* Track the implicit `next` operation */ | |
| class NextItemExtension extends DataFlow::Extension { | |
| ForNode for; | |
| NextItemExtension() { | |
| for.iterates(_, this) |
| Feature | Threads | Async | Multiprocessing | PEP 554 | Ideal CSP |
|---|---|---|---|---|---|
| Parallel execution | No | No | Yes | ? | Yes |
| Shared raw memory | Yes | Yes | Limited | Limited? | No |
| Shared objects | Yes | Yes | No | No? | No |
| Overhead | Medium | Low | High | ? | — |
OlderNewer