From d02bda4b2c71ef7fd1d451ec0be740afcbb96c8e Mon Sep 17 00:00:00 2001 From: Kent 'picat' Gruber Date: Mon, 2 Jan 2023 15:57:18 -0500 Subject: [PATCH] Update README.md --- README.md | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 50c690a..99e6821 100644 --- a/README.md +++ b/README.md @@ -2,16 +2,22 @@ Implements static [taint analysis](https://en.wikipedia.org/wiki/Taint_checking) for Go programs. -Taint analysis is a technique for identifying and tracking the flow of sensitive data through a program. -It can be used to identify potential security vulnerabilities, such as SQL injection attacks or cross-site -scripting (XSS) attacks, by identifying sources of sensitive data in the program and tracking how this data -is used and transformed as it flows through the code. +Taint analysis is a technique for identifying the flow of sensitive data through a program. +It can be used to identify potential security vulnerabilities, such as SQL injection or +cross-site scripting (XSS) attacks, by understanding how this data is used and transformed +as it flows through the code. + +A "**source**" is a point in the program where sensitive data originates, typically from user +input, such as data entered into a form on a web page, or data loaded from an external source. +A "**sink**" is a point in the program where sensitive data is used or transmitted to exploit +the program. ## Example This code generates a function call graph rooted at a program's `main` function and then runs taint analysis on it. If the program uses `database/sql`, the taint analysis -will determine if the program is vulnerable to SQL injection. +will determine if the program is vulnerable to SQL injection such that any of the given +sources reach the given sinks. ```go cg, _ := callgraph.New(mainFn, buildSSA.SrcFuncs...)