question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Question: taint tracking

See original GitHub issue

I would need some kind of taint tracking for my analysis process.

Are there any future plans to add taint tracking to angr?

Can you share some thoughts, how it should be implemented? (simuvex plugin maybe?)

I know this question is very general in this form, but i thought, its a good conversation starter.

(I know CGC final is coming, so feel free to answer it after.)

Issue Analytics

  • State:closed
  • Created 7 years ago
  • Reactions:4
  • Comments:11 (11 by maintainers)

github_iconTop GitHub Comments

1reaction
ltfishcommented, Jul 19, 2016

Currently with too much stuff on my plate, I’m not in a sane state to talk about new features in angr. Here are my two cents, hopefully they make sense.

I’m not sure if you are referring to taint-tracking in dynamic concrete execution, or taint-tracking in symbolic execution. For the former, although angr can perform dynamic concrete execution (with pure-Python simulation right now, and with Unicorn in the upcoming August), I’m not sure if taint tracking on it is what you need. The execution overhead of angr will kill any performance gain from implementing a taint tracking technique instead of a dependency tracking technique. It’ll be great if you can elaborate on why you need taint tracking, other than a general dependency tracking technique.

We definitely don’t have a working taint tracking implementation in angr right now, but I have some experimental code for dependency tracking in symbolic execution before. I’ll definitely polish the code and add it to angr in August.

0reactions
rhelmotcommented, Aug 13, 2016

hahahahaha I looked at the fidget history and the last commit to new_analysis.py was https://github.com/angr/fidget/commit/d25584a18c361484d44d49a36160c915441d9e56 which is pretty clearly just me dumping my in-progress changes into a commit as it became obvious that it wasn’t gonna get finished in time for cgc. It introduces that bug, yeah. I haven’t run the file since then! I pushed a fix.

I’m going to close this for now, you can either open an issue on fidget, open an issue in claripy to discuss annotations, or use the mailing list to continue this conversation 😃

Read more comments on GitHub >

github_iconTop Results From Across the Web

Taint tracking
Tracks each instruc#on that manipulates data in order to determine whether the result is tainted. – When the result of an instruc#on is...
Read more >
Taint checking
Taint checking is a feature in some computer programming languages, such as Perl, Ruby or Ballerina designed to increase security by preventing malicious ......
Read more >
Taint tracking
This data-flow analysis feature tracks the flow of untrusted (tainted) data throughout the body of a function or method. Tainted data originate from...
Read more >
Taint analysis (taint checking)
Taint analysis (taint checking) is a technology that allows us to track unverified external data distribution across the program during its ...
Read more >
Towards Practical Taint Tracking
Thus, while implicit in- formation flows are an important issue for some appli- cations of taint-tracking, we do not address this problem.
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found