是否支持自定义sanitizers
testnet0 opened this issue · comments
TestNet commented
没有找到文档有相关说明,是需要自己用代码实现吗?
notify-bibi commented
支持的,不过文档还没更新,我们会马上更新,实现在这里 TaintSanitizerPropagate , 和 sanitizerTaintTypesMap
json中添加类似如下 rule 去除 sql 注入的污点:
{"signature":"<org.joychou.security.SecurityUtil: java.lang.String sqlFilter(java.lang.String)>","subtypes":true,"to":"Argument[0]","propagate":"sanitizer","from":"sql","provenance":"manual","ext":""},
或者全部去除
{"signature":"<org.joychou.security.SecurityUtil: java.lang.String sqlFilter(java.lang.String)>","subtypes":true,"to":"Argument[0]","propagate":"taint","from":"empty","provenance":"manual","ext":""},