是否支持自定义sanitizers

Question

是否支持自定义sanitizers

testnet0 opened this issue a year ago · comments

没有找到文档有相关说明，是需要自己用代码实现吗？

notify-bibi · Answer 1 · Thu Aug 31 2023 15:54:27 GMT+0800 (China Standard Time)

支持的，不过文档还没更新，我们会马上更新，实现在这里 TaintSanitizerPropagate , 和 sanitizerTaintTypesMap
json中添加类似如下 rule 去除 sql 注入的污点:

  {"signature":"<org.joychou.security.SecurityUtil: java.lang.String sqlFilter(java.lang.String)>","subtypes":true,"to":"Argument[0]","propagate":"sanitizer","from":"sql","provenance":"manual","ext":""},

或者全部去除

  {"signature":"<org.joychou.security.SecurityUtil: java.lang.String sqlFilter(java.lang.String)>","subtypes":true,"to":"Argument[0]","propagate":"taint","from":"empty","provenance":"manual","ext":""},