1.2.440. Extensions/Exttaint¶
Taint is a extension used to detect and track tainted string. It follows each assignation of the code and keeps track of its taint. And also can be used to spot sql injection vulnerabilities, shell inject, etc.
<?php
$a = trim($_GET['a']);
$file_name = '/tmp' . $a;
$output = "Welcome, {$a} !!!";
//Warning: main() [function.echo]: Attempt to echo a string that might be tainted
?>
See also taint and taint on github.
1.2.440.1. Specs¶
Short name |
Extensions/Exttaint |
Rulesets |
|
Exakat since |
2.4.4 |
PHP Version |
With PHP 7.4 and older |
Severity |
Minor |
Time To Fix |
Quick (30 mins) |
Precision |
Very high |
Features |
taint |
Available in |