Work on this exercise locally
This web app is a reference guide — you can read instructions, browse starter code, and view tests here. To actually complete the exercise, you need to work in your local development environment.
git clone https://github.com/weihaoqu/program-analysis-bootcamp-studentfailwith "TODO" with your implementation.dune runtest modules/module5-security-analysis/exercises/information-flowInformation Flow
Explicit vs. implicit information flow
Explicit flow: Data moves directly via assignment.
secret = get_param(0) -- secret is Tainted
x = secret -- x is Tainted (direct data flow)
Implicit flow: Information leaks through control flow.
secret = get_param(0) -- secret is Tainted
if secret: -- branch depends on tainted data
x = 1 -- x reveals info about secret!
else:
x = 0 -- x reveals info about secret!
Even though x is assigned a literal, its value depends on secret. The
pc_taint (program counter taint) tracks this: when execution enters a
branch guarded by tainted data, all assignments inside are considered tainted.
Starter Files
Test Files
Work on this exercise locally
This web app is a reference guide — you can read instructions, browse starter code, and view tests here. To actually complete the exercise, you need to work in your local development environment.
git clone https://github.com/weihaoqu/program-analysis-bootcamp-studentfailwith "TODO" with your implementation.dune runtest modules/module5-security-analysis/exercises/information-flowInformation Flow
Explicit vs. implicit information flow
Explicit flow: Data moves directly via assignment.
secret = get_param(0) -- secret is Tainted
x = secret -- x is Tainted (direct data flow)
Implicit flow: Information leaks through control flow.
secret = get_param(0) -- secret is Tainted
if secret: -- branch depends on tainted data
x = 1 -- x reveals info about secret!
else:
x = 0 -- x reveals info about secret!
Even though x is assigned a literal, its value depends on secret. The
pc_taint (program counter taint) tracks this: when execution enters a
branch guarded by tainted data, all assignments inside are considered tainted.