Taint analysis

Taint analysis

Taint analysis is a process used in information security to identify the flow of user input through a system to understand the security implications of the system design. This analysis aims to mitigate risks such as SQL injection, which generally arise when other parts of the program use user input without proper sanitization.

How does taint checking work?

Many languages such as Ruby have taint checking mechanisms baked into them. The way this works is by marking variables that have received user input as tainted. Each variable that derives from them is marked tainted as well. Following this trail, the analysis tool can come up with a list of tainted variables.

Finally, suppose a critical operation, such as a DB call or an OS-level invocation, uses any tainted variables. In that case, the tool can alert the developer of the potential security risk.