Qodana
 
You are viewing the documentation for an earlier version of Qodana.

Taint analysis

Edit page Last modified: 07 March 2023

Taint analysis is the process of assessing the flow of untrusted user input throughout the body of a function or a method. If you have a taint in your code, hackers can execute these code fragments to cause SQL injection, arithmetic overflow, cross-site scripting, path traversal, etc.

The core goal of taint analysis is to determine if unanticipated input can affect program execution in malicious ways.

Taint analysis is available in the Qodana for PHP linter starting from version 2023.1 of Qodana.