Qodana
 
You are viewing the documentation for an earlier version of Qodana.

Taint analysis

Edit page Last modified: 02 November 2023

Taint analysis is the process of assessing the flow of untrusted user input throughout the body of a function or a method. If you have a taint in your code, hackers can execute these code fragments to cause SQL injection, arithmetic overflow, cross-site scripting, path traversal, etc.

The core goal of the taint analysis is to determine if unanticipated input can affect program execution in malicious ways.

Taint analysis is supported by the Qodana for PHP linter starting from version 2023.1 of Qodana. This feature is available under the Ultimate Plus license and its trial version.