Qodana
 

Taint analysis

Edit pageLast modified: 16 January 2025

Taint analysis lets you trace the flow of potentially harmful or tainted data through a program. It identifies paths where untrusted input or sources might reach sensitive operations or sinks without proper validation or sanitization, which helps prevent security vulnerabilities like SQL injections, cross-site scripting (XSS), command injections, and path traversal.

The core goal of taint analysis is to determine if unanticipated input can affect program execution in malicious ways.

Taint analysis is supported by the Qodana for PHP and Qodana for JVM linters under the Ultimate Plus license.