1# A list of source/propagation function
2Propagations:
3  # int x = mySource1(); // x is tainted
4  - Name:     mySource1
5    DstArgs:  [-1] # Index for return value
6
7  # int x;
8  # mySource2(&x); // x is tainted
9  - Name:     mySource2
10    DstArgs:  [0]
11
12  # int x = myNamespace::mySource3(); // x is tainted
13  - Name:     mySource3
14    Scope:    "myNamespace::"
15    DstArgs:  [-1]
16
17  # int x = myAnotherNamespace::mySource3(); // x is tainted
18  - Name:     mySource3
19    Scope:    "myAnotherNamespace::"
20    DstArgs:  [-1]
21
22  # int x, y;
23  # myScanf("%d %d", &x, &y); // x and y are tainted
24  - Name:          myScanf
25    VariadicType:  Dst
26    VariadicIndex: 1
27
28  # int x, y;
29  # Foo::myScanf("%d %d", &x, &y); // x and y are tainted
30  - Name:          myMemberScanf
31    Scope:         "Foo::"
32    VariadicType:  Dst
33    VariadicIndex: 1
34
35  # int x; // x is tainted
36  # int y;
37  # myPropagator(x, &y); // y is tainted
38  - Name:     myPropagator
39    SrcArgs:  [0]
40    DstArgs:  [1]
41
42  # constexpr unsigned size = 100;
43  # char buf[size];
44  # int x, y;
45  # int n = mySprintf(buf, size, "%d %d", x, y); // If size, x or y is tainted
46  # // the return value and the buf will be tainted
47  - Name:          mySnprintf
48    SrcArgs:       [1]
49    DstArgs:       [0, -1]
50    VariadicType:  Src
51    VariadicIndex: 3
52
53# A list of filter functions
54Filters:
55  # int x; // x is tainted
56  # isOutOfRange(&x); // x is not tainted anymore
57  - Name: isOutOfRange
58    Args: [0]
59
60  # int x; // x is tainted
61  # myNamespace::isOutOfRange(&x); // x is not tainted anymore
62  - Name:  isOutOfRange2
63    Scope: "myNamespace::"
64    Args:  [0]
65
66  # int x; // x is tainted
67  # myAnotherNamespace::isOutOfRange(&x); // x is not tainted anymore
68  - Name:  isOutOfRange2
69    Scope: "myAnotherNamespace::"
70    Args:  [0]
71
72# A list of sink functions
73Sinks:
74  # int x, y; // x and y are tainted
75  # mySink(x, 0, 1); // It will warn
76  # mySink(0, 1, y); // It will warn
77  # mySink(0, x, 1); // It won't warn
78  - Name: mySink
79    Args: [0, 2]
80
81  # int x; // x is tainted
82  # myNamespace::mySink(x); // It will warn
83  - Name:  mySink2
84    Scope: "myNamespace::"
85    Args:  [0]
86
87  # int x; // x is tainted
88  # myAnotherNamespace::mySink(x); // It will warn
89  - Name:  mySink2
90    Scope: "myAnotherNamespace::"
91    Args:  [0]
92