secure-software-engineering
What's the meaning of the configuration parameter 'max access path length'?
Hello,I'd like to confirm that the real meaning of the configuration parameter 'max access path length'.It seems that it is the max length of the detected taint path,but the result scaned has the length beyond the default value 5.I have saw the source code, the class AccessPath is related with the taint, but I am still confused.I will appreciate it much if anyone can give me the instruction.
The access path indicates field dereferences, e.g., "this.a.b.c". Whenever a variable is tainted, an access path is generated. If the taint is written into a field, the access path grows. If you take this.a = source();, the access path is this.a. You can easily imagine longer access paths by writing your tainted data into fields of fields of fields, etc.
