Dataflow annotations

There are four types of Dataflow annotations, similar to Dataflow rules: Source, Sink, Passthrough, and Validate. All are applied to methods and specify the inputs and/or outputs by parameter name or the strings this and return. Additionally, you can apply the Dataflow Source and Sink annotations to the function arguments.

Source annotations

The acceptable values for the annotation parameter are this, return, or a function parameter name. For example, you can assign taint to an output of the target method.


@FortifyDatabaseSource("return")
String [] loadUserProfile(String userID) {
 ...
}

For example, you can assign taint to an argument of the target method.


void retrieveAuthCode(@FortifyPrivateSource String authCode) {
 ...
}

In addition to specific source annotations, OpenText provides a generic untrusted taint source called FortifySource.

The following is a complete list of source annotations:

  • FortifySource
  • FortifyDatabaseSource
  • FortifyFileSystemSource
  • FortifyNetworkSource
  • FortifyPCISource
  • FortifyPrivateSource
  • FortifyWebSource

Passthrough annotations

Passthrough annotations transfer any taint from an input to an output of the target method. It can also assign or remove taint from the output, in the case of FortifyNumberPassthrough and FortifyNotNumberPassthrough. The acceptable values for the in annotation parameter are this or a function parameter name. The acceptable values for the out annotation parameter are this, return, or a function parameter name.


@FortifyPassthrough(in="a",out="return")
String toLowerCase(String a) {
 ...
}

Use FortifyNumberPassthrough to indicate that the data is purely numeric. Numeric data cannot cause certain types of issues, such as cross-site scripting, regardless of the source. Using FortifyNumberPassthrough can reduce false positives of this type. If a program decomposes character data into a numeric type (int, int[], and so on), you can use FortifyNumberPassthrough. If a program concatenates numeric data into character or string data, then use FortifyNotNumberPassthrough.

The following is a complete list of passthrough annotations:

  • FortifyPassthrough
  • FortifyNumberPassthrough
  • FortifyNotNumberPassthrough

Sink annotations

Sink annotations report an issue when taint of the appropriate type reaches an input of the target method. Acceptable values for the annotation parameter are this or a function parameter name.


@FortifyXSSSink("a")
void printToWebpage(int a) {
 ...
}

You can also apply the annotation to the function argument or the return parameter. In the following example, an issue is reported when taint reaches the argument a.


void printToWebpage(int b, @FortifyXSSSink String a) {
 ...
}

The following is a complete list of the sink annotations:

  • FortifySink
  • FortifyCommandInjectionSink
  • FortifyPCISink
  • FortifyPrivacySink
  • FortifySQLSink
  • FortifySystemInfoSink
  • FortifyXSSSink

Validate annotations

Validate annotations remove taint from an output of the target method. Acceptable values for the annotation parameter are this, return, or a function parameter name.



@FortifyXSSValidate("return")
String xssCleanse(String a) {
 ...
}

The following is a complete list of validate sink annotations:

  • FortifyValidate
  • FortifyCommandInjectionValidate
  • FortifyPCIValidate
  • FortifyPrivacyValidate
  • FortifySQLValidate
  • FortifySystemInfoValidate
  • FortifyXSSValidate