You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: progNav Paper/progNav Paper.tex
+2-2Lines changed: 2 additions & 2 deletions
Original file line number
Diff line number
Diff line change
@@ -98,8 +98,8 @@ \section{Introduction}
98
98
99
99
Consider the following motivating example involving Roxanne, a professional Java developer at a large software company.
100
100
Though Roxanne is fictional, her story is based on the experiences of real developers we observed in a previous study~\cite{Smith2015}.
101
-
While maintaining some old code, Roxanne notices a warning from a static analysis tool --- this variable contains user-provided data.
102
-
If it is used in a sensitive context before being sanitized, this code could be vulnerable to security vulnerabilities.
101
+
While maintaining some old code, Roxanne notices her static analysis tool has put a light red warning indicator onto a variable --- This variable contains user-provided data.
102
+
If it is used in a sensitive context before being sanitized, the code could be vulnerable.
103
103
104
104
Roxanne sets out to determine if the variable is sanitized on all paths leading to the sensitive context.
105
105
She vaguely recalls using an Eclipse tool to help her trace control flow through a program, but is unsure how to invoke it or whether it also traces data flow.
0 commit comments