Multifile Vulnerability Tracing

Taint analysis is a way to find security risks in code by following how data moves through a program. It starts with “tainted” input that comes from outside the system, like a web request or user form. The analysis then traces where that data goes to see if it reaches sensitive parts of the code, such as database queries or system commands, without being checked or cleaned first. If the data could be misused along the way, Aikido flags it as a possible vulnerability. Taint analysis helps developers see how untrusted input can travel through their software and cause real-world security issues if not properly handled.

Aikido tracks the flow of untrusted code and flags it when it reaches a dangerous sink (for example, SQL or command execution). We support taint analysis both within a file and across files, as input accepted in one place can be linked to a risky operation in another.

On top of data flow, Aikido also checks reachability so you don’t get pinged for issues that can’t actually execute in your app (for example, a vulnerable function you don’t call, or code that only runs in tests). This is part of how we keep noise down.

Taint tracing in Aikido

When a vulnerability is discovered, Aikido will trace it through the relevant function calls. When you open a security issue, select View code analysis to get a detailed look at the source of the vulnerability as well as a call graph illustrating the execution flow.

Where multi-file taint analysis is available

Aikido currently supports cross-file taint tracking for the following languages:

• JavaScript

• TypeScript

• PHP

• .NET/C#

• Java

• Rust

• Go

• Ruby

• Python

Other languages currently support intra-file taint analysis:

• C/C++

• Swift

• Android

• Scala

• Kotlin

• Dart

• Elixir