To clarify, tainting "scope" doesn't refer to variable scope but is commonly implemented as a (thread-local) global dict that tracks tainted access in execution order.
In your example the variable 'c' would be tainted from the moment the conditional evaluates until it is either re-assigned (from a non-tainted source) or until the program ends.
If your checker is smart enough to catch this - your whole program is tainted by your password once you check it in the login screen.
Not sure what you mean by "your password" in this context. Which password, from what source?
To clarify, tainting "scope" doesn't refer to variable scope but is commonly implemented as a (thread-local) global dict that tracks tainted access in execution order.
In your example the variable 'c' would be tainted from the moment the conditional evaluates until it is either re-assigned (from a non-tainted source) or until the program ends.
If your checker is smart enough to catch this - your whole program is tainted by your password once you check it in the login screen.
Not sure what you mean by "your password" in this context. Which password, from what source?
Calling rand() taints the generator
Pardon, you are of course right. Yes it does.