This means we treat != comparisons against strings as taint tracking guards:
if foo != "A"
foo # still tainted
else
foo # not tainted, because we know foo == "A"
end
Following examples from the other libraries, this change introduces a
member predicate `checks(CfgNode expr, boolean branch)` to
`BarrierGuard`, which holds if the guard validates `expr` for a
particular value of `branch`, which represents the value of the
condition in the guard.
For example, in the following guard...
if foo == "foo"
do_something foo
else
do_something_else foo
end
...the variable `foo` is validated when the condition `foo == "foo"` is
true.
We also introduce the concept that a guard "controls" a code block based
on the value of `branch`. In the example above, the "then" branch of the
if statement is controlled when `branch` is true. The else branch is
not controlled because `foo` can take (almost) any value in that branch.
Based on these concepts, we define a guarded node to be a read of a
validated variable in a controlled block.
In the above example, the `foo` in `do_something foo` is guarded, but
the `foo` in `do_something_else foo` is not.
