infer_clone/website/docs/checker-quandary.md

---
title: "Quandary"
description: "The Quandary taint analysis detects flows of values between sources and sinks, except if the value went through a \"sanitizer\". In addition to some defaults, users can specify their own sources, sinks, and sanitizers functions."
---

The Quandary taint analysis detects flows of values between sources and sinks, except if the value went through a "sanitizer". In addition to some defaults, users can specify their own sources, sinks, and sanitizers functions.

Activate with `--quandary`.

Supported languages:
- C/C++/ObjC: Yes
- Java: Yes

Quandary is a static taint analyzer that identifies a variety of unsafe
information flows. It has a small list of built-in
[sources](https://github.com/facebook/infer/blob/master/infer/src/quandary/JavaTrace.ml#L36)
and
[sinks](https://github.com/facebook/infer/blob/master/infer/src/quandary/JavaTrace.ml#L178),
and you can define custom sources and sinks in your `.inferconfig` file (see
example
[here](https://github.com/facebook/infer/blob/master/infer/tests/codetoanalyze/java/quandary/.inferconfig)).


## List of Issue Types

The following issue types are reported by this checker:
- [CREATE_INTENT_FROM_URI](/docs/next/all-issue-types#create_intent_from_uri)
- [CROSS_SITE_SCRIPTING](/docs/next/all-issue-types#cross_site_scripting)
- [EXPOSED_INSECURE_INTENT_HANDLING](/docs/next/all-issue-types#exposed_insecure_intent_handling)
- [INSECURE_INTENT_HANDLING](/docs/next/all-issue-types#insecure_intent_handling)
- [JAVASCRIPT_INJECTION](/docs/next/all-issue-types#javascript_injection)
- [LOGGING_PRIVATE_DATA](/docs/next/all-issue-types#logging_private_data)
- [QUANDARY_TAINT_ERROR](/docs/next/all-issue-types#quandary_taint_error)
- [SHELL_INJECTION](/docs/next/all-issue-types#shell_injection)
- [SHELL_INJECTION_RISK](/docs/next/all-issue-types#shell_injection_risk)
- [SQL_INJECTION](/docs/next/all-issue-types#sql_injection)
- [SQL_INJECTION_RISK](/docs/next/all-issue-types#sql_injection_risk)
- [UNTRUSTED_BUFFER_ACCESS](/docs/next/all-issue-types#untrusted_buffer_access)
- [UNTRUSTED_DESERIALIZATION](/docs/next/all-issue-types#untrusted_deserialization)
- [UNTRUSTED_DESERIALIZATION_RISK](/docs/next/all-issue-types#untrusted_deserialization_risk)
- [UNTRUSTED_ENVIRONMENT_CHANGE_RISK](/docs/next/all-issue-types#untrusted_environment_change_risk)
- [UNTRUSTED_FILE](/docs/next/all-issue-types#untrusted_file)
- [UNTRUSTED_FILE_RISK](/docs/next/all-issue-types#untrusted_file_risk)
- [UNTRUSTED_HEAP_ALLOCATION](/docs/next/all-issue-types#untrusted_heap_allocation)
- [UNTRUSTED_INTENT_CREATION](/docs/next/all-issue-types#untrusted_intent_creation)
- [UNTRUSTED_URL_RISK](/docs/next/all-issue-types#untrusted_url_risk)
- [UNTRUSTED_VARIABLE_LENGTH_ARRAY](/docs/next/all-issue-types#untrusted_variable_length_array)
- [USER_CONTROLLED_SQL_RISK](/docs/next/all-issue-types#user_controlled_sql_risk)
[website] make doc-publish Summary: New website! Now with one page per checker, and only one page containing all issue types for easy tooling. Each checker page also lists the issue types it can report. For now only issue types with documentation appear in either page, filling these up is still TODO. Reviewed By: mityal Differential Revision: D21934465 fbshipit-source-id: 82ae1e417 5 years ago			`---`
			`title: "Quandary"`
			`description: "The Quandary taint analysis detects flows of values between sources and sinks, except if the value went through a \"sanitizer\". In addition to some defaults, users can specify their own sources, sinks, and sanitizers functions."`
			`---`

			`The Quandary taint analysis detects flows of values between sources and sinks, except if the value went through a "sanitizer". In addition to some defaults, users can specify their own sources, sinks, and sanitizers functions.`

			Activate with `--quandary`.

			`Supported languages:`
			`- C/C++/ObjC: Yes`
			`- Java: Yes`

			`Quandary is a static taint analyzer that identifies a variety of unsafe`
			`information flows. It has a small list of built-in`
			`[sources](https://github.com/facebook/infer/blob/master/infer/src/quandary/JavaTrace.ml#L36)`
			`and`
			`[sinks](https://github.com/facebook/infer/blob/master/infer/src/quandary/JavaTrace.ml#L178),`
			and you can define custom sources and sinks in your `.inferconfig` file (see
			`example`
			`[here](https://github.com/facebook/infer/blob/master/infer/tests/codetoanalyze/java/quandary/.inferconfig)).`


			`## List of Issue Types`

			`The following issue types are reported by this checker:`
[website] make docs URLs absolute Summary: A bug in docusaurus makes relative URLs fail depending on how the page was accessed, because the URL of a page in docs/ will end in / if accessed directly or via hyperlink, but that / will be omitted when clicking on the sidebar. The final / makes all the difference when interpreting relative URLs so relative URLs are essentially broken. See https://github.com/facebook/docusaurus/issues/2832 for more details. This changes URL generation to generate URLs /docs/next/..., and manually substitute relative URLs that had been written by hand. Also fix a few other things about outdated links/comments. Finally, `make doc-publish`. Reviewed By: dulmarod Differential Revision: D22117187 fbshipit-source-id: 32e2ba7e1 4 years ago			`- [CREATE_INTENT_FROM_URI](/docs/next/all-issue-types#create_intent_from_uri)`
			`- [CROSS_SITE_SCRIPTING](/docs/next/all-issue-types#cross_site_scripting)`
			`- [EXPOSED_INSECURE_INTENT_HANDLING](/docs/next/all-issue-types#exposed_insecure_intent_handling)`
			`- [INSECURE_INTENT_HANDLING](/docs/next/all-issue-types#insecure_intent_handling)`
			`- [JAVASCRIPT_INJECTION](/docs/next/all-issue-types#javascript_injection)`
			`- [LOGGING_PRIVATE_DATA](/docs/next/all-issue-types#logging_private_data)`
			`- [QUANDARY_TAINT_ERROR](/docs/next/all-issue-types#quandary_taint_error)`
			`- [SHELL_INJECTION](/docs/next/all-issue-types#shell_injection)`
			`- [SHELL_INJECTION_RISK](/docs/next/all-issue-types#shell_injection_risk)`
			`- [SQL_INJECTION](/docs/next/all-issue-types#sql_injection)`
			`- [SQL_INJECTION_RISK](/docs/next/all-issue-types#sql_injection_risk)`
			`- [UNTRUSTED_BUFFER_ACCESS](/docs/next/all-issue-types#untrusted_buffer_access)`
			`- [UNTRUSTED_DESERIALIZATION](/docs/next/all-issue-types#untrusted_deserialization)`
			`- [UNTRUSTED_DESERIALIZATION_RISK](/docs/next/all-issue-types#untrusted_deserialization_risk)`
			`- [UNTRUSTED_ENVIRONMENT_CHANGE_RISK](/docs/next/all-issue-types#untrusted_environment_change_risk)`
			`- [UNTRUSTED_FILE](/docs/next/all-issue-types#untrusted_file)`
			`- [UNTRUSTED_FILE_RISK](/docs/next/all-issue-types#untrusted_file_risk)`
			`- [UNTRUSTED_HEAP_ALLOCATION](/docs/next/all-issue-types#untrusted_heap_allocation)`
			`- [UNTRUSTED_INTENT_CREATION](/docs/next/all-issue-types#untrusted_intent_creation)`
			`- [UNTRUSTED_URL_RISK](/docs/next/all-issue-types#untrusted_url_risk)`
			`- [UNTRUSTED_VARIABLE_LENGTH_ARRAY](/docs/next/all-issue-types#untrusted_variable_length_array)`
			`- [USER_CONTROLLED_SQL_RISK](/docs/next/all-issue-types#user_controlled_sql_risk)`