You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
49 lines
2.7 KiB
49 lines
2.7 KiB
4 years ago
|
---
|
||
|
title: "Quandary"
|
||
|
description: "The Quandary taint analysis detects flows of values between sources and sinks, except if the value went through a \"sanitizer\". In addition to some defaults, users can specify their own sources, sinks, and sanitizers functions."
|
||
|
---
|
||
|
|
||
|
The Quandary taint analysis detects flows of values between sources and sinks, except if the value went through a "sanitizer". In addition to some defaults, users can specify their own sources, sinks, and sanitizers functions.
|
||
|
|
||
|
Activate with `--quandary`.
|
||
|
|
||
|
Supported languages:
|
||
|
- C/C++/ObjC: Yes
|
||
|
- Java: Yes
|
||
|
|
||
|
Quandary is a static taint analyzer that identifies a variety of unsafe
|
||
|
information flows. It has a small list of built-in
|
||
|
[sources](https://github.com/facebook/infer/blob/master/infer/src/quandary/JavaTrace.ml#L36)
|
||
|
and
|
||
|
[sinks](https://github.com/facebook/infer/blob/master/infer/src/quandary/JavaTrace.ml#L178),
|
||
|
and you can define custom sources and sinks in your `.inferconfig` file (see
|
||
|
example
|
||
|
[here](https://github.com/facebook/infer/blob/master/infer/tests/codetoanalyze/java/quandary/.inferconfig)).
|
||
|
|
||
|
|
||
|
## List of Issue Types
|
||
|
|
||
|
The following issue types are reported by this checker:
|
||
|
- [CREATE_INTENT_FROM_URI](/docs/all-issue-types#create_intent_from_uri)
|
||
|
- [CROSS_SITE_SCRIPTING](/docs/all-issue-types#cross_site_scripting)
|
||
|
- [EXPOSED_INSECURE_INTENT_HANDLING](/docs/all-issue-types#exposed_insecure_intent_handling)
|
||
|
- [INSECURE_INTENT_HANDLING](/docs/all-issue-types#insecure_intent_handling)
|
||
|
- [JAVASCRIPT_INJECTION](/docs/all-issue-types#javascript_injection)
|
||
|
- [LOGGING_PRIVATE_DATA](/docs/all-issue-types#logging_private_data)
|
||
|
- [QUANDARY_TAINT_ERROR](/docs/all-issue-types#quandary_taint_error)
|
||
|
- [SHELL_INJECTION](/docs/all-issue-types#shell_injection)
|
||
|
- [SHELL_INJECTION_RISK](/docs/all-issue-types#shell_injection_risk)
|
||
|
- [SQL_INJECTION](/docs/all-issue-types#sql_injection)
|
||
|
- [SQL_INJECTION_RISK](/docs/all-issue-types#sql_injection_risk)
|
||
|
- [UNTRUSTED_BUFFER_ACCESS](/docs/all-issue-types#untrusted_buffer_access)
|
||
|
- [UNTRUSTED_DESERIALIZATION](/docs/all-issue-types#untrusted_deserialization)
|
||
|
- [UNTRUSTED_DESERIALIZATION_RISK](/docs/all-issue-types#untrusted_deserialization_risk)
|
||
|
- [UNTRUSTED_ENVIRONMENT_CHANGE_RISK](/docs/all-issue-types#untrusted_environment_change_risk)
|
||
|
- [UNTRUSTED_FILE](/docs/all-issue-types#untrusted_file)
|
||
|
- [UNTRUSTED_FILE_RISK](/docs/all-issue-types#untrusted_file_risk)
|
||
|
- [UNTRUSTED_HEAP_ALLOCATION](/docs/all-issue-types#untrusted_heap_allocation)
|
||
|
- [UNTRUSTED_INTENT_CREATION](/docs/all-issue-types#untrusted_intent_creation)
|
||
|
- [UNTRUSTED_URL_RISK](/docs/all-issue-types#untrusted_url_risk)
|
||
|
- [UNTRUSTED_VARIABLE_LENGTH_ARRAY](/docs/all-issue-types#untrusted_variable_length_array)
|
||
|
- [USER_CONTROLLED_SQL_RISK](/docs/all-issue-types#user_controlled_sql_risk)
|