pghs975uc
/
infer_clone
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'a49b094e0c'
${ noResults }
infer_clone/website/docs/checker-quandary.md

49 lines
2.6 KiB
Raw Normal View History Unescape

[website] make doc-publish Summary: New website! Now with one page per checker, and only one page containing all issue types for easy tooling. Each checker page also lists the issue types it can report. For now only issue types with documentation appear in either page, filling these up is still TODO. Reviewed By: mityal Differential Revision: D21934465 fbshipit-source-id: 82ae1e417
5 years ago
---
title: "Quandary"
description: "The Quandary taint analysis detects flows of values between sources and sinks, except if the value went through a \"sanitizer\". In addition to some defaults, users can specify their own sources, sinks, and sanitizers functions."
---
The Quandary taint analysis detects flows of values between sources and sinks, except if the value went through a "sanitizer". In addition to some defaults, users can specify their own sources, sinks, and sanitizers functions.
Activate with `--quandary`.
Supported languages:
- C/C++/ObjC: Yes
- Java: Yes
Quandary is a static taint analyzer that identifies a variety of unsafe
information flows. It has a small list of built-in
[sources](https://github.com/facebook/infer/blob/master/infer/src/quandary/JavaTrace.ml#L36)
and
[sinks](https://github.com/facebook/infer/blob/master/infer/src/quandary/JavaTrace.ml#L178),
and you can define custom sources and sinks in your `.inferconfig` file (see
example
[here](https://github.com/facebook/infer/blob/master/infer/tests/codetoanalyze/java/quandary/.inferconfig)).
## List of Issue Types
The following issue types are reported by this checker:
make doc-publish Summary: Needed to remove user_documentation for the new CONFIG_CHECK_BETWEEN_MARKERS issue type otherwise it violated the invariant that the corresponding checker should be documented too but its development has just started. Reviewed By: skcho Differential Revision: D22065820 fbshipit-source-id: 4b3a58850
5 years ago
- [CREATE_INTENT_FROM_URI](all-issue-types#create_intent_from_uri)
- [CROSS_SITE_SCRIPTING](all-issue-types#cross_site_scripting)
- [EXPOSED_INSECURE_INTENT_HANDLING](all-issue-types#exposed_insecure_intent_handling)
- [INSECURE_INTENT_HANDLING](all-issue-types#insecure_intent_handling)
- [JAVASCRIPT_INJECTION](all-issue-types#javascript_injection)
- [LOGGING_PRIVATE_DATA](all-issue-types#logging_private_data)
- [QUANDARY_TAINT_ERROR](all-issue-types#quandary_taint_error)
- [SHELL_INJECTION](all-issue-types#shell_injection)
- [SHELL_INJECTION_RISK](all-issue-types#shell_injection_risk)
- [SQL_INJECTION](all-issue-types#sql_injection)
- [SQL_INJECTION_RISK](all-issue-types#sql_injection_risk)
- [UNTRUSTED_BUFFER_ACCESS](all-issue-types#untrusted_buffer_access)
- [UNTRUSTED_DESERIALIZATION](all-issue-types#untrusted_deserialization)
- [UNTRUSTED_DESERIALIZATION_RISK](all-issue-types#untrusted_deserialization_risk)
- [UNTRUSTED_ENVIRONMENT_CHANGE_RISK](all-issue-types#untrusted_environment_change_risk)
- [UNTRUSTED_FILE](all-issue-types#untrusted_file)
- [UNTRUSTED_FILE_RISK](all-issue-types#untrusted_file_risk)
- [UNTRUSTED_HEAP_ALLOCATION](all-issue-types#untrusted_heap_allocation)
- [UNTRUSTED_INTENT_CREATION](all-issue-types#untrusted_intent_creation)
- [UNTRUSTED_URL_RISK](all-issue-types#untrusted_url_risk)
- [UNTRUSTED_VARIABLE_LENGTH_ARRAY](all-issue-types#untrusted_variable_length_array)
- [USER_CONTROLLED_SQL_RISK](all-issue-types#user_controlled_sql_risk)