15 Commits (01755ef48ef3df6ef53e728f539e1eda9551d909)

Author SHA1 Message Date
Sam Blackshear ffba5de70c [quandary] distinguish between SQL reads and writes
7 years ago
Sam Blackshear 7f62154318 [quandary] separate sanitizers for different kinds of escaping
7 years ago
Sam Blackshear 8665386b8a [quandary] report USER_CONTROLLED_SQL_RISK on flows from endpoint -> SQL
7 years ago
Sam Blackshear 97f3af15f3 [quandary] support multiple sanitizer kinds in C++
7 years ago
Sam Blackshear 29fe7d1689 [quandary] thrift services as sources + remote code execution risk issue type
7 years ago
Jules Villard d2b4f3c8da [config] add option to force deletion of results dir
7 years ago
Sam Blackshear 5a420f7aee [quandary] only report code injection via endpoints on strings
8 years ago
Sam Blackshear 4fe9110ad3 [quandary] SQL sinks
8 years ago
Sam Blackshear 38d3946c71 [quandary] support for basic return value sanitizers
8 years ago
Sam Blackshear 54f1122bc0 [quandary] allowing specification of C++ endpoints
8 years ago
Sam Blackshear 30b3075d11 [quandary] allow specification of parameter sources via JSON
8 years ago
Sam Blackshear 6c8f3fe618 [quandary] allocation as a sink
8 years ago
Sam Blackshear a0377fe8c9 [quandary] treat call to unknown operator= as assignment
8 years ago
Sam Blackshear 9dc7e3d66f [quandary] handle return value passed by reference in sources
8 years ago
Sam Blackshear a02b37a03c [quandary] allow custom sources/sinks in C++
8 years ago