infer_clone

Commit Graph

Author	SHA1	Message	Date
Sam Blackshear	6b8900746b	[quandary] only treat overrides of service methods as endpoints Reviewed By: jeremydubreil Differential Revision: D7813903 fbshipit-source-id: 7d77f6a	7 years ago
Sam Blackshear	ffba5de70c	[quandary] distinguish between SQL reads and writes Reviewed By: mbouaziz Differential Revision: D7781377 fbshipit-source-id: 9c76e4d	7 years ago
Sam Blackshear	57a8c2f594	[quandary] don't taint dummy Thrift `_return` formals Summary: In C++, Thrift implements return values using these. They shouldn't be tainted. Reviewed By: mbouaziz Differential Revision: D7362176 fbshipit-source-id: af8e515	7 years ago
Sam Blackshear	fb7556816f	[quandary] report gflags to shell exec, but not file or url creation Reviewed By: mbouaziz Differential Revision: D6716776 fbshipit-source-id: 942f716	7 years ago
Sam Blackshear	7f62154318	[quandary] separate sanitizers for different kinds of escaping Summary: Previously we had a single sanitizer kind for escaping, but this isn't quite right. A function that escapes a URL doesn't necessarily make a string safe to execute in SQL, for example. Reviewed By: the-st0rm Differential Revision: D6656376 fbshipit-source-id: 572944e	7 years ago
Sam Blackshear	32675a7b02	[quandary] improve curl_easy_setopt sink Reviewed By: jeremydubreil Differential Revision: D6557133 fbshipit-source-id: 4df7b49	7 years ago
Sam Blackshear	d3f4043bc0	[quandary] curl function for setting URL as sink Reviewed By: the-st0rm Differential Revision: D6485858 fbshipit-source-id: fd38654	7 years ago
Sam Blackshear	6abbe66ee6	[quandary] file creation as sink Reviewed By: jeremydubreil, mbouaziz Differential Revision: D6486526 fbshipit-source-id: cad09f1	7 years ago
Sam Blackshear	19824aa27b	[quandary] don't taint this var of endpoints Reviewed By: mbouaziz Differential Revision: D6509322 fbshipit-source-id: e24357e	7 years ago
Sam Blackshear	164fa457e9	[quandary] treat any non-primitive endpoint formal as a source Reviewed By: mbouaziz Differential Revision: D6385271 fbshipit-source-id: 3360b04	7 years ago
Sam Blackshear	8665386b8a	[quandary] report USER_CONTROLLED_SQL_RISK on flows from endpoint -> SQL Reviewed By: mbouaziz Differential Revision: D6338997 fbshipit-source-id: 19c4380	7 years ago
Sam Blackshear	29fe7d1689	[quandary] thrift services as sources + remote code execution risk issue type Differential Revision: D6177526 fbshipit-source-id: 245095e	7 years ago

12 Commits (057efb2893be3462ddb4fd01137674c51ccb4525)