infer_clone

Commit Graph

Author	SHA1	Message	Date
Mehdi Bouaziz	7c89d92851	[RFC] Format all java files Reviewed By: jeremydubreil Differential Revision: D10067033 fbshipit-source-id: 73975664e	6 years ago
Jules Villard	8b882ac1df	Change license to MIT Summary: Change the license of the source code from BSD + PATENTS to MIT. Change `checkCopyright` to reflect the new license and learn some new file types. Generated with: ``` git grep BSD \| xargs -n 1 ./scripts/checkCopyright -i ``` Reviewed By: jeremydubreil, mbouaziz, jberdine Differential Revision: D8071249 fbshipit-source-id: 97ca23a	7 years ago
Sam Blackshear	b57aa90d7d	[quandary] don't crash if JSON source/sink is invalid procedure name Summary: At the moment, Java and Clang sources/sinks live in the same inferconfig entry. If we try to parse a Java procedure that happens to be an invalid Clang qualified name (e.g., `MyClass.<init>`), parsing will crash. As a temporary fix, throw an exception and catch it instead. In the future, we can avoid this by requiring that JSON source/sink specifications to indicate the language. Reviewed By: mbouaziz Differential Revision: D7291880 fbshipit-source-id: f8f4502	7 years ago
Sam Blackshear	4952f1ea3b	[quandary] tests documenting limitations of sanitizers Reviewed By: mbouaziz Differential Revision: D7257570 fbshipit-source-id: 5f97e31	7 years ago
Sam Blackshear	d720eb52ba	[quandary] check for subclassing in externally specified sources/sinks Reviewed By: jeremydubreil Differential Revision: D7221876 fbshipit-source-id: 682900e	7 years ago
Sam Blackshear	3b56b93ae5	[quandary] apply summary for sinks Summary: A function can both be a sink and propagate source info, but we currently ignore the summary for any function that is also a sink. This will cause us to under-report for (e.g.) `src1 = source(); src2 = strcpy(dest, src1); exec(src2)`. This is both a potential buffer overflow and a potential shell injection, but we won't report the second issue. Reviewed By: jberdine Differential Revision: D5676167 fbshipit-source-id: 232ab2f	7 years ago
Sam Blackshear	9c99c38b22	[quandary] handle procedures that have name conflict with sinks, but different number of args Summary: When a sink name is specified in `.inferconfig` or in OCaml, it might conflict with a function of the same name that has a different number of args. We shouldn't try to create a sink in this case, and we definitely shouldn't crash. Reviewed By: jeremydubreil Differential Revision: D5561216 fbshipit-source-id: fa1859b	7 years ago
Sam Blackshear	38d3946c71	[quandary] support for basic return value sanitizers Summary: For now, we just support clearing the taint on a return value. Ideally, we would associate a kind with the sanitizer and only clear taint that matches that kind. However, it's fairly complicated to make that work properly with footprint sources. I have some ideas about how to do it with passthroughs instead, but let's just do the simple thing for now. Reviewed By: jeremydubreil Differential Revision: D5141906 fbshipit-source-id: a5b8b5e	8 years ago
Sam Blackshear	f372b6cb2f	[quandary] allow sinks to be specified in inferconfig Reviewed By: jberdine Differential Revision: D4464461 fbshipit-source-id: 1b0359d	8 years ago
Sam Blackshear	5bddb1e548	[quandary] allow sources to be specified in inferconfig Reviewed By: jberdine Differential Revision: D4448458 fbshipit-source-id: 5aa30c5	8 years ago

10 Commits (119d727d21c494d17fd141ef6d6588947359c88f)