80 Commits (15b77c6a55c1415858f59477195c394fdd98620f)

Author SHA1 Message Date
Sam Blackshear 85b8087f66 [quandary] de-prioritize command line flag sources
7 years ago
Sam Blackshear d718275402 [quandary] fix test expected output
7 years ago
Sam Blackshear 6b8900746b [quandary] only treat overrides of service methods as endpoints
7 years ago
Sam Blackshear ffba5de70c [quandary] distinguish between SQL reads and writes
7 years ago
Sam Blackshear 33fe8879a5 [quandary] report flows originating from `UserControlledEndpoint` as `_RISK`
7 years ago
Sam Blackshear 57a8c2f594 [quandary] don't taint dummy Thrift `_return` formals
7 years ago
Sam Blackshear 6d46b0c7be [cleanup] stop printing `&`'s on `Var.t`'s
7 years ago
Jeremy Dubreil d74f189dfe [infer] add the report kind to the list of expected output
7 years ago
Sam Blackshear fb7556816f [quandary] report gflags to shell exec, but not file or url creation
7 years ago
Sam Blackshear f5e7a6e6d7 [quandary] print index(es) of tainted parameters at each call
7 years ago
Sam Blackshear 7f62154318 [quandary] separate sanitizers for different kinds of escaping
7 years ago
Sam Blackshear 82a3b2649e [quandary] only warn on shell/sql injection from stringy gflag sources
7 years ago
Sam Blackshear 32675a7b02 [quandary] improve curl_easy_setopt sink
7 years ago
Sam Blackshear d3f4043bc0 [quandary] curl function for setting URL as sink
7 years ago
Sam Blackshear 6abbe66ee6 [quandary] file creation as sink
7 years ago
Sam Blackshear 19824aa27b [quandary] don't taint this var of endpoints
7 years ago
Sam Blackshear 087ff08b82 [quandary] eliminate spammy soft error for bad return summary
7 years ago
Sam Blackshear 164fa457e9 [quandary] treat any non-primitive endpoint formal as a source
7 years ago
Sam Blackshear 8665386b8a [quandary] report USER_CONTROLLED_SQL_RISK on flows from endpoint -> SQL
7 years ago
Sam Blackshear 97f3af15f3 [quandary] support multiple sanitizer kinds in C++
7 years ago
Sam Blackshear faef207d62 [quandary] propagate taint across unary/binary operators
7 years ago
Sam Blackshear 29fe7d1689 [quandary] thrift services as sources + remote code execution risk issue type
7 years ago
Sam Blackshear 5e910929be [quandary] handle taint propagation in copying of structs/via derefs of pointers to structs
7 years ago
Sam Blackshear 67c45bed78 [quandary] fix invariant 1: "sink(s) with only non-footprint source" violations
7 years ago
Sam Blackshear 5f6d3a0d7f [quandary] new issue type for untrusted variable length array creation
7 years ago
Sam Blackshear 6ea6c74a5c [quandary] add new issue types for sql injection and shell injection
7 years ago
Sam Blackshear d2433476a5 [quandary] fix heuristic for recognizing buffer access
7 years ago
Jules Villard b95f29c8d1 various minor improvements
7 years ago
Jules Villard d2b4f3c8da [config] add option to force deletion of results dir
7 years ago
Jules Villard 72b1ac4b5a Turn off --keep-going by default
7 years ago
Jules Villard c6812df1eb fix infinitely-expanding types in the backend
7 years ago
Sam Blackshear 14aef012f6 [quandary] allow specifying globals as sources
7 years ago
Sam Blackshear 5d578cf196 [quandary] make it possible to report taint errors on footprint sources again
7 years ago
Sam Blackshear f821d8948f [quandary] add memcpy, memset, and similar as sinks
7 years ago
Sam Blackshear 94ceebfef8 [quandary] represent footprint as unified set of access path rather than conjunction of special sources
7 years ago
Sam Blackshear 3e6e76a2b2 [quandary] fix widening bug
7 years ago
Sam Blackshear 2876f50703 [quandary] popen as sink
7 years ago
Sam Blackshear f738a7186a [quandary] fix assertion failure due to unexpected operator=
7 years ago
Sam Blackshear 7be5df384e [quandary] stack allocation of array as sink
7 years ago
Sam Blackshear ccdf15a1ca [quandary] vector and array access as sink
7 years ago
Jeremy Dubreil bf11a27158 [infer] merge --failures-allowed and --keep-going
7 years ago
Sam Blackshear 73f3eee9cd [checkers] use liveness analysis to create dead store checker
7 years ago
Jia Chen 3bacba762a Whitelist the constructors+conversion operators+destructors for classes listed on whitelisted_cpp_classes
7 years ago
Sam Blackshear 5a420f7aee [quandary] only report code injection via endpoints on strings
8 years ago
Sam Blackshear 4fe9110ad3 [quandary] SQL sinks
8 years ago
Sam Blackshear 3135560283 [quandary] move trace expansion logic into Quandary
8 years ago
Sam Blackshear 4ef487928c [quandary] make passthroughs optional
8 years ago
Sam Blackshear 38d3946c71 [quandary] support for basic return value sanitizers
8 years ago
Sam Blackshear 54f1122bc0 [quandary] allowing specification of C++ endpoints
8 years ago
Sam Blackshear 45aaa4da93 [quandary] gflag globals as source
8 years ago