58 Commits (316da148573a83d9903355b1bce40165449f09bd)

Author SHA1 Message Date
Sam Blackshear 85b8087f66 [quandary] de-prioritize command line flag sources
7 years ago
Sam Blackshear d718275402 [quandary] fix test expected output
7 years ago
Sam Blackshear 6b8900746b [quandary] only treat overrides of service methods as endpoints
7 years ago
Sam Blackshear ffba5de70c [quandary] distinguish between SQL reads and writes
7 years ago
Sam Blackshear 33fe8879a5 [quandary] report flows originating from `UserControlledEndpoint` as `_RISK`
7 years ago
Sam Blackshear 6d46b0c7be [cleanup] stop printing `&`'s on `Var.t`'s
7 years ago
Jeremy Dubreil d74f189dfe [infer] add the report kind to the list of expected output
7 years ago
Sam Blackshear f5e7a6e6d7 [quandary] print index(es) of tainted parameters at each call
7 years ago
Sam Blackshear 7f62154318 [quandary] separate sanitizers for different kinds of escaping
7 years ago
Sam Blackshear 82a3b2649e [quandary] only warn on shell/sql injection from stringy gflag sources
7 years ago
Sam Blackshear 32675a7b02 [quandary] improve curl_easy_setopt sink
7 years ago
Sam Blackshear d3f4043bc0 [quandary] curl function for setting URL as sink
7 years ago
Sam Blackshear 6abbe66ee6 [quandary] file creation as sink
7 years ago
Sam Blackshear 164fa457e9 [quandary] treat any non-primitive endpoint formal as a source
7 years ago
Sam Blackshear 8665386b8a [quandary] report USER_CONTROLLED_SQL_RISK on flows from endpoint -> SQL
7 years ago
Sam Blackshear 97f3af15f3 [quandary] support multiple sanitizer kinds in C++
7 years ago
Sam Blackshear faef207d62 [quandary] propagate taint across unary/binary operators
7 years ago
Sam Blackshear 29fe7d1689 [quandary] thrift services as sources + remote code execution risk issue type
7 years ago
Sam Blackshear 5e910929be [quandary] handle taint propagation in copying of structs/via derefs of pointers to structs
7 years ago
Sam Blackshear 67c45bed78 [quandary] fix invariant 1: "sink(s) with only non-footprint source" violations
7 years ago
Sam Blackshear 5f6d3a0d7f [quandary] new issue type for untrusted variable length array creation
7 years ago
Sam Blackshear 6ea6c74a5c [quandary] add new issue types for sql injection and shell injection
7 years ago
Jules Villard c6812df1eb fix infinitely-expanding types in the backend
7 years ago
Sam Blackshear 14aef012f6 [quandary] allow specifying globals as sources
7 years ago
Sam Blackshear 5d578cf196 [quandary] make it possible to report taint errors on footprint sources again
7 years ago
Sam Blackshear f821d8948f [quandary] add memcpy, memset, and similar as sinks
7 years ago
Sam Blackshear 94ceebfef8 [quandary] represent footprint as unified set of access path rather than conjunction of special sources
7 years ago
Sam Blackshear 2876f50703 [quandary] popen as sink
7 years ago
Sam Blackshear 7be5df384e [quandary] stack allocation of array as sink
7 years ago
Sam Blackshear ccdf15a1ca [quandary] vector and array access as sink
7 years ago
Jia Chen 3bacba762a Whitelist the constructors+conversion operators+destructors for classes listed on whitelisted_cpp_classes
7 years ago
Sam Blackshear 5a420f7aee [quandary] only report code injection via endpoints on strings
8 years ago
Sam Blackshear 4fe9110ad3 [quandary] SQL sinks
8 years ago
Sam Blackshear 3135560283 [quandary] move trace expansion logic into Quandary
8 years ago
Sam Blackshear 38d3946c71 [quandary] support for basic return value sanitizers
8 years ago
Sam Blackshear 54f1122bc0 [quandary] allowing specification of C++ endpoints
8 years ago
Sam Blackshear 45aaa4da93 [quandary] gflag globals as source
8 years ago
Sam Blackshear abc5642c83 [quandary] tests for string functionality
8 years ago
Sam Blackshear d5f4784e61 [quandary] add more exec sinks
8 years ago
Sam Blackshear 9910391144 [quandary] improved handling of unknown code in C++
8 years ago
Sam Blackshear 4e97d1e991 [quandary] add support for C++ parameter passing modes that differ from Java
8 years ago
Sam Blackshear 30b3075d11 [quandary] allow specification of parameter sources via JSON
8 years ago
Sam Blackshear 6c8f3fe618 [quandary] allocation as a sink
8 years ago
Sam Blackshear 6af6ef35ec [quandary] support sources that taint a pointer arg or arg passed by ref rather than the return value
8 years ago
Sam Blackshear 28bc279cdc [quandary] tests for passthroughs
8 years ago
Sam Blackshear a0377fe8c9 [quandary] treat call to unknown operator= as assignment
8 years ago
Sam Blackshear 9dc7e3d66f [quandary] handle return value passed by reference in sources
8 years ago
Sam Blackshear a02b37a03c [quandary] allow custom sources/sinks in C++
8 years ago
Andrzej Kotulski 2810740377 [tests] Make project root infer/test/ for clang tests
8 years ago
Sam Blackshear adacee51e2 [quandary] switch to --issues-tests printing
8 years ago