Sam Blackshear
7f62154318
[quandary] separate sanitizers for different kinds of escaping
...
Summary: Previously we had a single sanitizer kind for escaping, but this isn't quite right. A function that escapes a URL doesn't necessarily make a string safe to execute in SQL, for example.
Reviewed By: the-st0rm
Differential Revision: D6656376
fbshipit-source-id: 572944e
7 years ago
Sam Blackshear
32675a7b02
[quandary] improve curl_easy_setopt sink
...
Reviewed By: jeremydubreil
Differential Revision: D6557133
fbshipit-source-id: 4df7b49
7 years ago
Sam Blackshear
d3f4043bc0
[quandary] curl function for setting URL as sink
...
Reviewed By: the-st0rm
Differential Revision: D6485858
fbshipit-source-id: fd38654
7 years ago
Sam Blackshear
6abbe66ee6
[quandary] file creation as sink
...
Reviewed By: jeremydubreil, mbouaziz
Differential Revision: D6486526
fbshipit-source-id: cad09f1
7 years ago
Sam Blackshear
19824aa27b
[quandary] don't taint this var of endpoints
...
Reviewed By: mbouaziz
Differential Revision: D6509322
fbshipit-source-id: e24357e
7 years ago
Sam Blackshear
164fa457e9
[quandary] treat any non-primitive endpoint formal as a source
...
Reviewed By: mbouaziz
Differential Revision: D6385271
fbshipit-source-id: 3360b04
7 years ago
Sam Blackshear
8665386b8a
[quandary] report USER_CONTROLLED_SQL_RISK on flows from endpoint -> SQL
...
Reviewed By: mbouaziz
Differential Revision: D6338997
fbshipit-source-id: 19c4380
7 years ago
Sam Blackshear
29fe7d1689
[quandary] thrift services as sources + remote code execution risk issue type
...
Differential Revision: D6177526
fbshipit-source-id: 245095e
7 years ago