72 Commits (4545f36875cca2383bede4cc197087b8986afeea)

Author SHA1 Message Date
Sam Blackshear fb7556816f [quandary] report gflags to shell exec, but not file or url creation
7 years ago
Sam Blackshear f5e7a6e6d7 [quandary] print index(es) of tainted parameters at each call
7 years ago
Sam Blackshear 7f62154318 [quandary] separate sanitizers for different kinds of escaping
7 years ago
Sam Blackshear 82a3b2649e [quandary] only warn on shell/sql injection from stringy gflag sources
7 years ago
Sam Blackshear 32675a7b02 [quandary] improve curl_easy_setopt sink
7 years ago
Sam Blackshear d3f4043bc0 [quandary] curl function for setting URL as sink
7 years ago
Sam Blackshear 6abbe66ee6 [quandary] file creation as sink
7 years ago
Sam Blackshear 19824aa27b [quandary] don't taint this var of endpoints
7 years ago
Sam Blackshear 087ff08b82 [quandary] eliminate spammy soft error for bad return summary
7 years ago
Sam Blackshear 164fa457e9 [quandary] treat any non-primitive endpoint formal as a source
7 years ago
Sam Blackshear 8665386b8a [quandary] report USER_CONTROLLED_SQL_RISK on flows from endpoint -> SQL
7 years ago
Sam Blackshear 97f3af15f3 [quandary] support multiple sanitizer kinds in C++
7 years ago
Sam Blackshear faef207d62 [quandary] propagate taint across unary/binary operators
7 years ago
Sam Blackshear 29fe7d1689 [quandary] thrift services as sources + remote code execution risk issue type
7 years ago
Sam Blackshear 5e910929be [quandary] handle taint propagation in copying of structs/via derefs of pointers to structs
7 years ago
Sam Blackshear 67c45bed78 [quandary] fix invariant 1: "sink(s) with only non-footprint source" violations
7 years ago
Sam Blackshear 5f6d3a0d7f [quandary] new issue type for untrusted variable length array creation
7 years ago
Sam Blackshear 6ea6c74a5c [quandary] add new issue types for sql injection and shell injection
7 years ago
Sam Blackshear d2433476a5 [quandary] fix heuristic for recognizing buffer access
7 years ago
Jules Villard b95f29c8d1 various minor improvements
7 years ago
Jules Villard d2b4f3c8da [config] add option to force deletion of results dir
7 years ago
Jules Villard 72b1ac4b5a Turn off --keep-going by default
7 years ago
Jules Villard c6812df1eb fix infinitely-expanding types in the backend
7 years ago
Sam Blackshear 14aef012f6 [quandary] allow specifying globals as sources
7 years ago
Sam Blackshear 5d578cf196 [quandary] make it possible to report taint errors on footprint sources again
7 years ago
Sam Blackshear f821d8948f [quandary] add memcpy, memset, and similar as sinks
7 years ago
Sam Blackshear 94ceebfef8 [quandary] represent footprint as unified set of access path rather than conjunction of special sources
7 years ago
Sam Blackshear 3e6e76a2b2 [quandary] fix widening bug
7 years ago
Sam Blackshear 2876f50703 [quandary] popen as sink
7 years ago
Sam Blackshear f738a7186a [quandary] fix assertion failure due to unexpected operator=
7 years ago
Sam Blackshear 7be5df384e [quandary] stack allocation of array as sink
7 years ago
Sam Blackshear ccdf15a1ca [quandary] vector and array access as sink
7 years ago
Jeremy Dubreil bf11a27158 [infer] merge --failures-allowed and --keep-going
7 years ago
Sam Blackshear 73f3eee9cd [checkers] use liveness analysis to create dead store checker
7 years ago
Jia Chen 3bacba762a Whitelist the constructors+conversion operators+destructors for classes listed on whitelisted_cpp_classes
7 years ago
Sam Blackshear 5a420f7aee [quandary] only report code injection via endpoints on strings
8 years ago
Sam Blackshear 4fe9110ad3 [quandary] SQL sinks
8 years ago
Sam Blackshear 3135560283 [quandary] move trace expansion logic into Quandary
8 years ago
Sam Blackshear 4ef487928c [quandary] make passthroughs optional
8 years ago
Sam Blackshear 38d3946c71 [quandary] support for basic return value sanitizers
8 years ago
Sam Blackshear 54f1122bc0 [quandary] allowing specification of C++ endpoints
8 years ago
Sam Blackshear 45aaa4da93 [quandary] gflag globals as source
8 years ago
Sam Blackshear abc5642c83 [quandary] tests for string functionality
8 years ago
Sam Blackshear d5f4784e61 [quandary] add more exec sinks
8 years ago
Sam Blackshear 9910391144 [quandary] improved handling of unknown code in C++
8 years ago
Sam Blackshear b7afa4727d [hil] fix crash when translating C code that indexes string literals like arrays or does pointer arithmetic
8 years ago
Sam Blackshear 4e97d1e991 [quandary] add support for C++ parameter passing modes that differ from Java
8 years ago
Sam Blackshear 30b3075d11 [quandary] allow specification of parameter sources via JSON
8 years ago
Sam Blackshear 6c8f3fe618 [quandary] allocation as a sink
8 years ago
Jeremy Dubreil 7e12885f98 [infer][checkers] remove the quandary analyzer option and rely on the --quandary flag only
8 years ago