365 Commits (59daa1f022395a6e0dcdf311ca07ac07f65e9b30)

Author SHA1 Message Date
Mehdi Bouaziz 9a4416f7d4 [quandary] String concatenation sanitizes class loading
6 years ago
Mehdi Bouaziz 174bdcd22b [quandary] Add class-loading sinks
6 years ago
Jules Villard 52bcce29b5 [access expressions] force clients to normalize when introducing `Dereference` and `AddressOf`
6 years ago
Mehdi Bouaziz 2d4e58f57f Mangled.this/is_this
6 years ago
Julian Sutherland 93690dfa0e Check that the end the traces of inferBO and quandary issues match before matching them to form an quandaryBO issue
6 years ago
Julian Sutherland 0e9d8380c2 filter issues correctly
6 years ago
Julian Sutherland 60784ad045 Updated QuandaryBO issue matching.
6 years ago
Julian Sutherland f6afe3a092 quandaryBO now filters out quandary and inferBO errors if they are not enabled.
6 years ago
Mehdi Bouaziz ddbb7e05d3 Reporting cleanup 22: log_error/warning -> use IssueType rather than exception
6 years ago
Julian Sutherland e715d48c12 QuandaryBO
6 years ago
Julian Sutherland 34b0a6165c Added new issues to differentiate tainted buffer accesses and heap allocations
6 years ago
Josh Berdine 40ab73037e [ocamlformat] upgrade to ocamlformat 0.7
6 years ago
Nikos Gorogiannis c2416defed Fix IntLit.to_int interface and uses.
6 years ago
Mehdi Bouaziz fc5c093d1e ProcCfg: do not include module Node
7 years ago
Jules Villard 8b882ac1df Change license to MIT
7 years ago
Sam Blackshear 370f5c80e6 [quandary] only treat overrides of service methods as endpoints
7 years ago
Mehdi Bouaziz 1898ef3a7a [Summary] Move payloads to a separate module
7 years ago
Sam Blackshear 85b8087f66 [quandary] de-prioritize command line flag sources
7 years ago
Sam Blackshear d70d23c5f3 [quandary] treat Fragments like other Context types
7 years ago
Jules Villard 3aa6fdf1ce [rename] specs -> summary, Summary -> SummaryPayload
7 years ago
Jules Villard dfe2ad5229 [camel] call `Format.pp_print_*` directly where appropriate
7 years ago
Sam Blackshear c99b634655 [quandary] print caller of unexpected operator= expression
7 years ago
Jules Villard 902de9d6e3 [sil] make return value and type mandatory
7 years ago
Sam Blackshear 6b8900746b [quandary] only treat overrides of service methods as endpoints
7 years ago
Jules Villard ce0ffaf877 [ocaml] detect and kill dead modules
7 years ago
Sam Blackshear 30d7239aff [quandary] SQL sinks for java
7 years ago
Sam Blackshear ffba5de70c [quandary] distinguish between SQL reads and writes
7 years ago
Sam Blackshear cbc793be16 [quandary] simplify source/sink matching
7 years ago
Sam Blackshear 1d792f0b48 [quandary] fix formatting of endpoint traces, again
7 years ago
Josh Berdine 16988b0a7a [ocamlformat] Upgrade to ocamlformat 0.5
7 years ago
Sam Blackshear 670ae4a673 [quandary] `WebResourceRequest.getUrl` as source
7 years ago
Sam Blackshear cfa2dd5f83 [quandary] pass call flags to sink creation
7 years ago
Mehdi Bouaziz 4aefa6f76b Debug: session name
7 years ago
Sam Blackshear 767606b98e [quandary] fix unintended markdown formatting in error messages
7 years ago
Sam Blackshear 33fe8879a5 [quandary] report flows originating from `UserControlledEndpoint` as `_RISK`
7 years ago
Sam Blackshear aabf8aec55 [quandary] use `_risk` warning types for endpoint sources in Java
7 years ago
Sam Blackshear 57a8c2f594 [quandary] don't taint dummy Thrift `_return` formals
7 years ago
Mehdi Bouaziz 2916c97e0a [easy] Java nits
7 years ago
Sam Blackshear b57aa90d7d [quandary] don't crash if JSON source/sink is invalid procedure name
7 years ago
Sam Blackshear d720eb52ba [quandary] check for subclassing in externally specified sources/sinks
7 years ago
Daiva Naudziuniene 4157ba820a [HIL] Implicit dereference in access expression
7 years ago
Josh Berdine 3534838b73 [ocamlformat] Upgrade to ocamlformat 0.4
7 years ago
Sam Blackshear 66d03869ab [quandary] don't treat private Java methods as endpoints
7 years ago
Daiva Naudziuniene 5ebc6562ee [HIL] AccessExpression on the left hand side of assignment
7 years ago
Daiva Naudziuniene 896e849bfc [HIL] Access expression
7 years ago
Sam Blackshear 1a75ec9cf8 [cleanup] Move ObjC/C++-specific Procname functions to dedicated module
7 years ago
Sam Blackshear 37ab9ec391 [quandary] ProcessBuilder as sink
7 years ago
Sam Blackshear ab77cfe803 [quandary] thrift services as sources in Java
7 years ago
Sam Blackshear 27172f7f8a [quandary] java shell exec as sink
7 years ago
Sam Blackshear f7c415f7ae [cleanup] restrict Java-specific utility functions to Typ.Procname.Java.t's
7 years ago
Sam Blackshear 04d2882a6b [cleanup] organize Java-specific functions on types
7 years ago
Sam Blackshear fb7556816f [quandary] report gflags to shell exec, but not file or url creation
7 years ago
Sam Blackshear f5e7a6e6d7 [quandary] print index(es) of tainted parameters at each call
7 years ago
Sam Blackshear 7f62154318 [quandary] separate sanitizers for different kinds of escaping
7 years ago
Sam Blackshear b06676f309 [quandary] only use gflag sources in developer mode
7 years ago
Josh Berdine 63439ecc02 [ocamlformat] Upgrade base and ocamlformat
7 years ago
Sam Blackshear 8732c7d7a1 [quandary] add curl_easy_setop with CURLOPT_POSTFIELDS as sink
7 years ago
Sam Blackshear 82a3b2649e [quandary] only warn on shell/sql injection from stringy gflag sources
7 years ago
Jeremy Dubreil 1f6d73269e [infer] simplify the API to report errors
7 years ago
Sam Blackshear 41129087e4 [quandary] only Intents created from Uris should be sources
7 years ago
Sam Blackshear 32675a7b02 [quandary] improve curl_easy_setopt sink
7 years ago
Sam Blackshear d3f4043bc0 [quandary] curl function for setting URL as sink
7 years ago
Sam Blackshear 7e8739de0a [quandary] more fine-grained issue types for Java
7 years ago
Sam Blackshear 432fa4913c [quandary] report all Intents constructed from URIs
7 years ago
Sam Blackshear 6abbe66ee6 [quandary] file creation as sink
7 years ago
Sam Blackshear 19824aa27b [quandary] don't taint this var of endpoints
7 years ago
Sam Blackshear 735b0b2ef7 [quandary] include source/sink caller in error message
7 years ago
Sam Blackshear 3c28e0308a [quandary] clean up source type in report
7 years ago
Sam Blackshear 087ff08b82 [quandary] eliminate spammy soft error for bad return summary
7 years ago
Sam Blackshear 164fa457e9 [quandary] treat any non-primitive endpoint formal as a source
7 years ago
Sam Blackshear 8665386b8a [quandary] report USER_CONTROLLED_SQL_RISK on flows from endpoint -> SQL
7 years ago
Sam Blackshear 97f3af15f3 [quandary] support multiple sanitizer kinds in C++
7 years ago
Sam Blackshear 2b0335f32b [quandary] track sanitizers applied in trace domain
7 years ago
Sam Blackshear faef207d62 [quandary] propagate taint across unary/binary operators
7 years ago
Sam Blackshear 7428f36fbd [quandary] turn off dynamic dispatch handling in Java
7 years ago
Sam Blackshear 758048078b [quandary] move sanitizer specifications from TaintSpec -> Trace
7 years ago
Sam Blackshear d392ed12a8 [quandary] remove detection of likely resource id's as sources
7 years ago
Sam Blackshear 890afe3094 [HIL] make it easier to customize-specialized abstract interpreter
7 years ago
Josh Berdine f62ab09e61 [ocamlformat] Upgrade ocamlformat to v0.2 from opam
7 years ago
Sam Blackshear 29fe7d1689 [quandary] thrift services as sources + remote code execution risk issue type
7 years ago
Sam Blackshear e2a75f2b46 [hil] always run liveness analysis before HIL lowering
7 years ago
Sam Blackshear 5e910929be [quandary] handle taint propagation in copying of structs/via derefs of pointers to structs
7 years ago
Sam Blackshear 67c45bed78 [quandary] fix invariant 1: "sink(s) with only non-footprint source" violations
7 years ago
Sam Blackshear 5f6d3a0d7f [quandary] new issue type for untrusted variable length array creation
7 years ago
Sam Blackshear 6ea6c74a5c [quandary] add new issue types for sql injection and shell injection
7 years ago
Sam Blackshear 2d29b47855 [traces] allow reported traces to return an issue type
7 years ago
Sam Blackshear d2433476a5 [quandary] fix heuristic for recognizing buffer access
7 years ago
Sam Blackshear c65569a868 [quandary] sanity checks for preventing oversized summaries
7 years ago
Sam Blackshear 12d73e67dc [quandary] don't create dummy global reads for Drawable IDs in C++
7 years ago
Josh Berdine f89e687efa [ocamlformat] Use ocamlformat from github
7 years ago
Sam Blackshear 3a89a7a84b [quandary] log soft errors instead of dying
7 years ago
Sam Blackshear 2d22b631c3 [quandary] track flow of `Drawable` resource id's to methods that inflate them
7 years ago
Mehdi Bouaziz 6c39c2ccd3 Fix pp_instr_list nontailrecursiveness
7 years ago
Sam Blackshear 983bcbbae7 [traces] add matches function for extra flexibility in expanding traces
7 years ago
Sam Blackshear 6533aa65c6 [quandary] deserialization as sink
7 years ago
Sam Blackshear 5ff6e2c786 [quandary] EditText.getText() as source
7 years ago
Sam Blackshear 14aef012f6 [quandary] allow specifying globals as sources
7 years ago
Sam Blackshear b2edf17b21 [quandary] better logging
7 years ago
Jules Villard 1c375a17ac [log] die more appropriately
7 years ago
Sam Blackshear 81fbcf7501 [access trie] make max depth configurable
7 years ago