365 Commits (59daa1f022395a6e0dcdf311ca07ac07f65e9b30)

Author SHA1 Message Date
Sam Blackshear 04d2882a6b [cleanup] organize Java-specific functions on types
7 years ago
Sam Blackshear fb7556816f [quandary] report gflags to shell exec, but not file or url creation
7 years ago
Sam Blackshear f5e7a6e6d7 [quandary] print index(es) of tainted parameters at each call
7 years ago
Sam Blackshear 7f62154318 [quandary] separate sanitizers for different kinds of escaping
7 years ago
Sam Blackshear b06676f309 [quandary] only use gflag sources in developer mode
7 years ago
Josh Berdine 63439ecc02 [ocamlformat] Upgrade base and ocamlformat
7 years ago
Sam Blackshear 8732c7d7a1 [quandary] add curl_easy_setop with CURLOPT_POSTFIELDS as sink
7 years ago
Sam Blackshear 82a3b2649e [quandary] only warn on shell/sql injection from stringy gflag sources
7 years ago
Jeremy Dubreil 1f6d73269e [infer] simplify the API to report errors
7 years ago
Sam Blackshear 41129087e4 [quandary] only Intents created from Uris should be sources
7 years ago
Sam Blackshear 32675a7b02 [quandary] improve curl_easy_setopt sink
7 years ago
Sam Blackshear d3f4043bc0 [quandary] curl function for setting URL as sink
7 years ago
Sam Blackshear 7e8739de0a [quandary] more fine-grained issue types for Java
7 years ago
Sam Blackshear 432fa4913c [quandary] report all Intents constructed from URIs
7 years ago
Sam Blackshear 6abbe66ee6 [quandary] file creation as sink
7 years ago
Sam Blackshear 19824aa27b [quandary] don't taint this var of endpoints
7 years ago
Sam Blackshear 735b0b2ef7 [quandary] include source/sink caller in error message
7 years ago
Sam Blackshear 3c28e0308a [quandary] clean up source type in report
7 years ago
Sam Blackshear 087ff08b82 [quandary] eliminate spammy soft error for bad return summary
7 years ago
Sam Blackshear 164fa457e9 [quandary] treat any non-primitive endpoint formal as a source
7 years ago
Sam Blackshear 8665386b8a [quandary] report USER_CONTROLLED_SQL_RISK on flows from endpoint -> SQL
7 years ago
Sam Blackshear 97f3af15f3 [quandary] support multiple sanitizer kinds in C++
7 years ago
Sam Blackshear 2b0335f32b [quandary] track sanitizers applied in trace domain
7 years ago
Sam Blackshear faef207d62 [quandary] propagate taint across unary/binary operators
7 years ago
Sam Blackshear 7428f36fbd [quandary] turn off dynamic dispatch handling in Java
7 years ago
Sam Blackshear 758048078b [quandary] move sanitizer specifications from TaintSpec -> Trace
7 years ago
Sam Blackshear d392ed12a8 [quandary] remove detection of likely resource id's as sources
7 years ago
Sam Blackshear 890afe3094 [HIL] make it easier to customize-specialized abstract interpreter
7 years ago
Josh Berdine f62ab09e61 [ocamlformat] Upgrade ocamlformat to v0.2 from opam
7 years ago
Sam Blackshear 29fe7d1689 [quandary] thrift services as sources + remote code execution risk issue type
7 years ago
Sam Blackshear e2a75f2b46 [hil] always run liveness analysis before HIL lowering
7 years ago
Sam Blackshear 5e910929be [quandary] handle taint propagation in copying of structs/via derefs of pointers to structs
7 years ago
Sam Blackshear 67c45bed78 [quandary] fix invariant 1: "sink(s) with only non-footprint source" violations
7 years ago
Sam Blackshear 5f6d3a0d7f [quandary] new issue type for untrusted variable length array creation
7 years ago
Sam Blackshear 6ea6c74a5c [quandary] add new issue types for sql injection and shell injection
7 years ago
Sam Blackshear 2d29b47855 [traces] allow reported traces to return an issue type
7 years ago
Sam Blackshear d2433476a5 [quandary] fix heuristic for recognizing buffer access
7 years ago
Sam Blackshear c65569a868 [quandary] sanity checks for preventing oversized summaries
7 years ago
Sam Blackshear 12d73e67dc [quandary] don't create dummy global reads for Drawable IDs in C++
7 years ago
Josh Berdine f89e687efa [ocamlformat] Use ocamlformat from github
7 years ago
Sam Blackshear 3a89a7a84b [quandary] log soft errors instead of dying
7 years ago
Sam Blackshear 2d22b631c3 [quandary] track flow of `Drawable` resource id's to methods that inflate them
7 years ago
Mehdi Bouaziz 6c39c2ccd3 Fix pp_instr_list nontailrecursiveness
7 years ago
Sam Blackshear 983bcbbae7 [traces] add matches function for extra flexibility in expanding traces
7 years ago
Sam Blackshear 6533aa65c6 [quandary] deserialization as sink
7 years ago
Sam Blackshear 5ff6e2c786 [quandary] EditText.getText() as source
7 years ago
Sam Blackshear 14aef012f6 [quandary] allow specifying globals as sources
7 years ago
Sam Blackshear b2edf17b21 [quandary] better logging
7 years ago
Jules Villard 1c375a17ac [log] die more appropriately
7 years ago
Sam Blackshear 81fbcf7501 [access trie] make max depth configurable
7 years ago
Sam Blackshear b15e4846c3 [quandary] only enable expensive buffer/allocation sinks in developer mode
7 years ago
Sam Blackshear 5d578cf196 [quandary] make it possible to report taint errors on footprint sources again
7 years ago
Sam Blackshear f821d8948f [quandary] add memcpy, memset, and similar as sinks
7 years ago
Sam Blackshear 3b56b93ae5 [quandary] apply summary for sinks
7 years ago
Sam Blackshear fc828640ea [quandary] remove concept of a footprint source
7 years ago
Sam Blackshear 94ceebfef8 [quandary] represent footprint as unified set of access path rather than conjunction of special sources
7 years ago
Sam Blackshear 2876f50703 [quandary] popen as sink
7 years ago
Jules Villard 69299ba675 [filtering] improve issue type filtering CLI
7 years ago
Sam Blackshear f738a7186a [quandary] fix assertion failure due to unexpected operator=
7 years ago
Sam Blackshear 7be5df384e [quandary] stack allocation of array as sink
7 years ago
Sam Blackshear ccdf15a1ca [quandary] vector and array access as sink
7 years ago
Sam Blackshear 9c99c38b22 [quandary] handle procedures that have name conflict with sinks, but different number of args
7 years ago
Sam Blackshear 91d518979b [quandary] log internal error when taint sink index doesn't match
7 years ago
Sam Blackshear 6d001ee566 [access paths] optional index expression for arrays
7 years ago
Sam Blackshear b61a68e859 [quandary] HTML creation as a sink
7 years ago
Sam Blackshear f83284ad7c [access paths] make raw access paths the default, move abstraction into AccessPath.Abs module
7 years ago
Sam Blackshear c2acc670ef [cleanup] remove unused param from supertype_find_map_opt
7 years ago
Sam Blackshear ecf9c1b402 [quandary] expose actuals to Source.get
7 years ago
Josh Berdine bab3d81cb0 Convert Reason to OCaml, and auto-format OCaml
8 years ago
Josh Berdine 3161206534 [quandary] Continue past unbindable return values
8 years ago
Sam Blackshear 1f153d3e3f [absint] kill `AbstractInterpreter.Interprocedural` module
8 years ago
Sam Blackshear 2a3032d0e3 [absint] rename confusing compute_and_store_post function
8 years ago
Sam Blackshear 5a420f7aee [quandary] only report code injection via endpoints on strings
8 years ago
Sam Blackshear 4fe9110ad3 [quandary] SQL sinks
8 years ago
Sam Blackshear 3cd7fa1c62 [quandary] remember name of tainted parameter for endpoint source
8 years ago
Jeremy Dubreil cddd1b4ca2 [infer][ondemand] rename the logging functions to outline the deprecated ones
8 years ago
Sam Blackshear 0714b93b14 [quandary] use sink index info when expanding traces
8 years ago
Sam Blackshear 24d541d403 [quandary] move some utility functions for manipulating footprint vars/access paths into appropriate modules
8 years ago
Sam Blackshear 3135560283 [quandary] move trace expansion logic into Quandary
8 years ago
Sam Blackshear 97bf3324c8 [quandary] add indexes to sinks
8 years ago
Jules Villard 93cc3266e8 [log] log to a single file with different categories and debug levels
8 years ago
Jules Villard b50f9f2695 [police] open IStd everywhere
8 years ago
Sam Blackshear aa50d90a7d [quandary] get rid of report_reachable bool in taint specifications
8 years ago
Sam Blackshear 7d828fff93 [quandary] make it possible to specify code that should be modeled even if we have a summary
8 years ago
Sam Blackshear 38d3946c71 [quandary] support for basic return value sanitizers
8 years ago
Sam Blackshear 6af61d099e [HIL] Print HIL instructions in the debug HTML
8 years ago
Sam Blackshear 54f1122bc0 [quandary] allowing specification of C++ endpoints
8 years ago
Sam Blackshear 45aaa4da93 [quandary] gflag globals as source
8 years ago
Sam Blackshear abc5642c83 [quandary] tests for string functionality
8 years ago
Sam Blackshear d5f4784e61 [quandary] add more exec sinks
8 years ago
Sam Blackshear d446f0f800 [quandary] clipboard as a source
8 years ago
Sam Blackshear 9910391144 [quandary] improved handling of unknown code in C++
8 years ago
Sam Blackshear 4e97d1e991 [quandary] add support for C++ parameter passing modes that differ from Java
8 years ago
Sam Blackshear 30e629c319 [hil] rename Write to Assign
8 years ago
Sam Blackshear 30b3075d11 [quandary] allow specification of parameter sources via JSON
8 years ago
Sam Blackshear 6c8f3fe618 [quandary] allocation as a sink
8 years ago
Sam Blackshear 9157f42b7c [test] diagnose invalid source file issue
8 years ago
Sam Blackshear 6af6ef35ec [quandary] support sources that taint a pointer arg or arg passed by ref rather than the return value
8 years ago
Sam Blackshear 52ed886886 [quandary] log error to summary instead of pdesc
8 years ago
Sam Blackshear a0377fe8c9 [quandary] treat call to unknown operator= as assignment
8 years ago
Sam Blackshear 9dc7e3d66f [quandary] handle return value passed by reference in sources
8 years ago
Sam Blackshear 19da59cf19 [hil] functor for easily creating HIL analyses
8 years ago
Sam Blackshear a02b37a03c [quandary] allow custom sources/sinks in C++
8 years ago
Sam Blackshear 3258bc2ec4 [quandary] delegate handling of call to HIL
8 years ago
Sam Blackshear 80030c8de7 [quandary] delegate handling of assignment to HIL
8 years ago
Sam Blackshear d248780645 [quandary] delegate cast handling to HIL
8 years ago
Sam Blackshear 8f10cae4b3 [quandary] delegate id map management to HIL
8 years ago
Sam Blackshear 3c0cf115b3 [quandary] add option for parsing endpoints from inferconfig
8 years ago
Andrzej Kotulski 029499cd9d [IR] add type qualifiers to Typ.t
8 years ago
Sam Blackshear a4f2d99be9 [quandary] a few more ContentProvider sinks
8 years ago
Sam Blackshear 20aff78b36 [quandary] ContentProvider Uri's as sources/files as sinks
8 years ago
Sam Blackshear 3024d9aed2 [quandary] more IPC sources
8 years ago
Sam Blackshear bcbb032052 [quandary] WebView.postUrl is a sink
8 years ago
Sam Blackshear b0216035f4 [frontend] don't treat Sawja-generated ternary operator vars as SSA tmps
8 years ago
Jules Villard dd2c56da06 be more careful about handling invalid source files
8 years ago
Sam Blackshear 00f948e924 [quandary] don't add callee-local state to the caller
8 years ago
Sam Blackshear 92011790c2 [quandary] optimize handling of unknown code by adding notion of 'taintable types'
8 years ago
Sam Blackshear 8e2863a598 [quandary] more detailed source and sink kinds
8 years ago
Sam Blackshear 52dbd129cd [quandary] don't complain about transferring extras between intents
8 years ago
Sam Blackshear 417ddb1bc0 [quandary] make params of WebViewClient methods sources where appropriate
8 years ago
Sam Blackshear 88430c3e51 [quandary] make index field optional for custom sinks specified in JSON
8 years ago
Sam Blackshear c255823673 [quandary] clean up `Intent` sinks
8 years ago
Jeremy Dubreil f5adab59ec [infer][checkers] Prevent the race conditions between the summaries passed as parameter to the checkers and the summaries from the specs table
8 years ago
Sam Blackshear 31069dd1a7 [quandary] remove assignments to formals from summaries
8 years ago
Sam Blackshear c5d7762f60 [access trees] expose join of nodes and fold over nodes
8 years ago
Andrzej Kotulski 42947ea9d9 [IR] Make template info part of Typename.t, rename Typename to Typ.Name
8 years ago
Sam Blackshear 69fe80346c [quandary][perf] Always use the location of the pdesc in footprint sources
8 years ago
Sam Blackshear 60dac45461 [quandary] don't call read_summary on the current procedure while creating a trace
8 years ago
Jeremy Dubreil 3e6ff023a7 [infer][ondemand] skeleton code to have every checker update their respective payload in the analysis summary
8 years ago
Martino Luca 5448a95ce7 [Infer][Localise] Group all issue types in one place, and provide their human-readable representation
8 years ago
Sam Blackshear bd5eb3c5cf [quandary] don't allow projection of non-footprint idents
8 years ago
Andrzej Kotulski e363958d34 [codemod] Move `Procname` into `Typ.Procname`
8 years ago
Sam Blackshear acd9e3246f [cleanup] adding missing mlis for checkers
8 years ago
Cristiano Calcagno b1b5460529 Deprecate further IList functions
8 years ago
Cristiano Calcagno 41c5be9bad Deprecate more IList functions
8 years ago
Cristiano Calcagno 731dead406 More IList deprecation: fold functions
8 years ago
Sam Blackshear 919b35f50a [quandary] better taint propagation for Intent's
8 years ago
Cristiano Calcagno 60916922c6 Deprecate more IList functions and use Core List instead
8 years ago
Sam Blackshear a3e3fdb781 [quandary] fix bug in summary application
8 years ago
Sam Blackshear ae03acb71b [quandary] reduce max_calls to 3
8 years ago
Sam Blackshear 4627bb6f48 [absint] simplify `AbstractInterpreter.Make` functor by hiding `Scheduler` parameter
8 years ago
Sam Blackshear 6338997cf5 [quandary] don't clobber existing taint on receiver when propagating taint from unknown call
8 years ago
Cristiano Calcagno 5c12d98d37 Deprecate IList module in favour of Core List
8 years ago
Sam Blackshear 38a336694a [quandary] improve taint propagation for unknown calls
8 years ago
Sam Blackshear d84a6b854f [quandary] log instead of failing hard when specified source has no return value
8 years ago
Sam Blackshear cc8ffd9d1e [quandary] allow regexes in defining quandary sources/sinks in inferconfig
8 years ago
Sam Blackshear f372b6cb2f [quandary] allow sinks to be specified in inferconfig
8 years ago
Sam Blackshear 5bddb1e548 [quandary] allow sources to be specified in inferconfig
8 years ago
Cristiano Calcagno f91b3128d3 [BetterEngineering] Replace uses of polymorphic equality
8 years ago
Sam Blackshear c19bee7772 [quandary] for instance methods with no return value, propagate the taint to the receiver
8 years ago