365 Commits (59daa1f022395a6e0dcdf311ca07ac07f65e9b30)

Author SHA1 Message Date
Sam Blackshear b15e4846c3 [quandary] only enable expensive buffer/allocation sinks in developer mode
7 years ago
Sam Blackshear 5d578cf196 [quandary] make it possible to report taint errors on footprint sources again
7 years ago
Sam Blackshear f821d8948f [quandary] add memcpy, memset, and similar as sinks
7 years ago
Sam Blackshear 3b56b93ae5 [quandary] apply summary for sinks
7 years ago
Sam Blackshear fc828640ea [quandary] remove concept of a footprint source
7 years ago
Sam Blackshear 94ceebfef8 [quandary] represent footprint as unified set of access path rather than conjunction of special sources
7 years ago
Sam Blackshear 2876f50703 [quandary] popen as sink
7 years ago
Jules Villard 69299ba675 [filtering] improve issue type filtering CLI
7 years ago
Sam Blackshear f738a7186a [quandary] fix assertion failure due to unexpected operator=
7 years ago
Sam Blackshear 7be5df384e [quandary] stack allocation of array as sink
7 years ago
Sam Blackshear ccdf15a1ca [quandary] vector and array access as sink
7 years ago
Sam Blackshear 9c99c38b22 [quandary] handle procedures that have name conflict with sinks, but different number of args
7 years ago
Sam Blackshear 91d518979b [quandary] log internal error when taint sink index doesn't match
7 years ago
Sam Blackshear 6d001ee566 [access paths] optional index expression for arrays
7 years ago
Sam Blackshear b61a68e859 [quandary] HTML creation as a sink
7 years ago
Sam Blackshear f83284ad7c [access paths] make raw access paths the default, move abstraction into AccessPath.Abs module
7 years ago
Sam Blackshear c2acc670ef [cleanup] remove unused param from supertype_find_map_opt
7 years ago
Sam Blackshear ecf9c1b402 [quandary] expose actuals to Source.get
7 years ago
Josh Berdine bab3d81cb0 Convert Reason to OCaml, and auto-format OCaml
8 years ago
Josh Berdine 3161206534 [quandary] Continue past unbindable return values
8 years ago
Sam Blackshear 1f153d3e3f [absint] kill `AbstractInterpreter.Interprocedural` module
8 years ago
Sam Blackshear 2a3032d0e3 [absint] rename confusing compute_and_store_post function
8 years ago
Sam Blackshear 5a420f7aee [quandary] only report code injection via endpoints on strings
8 years ago
Sam Blackshear 4fe9110ad3 [quandary] SQL sinks
8 years ago
Sam Blackshear 3cd7fa1c62 [quandary] remember name of tainted parameter for endpoint source
8 years ago
Jeremy Dubreil cddd1b4ca2 [infer][ondemand] rename the logging functions to outline the deprecated ones
8 years ago
Sam Blackshear 0714b93b14 [quandary] use sink index info when expanding traces
8 years ago
Sam Blackshear 24d541d403 [quandary] move some utility functions for manipulating footprint vars/access paths into appropriate modules
8 years ago
Sam Blackshear 3135560283 [quandary] move trace expansion logic into Quandary
8 years ago
Sam Blackshear 97bf3324c8 [quandary] add indexes to sinks
8 years ago
Jules Villard 93cc3266e8 [log] log to a single file with different categories and debug levels
8 years ago
Jules Villard b50f9f2695 [police] open IStd everywhere
8 years ago
Sam Blackshear aa50d90a7d [quandary] get rid of report_reachable bool in taint specifications
8 years ago
Sam Blackshear 7d828fff93 [quandary] make it possible to specify code that should be modeled even if we have a summary
8 years ago
Sam Blackshear 38d3946c71 [quandary] support for basic return value sanitizers
8 years ago
Sam Blackshear 6af61d099e [HIL] Print HIL instructions in the debug HTML
8 years ago
Sam Blackshear 54f1122bc0 [quandary] allowing specification of C++ endpoints
8 years ago
Sam Blackshear 45aaa4da93 [quandary] gflag globals as source
8 years ago
Sam Blackshear abc5642c83 [quandary] tests for string functionality
8 years ago
Sam Blackshear d5f4784e61 [quandary] add more exec sinks
8 years ago
Sam Blackshear d446f0f800 [quandary] clipboard as a source
8 years ago
Sam Blackshear 9910391144 [quandary] improved handling of unknown code in C++
8 years ago
Sam Blackshear 4e97d1e991 [quandary] add support for C++ parameter passing modes that differ from Java
8 years ago
Sam Blackshear 30e629c319 [hil] rename Write to Assign
8 years ago
Sam Blackshear 30b3075d11 [quandary] allow specification of parameter sources via JSON
8 years ago
Sam Blackshear 6c8f3fe618 [quandary] allocation as a sink
8 years ago
Sam Blackshear 9157f42b7c [test] diagnose invalid source file issue
8 years ago
Sam Blackshear 6af6ef35ec [quandary] support sources that taint a pointer arg or arg passed by ref rather than the return value
8 years ago
Sam Blackshear 52ed886886 [quandary] log error to summary instead of pdesc
8 years ago
Sam Blackshear a0377fe8c9 [quandary] treat call to unknown operator= as assignment
8 years ago
Sam Blackshear 9dc7e3d66f [quandary] handle return value passed by reference in sources
8 years ago
Sam Blackshear 19da59cf19 [hil] functor for easily creating HIL analyses
8 years ago
Sam Blackshear a02b37a03c [quandary] allow custom sources/sinks in C++
8 years ago
Sam Blackshear 3258bc2ec4 [quandary] delegate handling of call to HIL
8 years ago
Sam Blackshear 80030c8de7 [quandary] delegate handling of assignment to HIL
8 years ago
Sam Blackshear d248780645 [quandary] delegate cast handling to HIL
8 years ago
Sam Blackshear 8f10cae4b3 [quandary] delegate id map management to HIL
8 years ago
Sam Blackshear 3c0cf115b3 [quandary] add option for parsing endpoints from inferconfig
8 years ago
Andrzej Kotulski 029499cd9d [IR] add type qualifiers to Typ.t
8 years ago
Sam Blackshear a4f2d99be9 [quandary] a few more ContentProvider sinks
8 years ago
Sam Blackshear 20aff78b36 [quandary] ContentProvider Uri's as sources/files as sinks
8 years ago
Sam Blackshear 3024d9aed2 [quandary] more IPC sources
8 years ago
Sam Blackshear bcbb032052 [quandary] WebView.postUrl is a sink
8 years ago
Sam Blackshear b0216035f4 [frontend] don't treat Sawja-generated ternary operator vars as SSA tmps
8 years ago
Jules Villard dd2c56da06 be more careful about handling invalid source files
8 years ago
Sam Blackshear 00f948e924 [quandary] don't add callee-local state to the caller
8 years ago
Sam Blackshear 92011790c2 [quandary] optimize handling of unknown code by adding notion of 'taintable types'
8 years ago
Sam Blackshear 8e2863a598 [quandary] more detailed source and sink kinds
8 years ago
Sam Blackshear 52dbd129cd [quandary] don't complain about transferring extras between intents
8 years ago
Sam Blackshear 417ddb1bc0 [quandary] make params of WebViewClient methods sources where appropriate
8 years ago
Sam Blackshear 88430c3e51 [quandary] make index field optional for custom sinks specified in JSON
8 years ago
Sam Blackshear c255823673 [quandary] clean up `Intent` sinks
8 years ago
Jeremy Dubreil f5adab59ec [infer][checkers] Prevent the race conditions between the summaries passed as parameter to the checkers and the summaries from the specs table
8 years ago
Sam Blackshear 31069dd1a7 [quandary] remove assignments to formals from summaries
8 years ago
Sam Blackshear c5d7762f60 [access trees] expose join of nodes and fold over nodes
8 years ago
Andrzej Kotulski 42947ea9d9 [IR] Make template info part of Typename.t, rename Typename to Typ.Name
8 years ago
Sam Blackshear 69fe80346c [quandary][perf] Always use the location of the pdesc in footprint sources
8 years ago
Sam Blackshear 60dac45461 [quandary] don't call read_summary on the current procedure while creating a trace
8 years ago
Jeremy Dubreil 3e6ff023a7 [infer][ondemand] skeleton code to have every checker update their respective payload in the analysis summary
8 years ago
Martino Luca 5448a95ce7 [Infer][Localise] Group all issue types in one place, and provide their human-readable representation
8 years ago
Sam Blackshear bd5eb3c5cf [quandary] don't allow projection of non-footprint idents
8 years ago
Andrzej Kotulski e363958d34 [codemod] Move `Procname` into `Typ.Procname`
8 years ago
Sam Blackshear acd9e3246f [cleanup] adding missing mlis for checkers
8 years ago
Cristiano Calcagno b1b5460529 Deprecate further IList functions
8 years ago
Cristiano Calcagno 41c5be9bad Deprecate more IList functions
8 years ago
Cristiano Calcagno 731dead406 More IList deprecation: fold functions
8 years ago
Sam Blackshear 919b35f50a [quandary] better taint propagation for Intent's
8 years ago
Cristiano Calcagno 60916922c6 Deprecate more IList functions and use Core List instead
8 years ago
Sam Blackshear a3e3fdb781 [quandary] fix bug in summary application
8 years ago
Sam Blackshear ae03acb71b [quandary] reduce max_calls to 3
8 years ago
Sam Blackshear 4627bb6f48 [absint] simplify `AbstractInterpreter.Make` functor by hiding `Scheduler` parameter
8 years ago
Sam Blackshear 6338997cf5 [quandary] don't clobber existing taint on receiver when propagating taint from unknown call
8 years ago
Cristiano Calcagno 5c12d98d37 Deprecate IList module in favour of Core List
8 years ago
Sam Blackshear 38a336694a [quandary] improve taint propagation for unknown calls
8 years ago
Sam Blackshear d84a6b854f [quandary] log instead of failing hard when specified source has no return value
8 years ago
Sam Blackshear cc8ffd9d1e [quandary] allow regexes in defining quandary sources/sinks in inferconfig
8 years ago
Sam Blackshear f372b6cb2f [quandary] allow sinks to be specified in inferconfig
8 years ago
Sam Blackshear 5bddb1e548 [quandary] allow sources to be specified in inferconfig
8 years ago
Cristiano Calcagno f91b3128d3 [BetterEngineering] Replace uses of polymorphic equality
8 years ago
Sam Blackshear c19bee7772 [quandary] for instance methods with no return value, propagate the taint to the receiver
8 years ago
Sam Blackshear 2add2954da [checkers] factor out FormalMap into its own module
8 years ago
Sam Blackshear e5ef592f11 [quandary] add a few missing Intent sinks
8 years ago
Sam Blackshear ddccb0cce1 [quandary] don't include taint_opt as part of formal_map
8 years ago
Sam Blackshear ee2d0c9226 [quandary] add Intent's passed to onActivityResult/onNewIntent as sources
8 years ago
Sam Blackshear 685f205dda [quandary] skeleton for ObjC traces
8 years ago
Sam Blackshear 2a4b29fedb [quandary] Warn on reusing result returned from getIntent
8 years ago
Sam Blackshear d86f777132 [quandary] considering methods of subclasses of Activity, SharedPreferences etc. as sources/sinks too
8 years ago
Sam Blackshear 9c48178e4a [quandary] model some formals of Webview methods as tainted
8 years ago
Sam Blackshear 1403e9c898 [quandary][java] Intent.parseIntent/Intent.parseUri should propagate taint, not create it
8 years ago
Sam Blackshear 8d0f6e822c [absint] don't require domains to define their initial state
8 years ago
Jeremy Dubreil d7f112a640 [infer][java] choose the dynamic dispatch handling mode from the command line
8 years ago
Sam Blackshear 374ee12792 [traces] adding Sink.Make functor for easier sink creation
8 years ago
Sam Blackshear 6bf38931ce [traces] adding Source.Make functor for easier source creation
8 years ago
Sam Blackshear 06e0f6fbc9 [quandary] support tainted formals
8 years ago
Sam Blackshear f3bd314c22 [preanalysis] expose separate functions for different preanalyes (liveness, dynamic dispatch, abstraction)
8 years ago
Sam Blackshear 2a567d3abe [quandary] summaries are access trees too
8 years ago
Sam Blackshear 5bd4daa900 [absint] make Interprocedural functor easier to customize
8 years ago
Sam Blackshear 901786e0c5 [quandary] detect intents configured with external values
8 years ago
Josh Berdine 7834c95bc8 Silence deprecation warnings
8 years ago
Josh Berdine 2e66dcfac4 Open Core.Std by default, still use Caml Hashtbl, Map, Set
8 years ago
Josh Berdine e438314776 Divide Utils into Utils, Pp, and IStd
8 years ago
Josh Berdine de2e6c9d88 Core.Std.Option
8 years ago
Sam Blackshear 831786240a [quandary] ignore null assignments to return value in void functions
8 years ago
Sam Blackshear 45ad904c1f [quandary] use actuals in JavaTrace.taint_all
8 years ago
Andrzej Kotulski 56f8757337 [SourceFile] Move DB.SourceFile into separate file
8 years ago
Andrzej Kotulski 69b39dacb0 [DB] Create module for SourceFile
8 years ago
Sam Blackshear cb82dacd54 [traces] moving logic for reporting flow-sensitive traces from quandary to trace domain
8 years ago
Sam Blackshear 0972c8d262 [quandary] don't report FP's due to flow-insensitive traces
8 years ago
Sam Blackshear 226791b631 [ondemand] simplify API by removing need to pass type environment
8 years ago
Josh Berdine da8cbe55fd ppx_compare JavaTrace
8 years ago
Josh Berdine 0eb864d800 ppx_compare CppTrace
8 years ago
Sam Blackshear ad5ff00dcd [quandary] making it easier to specify behavior for unknown functions
8 years ago
Sam Blackshear 935018ae9e [quandary] cheaper handling of unknown code
8 years ago
Sam Blackshear 8301250213 [backend] utility function for checking if a procdesc has an empty body
8 years ago
Sam Blackshear adacee51e2 [quandary] switch to --issues-tests printing
8 years ago
Sam Blackshear b320714edd [quandary] optimizing Quandary compare functions
8 years ago
Sam Blackshear 8d48c108ca [quandary] add Errlog traces
8 years ago
Jules Villard 7705ffbc31 [checkers] rename to_callee -> with_callsite
8 years ago
Cristiano Calcagno c5159bae1c [IR] Move Procdesc module to a separate file.
8 years ago
Sam Blackshear e8b61f6dbb [quandary] fix false positives from procedures that are both sources and sinks
8 years ago
Sam Blackshear 4b4e4e6f4d [quandary] understand that parameters are passed by value in Java
8 years ago
Sam Blackshear ba7cef4657 [backend] differentiate unknown methods and methods with empty summaries
8 years ago
Sam Blackshear a8129be763 [traces] expose source-sink paths so users of traces can custom-print them
8 years ago
Sam Blackshear 0b9727214d [quandary] support `StringBuilder`'s and other methods for propagating `String` taint
8 years ago
Sam Blackshear ae5f8eff0d [traces] Move all trace-related files to checkers
8 years ago
Sam Blackshear fde7a6ecf3 [quandary] support for full interprocedural traces
8 years ago
Josh Berdine 32a60e05f4 Unbreak master
8 years ago
Sam Blackshear 31093801d4 [traces] Move all trace-related files to checkers
8 years ago
Sam Blackshear 768a60caca [quandary] support for full interprocedural traces
8 years ago
Sam Blackshear 9968245a43 [quandary] move source and sink kinds into their own modules
8 years ago
Sam Blackshear 874e7f000d [quandary] functions that transitively return sources are sources, not passthroughs
8 years ago
Sam Blackshear d76a7ef43a [quandary] functions that transitively call sinks are sinks, not passthroughs
8 years ago
Josh Berdine 4422893bbd [RFC] Remove CSV and JSON munging python code
8 years ago
Sam Blackshear 678d0ff4e9 [quandary] don't double-report when applying summaries
8 years ago
Sam Blackshear 21f9bd1ed6 [quandary] fix crash from returning exceptions that read from the environment
8 years ago
Andrzej Kotulski 46592ffdd9 [backend] Split construction of builtin pnames and builtin registration
8 years ago
Sam Blackshear 8f68f61ec9 [quandary] remove stripped logging sinks
8 years ago
Sam Blackshear 3ba67bac1a [quandary] more privacy sources
8 years ago
Sam Blackshear 2c0bf042b4 [checkers] extract access paths from non-lhs expressions
8 years ago
Sam Blackshear 53de1b7f53 [quandary] use unsound dynamic dispatch handling on super-polymorphic call sites
8 years ago
Sam Blackshear 319463b3bc [quandary] propagating taint from unknown procedures and constructors
8 years ago
Sam Blackshear 355ab92130 [backend] move expression pretty-printing into exp module
8 years ago
Sam Blackshear ef8e76bdec [quandary] don't apply summary when the callee is a source or sink
8 years ago
Sam Blackshear 6fc1a7e20f [quandary] reporting on array passed to sink when contents of array are tainted
8 years ago
Sam Blackshear 08509fb2ab [quandary] don't double-report flows
8 years ago
Sam Blackshear 512de69e13 [quandary] handle dynamic dispatch
8 years ago
Sam Blackshear 0a3993edee [utils] add tags_compare utility to make writing default comparison functions easy
8 years ago
Sam Blackshear 072fe0994f [quandary] reporting on getenv -> exec flows
8 years ago
Sam Blackshear 6aee686cb2 [quandary] passing actuals to the sink-determining code
8 years ago
Sam Blackshear 856f84aaff [quandary] skeleton for C++ analysis
8 years ago
Sam Blackshear 1a958d1d8b [quandary] simplifying Source module interface now that calls have single retval
8 years ago
Sam Blackshear 35bb540bf4 [quandary] adding TaintSpec module for clearer naming
8 years ago
Sam Blackshear 715e521ead [quandary] making summaries smaller
8 years ago
Sam Blackshear 95a82a6a04 [backend] don't run preanalysis twice
8 years ago
Josh Berdine 314506ec1a [quandary] ok to have no post if start node has no succs
8 years ago
Sam Blackshear 4a35862aa8 [quandary] dont add passthroughs from callee to caller
8 years ago
Sam Blackshear 8ed645315c [quandary] fix missing check for builtin in Quandary models
8 years ago
Sam Blackshear 5e2e7b88aa [quandary] allow trace-specific rules for handling unknown code
8 years ago
Josh Berdine c094a38d56 [IR] Simplify to single return id, with type
8 years ago
Jeremy Dubreil 168c613ac9 [infer][java] Separate the builtins from the other models for a better modularity
8 years ago
Sam Blackshear 3051d90307 [quandary] kill unused Source.to_return proc
8 years ago
Sam Blackshear af9f34bb60 [quandary] checking for flows from Intents parsed via Uris -> startActivity (and similar)
8 years ago
Sam Blackshear fbfece20af [quandary] using exceptional procCFG to explore exceptional control-flow
8 years ago
Sam Blackshear 4b9899d6b2 [quandary] handling globals in function summaries
8 years ago
Sam Blackshear b1039f51f8 [quandary] add summaries for footprint traces associated with locals
8 years ago
Cristiano Calcagno 4cee6907ec [backend] Remove the global reference DB.current_source and clean up the flow of information about the current source file.
8 years ago
Sam Blackshear ae759ee21f [quandary] fixing crashes when running on recursive code
8 years ago
Sam Blackshear de146f4f2d [quandary] switch to using base -> formal num map in extras
8 years ago
Sam Blackshear 31e6849ec0 [quandary] using summaries part 2: the relational cases
8 years ago
Sam Blackshear e4beca3779 [quandary] using summaries part 1: return
8 years ago
Sam Blackshear cf8c957483 [quandary] use preanalysis for abstract GC
8 years ago
Sam Blackshear 9f1c4e4bca [quandary] adding append operation
8 years ago
Sam Blackshear 2f34e998c2 [quandary] consider builtins to be neither sources nor sinks
8 years ago
Josh Berdine 8589dc4868 Remove Tstruct in favor of Tvar
8 years ago
Sam Blackshear 41c121bebf [quandary] adding quandary summaries to specs
8 years ago
Sam Blackshear d6d7293633 [quandary] moving logging of errors into analysis
8 years ago
Sam Blackshear 31435fa936 [quandary] summaries for interprocedural analysis
8 years ago
Sam Blackshear 55a46d1211 [quandary] format for summaries
8 years ago
Sam Blackshear 27cfb141da richer sink specifications
8 years ago
Sam Blackshear 3368548e3e replace stackop instruction with skip instruction
8 years ago