infer_clone

Commit Graph

Author	SHA1	Message	Date
Sam Blackshear	fb7556816f	[quandary] report gflags to shell exec, but not file or url creation Reviewed By: mbouaziz Differential Revision: D6716776 fbshipit-source-id: 942f716	7 years ago
Sam Blackshear	7f62154318	[quandary] separate sanitizers for different kinds of escaping Summary: Previously we had a single sanitizer kind for escaping, but this isn't quite right. A function that escapes a URL doesn't necessarily make a string safe to execute in SQL, for example. Reviewed By: the-st0rm Differential Revision: D6656376 fbshipit-source-id: 572944e	7 years ago
Sam Blackshear	32675a7b02	[quandary] improve curl_easy_setopt sink Reviewed By: jeremydubreil Differential Revision: D6557133 fbshipit-source-id: 4df7b49	7 years ago
Sam Blackshear	d3f4043bc0	[quandary] curl function for setting URL as sink Reviewed By: the-st0rm Differential Revision: D6485858 fbshipit-source-id: fd38654	7 years ago
Sam Blackshear	6abbe66ee6	[quandary] file creation as sink Reviewed By: jeremydubreil, mbouaziz Differential Revision: D6486526 fbshipit-source-id: cad09f1	7 years ago
Sam Blackshear	19824aa27b	[quandary] don't taint this var of endpoints Reviewed By: mbouaziz Differential Revision: D6509322 fbshipit-source-id: e24357e	7 years ago
Sam Blackshear	164fa457e9	[quandary] treat any non-primitive endpoint formal as a source Reviewed By: mbouaziz Differential Revision: D6385271 fbshipit-source-id: 3360b04	7 years ago
Sam Blackshear	8665386b8a	[quandary] report USER_CONTROLLED_SQL_RISK on flows from endpoint -> SQL Reviewed By: mbouaziz Differential Revision: D6338997 fbshipit-source-id: 19c4380	7 years ago
Sam Blackshear	29fe7d1689	[quandary] thrift services as sources + remote code execution risk issue type Differential Revision: D6177526 fbshipit-source-id: 245095e	7 years ago

9 Commits (7cc0946a5a9d2d00fc86b768e766944c28835fac)