infer_clone

Commit Graph

Author	SHA1	Message	Date
Josh Berdine	cfc1c8be36	[copyright] Remove years Reviewed By: jvillard Differential Revision: D15771884 fbshipit-source-id: e2997e3a3	6 years ago
Ted Reed	28b346a903	quandary: Detect flows to EnvironmentChange that includes putenv only Reviewed By: mbouaziz Differential Revision: D13161904 fbshipit-source-id: dc5d87c6c	6 years ago
Jules Villard	8b882ac1df	Change license to MIT Summary: Change the license of the source code from BSD + PATENTS to MIT. Change `checkCopyright` to reflect the new license and learn some new file types. Generated with: ``` git grep BSD \| xargs -n 1 ./scripts/checkCopyright -i ``` Reviewed By: jeremydubreil, mbouaziz, jberdine Differential Revision: D8071249 fbshipit-source-id: 97ca23a	7 years ago
Sam Blackshear	6b8900746b	[quandary] only treat overrides of service methods as endpoints Reviewed By: jeremydubreil Differential Revision: D7813903 fbshipit-source-id: 7d77f6a	7 years ago
Sam Blackshear	ffba5de70c	[quandary] distinguish between SQL reads and writes Reviewed By: mbouaziz Differential Revision: D7781377 fbshipit-source-id: 9c76e4d	7 years ago
Sam Blackshear	57a8c2f594	[quandary] don't taint dummy Thrift `_return` formals Summary: In C++, Thrift implements return values using these. They shouldn't be tainted. Reviewed By: mbouaziz Differential Revision: D7362176 fbshipit-source-id: af8e515	7 years ago
Sam Blackshear	fb7556816f	[quandary] report gflags to shell exec, but not file or url creation Reviewed By: mbouaziz Differential Revision: D6716776 fbshipit-source-id: 942f716	7 years ago
Sam Blackshear	7f62154318	[quandary] separate sanitizers for different kinds of escaping Summary: Previously we had a single sanitizer kind for escaping, but this isn't quite right. A function that escapes a URL doesn't necessarily make a string safe to execute in SQL, for example. Reviewed By: the-st0rm Differential Revision: D6656376 fbshipit-source-id: 572944e	7 years ago
Sam Blackshear	32675a7b02	[quandary] improve curl_easy_setopt sink Reviewed By: jeremydubreil Differential Revision: D6557133 fbshipit-source-id: 4df7b49	7 years ago
Sam Blackshear	d3f4043bc0	[quandary] curl function for setting URL as sink Reviewed By: the-st0rm Differential Revision: D6485858 fbshipit-source-id: fd38654	7 years ago
Sam Blackshear	6abbe66ee6	[quandary] file creation as sink Reviewed By: jeremydubreil, mbouaziz Differential Revision: D6486526 fbshipit-source-id: cad09f1	7 years ago
Sam Blackshear	19824aa27b	[quandary] don't taint this var of endpoints Reviewed By: mbouaziz Differential Revision: D6509322 fbshipit-source-id: e24357e	7 years ago
Sam Blackshear	164fa457e9	[quandary] treat any non-primitive endpoint formal as a source Reviewed By: mbouaziz Differential Revision: D6385271 fbshipit-source-id: 3360b04	7 years ago
Sam Blackshear	8665386b8a	[quandary] report USER_CONTROLLED_SQL_RISK on flows from endpoint -> SQL Reviewed By: mbouaziz Differential Revision: D6338997 fbshipit-source-id: 19c4380	7 years ago
Sam Blackshear	29fe7d1689	[quandary] thrift services as sources + remote code execution risk issue type Differential Revision: D6177526 fbshipit-source-id: 245095e	7 years ago

15 Commits (83cff5e435446cce2f038692b5ff4cf7f7e25157)