15 Commits (9d38d413cee948f8491f30ad2207faaff9de0cd5)

Author SHA1 Message Date
Josh Berdine cfc1c8be36 [copyright] Remove years
6 years ago
Jules Villard 8b882ac1df Change license to MIT
7 years ago
Sam Blackshear 82a3b2649e [quandary] only warn on shell/sql injection from stringy gflag sources
7 years ago
Sam Blackshear 14aef012f6 [quandary] allow specifying globals as sources
7 years ago
Sam Blackshear 5d578cf196 [quandary] make it possible to report taint errors on footprint sources again
7 years ago
Sam Blackshear 94ceebfef8 [quandary] represent footprint as unified set of access path rather than conjunction of special sources
7 years ago
Sam Blackshear 2876f50703 [quandary] popen as sink
7 years ago
Sam Blackshear 5a420f7aee [quandary] only report code injection via endpoints on strings
8 years ago
Sam Blackshear 4fe9110ad3 [quandary] SQL sinks
8 years ago
Sam Blackshear 45aaa4da93 [quandary] gflag globals as source
8 years ago
Sam Blackshear d5f4784e61 [quandary] add more exec sinks
8 years ago
Sam Blackshear 6af6ef35ec [quandary] support sources that taint a pointer arg or arg passed by ref rather than the return value
8 years ago
Sam Blackshear d7ae77c7c2 [quandary] make intent/logging private data tests intraprocedural
8 years ago
Sam Blackshear 6fc1a7e20f [quandary] reporting on array passed to sink when contents of array are tainted
8 years ago
Sam Blackshear 072fe0994f [quandary] reporting on getenv -> exec flows
8 years ago