64 Commits (b073b55b1a92313437d08f58716cadfa894bd060)

Author SHA1 Message Date
David Lively 5d4a27ea54 RFC: stop using _ to separate ObjC/C++ class name from method in Typ.Procname.to_string
6 years ago
Ted Reed 28b346a903 quandary: Detect flows to EnvironmentChange that includes putenv only
6 years ago
Mehdi Bouaziz 10804588b2 New function pointer preanalysis without recursion
6 years ago
Julian Sutherland 34b0a6165c Added new issues to differentiate tainted buffer accesses and heap allocations
6 years ago
Julian Sutherland b7c90c3fe0 Fixed incorrect reporting of tainted index in function call by quandary
6 years ago
Jules Villard 30c470eb48 [tests] record error bucket in expected output
7 years ago
Sam Blackshear 85b8087f66 [quandary] de-prioritize command line flag sources
7 years ago
Sam Blackshear d718275402 [quandary] fix test expected output
7 years ago
Sam Blackshear 6b8900746b [quandary] only treat overrides of service methods as endpoints
7 years ago
Sam Blackshear ffba5de70c [quandary] distinguish between SQL reads and writes
7 years ago
Sam Blackshear 33fe8879a5 [quandary] report flows originating from `UserControlledEndpoint` as `_RISK`
7 years ago
Sam Blackshear 6d46b0c7be [cleanup] stop printing `&`'s on `Var.t`'s
7 years ago
Jeremy Dubreil d74f189dfe [infer] add the report kind to the list of expected output
7 years ago
Sam Blackshear f5e7a6e6d7 [quandary] print index(es) of tainted parameters at each call
7 years ago
Sam Blackshear 7f62154318 [quandary] separate sanitizers for different kinds of escaping
7 years ago
Sam Blackshear 82a3b2649e [quandary] only warn on shell/sql injection from stringy gflag sources
7 years ago
Sam Blackshear 32675a7b02 [quandary] improve curl_easy_setopt sink
7 years ago
Sam Blackshear d3f4043bc0 [quandary] curl function for setting URL as sink
7 years ago
Sam Blackshear 6abbe66ee6 [quandary] file creation as sink
7 years ago
Sam Blackshear 164fa457e9 [quandary] treat any non-primitive endpoint formal as a source
7 years ago
Sam Blackshear 8665386b8a [quandary] report USER_CONTROLLED_SQL_RISK on flows from endpoint -> SQL
7 years ago
Sam Blackshear 97f3af15f3 [quandary] support multiple sanitizer kinds in C++
7 years ago
Sam Blackshear faef207d62 [quandary] propagate taint across unary/binary operators
7 years ago
Sam Blackshear 29fe7d1689 [quandary] thrift services as sources + remote code execution risk issue type
7 years ago
Sam Blackshear 5e910929be [quandary] handle taint propagation in copying of structs/via derefs of pointers to structs
7 years ago
Sam Blackshear 67c45bed78 [quandary] fix invariant 1: "sink(s) with only non-footprint source" violations
7 years ago
Sam Blackshear 5f6d3a0d7f [quandary] new issue type for untrusted variable length array creation
7 years ago
Sam Blackshear 6ea6c74a5c [quandary] add new issue types for sql injection and shell injection
7 years ago
Jules Villard c6812df1eb fix infinitely-expanding types in the backend
7 years ago
Sam Blackshear 14aef012f6 [quandary] allow specifying globals as sources
7 years ago
Sam Blackshear 5d578cf196 [quandary] make it possible to report taint errors on footprint sources again
7 years ago
Sam Blackshear f821d8948f [quandary] add memcpy, memset, and similar as sinks
7 years ago
Sam Blackshear 94ceebfef8 [quandary] represent footprint as unified set of access path rather than conjunction of special sources
7 years ago
Sam Blackshear 2876f50703 [quandary] popen as sink
7 years ago
Sam Blackshear 7be5df384e [quandary] stack allocation of array as sink
7 years ago
Sam Blackshear ccdf15a1ca [quandary] vector and array access as sink
7 years ago
Jia Chen 3bacba762a Whitelist the constructors+conversion operators+destructors for classes listed on whitelisted_cpp_classes
7 years ago
Sam Blackshear 5a420f7aee [quandary] only report code injection via endpoints on strings
8 years ago
Sam Blackshear 4fe9110ad3 [quandary] SQL sinks
8 years ago
Sam Blackshear 3135560283 [quandary] move trace expansion logic into Quandary
8 years ago
Sam Blackshear 38d3946c71 [quandary] support for basic return value sanitizers
8 years ago
Sam Blackshear 54f1122bc0 [quandary] allowing specification of C++ endpoints
8 years ago
Sam Blackshear 45aaa4da93 [quandary] gflag globals as source
8 years ago
Sam Blackshear abc5642c83 [quandary] tests for string functionality
8 years ago
Sam Blackshear d5f4784e61 [quandary] add more exec sinks
8 years ago
Sam Blackshear 9910391144 [quandary] improved handling of unknown code in C++
8 years ago
Sam Blackshear 4e97d1e991 [quandary] add support for C++ parameter passing modes that differ from Java
8 years ago
Sam Blackshear 30b3075d11 [quandary] allow specification of parameter sources via JSON
8 years ago
Sam Blackshear 6c8f3fe618 [quandary] allocation as a sink
8 years ago
Sam Blackshear 6af6ef35ec [quandary] support sources that taint a pointer arg or arg passed by ref rather than the return value
8 years ago