You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

2.7 KiB

title description
Quandary The Quandary taint analysis detects flows of values between sources and sinks, except if the value went through a "sanitizer". In addition to some defaults, users can specify their own sources, sinks, and sanitizers functions.

The Quandary taint analysis detects flows of values between sources and sinks, except if the value went through a "sanitizer". In addition to some defaults, users can specify their own sources, sinks, and sanitizers functions.

Activate with --quandary.

Supported languages:

  • C/C++/ObjC: Yes
  • Java: Yes

Quandary is a static taint analyzer that identifies a variety of unsafe information flows. It has a small list of built-in sources and sinks, and you can define custom sources and sinks in your .inferconfig file (see example here).

List of Issue Types

The following issue types are reported by this checker: