You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

49 lines
2.9 KiB

---
title: "Quandary"
description: "The Quandary taint analysis detects flows of values between sources and sinks, except if the value went through a \"sanitizer\". In addition to some defaults, users can specify their own sources, sinks, and sanitizers functions."
---
The Quandary taint analysis detects flows of values between sources and sinks, except if the value went through a "sanitizer". In addition to some defaults, users can specify their own sources, sinks, and sanitizers functions.
Activate with `--quandary`.
Supported languages:
- C/C++/ObjC: Yes
- Java: Yes
Quandary is a static taint analyzer that identifies a variety of unsafe
information flows. It has a small list of built-in
[sources](https://github.com/facebook/infer/blob/master/infer/src/quandary/JavaTrace.ml#L36)
and
[sinks](https://github.com/facebook/infer/blob/master/infer/src/quandary/JavaTrace.ml#L178),
and you can define custom sources and sinks in your `.inferconfig` file (see
example
[here](https://github.com/facebook/infer/blob/master/infer/tests/codetoanalyze/java/quandary/.inferconfig)).
## List of Issue Types
The following issue types are reported by this checker:
- [CREATE_INTENT_FROM_URI](/docs/1.0.0/all-issue-types#create_intent_from_uri)
- [CROSS_SITE_SCRIPTING](/docs/1.0.0/all-issue-types#cross_site_scripting)
- [EXPOSED_INSECURE_INTENT_HANDLING](/docs/1.0.0/all-issue-types#exposed_insecure_intent_handling)
- [INSECURE_INTENT_HANDLING](/docs/1.0.0/all-issue-types#insecure_intent_handling)
- [JAVASCRIPT_INJECTION](/docs/1.0.0/all-issue-types#javascript_injection)
- [LOGGING_PRIVATE_DATA](/docs/1.0.0/all-issue-types#logging_private_data)
- [QUANDARY_TAINT_ERROR](/docs/1.0.0/all-issue-types#quandary_taint_error)
- [SHELL_INJECTION](/docs/1.0.0/all-issue-types#shell_injection)
- [SHELL_INJECTION_RISK](/docs/1.0.0/all-issue-types#shell_injection_risk)
- [SQL_INJECTION](/docs/1.0.0/all-issue-types#sql_injection)
- [SQL_INJECTION_RISK](/docs/1.0.0/all-issue-types#sql_injection_risk)
- [UNTRUSTED_BUFFER_ACCESS](/docs/1.0.0/all-issue-types#untrusted_buffer_access)
- [UNTRUSTED_DESERIALIZATION](/docs/1.0.0/all-issue-types#untrusted_deserialization)
- [UNTRUSTED_DESERIALIZATION_RISK](/docs/1.0.0/all-issue-types#untrusted_deserialization_risk)
- [UNTRUSTED_ENVIRONMENT_CHANGE_RISK](/docs/1.0.0/all-issue-types#untrusted_environment_change_risk)
- [UNTRUSTED_FILE](/docs/1.0.0/all-issue-types#untrusted_file)
- [UNTRUSTED_FILE_RISK](/docs/1.0.0/all-issue-types#untrusted_file_risk)
- [UNTRUSTED_HEAP_ALLOCATION](/docs/1.0.0/all-issue-types#untrusted_heap_allocation)
- [UNTRUSTED_INTENT_CREATION](/docs/1.0.0/all-issue-types#untrusted_intent_creation)
- [UNTRUSTED_URL_RISK](/docs/1.0.0/all-issue-types#untrusted_url_risk)
- [UNTRUSTED_VARIABLE_LENGTH_ARRAY](/docs/1.0.0/all-issue-types#untrusted_variable_length_array)
- [USER_CONTROLLED_SQL_RISK](/docs/1.0.0/all-issue-types#user_controlled_sql_risk)