You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
250 lines
79 KiB
250 lines
79 KiB
codetoanalyze/java/quandary/Arrays.java, codetoanalyze.java.quandary.Arrays.FP_viaArrayOk1(java.lang.Object,java.lang.Object[]):void, 3, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/Arrays.java, codetoanalyze.java.quandary.Arrays.FP_viaArrayOk2(java.lang.Object,java.lang.Object[]):void, 4, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/Arrays.java, codetoanalyze.java.quandary.Arrays.viaArrayBad():void, 3, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/Arrays.java, codetoanalyze.java.quandary.Arrays.viaArrayThenFieldBad():void, 3, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/Arrays.java, codetoanalyze.java.quandary.Arrays.viaFieldThenArrayBad1(codetoanalyze.java.quandary.Arrays$Obj):void, 2, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/Arrays.java, codetoanalyze.java.quandary.Arrays.viaFieldThenArrayBad2():void, 4, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/Basics.java, codetoanalyze.java.quandary.Basics.FP_deadCodeOk():void, 4, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/Basics.java, codetoanalyze.java.quandary.Basics.FP_loopInvariantOk():void, 5, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/Basics.java, codetoanalyze.java.quandary.Basics.arrayWithTaintedContentsBad():void, 3, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/Basics.java, codetoanalyze.java.quandary.Basics.directBad():void, 1, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/Basics.java, codetoanalyze.java.quandary.Basics.funCallBad1():void, 2, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void Basics.funCallBad2(int,Object) with tainted index 2,Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/Basics.java, codetoanalyze.java.quandary.Basics.ifBad1(boolean):void, 5, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/Basics.java, codetoanalyze.java.quandary.Basics.ifBad2(boolean):void, 5, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/Basics.java, codetoanalyze.java.quandary.Basics.ifBad3(boolean):void, 7, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/Basics.java, codetoanalyze.java.quandary.Basics.ifBad4(boolean,boolean):void, 9, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/Basics.java, codetoanalyze.java.quandary.Basics.ifBad5(boolean):void, 3, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/Basics.java, codetoanalyze.java.quandary.Basics.noTripleReportBad():void, 2, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/Basics.java, codetoanalyze.java.quandary.Basics.noTripleReportBad():void, 3, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/Basics.java, codetoanalyze.java.quandary.Basics.switchBad1(int):void, 4, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/Basics.java, codetoanalyze.java.quandary.Basics.switchBad2(int):void, 6, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/Basics.java, codetoanalyze.java.quandary.Basics.switchBad3(int):void, 7, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/Basics.java, codetoanalyze.java.quandary.Basics.viaCastBad1():void, 1, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/Basics.java, codetoanalyze.java.quandary.Basics.viaCastBad2():void, 2, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/Basics.java, codetoanalyze.java.quandary.Basics.viaVarBad1():void, 2, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/Basics.java, codetoanalyze.java.quandary.Basics.viaVarBad2():void, 3, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/Basics.java, codetoanalyze.java.quandary.Basics.viaVarBad3():void, 4, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/Basics.java, codetoanalyze.java.quandary.Basics.whileBad1(int):void, 3, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/Basics.java, codetoanalyze.java.quandary.Basics.whileBad2(int):void, 6, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/ContentProviders.java, codetoanalyze.java.quandary.ContentProviders.bulkInsert(android.net.Uri,android.content.ContentValues[]):int, 1, UNTRUSTED_FILE, no_bucket, ERROR, [Return from int ContentProviders.bulkInsert(Uri,android.content.ContentValues[]),Call to File.<init>(String) with tainted index 1]
|
|
codetoanalyze/java/quandary/ContentProviders.java, codetoanalyze.java.quandary.ContentProviders.call(java.lang.String,java.lang.String,android.os.Bundle):android.os.Bundle, 1, UNTRUSTED_FILE, no_bucket, ERROR, [Return from Bundle ContentProviders.call(String,String,Bundle),Call to File.<init>(String) with tainted index 1]
|
|
codetoanalyze/java/quandary/ContentProviders.java, codetoanalyze.java.quandary.ContentProviders.delete(android.net.Uri,java.lang.String,java.lang.String[]):int, 1, UNTRUSTED_FILE, no_bucket, ERROR, [Return from int ContentProviders.delete(Uri,String,java.lang.String[]),Call to File.<init>(String) with tainted index 1]
|
|
codetoanalyze/java/quandary/ContentProviders.java, codetoanalyze.java.quandary.ContentProviders.getType(android.net.Uri):java.lang.String, 1, UNTRUSTED_FILE, no_bucket, ERROR, [Return from String ContentProviders.getType(Uri),Call to File.<init>(String) with tainted index 1]
|
|
codetoanalyze/java/quandary/ContentProviders.java, codetoanalyze.java.quandary.ContentProviders.insert(android.net.Uri,android.content.ContentValues):android.net.Uri, 1, UNTRUSTED_FILE, no_bucket, ERROR, [Return from Uri ContentProviders.insert(Uri,ContentValues),Call to File.<init>(String) with tainted index 1]
|
|
codetoanalyze/java/quandary/ContentProviders.java, codetoanalyze.java.quandary.ContentProviders.openAssetFile(android.net.Uri,java.lang.String,android.os.CancellationSignal):android.content.res.AssetFileDescriptor, 1, UNTRUSTED_FILE, no_bucket, ERROR, [Return from AssetFileDescriptor ContentProviders.openAssetFile(Uri,String,CancellationSignal),Call to File.<init>(String) with tainted index 1]
|
|
codetoanalyze/java/quandary/ContentProviders.java, codetoanalyze.java.quandary.ContentProviders.openFile(android.net.Uri,java.lang.String,android.os.CancellationSignal):android.os.ParcelFileDescriptor, 1, UNTRUSTED_FILE, no_bucket, ERROR, [Return from ParcelFileDescriptor ContentProviders.openFile(Uri,String,CancellationSignal),Call to File.<init>(String) with tainted index 1]
|
|
codetoanalyze/java/quandary/ContentProviders.java, codetoanalyze.java.quandary.ContentProviders.openTypedAssetFile(android.net.Uri,java.lang.String,android.os.Bundle,android.os.CancellationSignal):android.content.res.AssetFileDescriptor, 2, UNTRUSTED_FILE, no_bucket, ERROR, [Return from AssetFileDescriptor ContentProviders.openTypedAssetFile(Uri,String,Bundle,CancellationSignal),Call to File.<init>(String) with tainted index 1]
|
|
codetoanalyze/java/quandary/ContentProviders.java, codetoanalyze.java.quandary.ContentProviders.query(android.net.Uri,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String):android.database.Cursor, 2, UNTRUSTED_FILE, no_bucket, ERROR, [Return from Cursor ContentProviders.query(Uri,java.lang.String[],String,java.lang.String[],String),Call to File.<init>(String) with tainted index 1]
|
|
codetoanalyze/java/quandary/ContentProviders.java, codetoanalyze.java.quandary.ContentProviders.update(android.net.Uri,android.content.ContentValues,java.lang.String,java.lang.String[]):int, 1, UNTRUSTED_FILE, no_bucket, ERROR, [Return from int ContentProviders.update(Uri,ContentValues,String,java.lang.String[]),Call to File.<init>(String) with tainted index 1]
|
|
codetoanalyze/java/quandary/DynamicDispatch.java, codetoanalyze.java.quandary.DynamicDispatch.propagateViaInterfaceBad(codetoanalyze.java.quandary.DynamicDispatch$Interface):void, 3, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/Exceptions.java, codetoanalyze.java.quandary.Exceptions.callSinkThenThrowBad():void, 1, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void Exceptions.callSinkThenThrow(Object) with tainted index 0,Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/Exceptions.java, codetoanalyze.java.quandary.Exceptions.sinkAfterCatchBad():void, 7, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/Exceptions.java, codetoanalyze.java.quandary.Exceptions.sinkInCatchBad1():void, 5, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/Exceptions.java, codetoanalyze.java.quandary.Exceptions.sinkInCatchBad2():void, 6, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/Exceptions.java, codetoanalyze.java.quandary.Exceptions.sinkInFinallyBad1():void, 5, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/Exceptions.java, codetoanalyze.java.quandary.Exceptions.sinkInFinallyBad2():void, 6, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/Exceptions.java, codetoanalyze.java.quandary.Exceptions.sinkInFinallyBad3():void, 7, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/ExternalSpecs.java, codetoanalyze.java.quandary.ConstructorSink.constructorSinkBad():codetoanalyze.java.quandary.ConstructorSink, 2, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to ConstructorSink.<init>(Object) with tainted index 1]
|
|
codetoanalyze/java/quandary/ExternalSpecs.java, codetoanalyze.java.quandary.ExternalSpecs.callExternalSink2Bad1():void, 1, LOGGING_PRIVATE_DATA, no_bucket, ERROR, [Return from Object ExternalSpecs.privateDataSource(),Call to void ExternalSpecs.loggingSink2(Object,Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/ExternalSpecs.java, codetoanalyze.java.quandary.ExternalSpecs.callExternalSink2Bad2():void, 1, LOGGING_PRIVATE_DATA, no_bucket, ERROR, [Return from Object ExternalSpecs.privateDataSource(),Call to void ExternalSpecs.loggingSink2(Object,Object) with tainted index 1]
|
|
codetoanalyze/java/quandary/ExternalSpecs.java, codetoanalyze.java.quandary.ExternalSpecs.callExternalSinkBad():void, 1, LOGGING_PRIVATE_DATA, no_bucket, ERROR, [Return from Object ExternalSpecs.privateDataSource(),Call to void ExternalSpecs.loggingSink1(Object,Object) with tainted index 1]
|
|
codetoanalyze/java/quandary/ExternalSpecs.java, codetoanalyze.java.quandary.ExternalSpecs.callSinkThatPropagatesBad():void, 2, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to Object ExternalSpecs.sinkThatPropagates(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/ExternalSpecs.java, codetoanalyze.java.quandary.ExternalSpecs.callSinkThatPropagatesBad():void, 3, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void ExternalSpecs.loggingSink1(Object,Object) with tainted index 1]
|
|
codetoanalyze/java/quandary/ExternalSpecs.java, codetoanalyze.java.quandary.ExternalSpecs.logExternalSourceBad():void, 1, LOGGING_PRIVATE_DATA, no_bucket, ERROR, [Return from Object ExternalSpecs.privateDataSource(),Call to int Log.e(String,String) with tainted index 1]
|
|
codetoanalyze/java/quandary/ExternalSpecs.java, codetoanalyze.java.quandary.ExternalSpecs.missedSanitizerBad():java.lang.Object, 3, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/ExternalSpecs.java, codetoanalyze.java.quandary.InterfaceSpecImpl.externalSpecBad():void, 1, LOGGING_PRIVATE_DATA, no_bucket, ERROR, [Return from Object InterfaceSpecImpl.source(),Call to void InterfaceSpecImpl.sink(Object) with tainted index 1]
|
|
codetoanalyze/java/quandary/Fields.java, codetoanalyze.java.quandary.Fields.instanceFieldBad():void, 2, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/Fields.java, codetoanalyze.java.quandary.Fields.staticFieldBad():void, 2, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/Fields.java, codetoanalyze.java.quandary.Fields.viaFieldBad1(codetoanalyze.java.quandary.Fields$Obj):void, 2, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/Fields.java, codetoanalyze.java.quandary.Fields.viaFieldBad2():void, 3, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/Fields.java, codetoanalyze.java.quandary.Fields.viaFieldBad3():void, 4, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/Fields.java, codetoanalyze.java.quandary.Fields.viaNestedFieldBad1(codetoanalyze.java.quandary.Fields$Obj):void, 2, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/Fields.java, codetoanalyze.java.quandary.Fields.viaNestedFieldBad2():void, 4, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/Files.java, codetoanalyze.java.quandary.Files.fileConstructorSinkBad():java.io.File, 2, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to File.<init>(String) with tainted index 1]
|
|
codetoanalyze/java/quandary/Files.java, codetoanalyze.java.quandary.Files.fileSystemConstructorSinkBad1():java.nio.file.Path, 2, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to Path FileSystem.getPath(String,java.lang.String[]) with tainted index 1]
|
|
codetoanalyze/java/quandary/Files.java, codetoanalyze.java.quandary.Files.fileSystemConstructorSinkBad2():java.nio.file.Path, 2, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to Path FileSystem.getPath(String,java.lang.String[]) with tainted index 2]
|
|
codetoanalyze/java/quandary/Files.java, codetoanalyze.java.quandary.Files.pathsSinkBad1():java.nio.file.Path, 2, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to Path Paths.get(String,java.lang.String[]) with tainted index 0]
|
|
codetoanalyze/java/quandary/Files.java, codetoanalyze.java.quandary.Files.pathsSinkBad2():java.nio.file.Path, 2, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to Path Paths.get(String,java.lang.String[]) with tainted index 1]
|
|
codetoanalyze/java/quandary/FlowSensitivity.java, codetoanalyze.java.quandary.FlowSensitivity.callSourceAndSinkBad1(codetoanalyze.java.quandary.FlowSensitivity$Obj):void, 2, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource() with tainted data @val$0.codetoanalyze.java.quandary.FlowSensitivity$Obj.f*,Return from void FlowSensitivity.sourceAndSink(FlowSensitivity$Obj),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/FlowSensitivity.java, codetoanalyze.java.quandary.FlowSensitivity.callSourceAndSinkBad2(codetoanalyze.java.quandary.FlowSensitivity$Obj):void, 2, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void FlowSensitivity.sourceAndSink(FlowSensitivity$Obj) with tainted index 0,Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/FlowSensitivity.java, codetoanalyze.java.quandary.FlowSensitivity.interproceduralFlowSensitivityBad(codetoanalyze.java.quandary.FlowSensitivity$Obj):void, 2, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource() with tainted data @val$0.codetoanalyze.java.quandary.FlowSensitivity$Obj.f*,Return from void FlowSensitivity.returnSource(FlowSensitivity$Obj),Call to void FlowSensitivity.callSink(FlowSensitivity$Obj) with tainted index 0,Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/Intents.java, codetoanalyze.java.quandary.Intents.callAllActivitySinksBad(android.app.Activity,java.lang.String):void, 4, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to boolean ContextWrapper.bindService(Intent,ServiceConnection,int) with tainted index 1]
|
|
codetoanalyze/java/quandary/Intents.java, codetoanalyze.java.quandary.Intents.callAllActivitySinksBad(android.app.Activity,java.lang.String):void, 5, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void ContextWrapper.sendBroadcast(Intent) with tainted index 1]
|
|
codetoanalyze/java/quandary/Intents.java, codetoanalyze.java.quandary.Intents.callAllActivitySinksBad(android.app.Activity,java.lang.String):void, 6, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void ContextWrapper.sendBroadcastAsUser(Intent,UserHandle) with tainted index 1]
|
|
codetoanalyze/java/quandary/Intents.java, codetoanalyze.java.quandary.Intents.callAllActivitySinksBad(android.app.Activity,java.lang.String):void, 7, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void ContextWrapper.sendOrderedBroadcast(Intent,String) with tainted index 1]
|
|
codetoanalyze/java/quandary/Intents.java, codetoanalyze.java.quandary.Intents.callAllActivitySinksBad(android.app.Activity,java.lang.String):void, 8, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void ContextWrapper.sendOrderedBroadcastAsUser(Intent,UserHandle,String,BroadcastReceiver,Handler,int,String,Bundle) with tainted index 1]
|
|
codetoanalyze/java/quandary/Intents.java, codetoanalyze.java.quandary.Intents.callAllActivitySinksBad(android.app.Activity,java.lang.String):void, 9, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void ContextWrapper.sendStickyBroadcast(Intent) with tainted index 1]
|
|
codetoanalyze/java/quandary/Intents.java, codetoanalyze.java.quandary.Intents.callAllActivitySinksBad(android.app.Activity,java.lang.String):void, 10, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void ContextWrapper.sendStickyBroadcastAsUser(Intent,UserHandle) with tainted index 1]
|
|
codetoanalyze/java/quandary/Intents.java, codetoanalyze.java.quandary.Intents.callAllActivitySinksBad(android.app.Activity,java.lang.String):void, 11, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void ContextWrapper.sendStickyOrderedBroadcast(Intent,BroadcastReceiver,Handler,int,String,Bundle) with tainted index 1]
|
|
codetoanalyze/java/quandary/Intents.java, codetoanalyze.java.quandary.Intents.callAllActivitySinksBad(android.app.Activity,java.lang.String):void, 12, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void ContextWrapper.sendStickyOrderedBroadcastAsUser(Intent,UserHandle,BroadcastReceiver,Handler,int,String,Bundle) with tainted index 1]
|
|
codetoanalyze/java/quandary/Intents.java, codetoanalyze.java.quandary.Intents.callAllActivitySinksBad(android.app.Activity,java.lang.String):void, 13, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void Activity.startActivities(android.content.Intent[]) with tainted index 1]
|
|
codetoanalyze/java/quandary/Intents.java, codetoanalyze.java.quandary.Intents.callAllActivitySinksBad(android.app.Activity,java.lang.String):void, 14, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void Activity.startActivity(Intent) with tainted index 1]
|
|
codetoanalyze/java/quandary/Intents.java, codetoanalyze.java.quandary.Intents.callAllActivitySinksBad(android.app.Activity,java.lang.String):void, 15, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void Activity.startActivityForResult(Intent,int) with tainted index 1]
|
|
codetoanalyze/java/quandary/Intents.java, codetoanalyze.java.quandary.Intents.callAllActivitySinksBad(android.app.Activity,java.lang.String):void, 16, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to boolean Activity.startActivityIfNeeded(Intent,int) with tainted index 1]
|
|
codetoanalyze/java/quandary/Intents.java, codetoanalyze.java.quandary.Intents.callAllActivitySinksBad(android.app.Activity,java.lang.String):void, 17, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void Activity.startActivityFromChild(Activity,Intent,int) with tainted index 2]
|
|
codetoanalyze/java/quandary/Intents.java, codetoanalyze.java.quandary.Intents.callAllActivitySinksBad(android.app.Activity,java.lang.String):void, 18, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void Activity.startActivityFromFragment(Fragment,Intent,int) with tainted index 2]
|
|
codetoanalyze/java/quandary/Intents.java, codetoanalyze.java.quandary.Intents.callAllActivitySinksBad(android.app.Activity,java.lang.String):void, 19, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void Activity.startIntentSender(IntentSender,Intent,int,int,int) with tainted index 2]
|
|
codetoanalyze/java/quandary/Intents.java, codetoanalyze.java.quandary.Intents.callAllActivitySinksBad(android.app.Activity,java.lang.String):void, 20, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void Activity.startIntentSenderForResult(IntentSender,int,Intent,int,int,int) with tainted index 3]
|
|
codetoanalyze/java/quandary/Intents.java, codetoanalyze.java.quandary.Intents.callAllActivitySinksBad(android.app.Activity,java.lang.String):void, 21, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void Activity.startIntentSenderFromChild(Activity,IntentSender,int,Intent,int,int,int) with tainted index 4]
|
|
codetoanalyze/java/quandary/Intents.java, codetoanalyze.java.quandary.Intents.callAllActivitySinksBad(android.app.Activity,java.lang.String):void, 22, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to ComponentName ContextWrapper.startService(Intent) with tainted index 1]
|
|
codetoanalyze/java/quandary/Intents.java, codetoanalyze.java.quandary.Intents.callAllActivitySinksBad(android.app.Activity,java.lang.String):void, 23, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to boolean ContextWrapper.stopService(Intent) with tainted index 1]
|
|
codetoanalyze/java/quandary/Intents.java, codetoanalyze.java.quandary.Intents.callAllIntentSinks():void, 2, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to Intent Intent.parseUri(String,int) with tainted index 0]
|
|
codetoanalyze/java/quandary/Intents.java, codetoanalyze.java.quandary.Intents.callAllIntentSinks():void, 3, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to Intent Intent.getIntent(String) with tainted index 0]
|
|
codetoanalyze/java/quandary/Intents.java, codetoanalyze.java.quandary.Intents.callAllIntentSinks():void, 4, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to Intent Intent.getIntentOld(String) with tainted index 0]
|
|
codetoanalyze/java/quandary/Intents.java, codetoanalyze.java.quandary.Intents.callAllIntentSinks():void, 8, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to Intent Intent.setClassName(String,String) with tainted index 1]
|
|
codetoanalyze/java/quandary/Intents.java, codetoanalyze.java.quandary.Intents.callAllIntentSinks():void, 9, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to Intent Intent.setData(Uri) with tainted index 1]
|
|
codetoanalyze/java/quandary/Intents.java, codetoanalyze.java.quandary.Intents.callAllIntentSinks():void, 10, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to Intent Intent.setDataAndNormalize(Uri) with tainted index 1]
|
|
codetoanalyze/java/quandary/Intents.java, codetoanalyze.java.quandary.Intents.callAllIntentSinks():void, 11, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to Intent Intent.setDataAndType(Uri,String) with tainted index 1]
|
|
codetoanalyze/java/quandary/Intents.java, codetoanalyze.java.quandary.Intents.callAllIntentSinks():void, 12, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to Intent Intent.setDataAndTypeAndNormalize(Uri,String) with tainted index 1]
|
|
codetoanalyze/java/quandary/Intents.java, codetoanalyze.java.quandary.Intents.callAllIntentSinks():void, 13, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to Intent Intent.setPackage(String) with tainted index 1]
|
|
codetoanalyze/java/quandary/Intents.java, codetoanalyze.java.quandary.Intents.extraToDataBad():void, 5, UNTRUSTED_INTENT_CREATION, no_bucket, ERROR, [Return from String Intent.getStringExtra(String),Call to Intent Intent.setData(Uri) with tainted index 1]
|
|
codetoanalyze/java/quandary/Intents.java, codetoanalyze.java.quandary.Intents.extraToDataBad():void, 7, UNTRUSTED_INTENT_CREATION, no_bucket, ERROR, [Return from String Intent.getStringExtra(String),Call to Intent Intent.setData(Uri) with tainted index 1]
|
|
codetoanalyze/java/quandary/Intents.java, codetoanalyze.java.quandary.Intents.startWithUri1Bad(android.net.Uri):void, 1, CREATE_INTENT_FROM_URI, no_bucket, ERROR, [Return from Intent.<init>(String,Uri),Call to void Activity.startActivity(Intent) with tainted index 1]
|
|
codetoanalyze/java/quandary/Intents.java, codetoanalyze.java.quandary.Intents.startWithUri2Bad(android.net.Uri):void, 1, CREATE_INTENT_FROM_URI, no_bucket, ERROR, [Return from Intent.<init>(String,Uri,Context,Class),Call to void Activity.startActivity(Intent) with tainted index 1]
|
|
codetoanalyze/java/quandary/Intents.java, codetoanalyze.java.quandary.Intents.subclassCallBad(codetoanalyze.java.quandary.IntentSubclass,codetoanalyze.java.quandary.ContextSubclass):void, 3, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void Context.startActivity(Intent) with tainted index 1]
|
|
codetoanalyze/java/quandary/Intents.java, codetoanalyze.java.quandary.MyActivity.startServiceWithTaintedIntent():void, 2, CREATE_INTENT_FROM_URI, no_bucket, ERROR, [Return from Intent.<init>(String,Uri),Call to ComponentName ContextWrapper.startService(Intent) with tainted index 1]
|
|
codetoanalyze/java/quandary/Interprocedural.java, codetoanalyze.java.quandary.Interprocedural.FP_divergenceInCallee():void, 3, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/Interprocedural.java, codetoanalyze.java.quandary.Interprocedural.FP_reassignInCallee():void, 4, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/Interprocedural.java, codetoanalyze.java.quandary.Interprocedural.FP_trackParamsOk():void, 1, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource() with tainted data return*,Return from Object Interprocedural.returnSourceConditional(boolean),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/Interprocedural.java, codetoanalyze.java.quandary.Interprocedural.callDeepSink1Bad():void, 2, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void Interprocedural.callSinkA(Interprocedural$Obj) with tainted index 1,Call to void Interprocedural.callSink1(Interprocedural$Obj) with tainted index 1,Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/Interprocedural.java, codetoanalyze.java.quandary.Interprocedural.callDeepSink3Bad():void, 2, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void Interprocedural.callSinkC(Interprocedural$Obj) with tainted index 1,Call to void Interprocedural.callSink3(Interprocedural$Obj) with tainted index 1,Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/Interprocedural.java, codetoanalyze.java.quandary.Interprocedural.callDeepSink4Bad():void, 2, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void Interprocedural.callSinkD(Interprocedural$Obj) with tainted index 1,Call to void Interprocedural.callSink4(Interprocedural$Obj) with tainted index 1,Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/Interprocedural.java, codetoanalyze.java.quandary.Interprocedural.callDeepSinkIndirectBad():void, 2, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void Interprocedural.callSinkIndirectOnParam(Object) with tainted index 1,Call to void Interprocedural.callSinkOnParam(Object) with tainted index 1,Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/Interprocedural.java, codetoanalyze.java.quandary.Interprocedural.callSinkNoTripleReportBad():void, 2, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void Interprocedural.callSinkParam1(Object,Object) with tainted index 0,Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/Interprocedural.java, codetoanalyze.java.quandary.Interprocedural.callSinkNoTripleReportBad():void, 3, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void Interprocedural.callSinkParam2(Object,Object) with tainted index 1,Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/Interprocedural.java, codetoanalyze.java.quandary.Interprocedural.callSinkOnFieldDirectBad():void, 2, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void Interprocedural.callSinkOnFieldDirect() with tainted index 0,Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/Interprocedural.java, codetoanalyze.java.quandary.Interprocedural.callSinkOnFieldIndirectBad():void, 3, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void Interprocedural.callSinkOnFieldIndirect(Interprocedural$Obj) with tainted index 0,Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/Interprocedural.java, codetoanalyze.java.quandary.Interprocedural.callSinkOnGlobalBad():void, 2, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void Interprocedural.callSinkOnGlobal(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/Interprocedural.java, codetoanalyze.java.quandary.Interprocedural.callSinkOnLocalBad():void, 2, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void Interprocedural.callSinkOnLocal() with tainted index 0,Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/Interprocedural.java, codetoanalyze.java.quandary.Interprocedural.callSinkParam1Bad():void, 1, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void Interprocedural.callSinkParam1(Object,Object) with tainted index 0,Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/Interprocedural.java, codetoanalyze.java.quandary.Interprocedural.callSinkParam2Bad():void, 1, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void Interprocedural.callSinkParam2(Object,Object) with tainted index 1,Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/Interprocedural.java, codetoanalyze.java.quandary.Interprocedural.callSinkThenDivergeBad():void, 1, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void Interprocedural.callSinkThenDiverge(Object) with tainted index 0,Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/Interprocedural.java, codetoanalyze.java.quandary.Interprocedural.callSinkVariadicBad():void, 1, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void Interprocedural.callSinkVariadic(java.lang.Object[]) with tainted index 0,Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/Interprocedural.java, codetoanalyze.java.quandary.Interprocedural.doublePassthroughBad():void, 4, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/Interprocedural.java, codetoanalyze.java.quandary.Interprocedural.getGlobalThenCallSinkBad():void, 2, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void Interprocedural.getGlobalThenCallSink(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/Interprocedural.java, codetoanalyze.java.quandary.Interprocedural.irrelevantPassthroughsIntraprocedural(java.lang.Object):java.lang.Object, 4, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/Interprocedural.java, codetoanalyze.java.quandary.Interprocedural.irrelevantPassthroughsSinkInterprocedural(java.lang.Object):java.lang.Object, 3, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to Object Interprocedural.callSinkIrrelevantPassthrough(Object) with tainted index 0,Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/Interprocedural.java, codetoanalyze.java.quandary.Interprocedural.irrelevantPassthroughsSourceAndSinkInterprocedural(java.lang.Object):java.lang.Object, 4, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource() with tainted data return,Return from Object Interprocedural.returnSourceIrrelevantPassthrough(Object),Call to Object Interprocedural.callSinkIrrelevantPassthrough(Object) with tainted index 0,Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/Interprocedural.java, codetoanalyze.java.quandary.Interprocedural.irrelevantPassthroughsSourceInterprocedural(java.lang.Object):java.lang.Object, 4, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource() with tainted data return,Return from Object Interprocedural.returnSourceIrrelevantPassthrough(Object),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/Interprocedural.java, codetoanalyze.java.quandary.Interprocedural.returnSourceDirectBad():void, 1, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource() with tainted data return*,Return from Object Interprocedural.returnSourceDirect(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/Interprocedural.java, codetoanalyze.java.quandary.Interprocedural.returnSourceDirectViaVarBad():void, 2, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource() with tainted data return*,Return from Object Interprocedural.returnSourceDirect(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/Interprocedural.java, codetoanalyze.java.quandary.Interprocedural.returnSourceIndirectBad():void, 1, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource() with tainted data return*,Return from Object Interprocedural.returnSourceDirect() with tainted data return*,Return from Object Interprocedural.returnSourceIndirect(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/Interprocedural.java, codetoanalyze.java.quandary.Interprocedural.returnSourceViaFieldBad():void, 1, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource() with tainted data return.codetoanalyze.java.quandary.Interprocedural$Obj.f*,Return from Interprocedural$Obj Interprocedural.returnSourceViaField(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/Interprocedural.java, codetoanalyze.java.quandary.Interprocedural.returnSourceViaGlobalBad():void, 2, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource() with tainted data quandary.Interprocedural.codetoanalyze.java.quandary.Interprocedural.sGlobal*,Return from void Interprocedural.returnSourceViaGlobal(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/Interprocedural.java, codetoanalyze.java.quandary.Interprocedural.returnSourceViaParameter1Bad(codetoanalyze.java.quandary.Interprocedural$Obj):void, 2, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource() with tainted data @val$0.codetoanalyze.java.quandary.Interprocedural$Obj.f*,Return from void Interprocedural.returnSourceViaParameter1(Interprocedural$Obj),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/Interprocedural.java, codetoanalyze.java.quandary.Interprocedural.returnSourceViaParameter2Bad(codetoanalyze.java.quandary.Interprocedural$Obj,codetoanalyze.java.quandary.Interprocedural$Obj):void, 3, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/Interprocedural.java, codetoanalyze.java.quandary.Interprocedural.setGlobalThenCallSinkBad():void, 2, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void Interprocedural.callSinkOnGlobal(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/Interprocedural.java, codetoanalyze.java.quandary.Interprocedural.singlePassthroughBad():void, 3, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/LoggingPrivateData.java, codetoanalyze.java.quandary.LoggingPrivateData.logAllSourcesBad(android.location.Location,android.telephony.TelephonyManager):void, 36, LOGGING_PRIVATE_DATA, no_bucket, ERROR, [Return from String TelephonyManager.getVoiceMailNumber(),Call to int Log.e(String,String) with tainted index 1]
|
|
codetoanalyze/java/quandary/LoggingPrivateData.java, codetoanalyze.java.quandary.LoggingPrivateData.logAllSourcesBad(android.location.Location,android.telephony.TelephonyManager):void, 36, LOGGING_PRIVATE_DATA, no_bucket, ERROR, [Return from float Location.getSpeed(),Call to int Log.e(String,String) with tainted index 1]
|
|
codetoanalyze/java/quandary/LoggingPrivateData.java, codetoanalyze.java.quandary.LoggingPrivateData.logAllSourcesBad(android.location.Location,android.telephony.TelephonyManager):void, 36, LOGGING_PRIVATE_DATA, no_bucket, ERROR, [Return from String TelephonyManager.getDeviceId(),Call to int Log.e(String,String) with tainted index 1]
|
|
codetoanalyze/java/quandary/LoggingPrivateData.java, codetoanalyze.java.quandary.LoggingPrivateData.logAllSourcesBad(android.location.Location,android.telephony.TelephonyManager):void, 36, LOGGING_PRIVATE_DATA, no_bucket, ERROR, [Return from String TelephonyManager.getSimSerialNumber(),Call to int Log.e(String,String) with tainted index 1]
|
|
codetoanalyze/java/quandary/LoggingPrivateData.java, codetoanalyze.java.quandary.LoggingPrivateData.logAllSourcesBad(android.location.Location,android.telephony.TelephonyManager):void, 36, LOGGING_PRIVATE_DATA, no_bucket, ERROR, [Return from String TelephonyManager.getLine1Number(),Call to int Log.e(String,String) with tainted index 1]
|
|
codetoanalyze/java/quandary/LoggingPrivateData.java, codetoanalyze.java.quandary.LoggingPrivateData.logAllSourcesBad(android.location.Location,android.telephony.TelephonyManager):void, 36, LOGGING_PRIVATE_DATA, no_bucket, ERROR, [Return from double Location.getAltitude(),Call to int Log.e(String,String) with tainted index 1]
|
|
codetoanalyze/java/quandary/LoggingPrivateData.java, codetoanalyze.java.quandary.LoggingPrivateData.logAllSourcesBad(android.location.Location,android.telephony.TelephonyManager):void, 36, LOGGING_PRIVATE_DATA, no_bucket, ERROR, [Return from String TelephonyManager.getSubscriberId(),Call to int Log.e(String,String) with tainted index 1]
|
|
codetoanalyze/java/quandary/LoggingPrivateData.java, codetoanalyze.java.quandary.LoggingPrivateData.logAllSourcesBad(android.location.Location,android.telephony.TelephonyManager):void, 36, LOGGING_PRIVATE_DATA, no_bucket, ERROR, [Return from double Location.getLongitude(),Call to int Log.e(String,String) with tainted index 1]
|
|
codetoanalyze/java/quandary/LoggingPrivateData.java, codetoanalyze.java.quandary.LoggingPrivateData.logAllSourcesBad(android.location.Location,android.telephony.TelephonyManager):void, 36, LOGGING_PRIVATE_DATA, no_bucket, ERROR, [Return from float Location.getBearing(),Call to int Log.e(String,String) with tainted index 1]
|
|
codetoanalyze/java/quandary/LoggingPrivateData.java, codetoanalyze.java.quandary.LoggingPrivateData.logAllSourcesBad(android.location.Location,android.telephony.TelephonyManager):void, 36, LOGGING_PRIVATE_DATA, no_bucket, ERROR, [Return from double Location.getLatitude(),Call to int Log.e(String,String) with tainted index 1]
|
|
codetoanalyze/java/quandary/LoggingPrivateData.java, codetoanalyze.java.quandary.LoggingPrivateData.logAllSourcesBad(android.location.Location,android.telephony.TelephonyManager):void, 37, LOGGING_PRIVATE_DATA, no_bucket, ERROR, [Return from String TelephonyManager.getSubscriberId(),Call to int Log.println(int,String,String) with tainted index 2]
|
|
codetoanalyze/java/quandary/LoggingPrivateData.java, codetoanalyze.java.quandary.LoggingPrivateData.logAllSourcesBad(android.location.Location,android.telephony.TelephonyManager):void, 37, LOGGING_PRIVATE_DATA, no_bucket, ERROR, [Return from String TelephonyManager.getDeviceId(),Call to int Log.println(int,String,String) with tainted index 2]
|
|
codetoanalyze/java/quandary/LoggingPrivateData.java, codetoanalyze.java.quandary.LoggingPrivateData.logAllSourcesBad(android.location.Location,android.telephony.TelephonyManager):void, 37, LOGGING_PRIVATE_DATA, no_bucket, ERROR, [Return from double Location.getLongitude(),Call to int Log.println(int,String,String) with tainted index 2]
|
|
codetoanalyze/java/quandary/LoggingPrivateData.java, codetoanalyze.java.quandary.LoggingPrivateData.logAllSourcesBad(android.location.Location,android.telephony.TelephonyManager):void, 37, LOGGING_PRIVATE_DATA, no_bucket, ERROR, [Return from String TelephonyManager.getLine1Number(),Call to int Log.println(int,String,String) with tainted index 2]
|
|
codetoanalyze/java/quandary/LoggingPrivateData.java, codetoanalyze.java.quandary.LoggingPrivateData.logAllSourcesBad(android.location.Location,android.telephony.TelephonyManager):void, 37, LOGGING_PRIVATE_DATA, no_bucket, ERROR, [Return from double Location.getAltitude(),Call to int Log.println(int,String,String) with tainted index 2]
|
|
codetoanalyze/java/quandary/LoggingPrivateData.java, codetoanalyze.java.quandary.LoggingPrivateData.logAllSourcesBad(android.location.Location,android.telephony.TelephonyManager):void, 37, LOGGING_PRIVATE_DATA, no_bucket, ERROR, [Return from String TelephonyManager.getVoiceMailNumber(),Call to int Log.println(int,String,String) with tainted index 2]
|
|
codetoanalyze/java/quandary/LoggingPrivateData.java, codetoanalyze.java.quandary.LoggingPrivateData.logAllSourcesBad(android.location.Location,android.telephony.TelephonyManager):void, 37, LOGGING_PRIVATE_DATA, no_bucket, ERROR, [Return from float Location.getBearing(),Call to int Log.println(int,String,String) with tainted index 2]
|
|
codetoanalyze/java/quandary/LoggingPrivateData.java, codetoanalyze.java.quandary.LoggingPrivateData.logAllSourcesBad(android.location.Location,android.telephony.TelephonyManager):void, 37, LOGGING_PRIVATE_DATA, no_bucket, ERROR, [Return from double Location.getLatitude(),Call to int Log.println(int,String,String) with tainted index 2]
|
|
codetoanalyze/java/quandary/LoggingPrivateData.java, codetoanalyze.java.quandary.LoggingPrivateData.logAllSourcesBad(android.location.Location,android.telephony.TelephonyManager):void, 37, LOGGING_PRIVATE_DATA, no_bucket, ERROR, [Return from float Location.getSpeed(),Call to int Log.println(int,String,String) with tainted index 2]
|
|
codetoanalyze/java/quandary/LoggingPrivateData.java, codetoanalyze.java.quandary.LoggingPrivateData.logAllSourcesBad(android.location.Location,android.telephony.TelephonyManager):void, 37, LOGGING_PRIVATE_DATA, no_bucket, ERROR, [Return from String TelephonyManager.getSimSerialNumber(),Call to int Log.println(int,String,String) with tainted index 2]
|
|
codetoanalyze/java/quandary/LoggingPrivateData.java, codetoanalyze.java.quandary.LoggingPrivateData.logAllSourcesBad(android.location.Location,android.telephony.TelephonyManager):void, 38, LOGGING_PRIVATE_DATA, no_bucket, ERROR, [Return from String TelephonyManager.getSimSerialNumber(),Call to int Log.w(String,String) with tainted index 1]
|
|
codetoanalyze/java/quandary/LoggingPrivateData.java, codetoanalyze.java.quandary.LoggingPrivateData.logAllSourcesBad(android.location.Location,android.telephony.TelephonyManager):void, 38, LOGGING_PRIVATE_DATA, no_bucket, ERROR, [Return from String TelephonyManager.getSubscriberId(),Call to int Log.w(String,String) with tainted index 1]
|
|
codetoanalyze/java/quandary/LoggingPrivateData.java, codetoanalyze.java.quandary.LoggingPrivateData.logAllSourcesBad(android.location.Location,android.telephony.TelephonyManager):void, 38, LOGGING_PRIVATE_DATA, no_bucket, ERROR, [Return from String TelephonyManager.getVoiceMailNumber(),Call to int Log.w(String,String) with tainted index 1]
|
|
codetoanalyze/java/quandary/LoggingPrivateData.java, codetoanalyze.java.quandary.LoggingPrivateData.logAllSourcesBad(android.location.Location,android.telephony.TelephonyManager):void, 38, LOGGING_PRIVATE_DATA, no_bucket, ERROR, [Return from double Location.getAltitude(),Call to int Log.w(String,String) with tainted index 1]
|
|
codetoanalyze/java/quandary/LoggingPrivateData.java, codetoanalyze.java.quandary.LoggingPrivateData.logAllSourcesBad(android.location.Location,android.telephony.TelephonyManager):void, 38, LOGGING_PRIVATE_DATA, no_bucket, ERROR, [Return from double Location.getLatitude(),Call to int Log.w(String,String) with tainted index 1]
|
|
codetoanalyze/java/quandary/LoggingPrivateData.java, codetoanalyze.java.quandary.LoggingPrivateData.logAllSourcesBad(android.location.Location,android.telephony.TelephonyManager):void, 38, LOGGING_PRIVATE_DATA, no_bucket, ERROR, [Return from float Location.getBearing(),Call to int Log.w(String,String) with tainted index 1]
|
|
codetoanalyze/java/quandary/LoggingPrivateData.java, codetoanalyze.java.quandary.LoggingPrivateData.logAllSourcesBad(android.location.Location,android.telephony.TelephonyManager):void, 38, LOGGING_PRIVATE_DATA, no_bucket, ERROR, [Return from double Location.getLongitude(),Call to int Log.w(String,String) with tainted index 1]
|
|
codetoanalyze/java/quandary/LoggingPrivateData.java, codetoanalyze.java.quandary.LoggingPrivateData.logAllSourcesBad(android.location.Location,android.telephony.TelephonyManager):void, 38, LOGGING_PRIVATE_DATA, no_bucket, ERROR, [Return from String TelephonyManager.getLine1Number(),Call to int Log.w(String,String) with tainted index 1]
|
|
codetoanalyze/java/quandary/LoggingPrivateData.java, codetoanalyze.java.quandary.LoggingPrivateData.logAllSourcesBad(android.location.Location,android.telephony.TelephonyManager):void, 38, LOGGING_PRIVATE_DATA, no_bucket, ERROR, [Return from String TelephonyManager.getDeviceId(),Call to int Log.w(String,String) with tainted index 1]
|
|
codetoanalyze/java/quandary/LoggingPrivateData.java, codetoanalyze.java.quandary.LoggingPrivateData.logAllSourcesBad(android.location.Location,android.telephony.TelephonyManager):void, 38, LOGGING_PRIVATE_DATA, no_bucket, ERROR, [Return from float Location.getSpeed(),Call to int Log.w(String,String) with tainted index 1]
|
|
codetoanalyze/java/quandary/LoggingPrivateData.java, codetoanalyze.java.quandary.LoggingPrivateData.logAllSourcesBad(android.location.Location,android.telephony.TelephonyManager):void, 39, LOGGING_PRIVATE_DATA, no_bucket, ERROR, [Return from String TelephonyManager.getVoiceMailNumber(),Call to int Log.wtf(String,String) with tainted index 1]
|
|
codetoanalyze/java/quandary/LoggingPrivateData.java, codetoanalyze.java.quandary.LoggingPrivateData.logAllSourcesBad(android.location.Location,android.telephony.TelephonyManager):void, 39, LOGGING_PRIVATE_DATA, no_bucket, ERROR, [Return from float Location.getSpeed(),Call to int Log.wtf(String,String) with tainted index 1]
|
|
codetoanalyze/java/quandary/LoggingPrivateData.java, codetoanalyze.java.quandary.LoggingPrivateData.logAllSourcesBad(android.location.Location,android.telephony.TelephonyManager):void, 39, LOGGING_PRIVATE_DATA, no_bucket, ERROR, [Return from double Location.getLongitude(),Call to int Log.wtf(String,String) with tainted index 1]
|
|
codetoanalyze/java/quandary/LoggingPrivateData.java, codetoanalyze.java.quandary.LoggingPrivateData.logAllSourcesBad(android.location.Location,android.telephony.TelephonyManager):void, 39, LOGGING_PRIVATE_DATA, no_bucket, ERROR, [Return from String TelephonyManager.getSubscriberId(),Call to int Log.wtf(String,String) with tainted index 1]
|
|
codetoanalyze/java/quandary/LoggingPrivateData.java, codetoanalyze.java.quandary.LoggingPrivateData.logAllSourcesBad(android.location.Location,android.telephony.TelephonyManager):void, 39, LOGGING_PRIVATE_DATA, no_bucket, ERROR, [Return from String TelephonyManager.getSimSerialNumber(),Call to int Log.wtf(String,String) with tainted index 1]
|
|
codetoanalyze/java/quandary/LoggingPrivateData.java, codetoanalyze.java.quandary.LoggingPrivateData.logAllSourcesBad(android.location.Location,android.telephony.TelephonyManager):void, 39, LOGGING_PRIVATE_DATA, no_bucket, ERROR, [Return from double Location.getLatitude(),Call to int Log.wtf(String,String) with tainted index 1]
|
|
codetoanalyze/java/quandary/LoggingPrivateData.java, codetoanalyze.java.quandary.LoggingPrivateData.logAllSourcesBad(android.location.Location,android.telephony.TelephonyManager):void, 39, LOGGING_PRIVATE_DATA, no_bucket, ERROR, [Return from double Location.getAltitude(),Call to int Log.wtf(String,String) with tainted index 1]
|
|
codetoanalyze/java/quandary/LoggingPrivateData.java, codetoanalyze.java.quandary.LoggingPrivateData.logAllSourcesBad(android.location.Location,android.telephony.TelephonyManager):void, 39, LOGGING_PRIVATE_DATA, no_bucket, ERROR, [Return from float Location.getBearing(),Call to int Log.wtf(String,String) with tainted index 1]
|
|
codetoanalyze/java/quandary/LoggingPrivateData.java, codetoanalyze.java.quandary.LoggingPrivateData.logAllSourcesBad(android.location.Location,android.telephony.TelephonyManager):void, 39, LOGGING_PRIVATE_DATA, no_bucket, ERROR, [Return from String TelephonyManager.getDeviceId(),Call to int Log.wtf(String,String) with tainted index 1]
|
|
codetoanalyze/java/quandary/LoggingPrivateData.java, codetoanalyze.java.quandary.LoggingPrivateData.logAllSourcesBad(android.location.Location,android.telephony.TelephonyManager):void, 39, LOGGING_PRIVATE_DATA, no_bucket, ERROR, [Return from String TelephonyManager.getLine1Number(),Call to int Log.wtf(String,String) with tainted index 1]
|
|
codetoanalyze/java/quandary/Recursion.java, codetoanalyze.java.quandary.Recursion.callSinkThenDivergeBad():void, 1, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void Recursion.callSinkThenDiverge(Object) with tainted index 0,Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/Recursion.java, codetoanalyze.java.quandary.Recursion.safeRecursionCallSinkBad():void, 1, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void Recursion.safeRecursionCallSink(int,Object) with tainted index 1,Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/Serialization.java, codetoanalyze.java.quandary.Serialization.taintedObjectInputStreamBad():java.lang.Object, 2, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to ObjectInputStream.<init>(InputStream) with tainted index 1]
|
|
codetoanalyze/java/quandary/Services.java, codetoanalyze.java.quandary.Service1.packageProtectedServiceMethodBad(java.lang.String):void, 1, SHELL_INJECTION_RISK, no_bucket, ERROR, [Return from void Service1.packageProtectedServiceMethodBad(String),Call to Process Runtime.exec(String) with tainted index 1]
|
|
codetoanalyze/java/quandary/Services.java, codetoanalyze.java.quandary.Service1.paramToSql1Bad(java.lang.String):void, 1, SQL_INJECTION_RISK, no_bucket, ERROR, [Return from void Service1.paramToSql1Bad(String),Call to boolean Statement.execute(String) with tainted index 1]
|
|
codetoanalyze/java/quandary/Services.java, codetoanalyze.java.quandary.Service1.paramToSql2Bad(java.lang.String):void, 1, USER_CONTROLLED_SQL_RISK, no_bucket, ERROR, [Return from void Service1.paramToSql2Bad(String),Call to long Statement.executeLargeUpdate(String) with tainted index 1]
|
|
codetoanalyze/java/quandary/Services.java, codetoanalyze.java.quandary.Service1.paramToSql3Bad(java.lang.String):void, 1, USER_CONTROLLED_SQL_RISK, no_bucket, ERROR, [Return from void Service1.paramToSql3Bad(String),Call to ResultSet Statement.executeQuery(String) with tainted index 1]
|
|
codetoanalyze/java/quandary/Services.java, codetoanalyze.java.quandary.Service1.paramToSql4Bad(java.lang.String):void, 1, USER_CONTROLLED_SQL_RISK, no_bucket, ERROR, [Return from void Service1.paramToSql4Bad(String),Call to int Statement.executeUpdate(String) with tainted index 1]
|
|
codetoanalyze/java/quandary/Services.java, codetoanalyze.java.quandary.Service1.paramToSql5Bad(java.lang.String):void, 1, SQL_INJECTION_RISK, no_bucket, ERROR, [Return from void Service1.paramToSql5Bad(String),Call to void Statement.addBatch(String) with tainted index 1]
|
|
codetoanalyze/java/quandary/Services.java, codetoanalyze.java.quandary.Service1.serviceMethodBad(java.lang.String):void, 1, SHELL_INJECTION_RISK, no_bucket, ERROR, [Return from void Service1.serviceMethodBad(String),Call to Process Runtime.exec(String) with tainted index 1]
|
|
codetoanalyze/java/quandary/Strings.java, Strings.viaFormatterBad():void, 3, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/Strings.java, Strings.viaFormatterIgnoreReturnBad():void, 4, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/Strings.java, Strings.viaStringBufferBad():void, 3, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/Strings.java, Strings.viaStringBufferIgnoreReturnBad():void, 4, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/Strings.java, Strings.viaStringBuilderBad():void, 3, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/Strings.java, Strings.viaStringBuilderIgnoreReturnBad():void, 5, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/Strings.java, Strings.viaStringBuilderSugarBad():void, 2, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/Strings.java, Strings.viaStringFormatVarArgsDirectBad():void, 3, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/Strings.java, Strings.viaStringFormatVarArgsIndirectBad():void, 1, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void Strings.viaStringFormatVarArgsIndirect(Object) with tainted index 1,Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/TaintExample.java, codetoanalyze.java.quandary.TaintExample.interprocTaintErrorWithModelMethods1():void, 1, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource() with tainted data return*,Return from Object TaintExample.returnTaintedSourceModelMethods(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/TaintExample.java, codetoanalyze.java.quandary.TaintExample.interprocTaintErrorWithModelMethods2():void, 1, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void TaintExample.callSinkMethodModelMethods(Object) with tainted index 1,Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/TaintExample.java, codetoanalyze.java.quandary.TaintExample.interprocTaintErrorWithModelMethods3():void, 1, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource() with tainted data return*,Return from Object TaintExample.returnTaintedSourceModelMethods(),Call to void TaintExample.callSinkMethodModelMethods(Object) with tainted index 1,Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/TaintExample.java, codetoanalyze.java.quandary.TaintExample.simpleTaintErrorWithModelMethods():void, 2, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/TaintedFormals.java, codetoanalyze.java.quandary.TaintedFormals.callTaintedContextBad1(java.lang.String):void, 2, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object TaintedFormals.taintedContextBad(String) with tainted data return*,Return from Object TaintedFormals.taintedContextBad(String),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/TaintedFormals.java, codetoanalyze.java.quandary.TaintedFormals.callTaintedContextBad2():void, 1, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void TaintedFormals.taintedContextBad(String,Intent,Integer) with tainted index 2,Call to ComponentName ContextWrapper.startService(Intent) with tainted index 1]
|
|
codetoanalyze/java/quandary/TaintedFormals.java, codetoanalyze.java.quandary.TaintedFormals.taintedContextBad(java.lang.String,android.content.Intent,java.lang.Integer):void, 3, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from void TaintedFormals.taintedContextBad(String,Intent,Integer),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/TaintedFormals.java, codetoanalyze.java.quandary.TaintedFormals.taintedContextBad(java.lang.String,android.content.Intent,java.lang.Integer):void, 4, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from void TaintedFormals.taintedContextBad(String,Intent,Integer),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/TaintedFormals.java, codetoanalyze.java.quandary.TaintedFormals.taintedContextBad(java.lang.String,android.content.Intent,java.lang.Integer):void, 5, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from void TaintedFormals.taintedContextBad(String,Intent,Integer),Call to void TaintedFormals.callSink(Object) with tainted index 1,Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/TaintedFormals.java, codetoanalyze.java.quandary.TaintedFormals.taintedContextBad(java.lang.String,android.content.Intent,java.lang.Integer):void, 6, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from void TaintedFormals.taintedContextBad(String,Intent,Integer),Call to void TaintedFormals.callSink(Object) with tainted index 1,Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/Traces.java, codetoanalyze.java.quandary.Traces.sourceMethod():void, 2, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void Traces.callSameSink(Obj,Obj,Obj,Obj) with tainted index 2,Call to void Traces.callMySinkIndirect(Obj) with tainted index 1,Call to void Traces.callMySink(Obj) with tainted index 1,Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/UnknownCode.java, codetoanalyze.java.quandary.UnknownCode.callPropagateFootprintBad():void, 1, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void UnknownCode.propagateFootprint(String) with tainted index 1,Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/UnknownCode.java, codetoanalyze.java.quandary.UnknownCode.callUnknownSetterBad(android.content.Intent):void, 4, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/UnknownCode.java, codetoanalyze.java.quandary.UnknownCode.propagateEmptyBad():void, 6, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/UnknownCode.java, codetoanalyze.java.quandary.UnknownCode.propagateEmptyBad():void, 7, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/UnknownCode.java, codetoanalyze.java.quandary.UnknownCode.propagateViaInterfaceCodeBad(codetoanalyze.java.quandary.UnknownCode$Interface):void, 3, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/UnknownCode.java, codetoanalyze.java.quandary.UnknownCode.propagateViaUnknownAbstractCodeBad():void, 3, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/UnknownCode.java, codetoanalyze.java.quandary.UnknownCode.propagateViaUnknownConstructorBad():void, 4, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/UnknownCode.java, codetoanalyze.java.quandary.UnknownCode.propagateViaUnknownNativeCodeBad():void, 3, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/UserControlledStrings.java, codetoanalyze.java.quandary.UserControlledStrings.clipboardToHtmlBad():android.text.Spanned, 1, CROSS_SITE_SCRIPTING, no_bucket, ERROR, [Return from CharSequence ClipboardManager.getText(),Call to Spanned Html.fromHtml(String) with tainted index 0]
|
|
codetoanalyze/java/quandary/UserControlledStrings.java, codetoanalyze.java.quandary.UserControlledStrings.clipboardToProcessBuilder1Bad():java.lang.ProcessBuilder, 1, SHELL_INJECTION, no_bucket, ERROR, [Return from CharSequence ClipboardManager.getText(),Call to ProcessBuilder.<init>(java.lang.String[]) with tainted index 1]
|
|
codetoanalyze/java/quandary/UserControlledStrings.java, codetoanalyze.java.quandary.UserControlledStrings.clipboardToProcessBuilder2Bad():java.lang.ProcessBuilder, 1, SHELL_INJECTION, no_bucket, ERROR, [Return from CharSequence ClipboardManager.getText(),Call to ProcessBuilder.<init>(java.lang.String[]) with tainted index 1]
|
|
codetoanalyze/java/quandary/UserControlledStrings.java, codetoanalyze.java.quandary.UserControlledStrings.clipboardToProcessBuilder3Bad(java.lang.ProcessBuilder):java.lang.ProcessBuilder, 1, SHELL_INJECTION, no_bucket, ERROR, [Return from CharSequence ClipboardManager.getText(),Call to ProcessBuilder ProcessBuilder.command(java.lang.String[]) with tainted index 1]
|
|
codetoanalyze/java/quandary/UserControlledStrings.java, codetoanalyze.java.quandary.UserControlledStrings.clipboardToProcessBuilder4Bad(java.lang.ProcessBuilder):java.lang.ProcessBuilder, 3, SHELL_INJECTION, no_bucket, ERROR, [Return from CharSequence ClipboardManager.getText(),Call to ProcessBuilder ProcessBuilder.command(List) with tainted index 1]
|
|
codetoanalyze/java/quandary/UserControlledStrings.java, codetoanalyze.java.quandary.UserControlledStrings.clipboardToShellArrayBad():void, 2, SHELL_INJECTION, no_bucket, ERROR, [Return from CharSequence ClipboardManager.getText(),Call to Process Runtime.exec(java.lang.String[]) with tainted index 1]
|
|
codetoanalyze/java/quandary/UserControlledStrings.java, codetoanalyze.java.quandary.UserControlledStrings.clipboardToShellDirectBad():void, 1, SHELL_INJECTION, no_bucket, ERROR, [Return from CharSequence ClipboardManager.getText(),Call to Process Runtime.exec(String) with tainted index 1]
|
|
codetoanalyze/java/quandary/UserControlledStrings.java, codetoanalyze.java.quandary.UserControlledStrings.editTextToHtmlBad():android.text.Spanned, 1, CROSS_SITE_SCRIPTING, no_bucket, ERROR, [Return from Editable EditText.getText(),Call to Spanned Html.fromHtml(String) with tainted index 0]
|
|
codetoanalyze/java/quandary/UserControlledStrings.java, codetoanalyze.java.quandary.UserControlledStrings.readClipboardSourcesBad():void, 1, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from CharSequence ClipboardManager.getText(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/UserControlledStrings.java, codetoanalyze.java.quandary.UserControlledStrings.readClipboardSourcesBad():void, 2, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from ClipData ClipboardManager.getPrimaryClip(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/UserControlledStrings.java, codetoanalyze.java.quandary.UserControlledStrings.readClipboardSourcesBad():void, 3, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from ClipData ClipboardManager.getPrimaryClip(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/UserControlledStrings.java, codetoanalyze.java.quandary.UserControlledStrings.readClipboardSourcesBad():void, 4, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from ClipData ClipboardManager.getPrimaryClip(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/UserControlledStrings.java, codetoanalyze.java.quandary.UserControlledStrings.readClipboardSourcesBad():void, 5, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from ClipData ClipboardManager.getPrimaryClip(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
|
|
codetoanalyze/java/quandary/WebViews.java, codetoanalyze.java.quandary.WebViews$MyWebChromeClient.onJsAlert(android.webkit.WebView,java.lang.String,java.lang.String,android.webkit.JsResult):boolean, 2, UNTRUSTED_INTENT_CREATION, no_bucket, ERROR, [Return from boolean WebViews$MyWebChromeClient.onJsAlert(WebView,String,String,JsResult),Call to Intent Intent.parseUri(String,int) with tainted index 0]
|
|
codetoanalyze/java/quandary/WebViews.java, codetoanalyze.java.quandary.WebViews$MyWebChromeClient.onJsAlert(android.webkit.WebView,java.lang.String,java.lang.String,android.webkit.JsResult):boolean, 3, CREATE_INTENT_FROM_URI, no_bucket, ERROR, [Return from Intent Intent.parseUri(String,int),Call to void Activity.startActivity(Intent) with tainted index 1]
|
|
codetoanalyze/java/quandary/WebViews.java, codetoanalyze.java.quandary.WebViews$MyWebChromeClient.onJsBeforeUnload(android.webkit.WebView,java.lang.String,java.lang.String,android.webkit.JsResult):boolean, 2, UNTRUSTED_INTENT_CREATION, no_bucket, ERROR, [Return from boolean WebViews$MyWebChromeClient.onJsBeforeUnload(WebView,String,String,JsResult),Call to Intent Intent.parseUri(String,int) with tainted index 0]
|
|
codetoanalyze/java/quandary/WebViews.java, codetoanalyze.java.quandary.WebViews$MyWebChromeClient.onJsBeforeUnload(android.webkit.WebView,java.lang.String,java.lang.String,android.webkit.JsResult):boolean, 3, CREATE_INTENT_FROM_URI, no_bucket, ERROR, [Return from Intent Intent.parseUri(String,int),Call to void Activity.startActivity(Intent) with tainted index 1]
|
|
codetoanalyze/java/quandary/WebViews.java, codetoanalyze.java.quandary.WebViews$MyWebChromeClient.onJsConfirm(android.webkit.WebView,java.lang.String,java.lang.String,android.webkit.JsResult):boolean, 2, UNTRUSTED_INTENT_CREATION, no_bucket, ERROR, [Return from boolean WebViews$MyWebChromeClient.onJsConfirm(WebView,String,String,JsResult),Call to Intent Intent.parseUri(String,int) with tainted index 0]
|
|
codetoanalyze/java/quandary/WebViews.java, codetoanalyze.java.quandary.WebViews$MyWebChromeClient.onJsConfirm(android.webkit.WebView,java.lang.String,java.lang.String,android.webkit.JsResult):boolean, 3, CREATE_INTENT_FROM_URI, no_bucket, ERROR, [Return from Intent Intent.parseUri(String,int),Call to void Activity.startActivity(Intent) with tainted index 1]
|
|
codetoanalyze/java/quandary/WebViews.java, codetoanalyze.java.quandary.WebViews$MyWebChromeClient.onJsPrompt(android.webkit.WebView,java.lang.String,java.lang.String,java.lang.String,android.webkit.JsPromptResult):boolean, 2, UNTRUSTED_INTENT_CREATION, no_bucket, ERROR, [Return from boolean WebViews$MyWebChromeClient.onJsPrompt(WebView,String,String,String,JsPromptResult),Call to Intent Intent.parseUri(String,int) with tainted index 0]
|
|
codetoanalyze/java/quandary/WebViews.java, codetoanalyze.java.quandary.WebViews$MyWebChromeClient.onJsPrompt(android.webkit.WebView,java.lang.String,java.lang.String,java.lang.String,android.webkit.JsPromptResult):boolean, 3, CREATE_INTENT_FROM_URI, no_bucket, ERROR, [Return from Intent Intent.parseUri(String,int),Call to void Activity.startActivity(Intent) with tainted index 1]
|
|
codetoanalyze/java/quandary/WebViews.java, codetoanalyze.java.quandary.WebViews$MyWebViewClient.onLoadResource(android.webkit.WebView,java.lang.String):void, 2, UNTRUSTED_INTENT_CREATION, no_bucket, ERROR, [Return from void WebViews$MyWebViewClient.onLoadResource(WebView,String),Call to Intent Intent.parseUri(String,int) with tainted index 0]
|
|
codetoanalyze/java/quandary/WebViews.java, codetoanalyze.java.quandary.WebViews$MyWebViewClient.onLoadResource(android.webkit.WebView,java.lang.String):void, 3, CREATE_INTENT_FROM_URI, no_bucket, ERROR, [Return from Intent Intent.parseUri(String,int),Call to void Activity.startActivity(Intent) with tainted index 1]
|
|
codetoanalyze/java/quandary/WebViews.java, codetoanalyze.java.quandary.WebViews$MyWebViewClient.shouldInterceptRequest(android.webkit.WebView,android.webkit.WebResourceRequest):android.webkit.WebResourceResponse, 1, CREATE_INTENT_FROM_URI, no_bucket, ERROR, [Return from Intent.<init>(String,Uri),Call to void Activity.startActivity(Intent) with tainted index 1]
|
|
codetoanalyze/java/quandary/WebViews.java, codetoanalyze.java.quandary.WebViews$MyWebViewClient.shouldOverrideUrlLoading(android.webkit.WebView,java.lang.String):boolean, 2, UNTRUSTED_INTENT_CREATION, no_bucket, ERROR, [Return from boolean WebViews$MyWebViewClient.shouldOverrideUrlLoading(WebView,String),Call to Intent Intent.parseUri(String,int) with tainted index 0]
|
|
codetoanalyze/java/quandary/WebViews.java, codetoanalyze.java.quandary.WebViews$MyWebViewClient.shouldOverrideUrlLoading(android.webkit.WebView,java.lang.String):boolean, 3, CREATE_INTENT_FROM_URI, no_bucket, ERROR, [Return from Intent Intent.parseUri(String,int),Call to void Activity.startActivity(Intent) with tainted index 1]
|
|
codetoanalyze/java/quandary/WebViews.java, codetoanalyze.java.quandary.WebViews$MyWebViewClient.webResourceToFileBad(android.webkit.WebResourceRequest):java.io.File, 1, UNTRUSTED_FILE, no_bucket, ERROR, [Return from Uri WebResourceRequest.getUrl(),Call to File.<init>(String) with tainted index 1]
|
|
codetoanalyze/java/quandary/WebViews.java, codetoanalyze.java.quandary.WebViews.callWebviewSinks(android.webkit.WebView):void, 3, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void WebView.evaluateJavascript(String,ValueCallback) with tainted index 1]
|
|
codetoanalyze/java/quandary/WebViews.java, codetoanalyze.java.quandary.WebViews.callWebviewSinks(android.webkit.WebView):void, 4, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void WebView.loadData(String,String,String) with tainted index 1]
|
|
codetoanalyze/java/quandary/WebViews.java, codetoanalyze.java.quandary.WebViews.callWebviewSinks(android.webkit.WebView):void, 5, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void WebView.loadDataWithBaseURL(String,String,String,String,String) with tainted index 2]
|
|
codetoanalyze/java/quandary/WebViews.java, codetoanalyze.java.quandary.WebViews.callWebviewSinks(android.webkit.WebView):void, 6, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void WebView.loadUrl(String) with tainted index 1]
|
|
codetoanalyze/java/quandary/WebViews.java, codetoanalyze.java.quandary.WebViews.callWebviewSinks(android.webkit.WebView):void, 7, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void WebView.postUrl(String,byte[]) with tainted index 1]
|
|
codetoanalyze/java/quandary/WebViews.java, codetoanalyze.java.quandary.WebViews.callWebviewSinks(android.webkit.WebView):void, 8, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void WebView.postWebMessage(WebMessage,Uri) with tainted index 2]
|
|
codetoanalyze/java/quandary/WebViews.java, codetoanalyze.java.quandary.WebViews.callWebviewSubclassSink(codetoanalyze.java.quandary.WebViews$MyWebView):void, 2, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void WebView.evaluateJavascript(String,ValueCallback) with tainted index 1]
|