Hello, I'm trying to run Quandary on code where the input comes from the API endpoint. I tried specifying the endpoint class rather than quandary-sources in the config but nothing in the debug output mentions taint (grep -irl taint infer-out/ returns nothing). I am specifying the endpoint as I see it in the examples in the infer repo:
It's possible I made mistakes in the rest of the config (I tried a few things for the sinks) but shouldn't the endpoint specification at least result in the debug output identifying as tainted any parameters of it? That is my understanding from looking at the conversation in issue 1038.
infer --version
: 0.17.0 Debian 4.19.67-2mvn clean && infer run --quandary-only -g -- mvn compile
Hello, I'm trying to run Quandary on code where the input comes from the API endpoint. I tried specifying the endpoint class rather than quandary-sources in the config but nothing in the debug output mentions taint (
grep -irl taint infer-out/
returns nothing). I am specifying the endpoint as I see it in the examples in the infer repo:It's possible I made mistakes in the rest of the config (I tried a few things for the sinks) but shouldn't the endpoint specification at least result in the debug output identifying as tainted any parameters of it? That is my understanding from looking at the conversation in issue 1038.