Infer
Infer is a static analysis tool - if you give Infer some Java or C/C++/Objective-C code it produces a list of potential bugs. Anyone can use Infer to intercept critical bugs before they have shipped to users, and help prevent crashes or poor performance.
Security DSLs provided by the Tool
Name
Description
Security Checks provided by the Tool
Name
Description
Reports when outside of buffer bound is accessed, which can corrupt memory and may introduce security issues in C/C++.
A flow of data was detected to a sink.
A flow of sensitive data was detected from a source.
A taint flow was detected from a source to a sink
A flow of data was detected to a sink.
A flow of sensitive data was detected from a source.
A taint flow was detected from a source to a sink
Detects whether a class with scope annotation A stores a field with whose (dynamic) type (or one of its super types) is annotated with scope B such that a scope nesting restriction is violated
In C, Infer reports memory leaks when objects are created with malloc and not freed.
In C, Infer reports memory leaks when objects are created with malloc and not freed.
In general, resources are entities such as files, sockets, connections, etc, that need to be closed after being used.
In general, resources are entities such as files, sockets, connections, etc, that need to be closed after being used.
The code uses a variable that has not been initialized, leading to unpredictable or unintended results.
Similar to PULSE_UNINITIALIZED_VALUE it is to detect the uninitialized abstract const value in Hack.
The code uses a variable that has not been initialized, leading to unpredictable or unintended results.
The lifetime of an object has ended but that object is being accessed. For example, the address of a variable holding a C++ object is accessed after the variable has gone out of scope.
Infer reports null dereference bugs in Java, C, C++, and Objective-C when it is possible that the null pointer is dereferenced, leading to a crash.
Detects if the value assigned to a variables is never used (e.g., int i = 1; i = 2; return i;)
Detects if untrusted and unescaped data flows to SQL