You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
92 lines
2.2 KiB
92 lines
2.2 KiB
3 years ago
|
/*
|
||
|
* Copyright (c) Facebook, Inc. and its affiliates.
|
||
|
*
|
||
|
* This source code is licensed under the MIT license found in the
|
||
|
* LICENSE file in the root directory of this source tree.
|
||
|
*/
|
||
|
|
||
|
#include <string>
|
||
|
#include <iostream>
|
||
|
|
||
|
extern std::string* __infer_taint_source();
|
||
|
extern void __infer_taint_sink(std::string);
|
||
|
|
||
|
namespace pointers {
|
||
|
|
||
|
void assign_pointer_to_source(std::string* pointer) {
|
||
|
*pointer = *__infer_taint_source();
|
||
|
}
|
||
|
|
||
|
void assign_pointer_pass_to_sink_bad1(std::string* pointer) {
|
||
|
assign_pointer_to_source(pointer);
|
||
|
__infer_taint_sink(*pointer);
|
||
|
}
|
||
|
|
||
|
void assign_pointer_pass_to_sink_bad2() {
|
||
|
std::string* pointer = new std::string();
|
||
|
assign_pointer_to_source(pointer);
|
||
|
__infer_taint_sink(*pointer);
|
||
|
}
|
||
|
|
||
|
void assign_source_by_reference(std::string& reference) {
|
||
|
reference = *__infer_taint_source();
|
||
|
}
|
||
|
|
||
|
void assign_source_by_reference_bad1() {
|
||
|
std::string local;
|
||
|
assign_source_by_reference(local);
|
||
|
__infer_taint_sink(local);
|
||
|
}
|
||
|
|
||
|
void assign_source_by_reference_bad2(std::string formal) {
|
||
|
assign_source_by_reference(formal);
|
||
|
__infer_taint_sink(formal);
|
||
|
}
|
||
|
|
||
|
void call_assign_source_by_reference(std::string& formal) {
|
||
|
assign_source_by_reference(formal);
|
||
|
}
|
||
|
|
||
|
void assign_source_by_reference_bad3() {
|
||
|
std::string local;
|
||
|
call_assign_source_by_reference(local);
|
||
|
__infer_taint_sink(local);
|
||
|
}
|
||
|
|
||
|
void reuse_pointer_as_local(std::string* pointer) {
|
||
|
pointer = __infer_taint_source();
|
||
|
std::cout << *pointer;
|
||
|
}
|
||
|
|
||
|
// need to understand that assigning a reference doesn't change the value in the
|
||
|
// caller
|
||
|
void FP_reuse_pointer_as_local_ok(std::string* pointer) {
|
||
|
reuse_pointer_as_local(pointer);
|
||
|
__infer_taint_sink(*pointer);
|
||
|
}
|
||
|
|
||
|
void funptr_bad0() {
|
||
|
auto f = __infer_taint_sink;
|
||
|
f(*(__infer_taint_source()));
|
||
|
}
|
||
|
|
||
|
void funptr_helper_bad1(void (*sink)(std::string)) {
|
||
|
sink(*(__infer_taint_source()));
|
||
|
}
|
||
|
|
||
|
void funptr_bad1_FN() {
|
||
|
auto f = __infer_taint_sink;
|
||
|
funptr_helper_bad1(f);
|
||
|
}
|
||
|
|
||
|
void funptr_helper_bad2(std::string* (*source)()) {
|
||
|
__infer_taint_sink(*(source()));
|
||
|
}
|
||
|
|
||
|
void funptr_bad2() { funptr_helper_bad2(__infer_taint_source); }
|
||
|
|
||
|
void pointer_arithmetic_ok1(int* i) { *(i + 1) = 7; }
|
||
|
|
||
|
void pointer_arithmetic_ok2(int* i) { *(2 + 7 + 5 + i + 1) = 7; }
|
||
|
} // namespace pointers
|