You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
94 lines
1.8 KiB
94 lines
1.8 KiB
3 years ago
|
/*
|
||
|
* Copyright (c) Facebook, Inc. and its affiliates.
|
||
|
*
|
||
|
* This source code is licensed under the MIT license found in the
|
||
|
* LICENSE file in the root directory of this source tree.
|
||
|
*/
|
||
|
|
||
|
#import <Foundation/Foundation.h>
|
||
|
#import <UIKit/UIKit.h>
|
||
|
|
||
|
void __set_untaint_attribute(void*);
|
||
|
|
||
|
BOOL ExampleSanitizer(NSURL* u, int f) {
|
||
|
if (f)
|
||
|
__set_untaint_attribute(u);
|
||
|
return f;
|
||
|
}
|
||
|
|
||
|
@interface ExampleViewController : NSObject
|
||
|
- (void)loadURL:(NSURL*)URL trackingCodes:(NSArray*)trackingCodes;
|
||
|
@end
|
||
|
|
||
|
@implementation ExampleViewController
|
||
|
|
||
|
- init {
|
||
|
return self;
|
||
|
}
|
||
|
|
||
|
- (void)loadURL:(NSURL*)URL trackingCodes:(NSArray*)trackingCodes {
|
||
|
// Require untainted URL
|
||
|
};
|
||
|
@end
|
||
|
|
||
|
@interface VCB : NSObject
|
||
|
- (void)another_url_pass:(NSURL*)u;
|
||
|
@end
|
||
|
|
||
|
@implementation VCB
|
||
|
|
||
|
- init {
|
||
|
return self;
|
||
|
}
|
||
|
|
||
|
- (void)another_url_pass:(NSURL*)u {
|
||
|
ExampleViewController* vc = [[ExampleViewController alloc] init];
|
||
|
[vc loadURL:u trackingCodes:nil];
|
||
|
}
|
||
|
@end
|
||
|
|
||
|
@interface VCA : NSObject
|
||
|
- (void)pass_url_arond:(NSURL*)u;
|
||
|
@end
|
||
|
|
||
|
@implementation VCA
|
||
|
|
||
|
- init {
|
||
|
return self;
|
||
|
}
|
||
|
|
||
|
- (void)pass_url_arond:(NSURL*)u {
|
||
|
VCB* b = [[VCB alloc] init];
|
||
|
[b another_url_pass:u];
|
||
|
}
|
||
|
@end
|
||
|
|
||
|
@interface ExampleDelegate : NSObject
|
||
|
- (BOOL)application:(UIApplication*)application
|
||
|
openURL:(NSURL*)URL
|
||
|
sourceApplication:(NSString*)sourceApplication
|
||
|
annotation:(id)annotation;
|
||
|
@end
|
||
|
|
||
|
@implementation ExampleDelegate
|
||
|
|
||
|
- init {
|
||
|
return self;
|
||
|
}
|
||
|
|
||
|
- (BOOL)application:(UIApplication*)application
|
||
|
openURL:(NSURL*)URL
|
||
|
sourceApplication:(NSString*)sourceApplication
|
||
|
annotation:(id)annotation {
|
||
|
// Assume tainted URL;
|
||
|
VCA* a = [[VCA alloc] init];
|
||
|
if (!ExampleSanitizer(URL, 0)) {
|
||
|
[a pass_url_arond:URL]; // report taint
|
||
|
}
|
||
|
if (!ExampleSanitizer(URL, 1)) {
|
||
|
[a pass_url_arond:URL]; // No taint
|
||
|
}
|
||
|
return YES;
|
||
|
}
|
||
|
@end
|