infer_clone/infer/tests/codetoanalyze/java/quandary/TaintedFormals.java

/*
 * Copyright (c) 2016-present, Facebook, Inc.
 *
 * This source code is licensed under the MIT license found in the
 * LICENSE file in the root directory of this source tree.
 */

package codetoanalyze.java.quandary;

import android.app.Activity;
import android.content.Intent;
import com.facebook.infer.builtins.InferTaint;

class Obj {
  Object f;
}

public class TaintedFormals {

  public Activity mActivity;

  public void callSink(Object formal) {
    InferTaint.inferSensitiveSink(formal);
  }

  // taintedFormal1 and taintedFormal2 were are modeled as tainted
  public void taintedContextBad(
      String taintedFormal1, Intent untaintedFormal, Integer taintedFormal2) {
    InferTaint.inferSensitiveSink(taintedFormal1); // should report here
    InferTaint.inferSensitiveSink(taintedFormal2); // should report here
    callSink(taintedFormal1); // should report here
    callSink(taintedFormal2); // should report here

    // using different sink to avoid confusion with the above
    mActivity.startService(untaintedFormal); // should not report here
  }

  public Object taintedContextBad(String taintedFormal) {
    return taintedFormal;
  }

  public void callTaintedContextBad1(String formal) {
    Object tainted = taintedContextBad(formal);
    InferTaint.inferSensitiveSink(tainted);
  }

  public void callTaintedContextBad2() {
    taintedContextBad(null, (Intent) InferTaint.inferSecretSource(), null);
  }

  public void callTaintedContextOk1() {
    taintedContextBad("foo", null, null);
  }

  // shouldn't report here, otherwise we will double report
  public void callTaintedContextOk2() {
    taintedContextBad(null, null, new Integer(1));
  }
}
[quandary] support tainted formals Summary: We currently can only model the return values of functions as sources. In order to model inputs of endpoints as sources, we need the capability to treat the formals of certain functions as sources too. This diff adds that capability by adding a function for getting the tainted sources to the source module, then using that info in the analysis. Reviewed By: jeremydubreil Differential Revision: D4314738 fbshipit-source-id: dd7d423 8 years ago			`/*`
Change license to MIT Summary: Change the license of the source code from BSD + PATENTS to MIT. Change `checkCopyright` to reflect the new license and learn some new file types. Generated with: ``` git grep BSD \| xargs -n 1 ./scripts/checkCopyright -i ``` Reviewed By: jeremydubreil, mbouaziz, jberdine Differential Revision: D8071249 fbshipit-source-id: 97ca23a 7 years ago			`* Copyright (c) 2016-present, Facebook, Inc.`
[quandary] support tainted formals Summary: We currently can only model the return values of functions as sources. In order to model inputs of endpoints as sources, we need the capability to treat the formals of certain functions as sources too. This diff adds that capability by adding a function for getting the tainted sources to the source module, then using that info in the analysis. Reviewed By: jeremydubreil Differential Revision: D4314738 fbshipit-source-id: dd7d423 8 years ago			`*`
Change license to MIT Summary: Change the license of the source code from BSD + PATENTS to MIT. Change `checkCopyright` to reflect the new license and learn some new file types. Generated with: ``` git grep BSD \| xargs -n 1 ./scripts/checkCopyright -i ``` Reviewed By: jeremydubreil, mbouaziz, jberdine Differential Revision: D8071249 fbshipit-source-id: 97ca23a 7 years ago			`* This source code is licensed under the MIT license found in the`
			`* LICENSE file in the root directory of this source tree.`
[quandary] support tainted formals Summary: We currently can only model the return values of functions as sources. In order to model inputs of endpoints as sources, we need the capability to treat the formals of certain functions as sources too. This diff adds that capability by adding a function for getting the tainted sources to the source module, then using that info in the analysis. Reviewed By: jeremydubreil Differential Revision: D4314738 fbshipit-source-id: dd7d423 8 years ago			`*/`

			`package codetoanalyze.java.quandary;`

[quandary] fix bug in summary application Summary: In some cases where a function is called directly on a formal (e.g, `def foo(o) { callSomething(o) }`, we were failing to propagate the footprint trace to the caller. Reviewed By: jeremydubreil Differential Revision: D4502404 fbshipit-source-id: d4d632f 8 years ago			`import android.app.Activity;`
			`import android.content.Intent;`
[quandary] support tainted formals Summary: We currently can only model the return values of functions as sources. In order to model inputs of endpoints as sources, we need the capability to treat the formals of certain functions as sources too. This diff adds that capability by adding a function for getting the tainted sources to the source module, then using that info in the analysis. Reviewed By: jeremydubreil Differential Revision: D4314738 fbshipit-source-id: dd7d423 8 years ago			`import com.facebook.infer.builtins.InferTaint;`

			`class Obj {`
			`Object f;`
			`}`

			`public class TaintedFormals {`

[quandary] fix bug in summary application Summary: In some cases where a function is called directly on a formal (e.g, `def foo(o) { callSomething(o) }`, we were failing to propagate the footprint trace to the caller. Reviewed By: jeremydubreil Differential Revision: D4502404 fbshipit-source-id: d4d632f 8 years ago			`public Activity mActivity;`

[quandary] support tainted formals Summary: We currently can only model the return values of functions as sources. In order to model inputs of endpoints as sources, we need the capability to treat the formals of certain functions as sources too. This diff adds that capability by adding a function for getting the tainted sources to the source module, then using that info in the analysis. Reviewed By: jeremydubreil Differential Revision: D4314738 fbshipit-source-id: dd7d423 8 years ago			`public void callSink(Object formal) {`
			`InferTaint.inferSensitiveSink(formal);`
			`}`

			`// taintedFormal1 and taintedFormal2 were are modeled as tainted`
[RFC] Format all java files Reviewed By: jeremydubreil Differential Revision: D10067033 fbshipit-source-id: 73975664e 6 years ago			`public void taintedContextBad(`
			`String taintedFormal1, Intent untaintedFormal, Integer taintedFormal2) {`
[quandary] support tainted formals Summary: We currently can only model the return values of functions as sources. In order to model inputs of endpoints as sources, we need the capability to treat the formals of certain functions as sources too. This diff adds that capability by adding a function for getting the tainted sources to the source module, then using that info in the analysis. Reviewed By: jeremydubreil Differential Revision: D4314738 fbshipit-source-id: dd7d423 8 years ago			`InferTaint.inferSensitiveSink(taintedFormal1); // should report here`
			`InferTaint.inferSensitiveSink(taintedFormal2); // should report here`
			`callSink(taintedFormal1); // should report here`
			`callSink(taintedFormal2); // should report here`

[quandary] fix bug in summary application Summary: In some cases where a function is called directly on a formal (e.g, `def foo(o) { callSomething(o) }`, we were failing to propagate the footprint trace to the caller. Reviewed By: jeremydubreil Differential Revision: D4502404 fbshipit-source-id: d4d632f 8 years ago			`// using different sink to avoid confusion with the above`
			`mActivity.startService(untaintedFormal); // should not report here`
[quandary] support tainted formals Summary: We currently can only model the return values of functions as sources. In order to model inputs of endpoints as sources, we need the capability to treat the formals of certain functions as sources too. This diff adds that capability by adding a function for getting the tainted sources to the source module, then using that info in the analysis. Reviewed By: jeremydubreil Differential Revision: D4314738 fbshipit-source-id: dd7d423 8 years ago			`}`

			`public Object taintedContextBad(String taintedFormal) {`
			`return taintedFormal;`
			`}`

			`public void callTaintedContextBad1(String formal) {`
			`Object tainted = taintedContextBad(formal);`
			`InferTaint.inferSensitiveSink(tainted);`
			`}`

			`public void callTaintedContextBad2() {`
[quandary] fix bug in summary application Summary: In some cases where a function is called directly on a formal (e.g, `def foo(o) { callSomething(o) }`, we were failing to propagate the footprint trace to the caller. Reviewed By: jeremydubreil Differential Revision: D4502404 fbshipit-source-id: d4d632f 8 years ago			`taintedContextBad(null, (Intent) InferTaint.inferSecretSource(), null);`
[quandary] support tainted formals Summary: We currently can only model the return values of functions as sources. In order to model inputs of endpoints as sources, we need the capability to treat the formals of certain functions as sources too. This diff adds that capability by adding a function for getting the tainted sources to the source module, then using that info in the analysis. Reviewed By: jeremydubreil Differential Revision: D4314738 fbshipit-source-id: dd7d423 8 years ago			`}`

			`public void callTaintedContextOk1() {`
			`taintedContextBad("foo", null, null);`
			`}`

			`// shouldn't report here, otherwise we will double report`
			`public void callTaintedContextOk2() {`
			`taintedContextBad(null, null, new Integer(1));`
			`}`
			`}`