You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

164 lines
3.9 KiB

/*
* Copyright (c) 2016 - present Facebook, Inc.
* All rights reserved.
*
* This source code is licensed under the BSD style license found in the
* LICENSE file in the root directory of this source tree. An additional grant
* of patent rights can be found in the PATENTS file in the same directory.
*/
package codetoanalyze.java.quandary;
import com.facebook.infer.builtins.InferTaint;
public class DynamicDispatch {
static interface Interface {
public Object returnSource();
public void callSink(Object o);
public Object propagate(Object o);
}
static class BadInterfaceImpl1 implements Interface {
@Override
public Object returnSource() {
return InferTaint.inferSecretSource();
}
@Override
public void callSink(Object o) {
InferTaint.inferSensitiveSink(o);
}
@Override
public Object propagate(Object o) {
return o;
}
}
static class BadInterfaceImpl2 implements Interface {
@Override
public Object returnSource() {
return InferTaint.inferSecretSource();
}
@Override
public void callSink(Object o) {
InferTaint.inferSensitiveSink(o);
}
@Override
public Object propagate(Object o) {
return o;
}
}
static class OkInterfaceImpl implements Interface {
@Override
public Object returnSource() {
return null;
}
@Override
public void callSink(Object o) {
}
@Override
public Object propagate(Object o) {
return null;
}
}
/** interface tests. for all of these, we should see a warning for both BadInterfaceImpl1 and
BadInterfaceImpl2, but not OkInterfaceImpl */
static void FN_returnSourceViaInterfaceBad(Interface i) {
Object source = i.returnSource();
InferTaint.inferSensitiveSink(source);
}
static void FN_callSinkViaInterfaceBad(Interface i) {
Object source = InferTaint.inferSecretSource();
i.callSink(source);
}
static void propagateViaInterfaceBad(Interface i) {
Object source = InferTaint.inferSecretSource();
Object launderedSource = i.propagate(source);
InferTaint.inferSensitiveSink(launderedSource);
}
static void interfaceOk() {
Interface i = new OkInterfaceImpl();
Object source1 = i.returnSource();
InferTaint.inferSensitiveSink(source1);
Object source2 = InferTaint.inferSecretSource();
i.callSink(source2);
Object launderedSource = i.propagate(source2);
InferTaint.inferSensitiveSink(launderedSource);
}
static class Supertype {
public Object returnSource() {
return null;
}
public void callSink(Object o) {
}
public Object propagate(Object o) {
return null;
}
}
static class BadSubtype extends Supertype {
@Override
public Object returnSource() {
return InferTaint.inferSecretSource();
}
@Override
public void callSink(Object o) {
InferTaint.inferSensitiveSink(o);
}
@Override
public Object propagate(Object o) {
return o;
}
}
static void FN_returnSourceViaSubtypeBad(Supertype s) {
Object source = s.returnSource();
InferTaint.inferSensitiveSink(source);
}
static void FN_callSinkViaSubtypeBad(Supertype s) {
Object source = InferTaint.inferSecretSource();
s.callSink(source);
}
static void FN_propagateViaSubtypeBad(Supertype s) {
Object source = InferTaint.inferSecretSource();
Object launderedSource = s.propagate(source);
InferTaint.inferSensitiveSink(launderedSource);
}
// need to look and see if we know the concrete type of the receiver to get this one
static void propagateViaConcreteTypeOk() {
Supertype s = new Supertype();
Object source1 = s.returnSource();
InferTaint.inferSensitiveSink(source1);
Object source2 = InferTaint.inferSecretSource();
s.callSink(source2);
Object launderedSource = s.propagate(source2);
InferTaint.inferSensitiveSink(launderedSource);
}
}