infer_clone/infer/tests/codetoanalyze/cpp/quandaryBO/tainted_index.cpp

/*
 * Copyright (c) Facebook, Inc. and its affiliates.
 *
 * This source code is licensed under the MIT license found in the
 * LICENSE file in the root directory of this source tree.
 */
#include <stdlib.h>

extern int __infer_taint_source();
extern void __infer_taint_sink(int i);

void basic_bad() {
  int arr[10];
  int source = __infer_taint_source();
  arr[source] = 2;
}

int multi_level_source_bad() { return __infer_taint_source(); }

void multi_level_sink_bad(int i) {
  int arr[10];
  if (i > 0)
    arr[i] = 2;
}

struct arg {
  int taint;
  int bo;
};

arg multi_level_source_ok() {
  return {.taint = __infer_taint_source(), .bo = 12};
}

void multi_level_sink_ok(int taint, int bo) {
  __infer_taint_sink(taint);
  int arr[10];
  arr[bo] = 0;
}

void multi_level_bad() {
  int i = multi_level_source_bad();
  multi_level_sink_bad(i);
}

void multi_level_good() { int i = multi_level_source_bad(); }

void memory_alloc_bad1_FN() { int arr[__infer_taint_source()]; }

void memory_alloc_bad2() {
  int s = __infer_taint_source();
  if (s <= 2147483647) {
    int arr[s];
  }
}

struct st {
  int size;
  int ind;
};

st overlapping_issues_source_good() {
  return {.size = __infer_taint_source(), .ind = 10};
}

void overlapping_issues_sink_good(st info) {
  int arr[info.size];
  arr[info.ind] = 0;
}

void overlapping_issues_good() {
  overlapping_issues_sink_good(overlapping_issues_source_good());
}
QuandaryBO Reviewed By: mbouaziz Differential Revision: D9615368 fbshipit-source-id: 56888a18f 6 years ago			`/*`
[copyright] Remove years Reviewed By: jvillard Differential Revision: D15771884 fbshipit-source-id: e2997e3a3 6 years ago			`* Copyright (c) Facebook, Inc. and its affiliates.`
QuandaryBO Reviewed By: mbouaziz Differential Revision: D9615368 fbshipit-source-id: 56888a18f 6 years ago			`*`
			`* This source code is licensed under the MIT license found in the`
			`* LICENSE file in the root directory of this source tree.`
			`*/`
Updated QuandaryBO issue matching. Reviewed By: jvillard Differential Revision: D9923601 fbshipit-source-id: a9791dc6c 6 years ago			`#include <stdlib.h>`

QuandaryBO Reviewed By: mbouaziz Differential Revision: D9615368 fbshipit-source-id: 56888a18f 6 years ago			`extern int __infer_taint_source();`
Check that the end the traces of inferBO and quandary issues match before matching them to form an quandaryBO issue Reviewed By: mbouaziz Differential Revision: D9973874 fbshipit-source-id: 2b7ee8556 6 years ago			`extern void __infer_taint_sink(int i);`
QuandaryBO Reviewed By: mbouaziz Differential Revision: D9615368 fbshipit-source-id: 56888a18f 6 years ago
			`void basic_bad() {`
			`int arr[10];`
			`int source = __infer_taint_source();`
			`arr[source] = 2;`
			`}`

			`int multi_level_source_bad() { return __infer_taint_source(); }`

			`void multi_level_sink_bad(int i) {`
			`int arr[10];`
			`if (i > 0)`
			`arr[i] = 2;`
			`}`

Check that the end the traces of inferBO and quandary issues match before matching them to form an quandaryBO issue Reviewed By: mbouaziz Differential Revision: D9973874 fbshipit-source-id: 2b7ee8556 6 years ago			`struct arg {`
			`int taint;`
			`int bo;`
			`};`

			`arg multi_level_source_ok() {`
			`return {.taint = __infer_taint_source(), .bo = 12};`
			`}`

			`void multi_level_sink_ok(int taint, int bo) {`
			`__infer_taint_sink(taint);`
			`int arr[10];`
			`arr[bo] = 0;`
			`}`

QuandaryBO Reviewed By: mbouaziz Differential Revision: D9615368 fbshipit-source-id: 56888a18f 6 years ago			`void multi_level_bad() {`
			`int i = multi_level_source_bad();`
			`multi_level_sink_bad(i);`
			`}`
quandaryBO now filters out quandary and inferBO errors if they are not enabled. Reviewed By: mbouaziz Differential Revision: D9875715 fbshipit-source-id: bf7c0b96d 6 years ago
Check that the end the traces of inferBO and quandary issues match before matching them to form an quandaryBO issue Reviewed By: mbouaziz Differential Revision: D9973874 fbshipit-source-id: 2b7ee8556 6 years ago			`void multi_level_good() { int i = multi_level_source_bad(); }`

quandaryBO now filters out quandary and inferBO errors if they are not enabled. Reviewed By: mbouaziz Differential Revision: D9875715 fbshipit-source-id: bf7c0b96d 6 years ago			`void memory_alloc_bad1_FN() { int arr[__infer_taint_source()]; }`

			`void memory_alloc_bad2() {`
			`int s = __infer_taint_source();`
			`if (s <= 2147483647) {`
			`int arr[s];`
			`}`
			`}`
Updated QuandaryBO issue matching. Reviewed By: jvillard Differential Revision: D9923601 fbshipit-source-id: a9791dc6c 6 years ago
			`struct st {`
			`int size;`
			`int ind;`
			`};`

			`st overlapping_issues_source_good() {`
			`return {.size = __infer_taint_source(), .ind = 10};`
			`}`

			`void overlapping_issues_sink_good(st info) {`
			`int arr[info.size];`
			`arr[info.ind] = 0;`
			`}`

			`void overlapping_issues_good() {`
			`overlapping_issues_sink_good(overlapping_issues_source_good());`
			`}`