infer_clone/infer/tests/codetoanalyze/java/quandary/UserControlledStrings.java

/*
 * Copyright (c) 2017-present, Facebook, Inc.
 *
 * This source code is licensed under the MIT license found in the
 * LICENSE file in the root directory of this source tree.
 */

package codetoanalyze.java.quandary;

import android.content.ClipboardManager;
import android.text.Html;
import android.text.Spanned;
import android.widget.EditText;
import com.facebook.infer.builtins.InferTaint;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;

public class UserControlledStrings {
  ClipboardManager clipboard;

  void readClipboardSourcesBad() {
    InferTaint.inferSensitiveSink(clipboard.getText());
    InferTaint.inferSensitiveSink(clipboard.getPrimaryClip());
    InferTaint.inferSensitiveSink(clipboard.getPrimaryClip().getItemAt(5));
    InferTaint.inferSensitiveSink(clipboard.getPrimaryClip().getItemAt(5).getText());
    InferTaint.inferSensitiveSink(clipboard.getPrimaryClip().toString());
    // 5 reports
  }

  Spanned clipboardToHtmlBad() {
    return Html.fromHtml(clipboard.getText().toString());
  }

  EditText mEditText;

  Spanned editTextToHtmlBad() {
    return Html.fromHtml(mEditText.getText().toString());
  }

  void clipboardToShellDirectBad() throws IOException {
    Runtime.getRuntime().exec(clipboard.getText().toString());
  }

  void clipboardToShellArrayBad() throws IOException {
    String[] cmds = new String[] {"ls", clipboard.getText().toString()};
    Runtime.getRuntime().exec(cmds);
  }

  ProcessBuilder clipboardToProcessBuilder1Bad() {
    return new ProcessBuilder(clipboard.getText().toString());
  }

  ProcessBuilder clipboardToProcessBuilder2Bad() {
    return new ProcessBuilder("sh", clipboard.getText().toString());
  }

  ProcessBuilder clipboardToProcessBuilder3Bad(ProcessBuilder builder) {
    return builder.command(clipboard.getText().toString());
  }

  ProcessBuilder clipboardToProcessBuilder4Bad(ProcessBuilder builder) {
    List<String> cmds = new ArrayList();
    cmds.add(clipboard.getText().toString());
    return builder.command(cmds);
  }
}
[quandary] clipboard as a source Reviewed By: mburman Differential Revision: D5046627 fbshipit-source-id: f5f4c4d 8 years ago			`/*`
Change license to MIT Summary: Change the license of the source code from BSD + PATENTS to MIT. Change `checkCopyright` to reflect the new license and learn some new file types. Generated with: ``` git grep BSD \| xargs -n 1 ./scripts/checkCopyright -i ``` Reviewed By: jeremydubreil, mbouaziz, jberdine Differential Revision: D8071249 fbshipit-source-id: 97ca23a 7 years ago			`* Copyright (c) 2017-present, Facebook, Inc.`
[quandary] clipboard as a source Reviewed By: mburman Differential Revision: D5046627 fbshipit-source-id: f5f4c4d 8 years ago			`*`
Change license to MIT Summary: Change the license of the source code from BSD + PATENTS to MIT. Change `checkCopyright` to reflect the new license and learn some new file types. Generated with: ``` git grep BSD \| xargs -n 1 ./scripts/checkCopyright -i ``` Reviewed By: jeremydubreil, mbouaziz, jberdine Differential Revision: D8071249 fbshipit-source-id: 97ca23a 7 years ago			`* This source code is licensed under the MIT license found in the`
			`* LICENSE file in the root directory of this source tree.`
[quandary] clipboard as a source Reviewed By: mburman Differential Revision: D5046627 fbshipit-source-id: f5f4c4d 8 years ago			`*/`

			`package codetoanalyze.java.quandary;`

			`import android.content.ClipboardManager;`
[quandary] HTML creation as a sink Reviewed By: mbouaziz Differential Revision: D5503830 fbshipit-source-id: 95ffce6 7 years ago			`import android.text.Html;`
			`import android.text.Spanned;`
[quandary] EditText.getText() as source Differential Revision: D5797834 fbshipit-source-id: 70760cb 7 years ago			`import android.widget.EditText;`
[RFC] Format all java files Reviewed By: jeremydubreil Differential Revision: D10067033 fbshipit-source-id: 73975664e 6 years ago			`import com.facebook.infer.builtins.InferTaint;`
[quandary] java shell exec as sink Reviewed By: oebeling Differential Revision: D6812484 fbshipit-source-id: d9f7270 7 years ago			`import java.io.IOException;`
[quandary] ProcessBuilder as sink Summary: Another common API for shelling out in Java. Reviewed By: oebeling Differential Revision: D6814616 fbshipit-source-id: ba815b5 7 years ago			`import java.util.ArrayList;`
			`import java.util.List;`
[quandary] clipboard as a source Reviewed By: mburman Differential Revision: D5046627 fbshipit-source-id: f5f4c4d 8 years ago
[quandary] EditText.getText() as source Differential Revision: D5797834 fbshipit-source-id: 70760cb 7 years ago			`public class UserControlledStrings {`
[quandary] clipboard as a source Reviewed By: mburman Differential Revision: D5046627 fbshipit-source-id: f5f4c4d 8 years ago			`ClipboardManager clipboard;`

			`void readClipboardSourcesBad() {`
			`InferTaint.inferSensitiveSink(clipboard.getText());`
			`InferTaint.inferSensitiveSink(clipboard.getPrimaryClip());`
			`InferTaint.inferSensitiveSink(clipboard.getPrimaryClip().getItemAt(5));`
			`InferTaint.inferSensitiveSink(clipboard.getPrimaryClip().getItemAt(5).getText());`
			`InferTaint.inferSensitiveSink(clipboard.getPrimaryClip().toString());`
			`// 5 reports`
			`}`

[quandary] HTML creation as a sink Reviewed By: mbouaziz Differential Revision: D5503830 fbshipit-source-id: 95ffce6 7 years ago			`Spanned clipboardToHtmlBad() {`
			`return Html.fromHtml(clipboard.getText().toString());`
			`}`

[quandary] EditText.getText() as source Differential Revision: D5797834 fbshipit-source-id: 70760cb 7 years ago			`EditText mEditText;`
[RFC] Format all java files Reviewed By: jeremydubreil Differential Revision: D10067033 fbshipit-source-id: 73975664e 6 years ago
[quandary] EditText.getText() as source Differential Revision: D5797834 fbshipit-source-id: 70760cb 7 years ago			`Spanned editTextToHtmlBad() {`
			`return Html.fromHtml(mEditText.getText().toString());`
			`}`

[quandary] java shell exec as sink Reviewed By: oebeling Differential Revision: D6812484 fbshipit-source-id: d9f7270 7 years ago			`void clipboardToShellDirectBad() throws IOException {`
			`Runtime.getRuntime().exec(clipboard.getText().toString());`
			`}`

			`void clipboardToShellArrayBad() throws IOException {`
[RFC] Format all java files Reviewed By: jeremydubreil Differential Revision: D10067033 fbshipit-source-id: 73975664e 6 years ago			`String[] cmds = new String[] {"ls", clipboard.getText().toString()};`
[quandary] java shell exec as sink Reviewed By: oebeling Differential Revision: D6812484 fbshipit-source-id: d9f7270 7 years ago			`Runtime.getRuntime().exec(cmds);`
			`}`

[quandary] ProcessBuilder as sink Summary: Another common API for shelling out in Java. Reviewed By: oebeling Differential Revision: D6814616 fbshipit-source-id: ba815b5 7 years ago			`ProcessBuilder clipboardToProcessBuilder1Bad() {`
			`return new ProcessBuilder(clipboard.getText().toString());`
			`}`

			`ProcessBuilder clipboardToProcessBuilder2Bad() {`
			`return new ProcessBuilder("sh", clipboard.getText().toString());`
			`}`

			`ProcessBuilder clipboardToProcessBuilder3Bad(ProcessBuilder builder) {`
			`return builder.command(clipboard.getText().toString());`
			`}`

			`ProcessBuilder clipboardToProcessBuilder4Bad(ProcessBuilder builder) {`
			`List<String> cmds = new ArrayList();`
			`cmds.add(clipboard.getText().toString());`
			`return builder.command(cmds);`
			`}`
[quandary] clipboard as a source Reviewed By: mburman Differential Revision: D5046627 fbshipit-source-id: f5f4c4d 8 years ago			`}`