infer_clone/infer/tests/codetoanalyze/java/topl/baos/BaosTest.java

/*
 * Copyright (c) Facebook, Inc. and its affiliates.
 *
 * This source code is licensed under the MIT license found in the
 * LICENSE file in the root directory of this source tree.
 */
import java.io.ByteArrayOutputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.io.ObjectOutputStream;
import java.util.zip.GZIPOutputStream;

class BaosTest {
  static void aBad() throws IOException {
    ByteArrayOutputStream x = new ByteArrayOutputStream();
    ObjectOutputStream y = new ObjectOutputStream(x);
    y.writeObject(1337);
    byte[] bytes = x.toByteArray(); // This may return partial results.
  }

  /** Bugfix for aBad. */
  static void a1Ok() throws IOException {
    ByteArrayOutputStream x = new ByteArrayOutputStream();
    ObjectOutputStream y = new ObjectOutputStream(x);
    y.writeObject(1337);
    y.close();
    byte[] bytes = x.toByteArray();
  }

  /** Another bugfix for aBad. */
  static void a2Ok() throws IOException {
    ByteArrayOutputStream x = new ByteArrayOutputStream();
    ObjectOutputStream y = new ObjectOutputStream(x);
    y.writeObject(1337);
    y.flush();
    byte[] bytes = x.toByteArray();
  }

  static void bBad() throws IOException {
    ByteArrayOutputStream x = new ByteArrayOutputStream();
    ObjectOutputStream y = new ObjectOutputStream(x);
    y.writeObject(1337);
    byte[] bytes = x.toByteArray();
    y.close();
  }

  static void cBad() throws IOException {
    ByteArrayOutputStream x = new ByteArrayOutputStream();
    DataOutputStream y = new DataOutputStream(x);
    y.writeLong(1337);
    byte[] bytes = x.toByteArray();
  }

  /**
   * This false positive is caused by the property being imprecise. However, it is also an example
   * where, arguably, GZIPOutputStream breaks the behavioral contract on OutputStream: it may be
   * surprising that finish() sends data to the underlying stream but flush() may not.
   */
  static byte[] FP_dOk(final byte[] src) throws IOException {
    ByteArrayOutputStream x = new ByteArrayOutputStream(src.length);
    GZIPOutputStream y = new GZIPOutputStream(x);
    y.write(src);
    y.finish();
    return x.toByteArray();
  }

  static byte[] FP_eOk(final byte[] src) throws IOException {
    ByteArrayOutputStream x = new ByteArrayOutputStream(src.length);
    GZIPOutputStream y = new GZIPOutputStream(x);
    try {
      y.write(src);
      y.finish();
    } catch (Exception e) {
    }
    return x.toByteArray();
  }
}
[topl] Added a test for ByteArrayOutputStream. Summary: If data comes from an outer OutputStream, then this outer OutputStream needs to be flushed before getting the byte array. Reviewed By: jvillard Differential Revision: D19514569 fbshipit-source-id: e3e025394 5 years ago			`/*`
			`* Copyright (c) Facebook, Inc. and its affiliates.`
			`*`
			`* This source code is licensed under the MIT license found in the`
			`* LICENSE file in the root directory of this source tree.`
			`*/`
			`import java.io.ByteArrayOutputStream;`
			`import java.io.DataOutputStream;`
			`import java.io.IOException;`
			`import java.io.ObjectOutputStream;`
[topl] Added another small test, for BAOS. Summary: This adds a violation of baos.topl found in github/seata/seata. However, it is not a bug (see comment in commit). Reviewed By: ngorogiannis Differential Revision: D19518641 fbshipit-source-id: e219245ee 5 years ago			`import java.util.zip.GZIPOutputStream;`
[topl] Added a test for ByteArrayOutputStream. Summary: If data comes from an outer OutputStream, then this outer OutputStream needs to be flushed before getting the byte array. Reviewed By: jvillard Differential Revision: D19514569 fbshipit-source-id: e3e025394 5 years ago
			`class BaosTest {`
[topl] Added another small test, for BAOS. Summary: This adds a violation of baos.topl found in github/seata/seata. However, it is not a bug (see comment in commit). Reviewed By: ngorogiannis Differential Revision: D19518641 fbshipit-source-id: e219245ee 5 years ago			`static void aBad() throws IOException {`
[topl] Added a test for ByteArrayOutputStream. Summary: If data comes from an outer OutputStream, then this outer OutputStream needs to be flushed before getting the byte array. Reviewed By: jvillard Differential Revision: D19514569 fbshipit-source-id: e3e025394 5 years ago			`ByteArrayOutputStream x = new ByteArrayOutputStream();`
			`ObjectOutputStream y = new ObjectOutputStream(x);`
			`y.writeObject(1337);`
			`byte[] bytes = x.toByteArray(); // This may return partial results.`
			`}`

			`/** Bugfix for aBad. */`
[topl] Added another small test, for BAOS. Summary: This adds a violation of baos.topl found in github/seata/seata. However, it is not a bug (see comment in commit). Reviewed By: ngorogiannis Differential Revision: D19518641 fbshipit-source-id: e219245ee 5 years ago			`static void a1Ok() throws IOException {`
[topl] Added a test for ByteArrayOutputStream. Summary: If data comes from an outer OutputStream, then this outer OutputStream needs to be flushed before getting the byte array. Reviewed By: jvillard Differential Revision: D19514569 fbshipit-source-id: e3e025394 5 years ago			`ByteArrayOutputStream x = new ByteArrayOutputStream();`
			`ObjectOutputStream y = new ObjectOutputStream(x);`
			`y.writeObject(1337);`
			`y.close();`
			`byte[] bytes = x.toByteArray();`
			`}`

			`/** Another bugfix for aBad. */`
[topl] Added another small test, for BAOS. Summary: This adds a violation of baos.topl found in github/seata/seata. However, it is not a bug (see comment in commit). Reviewed By: ngorogiannis Differential Revision: D19518641 fbshipit-source-id: e219245ee 5 years ago			`static void a2Ok() throws IOException {`
[topl] Added a test for ByteArrayOutputStream. Summary: If data comes from an outer OutputStream, then this outer OutputStream needs to be flushed before getting the byte array. Reviewed By: jvillard Differential Revision: D19514569 fbshipit-source-id: e3e025394 5 years ago			`ByteArrayOutputStream x = new ByteArrayOutputStream();`
			`ObjectOutputStream y = new ObjectOutputStream(x);`
			`y.writeObject(1337);`
			`y.flush();`
			`byte[] bytes = x.toByteArray();`
			`}`

[topl] Added another small test, for BAOS. Summary: This adds a violation of baos.topl found in github/seata/seata. However, it is not a bug (see comment in commit). Reviewed By: ngorogiannis Differential Revision: D19518641 fbshipit-source-id: e219245ee 5 years ago			`static void bBad() throws IOException {`
[topl] Added a test for ByteArrayOutputStream. Summary: If data comes from an outer OutputStream, then this outer OutputStream needs to be flushed before getting the byte array. Reviewed By: jvillard Differential Revision: D19514569 fbshipit-source-id: e3e025394 5 years ago			`ByteArrayOutputStream x = new ByteArrayOutputStream();`
			`ObjectOutputStream y = new ObjectOutputStream(x);`
			`y.writeObject(1337);`
			`byte[] bytes = x.toByteArray();`
			`y.close();`
			`}`

[topl] Added another small test, for BAOS. Summary: This adds a violation of baos.topl found in github/seata/seata. However, it is not a bug (see comment in commit). Reviewed By: ngorogiannis Differential Revision: D19518641 fbshipit-source-id: e219245ee 5 years ago			`static void cBad() throws IOException {`
[topl] Added a test for ByteArrayOutputStream. Summary: If data comes from an outer OutputStream, then this outer OutputStream needs to be flushed before getting the byte array. Reviewed By: jvillard Differential Revision: D19514569 fbshipit-source-id: e3e025394 5 years ago			`ByteArrayOutputStream x = new ByteArrayOutputStream();`
			`DataOutputStream y = new DataOutputStream(x);`
			`y.writeLong(1337);`
			`byte[] bytes = x.toByteArray();`
			`}`
[topl] Added another small test, for BAOS. Summary: This adds a violation of baos.topl found in github/seata/seata. However, it is not a bug (see comment in commit). Reviewed By: ngorogiannis Differential Revision: D19518641 fbshipit-source-id: e219245ee 5 years ago
			`/**`
			`* This false positive is caused by the property being imprecise. However, it is also an example`
			`* where, arguably, GZIPOutputStream breaks the behavioral contract on OutputStream: it may be`
			`* surprising that finish() sends data to the underlying stream but flush() may not.`
			`*/`
			`static byte[] FP_dOk(final byte[] src) throws IOException {`
			`ByteArrayOutputStream x = new ByteArrayOutputStream(src.length);`
			`GZIPOutputStream y = new GZIPOutputStream(x);`
			`y.write(src);`
			`y.finish();`
			`return x.toByteArray();`
			`}`
[topl] Switched to low-level syntax. Summary: This syntax - is less confusing (according to several people who are not me); objectively, there's less magic under the hood - gives fine control over register number (because condition/action are separated) - lets one compare values of different arguments of the same call (e.g., one could have a transition that is taken only if two arguments of a method call are equal) Reviewed By: ngorogiannis Differential Revision: D20005403 fbshipit-source-id: fad8f3b3d 5 years ago
			`static byte[] FP_eOk(final byte[] src) throws IOException {`
			`ByteArrayOutputStream x = new ByteArrayOutputStream(src.length);`
			`GZIPOutputStream y = new GZIPOutputStream(x);`
			`try {`
			`y.write(src);`
			`y.finish();`
			`} catch (Exception e) {`
			`}`
			`return x.toByteArray();`
			`}`
[topl] Added a test for ByteArrayOutputStream. Summary: If data comes from an outer OutputStream, then this outer OutputStream needs to be flushed before getting the byte array. Reviewed By: jvillard Differential Revision: D19514569 fbshipit-source-id: e3e025394 5 years ago			`}`