infer_clone/infer/tests/codetoanalyze/cpp/quandaryBO/tainted_index.cpp

/*
 * Copyright (c) 2018-present, Facebook, Inc.
 *
 * This source code is licensed under the MIT license found in the
 * LICENSE file in the root directory of this source tree.
 */
#include <stdlib.h>

extern int __infer_taint_source();

void basic_bad() {
  int arr[10];
  int source = __infer_taint_source();
  arr[source] = 2;
}

int multi_level_source_bad() { return __infer_taint_source(); }

void multi_level_sink_bad(int i) {
  int arr[10];
  if (i > 0)
    arr[i] = 2;
}

void multi_level_bad() {
  int i = multi_level_source_bad();
  multi_level_sink_bad(i);
}

void memory_alloc_bad1_FN() { int arr[__infer_taint_source()]; }

void memory_alloc_bad2() {
  int s = __infer_taint_source();
  if (s <= 2147483647) {
    int arr[s];
  }
}

struct st {
  int size;
  int ind;
};

st overlapping_issues_source_good() {
  return {.size = __infer_taint_source(), .ind = 10};
}

void overlapping_issues_sink_good(st info) {
  int arr[info.size];
  arr[info.ind] = 0;
}

void overlapping_issues_good() {
  overlapping_issues_sink_good(overlapping_issues_source_good());
}
QuandaryBO Reviewed By: mbouaziz Differential Revision: D9615368 fbshipit-source-id: 56888a18f 6 years ago			`/*`
			`* Copyright (c) 2018-present, Facebook, Inc.`
			`*`
			`* This source code is licensed under the MIT license found in the`
			`* LICENSE file in the root directory of this source tree.`
			`*/`
Updated QuandaryBO issue matching. Reviewed By: jvillard Differential Revision: D9923601 fbshipit-source-id: a9791dc6c 6 years ago			`#include <stdlib.h>`

QuandaryBO Reviewed By: mbouaziz Differential Revision: D9615368 fbshipit-source-id: 56888a18f 6 years ago			`extern int __infer_taint_source();`

			`void basic_bad() {`
			`int arr[10];`
			`int source = __infer_taint_source();`
			`arr[source] = 2;`
			`}`

			`int multi_level_source_bad() { return __infer_taint_source(); }`

			`void multi_level_sink_bad(int i) {`
			`int arr[10];`
			`if (i > 0)`
			`arr[i] = 2;`
			`}`

			`void multi_level_bad() {`
			`int i = multi_level_source_bad();`
			`multi_level_sink_bad(i);`
			`}`
quandaryBO now filters out quandary and inferBO errors if they are not enabled. Reviewed By: mbouaziz Differential Revision: D9875715 fbshipit-source-id: bf7c0b96d 6 years ago
			`void memory_alloc_bad1_FN() { int arr[__infer_taint_source()]; }`

			`void memory_alloc_bad2() {`
			`int s = __infer_taint_source();`
			`if (s <= 2147483647) {`
			`int arr[s];`
			`}`
			`}`
Updated QuandaryBO issue matching. Reviewed By: jvillard Differential Revision: D9923601 fbshipit-source-id: a9791dc6c 6 years ago
			`struct st {`
			`int size;`
			`int ind;`
			`};`

			`st overlapping_issues_source_good() {`
			`return {.size = __infer_taint_source(), .ind = 10};`
			`}`

			`void overlapping_issues_sink_good(st info) {`
			`int arr[info.size];`
			`arr[info.ind] = 0;`
			`}`

			`void overlapping_issues_good() {`
			`overlapping_issues_sink_good(overlapping_issues_source_good());`
			`}`