|
|
|
/*
|
|
|
|
* Copyright (c) 2016-present, Facebook, Inc.
|
|
|
|
*
|
|
|
|
* This source code is licensed under the MIT license found in the
|
|
|
|
* LICENSE file in the root directory of this source tree.
|
|
|
|
*/
|
|
|
|
|
|
|
|
package codetoanalyze.java.quandary;
|
|
|
|
|
|
|
|
import com.facebook.infer.builtins.InferTaint;
|
|
|
|
|
|
|
|
/** making sure the traces we report respect control-flow */
|
|
|
|
|
|
|
|
class FlowSensitivity {
|
|
|
|
|
|
|
|
static class Obj {
|
|
|
|
Object f;
|
|
|
|
}
|
|
|
|
|
|
|
|
static void callSink(Obj o) {
|
|
|
|
InferTaint.inferSensitiveSink(o.f);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void returnSource(Obj o) {
|
|
|
|
o.f = InferTaint.inferSecretSource();
|
|
|
|
}
|
|
|
|
|
|
|
|
static void interproceduralFlowSensitivityOk1(Obj o) {
|
|
|
|
InferTaint.inferSensitiveSink(o.f);
|
|
|
|
returnSource(o);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void interproceduralFlowSensitivityOk2(Obj o) {
|
|
|
|
callSink(o);
|
|
|
|
o.f = InferTaint.inferSecretSource();
|
|
|
|
}
|
|
|
|
|
|
|
|
static void interproceduralFlowSensitivityOk3(Obj o) {
|
|
|
|
callSink(o);
|
|
|
|
returnSource(o);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void interproceduralFlowSensitivityBad(Obj o) {
|
|
|
|
returnSource(o);
|
|
|
|
callSink(o);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void sourceAndSink(Obj o) {
|
|
|
|
InferTaint.inferSensitiveSink(o.f);
|
|
|
|
o.f = InferTaint.inferSecretSource();
|
|
|
|
}
|
|
|
|
|
|
|
|
static void callSourceAndSinkOk(Obj o) {
|
|
|
|
sourceAndSink(o);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void callSourceAndSinkBad1(Obj o) {
|
|
|
|
sourceAndSink(o);
|
|
|
|
InferTaint.inferSensitiveSink(o.f);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void callSourceAndSinkBad2(Obj o) {
|
|
|
|
o.f = InferTaint.inferSecretSource();
|
|
|
|
sourceAndSink(o);
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|