You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

98 lines
3.7 KiB

(*
* Copyright (c) 2018-present, Facebook, Inc.
*
* This source code is licensed under the MIT license found in the
* LICENSE file in the root directory of this source tree.
*)
open! IStd
let update_issues all_issues =
let quandary_bug_names =
IssueType.[untrusted_buffer_access; untrusted_heap_allocation; untrusted_variable_length_array]
in
let inferbo_bug_names =
IssueType.
[ buffer_overrun_l1
; buffer_overrun_l2
; buffer_overrun_l3
; buffer_overrun_l4
; buffer_overrun_l5
; buffer_overrun_s2
; buffer_overrun_u5
; inferbo_alloc_is_big
; inferbo_alloc_is_zero
; inferbo_alloc_is_negative
; inferbo_alloc_may_be_big
; inferbo_alloc_may_be_negative ]
in
let is_quandary_issue issue =
List.mem quandary_bug_names issue.Issue.err_key.err_name ~equal:IssueType.equal
in
let is_inferbo_issue issue =
List.mem inferbo_bug_names issue.Issue.err_key.err_name ~equal:IssueType.equal
in
let quandary_issues, inferBO_issues =
List.fold all_issues ~init:([], []) ~f:(fun (q_issues, iBO_issues) issue ->
if is_quandary_issue issue then (issue :: q_issues, iBO_issues)
else if is_inferbo_issue issue then (q_issues, issue :: iBO_issues)
else (q_issues, iBO_issues) )
in
let matching_issues quandary_issue inferbo_issue =
SourceFile.equal quandary_issue.Issue.proc_location.file inferbo_issue.Issue.proc_location.file
&& Int.equal quandary_issue.Issue.proc_location.line inferbo_issue.Issue.proc_location.line
in
let paired_issues =
(* Can be computed more efficiently (in n*log(n)) by using a Map mapping
file name + line number to quandary_issues to match with inferbo_issues *)
List.concat_map quandary_issues ~f:(fun quandary_issue ->
List.filter_map inferBO_issues ~f:(fun inferbo_issue ->
if matching_issues quandary_issue inferbo_issue then
Some (quandary_issue, inferbo_issue)
else None ) )
in
let merge_issues (issue1, issue2) =
{ Issue.proc_name= issue1.Issue.proc_name
; proc_location= {issue1.Issue.proc_location with col= -1}
; err_key=
Errlog.merge_err_key issue1.Issue.err_key issue2.Issue.err_key
~merge_issues:(fun issue1 _ ->
if IssueType.equal issue1 IssueType.untrusted_buffer_access then
IssueType.tainted_buffer_access
else IssueType.tainted_memory_allocation )
~merge_descriptions:(fun descs1 descs2 ->
String.concat
( "QuandaryBO error. Quandary error(s):\n"
:: (descs1 @ ("InferBO error(s):\n" :: descs2)) ) )
; err_data= Errlog.merge_err_data issue1.Issue.err_data issue2.Issue.err_data }
in
(* Can merge List.map, List.concat_map and List.filter_map into a single fold. *)
let quandaryBO_issues = List.map ~f:merge_issues paired_issues in
let quandary_issuetypes =
IssueType.
[ quandary_taint_error
; shell_injection
; shell_injection_risk
; sql_injection
; sql_injection_risk
; untrusted_buffer_access
; untrusted_file_risk
; untrusted_heap_allocation
; untrusted_url_risk
; untrusted_variable_length_array
; user_controlled_sql_risk ]
in
let inferBO_issuetypes = inferbo_bug_names in
let all_issues_filtered =
List.filter
~f:(fun issue ->
( Config.quandary
|| not (List.mem quandary_issuetypes issue.Issue.err_key.err_name ~equal:IssueType.equal)
)
&& ( Config.bufferoverrun
|| not (List.mem inferBO_issuetypes issue.Issue.err_key.err_name ~equal:IssueType.equal)
) )
all_issues
in
List.rev_append all_issues_filtered quandaryBO_issues