You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
48 lines
1.3 KiB
48 lines
1.3 KiB
8 years ago
|
/*
|
||
|
|
* Copyright (c) 2017 - present Facebook, Inc.
|
||
|
|
* All rights reserved.
|
||
|
|
*
|
||
|
|
* This source code is licensed under the BSD style license found in the
|
||
|
|
* LICENSE file in the root directory of this source tree. An additional grant
|
||
|
|
* of patent rights can be found in the PATENTS file in the same directory.
|
||
|
|
*/
|
||
|
|
|
||
|
|
package codetoanalyze.java.quandary;
|
||
|
|
|
||
|
|
import com.facebook.infer.builtins.InferTaint;
|
||
|
|
import java.io.File;
|
||
|
|
import java.nio.file.FileSystems;
|
||
|
|
import java.nio.file.Path;
|
||
|
|
import java.nio.file.Paths;
|
||
|
|
|
||
|
|
public class Files {
|
||
|
|
|
||
|
|
public File fileConstructorSinkBad() {
|
||
|
|
String taintedString = (String) InferTaint.inferSecretSource();
|
||
|
|
return new File(taintedString);
|
||
|
|
}
|
||
|
|
|
||
|
|
public Path fileSystemConstructorSinkBad1() {
|
||
|
|
String taintedString = (String) InferTaint.inferSecretSource();
|
||
|
|
return FileSystems.getDefault().getPath(taintedString);
|
||
|
|
}
|
||
|
|
|
||
|
|
// testing varags
|
||
|
|
public Path fileSystemConstructorSinkBad2() {
|
||
|
|
String taintedString = (String) InferTaint.inferSecretSource();
|
||
|
|
return FileSystems.getDefault().getPath("", taintedString);
|
||
|
|
}
|
||
|
|
|
||
|
|
public Path pathsSinkBad1() {
|
||
|
|
String taintedString = (String) InferTaint.inferSecretSource();
|
||
|
|
return Paths.get(taintedString);
|
||
|
|
}
|
||
|
|
|
||
|
|
// testing varags
|
||
|
|
public Path pathsSinkBad2() {
|
||
|
|
String taintedString = (String) InferTaint.inferSecretSource();
|
||
|
|
return Paths.get("", taintedString);
|
||
|
|
}
|
||
|
|
|
||
|
|
}
|