pghs975uc
/
infer_clone
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

[quandary] don't taint this var of endpoints

Browse Source 
Reviewed By: mbouaziz

Differential Revision: D6509322

fbshipit-source-id: e24357e
master
Sam Blackshear 7 years ago committed by Facebook Github Bot
parent a32903bcea
commit 19824aa27b
2 changed files with 18 additions and 4 deletions
Show Stats Download Patch File Download Diff File

17
infer/src/quandary/ClangTrace.ml
Unescape View File

@ -124,9 +124,18 @@ module SourceKind = struct
let typename = Typ.Procname.objc_cpp_get_class_type_name cpp_pname in let typename = Typ.Procname.objc_cpp_get_class_type_name cpp_pname in
PatternMatch.supertype_exists tenv is_thrift_service_ typename PatternMatch.supertype_exists tenv is_thrift_service_ typename
in in
let taint_all ~make_source = (* taint all formals except for [this] *)
let taint_all_but_this ~make_source =
List.map List.map
~f:(fun (name, typ) -> (name, typ, Some (make_source name typ.Typ.desc))) ~f:(fun (name, typ) ->
let taint =
match Mangled.to_string name with
| "this" ->
None
| _ ->
Some (make_source name typ.Typ.desc)
in
(name, typ, taint))
(Procdesc.get_formals pdesc) (Procdesc.get_formals pdesc)
in in
match Procdesc.get_proc_name pdesc with match Procdesc.get_proc_name pdesc with
@ -137,9 +146,9 @@ module SourceKind = struct
(Typ.Procname.get_method pname) (Typ.Procname.get_method pname)
in in
if String.Set.mem endpoints qualified_pname then if String.Set.mem endpoints qualified_pname then
taint_all ~make_source:(fun name desc -> UserControlledEndpoint (name, desc)) taint_all_but_this ~make_source:(fun name desc -> UserControlledEndpoint (name, desc))
else if is_thrift_service cpp_pname then else if is_thrift_service cpp_pname then
taint_all ~make_source:(fun name desc -> Endpoint (name, desc)) taint_all_but_this ~make_source:(fun name desc -> Endpoint (name, desc))
else Source.all_formals_untainted pdesc else Source.all_formals_untainted pdesc
| _ -> | _ ->
Source.all_formals_untainted pdesc Source.all_formals_untainted pdesc

5
infer/tests/codetoanalyze/cpp/quandary/endpoints.cpp
Unescape View File

@ -77,6 +77,11 @@ class Service1 : facebook::fb303::cpp2::FacebookServiceSvIf {
system(std::to_string(formal.i).c_str()); system(std::to_string(formal.i).c_str());
} }
void service_this_ok() {
// endpoint object itself should not be treated as tainted
system((const char*)this);
}
private: private:
void private_not_endpoint_ok(std::string formal) { system(formal.c_str()); } void private_not_endpoint_ok(std::string formal) { system(formal.c_str()); }
}; };

Write Preview
Loading…
Cancel
Save