From 22bebd2cee1176875fcc02a091cdcd4b01ee3f41 Mon Sep 17 00:00:00 2001
From: Ted Reed <reed@fb.com>
Date: Mon, 26 Nov 2018 20:09:55 -0800
Subject: [PATCH] quandary: Break out deserialization from endpoints into a
 _risk category

Reviewed By: mbouaziz

Differential Revision: D13157416

fbshipit-source-id: 6ea34dd55
---
 infer/src/base/IssueType.ml     | 2 ++
 infer/src/base/IssueType.mli    | 2 ++
 infer/src/quandary/JavaTrace.ml | 6 ++++--
 3 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/infer/src/base/IssueType.ml b/infer/src/base/IssueType.ml
index 80048da33..c96a49b9b 100644
--- a/infer/src/base/IssueType.ml
+++ b/infer/src/base/IssueType.ml
@@ -405,6 +405,8 @@ let untrusted_buffer_access = from_string ~enabled:false "UNTRUSTED_BUFFER_ACCES
 
 let untrusted_deserialization = from_string "UNTRUSTED_DESERIALIZATION"
 
+let untrusted_deserialization_risk = from_string "UNTRUSTED_DESERIALIZATION_RISK"
+
 let untrusted_file = from_string "UNTRUSTED_FILE"
 
 let untrusted_file_risk = from_string "UNTRUSTED_FILE_RISK"
diff --git a/infer/src/base/IssueType.mli b/infer/src/base/IssueType.mli
index d52764fe2..440b34d35 100644
--- a/infer/src/base/IssueType.mli
+++ b/infer/src/base/IssueType.mli
@@ -305,6 +305,8 @@ val untrusted_buffer_access : t
 
 val untrusted_deserialization : t
 
+val untrusted_deserialization_risk : t
+
 val untrusted_file : t
 
 val untrusted_file_risk : t
diff --git a/infer/src/quandary/JavaTrace.ml b/infer/src/quandary/JavaTrace.ml
index 210e9683d..d4f9acf31 100644
--- a/infer/src/quandary/JavaTrace.ml
+++ b/infer/src/quandary/JavaTrace.ml
@@ -549,10 +549,12 @@ include Trace.Make (struct
     | Endpoint _, CreateFile ->
         (* user-controlled file creation; may be vulnerable to path traversal + more *)
         Some IssueType.untrusted_file_risk
-    | ( (Endpoint _ | Intent | IntentFromURI | UserControlledString | UserControlledURI)
-      , Deserialization ) ->
+    | (Intent | IntentFromURI | UserControlledString | UserControlledURI), Deserialization ->
         (* shouldn't let anyone external control what we deserialize *)
         Some IssueType.untrusted_deserialization
+    | Endpoint _, Deserialization ->
+        (* shouldn't let anyone external control what we deserialize *)
+        Some IssueType.untrusted_deserialization_risk
     | (Endpoint _ | Intent | IntentFromURI | UserControlledString | UserControlledURI), HTML ->
         (* untrusted data flows into HTML; XSS risk *)
         Some IssueType.cross_site_scripting