From 3ba67bac1acb2531ed1817c0a1998e6cd4d54381 Mon Sep 17 00:00:00 2001
From: Sam Blackshear <shb@fb.com>
Date: Thu, 27 Oct 2016 07:07:26 -0700
Subject: [PATCH] [quandary] more privacy sources

Reviewed By: mburman

Differential Revision: D4081300

fbshipit-source-id: 08c3a3d
---
 infer/src/quandary/JavaTrace.ml               | 19 +++++++---
 .../java/quandary/LoggingPrivateData.java     | 35 +++++++++++++++++++
 .../codetoanalyze/java/quandary/issues.exp    | 16 +++++++--
 3 files changed, 63 insertions(+), 7 deletions(-)

diff --git a/infer/src/quandary/JavaTrace.ml b/infer/src/quandary/JavaTrace.ml
index 393caff8a..151d080f3 100644
--- a/infer/src/quandary/JavaTrace.ml
+++ b/infer/src/quandary/JavaTrace.ml
@@ -16,12 +16,13 @@ module JavaSource = struct
 
   module SourceKind = struct
     type t =
-      | SharedPreferences (** private data read from SharedPreferences *)
+      | PrivateData (** private user or device-specific data *)
       | Footprint of AccessPath.t (** source that was read from the environment. *)
       | Intent
       | Other (** for testing or uncategorized sources *)
 
     let compare sk1 sk2 = match sk1, sk2 with
+      | PrivateData, PrivateData -> 0
       | Footprint ap1, Footprint ap2 -> AccessPath.compare ap1 ap2
       | _ -> tags_compare sk1 sk2
   end
@@ -61,7 +62,17 @@ module JavaSource = struct
           | "android.content.Intent", ("parseUri" | "parseIntent") ->
               Some (make Intent site)
           | "android.content.SharedPreferences", "getString" ->
-              Some (make SharedPreferences site)
+              Some (make PrivateData site)
+          | "android.location.Location",
+            ("getAltitude" | "getBearing" | "getLatitude" | "getLongitude" | "getSpeed") ->
+              Some (make PrivateData site)
+          | "android.telephony.TelephonyManager",
+            ("getDeviceId" |
+             "getLine1Number" |
+             "getSimSerialNumber" |
+             "getSubscriberId" |
+             "getVoiceMailNumber") ->
+              Some (make PrivateData site)
           | "com.facebook.infer.builtins.InferTaint", "inferSecretSource" ->
               Some (make Other site)
           | _ ->
@@ -79,7 +90,7 @@ module JavaSource = struct
 
   let pp_kind fmt (kind : kind) = match kind with
     | Intent -> F.fprintf fmt "Intent"
-    | SharedPreferences -> F.fprintf fmt "SharedPreferences"
+    | PrivateData -> F.fprintf fmt "PrivateData"
     | Footprint ap -> F.fprintf fmt "Footprint[%a]" AccessPath.pp ap
     | Other -> F.fprintf fmt "Other"
 
@@ -204,7 +215,7 @@ include
       let open Sink in
       match Source.kind source, Sink.kind sink with
       | SourceKind.Other, SinkKind.Other
-      | SourceKind.SharedPreferences, SinkKind.Logging ->
+      | SourceKind.PrivateData, SinkKind.Logging ->
           true
       | SourceKind.Intent, SinkKind.Intent ->
           true
diff --git a/infer/tests/codetoanalyze/java/quandary/LoggingPrivateData.java b/infer/tests/codetoanalyze/java/quandary/LoggingPrivateData.java
index 2e93896de..364da133a 100644
--- a/infer/tests/codetoanalyze/java/quandary/LoggingPrivateData.java
+++ b/infer/tests/codetoanalyze/java/quandary/LoggingPrivateData.java
@@ -10,6 +10,8 @@
 package codetoanalyze.java.quandary;
 
 import android.content.SharedPreferences;
+import android.location.Location;
+import android.telephony.TelephonyManager;
 import android.util.Log;
 
 public class LoggingPrivateData {
@@ -41,4 +43,37 @@ public class LoggingPrivateData {
     Log.d("tag", "value");
   }
 
+  private native int rand();
+
+  public String returnAllSources(Location l, TelephonyManager t) {
+    switch (rand()) {
+    case 1:
+      return String.valueOf(l.getAltitude());
+    case 2:
+      return String.valueOf(l.getBearing());
+    case 3:
+      return String.valueOf(l.getLatitude());
+    case 4:
+      return String.valueOf(l.getLongitude());
+    case 5:
+      return String.valueOf(l.getSpeed());
+    case 6:
+      return t.getDeviceId();
+    case 7:
+      return t.getLine1Number();
+    case 8:
+      return t.getSimSerialNumber();
+    case 9:
+      return t.getSubscriberId();
+    case 10:
+      return t.getVoiceMailNumber();
+    }
+    return null;
+  }
+
+  public void logAllSourcesBad(Location l, TelephonyManager t) {
+    String source = returnAllSources(l, t);
+    Log.d("tag", source);
+  }
+
 }
diff --git a/infer/tests/codetoanalyze/java/quandary/issues.exp b/infer/tests/codetoanalyze/java/quandary/issues.exp
index debd385ed..4f5f49a8e 100644
--- a/infer/tests/codetoanalyze/java/quandary/issues.exp
+++ b/infer/tests/codetoanalyze/java/quandary/issues.exp
@@ -103,9 +103,19 @@ Interprocedural.java:221: ERROR: QUANDARY_TAINT_ERROR Error: Other(Object InferT
 Interprocedural.java:232: ERROR: QUANDARY_TAINT_ERROR Error: Other(Object InferTaint.inferSecretSource() at [line 230]) -> Other(void InferTaint.inferSensitiveSink(Object) at [line 232]) via {  }
 Interprocedural.java:244: ERROR: QUANDARY_TAINT_ERROR Error: Other(Object InferTaint.inferSecretSource() at [line 244]) -> Other(void InferTaint.inferSensitiveSink(Object) at [line 240]) via { void Interprocedural.callSinkVariadic(java.lang.Object[]) at [line 244] }
 Interprocedural.java:255: ERROR: QUANDARY_TAINT_ERROR Error: Other(Object InferTaint.inferSecretSource() at [line 253]) -> Other(void InferTaint.inferSensitiveSink(Object) at [line 255]) via {  }
-LoggingPrivateData.java:18: ERROR: QUANDARY_TAINT_ERROR Error: SharedPreferences(String SharedPreferences.getString(String,String) at [line 18]) -> Logging(int Log.d(String,String) at [line 18]) via {  }
-LoggingPrivateData.java:22: ERROR: QUANDARY_TAINT_ERROR Error: SharedPreferences(String SharedPreferences.getString(String,String) at [line 22]) -> Logging(int Log.d(String,String) at [line 22]) via {  }
-LoggingPrivateData.java:37: ERROR: QUANDARY_TAINT_ERROR Error: SharedPreferences(String SharedPreferences.getString(String,String) at [line 36]) -> Logging(int Log.w(String,Throwable) at [line 37]) via {  }
+LoggingPrivateData.java:20: ERROR: QUANDARY_TAINT_ERROR Error: PrivateData(String SharedPreferences.getString(String,String) at [line 20]) -> Logging(int Log.d(String,String) at [line 20]) via {  }
+LoggingPrivateData.java:24: ERROR: QUANDARY_TAINT_ERROR Error: PrivateData(String SharedPreferences.getString(String,String) at [line 24]) -> Logging(int Log.d(String,String) at [line 24]) via {  }
+LoggingPrivateData.java:39: ERROR: QUANDARY_TAINT_ERROR Error: PrivateData(String SharedPreferences.getString(String,String) at [line 38]) -> Logging(int Log.w(String,Throwable) at [line 39]) via {  }
+LoggingPrivateData.java:76: ERROR: QUANDARY_TAINT_ERROR Error: PrivateData(String TelephonyManager.getDeviceId() at [line 61]) -> Logging(int Log.d(String,String) at [line 76]) via { String LoggingPrivateData.returnAllSources(Location,TelephonyManager) at [line 75] }
+LoggingPrivateData.java:76: ERROR: QUANDARY_TAINT_ERROR Error: PrivateData(String TelephonyManager.getLine1Number() at [line 63]) -> Logging(int Log.d(String,String) at [line 76]) via { String LoggingPrivateData.returnAllSources(Location,TelephonyManager) at [line 75] }
+LoggingPrivateData.java:76: ERROR: QUANDARY_TAINT_ERROR Error: PrivateData(String TelephonyManager.getSimSerialNumber() at [line 65]) -> Logging(int Log.d(String,String) at [line 76]) via { String LoggingPrivateData.returnAllSources(Location,TelephonyManager) at [line 75] }
+LoggingPrivateData.java:76: ERROR: QUANDARY_TAINT_ERROR Error: PrivateData(String TelephonyManager.getSubscriberId() at [line 67]) -> Logging(int Log.d(String,String) at [line 76]) via { String LoggingPrivateData.returnAllSources(Location,TelephonyManager) at [line 75] }
+LoggingPrivateData.java:76: ERROR: QUANDARY_TAINT_ERROR Error: PrivateData(String TelephonyManager.getVoiceMailNumber() at [line 69]) -> Logging(int Log.d(String,String) at [line 76]) via { String LoggingPrivateData.returnAllSources(Location,TelephonyManager) at [line 75] }
+LoggingPrivateData.java:76: ERROR: QUANDARY_TAINT_ERROR Error: PrivateData(double Location.getAltitude() at [line 51]) -> Logging(int Log.d(String,String) at [line 76]) via { String LoggingPrivateData.returnAllSources(Location,TelephonyManager) at [line 75] }
+LoggingPrivateData.java:76: ERROR: QUANDARY_TAINT_ERROR Error: PrivateData(double Location.getLatitude() at [line 55]) -> Logging(int Log.d(String,String) at [line 76]) via { String LoggingPrivateData.returnAllSources(Location,TelephonyManager) at [line 75] }
+LoggingPrivateData.java:76: ERROR: QUANDARY_TAINT_ERROR Error: PrivateData(double Location.getLongitude() at [line 57]) -> Logging(int Log.d(String,String) at [line 76]) via { String LoggingPrivateData.returnAllSources(Location,TelephonyManager) at [line 75] }
+LoggingPrivateData.java:76: ERROR: QUANDARY_TAINT_ERROR Error: PrivateData(float Location.getBearing() at [line 53]) -> Logging(int Log.d(String,String) at [line 76]) via { String LoggingPrivateData.returnAllSources(Location,TelephonyManager) at [line 75] }
+LoggingPrivateData.java:76: ERROR: QUANDARY_TAINT_ERROR Error: PrivateData(float Location.getSpeed() at [line 59]) -> Logging(int Log.d(String,String) at [line 76]) via { String LoggingPrivateData.returnAllSources(Location,TelephonyManager) at [line 75] }
 Recursion.java:26: ERROR: QUANDARY_TAINT_ERROR Error: Other(Object InferTaint.inferSecretSource() at [line 26]) -> Other(void InferTaint.inferSensitiveSink(Object) at [line 21]) via { void Recursion.callSinkThenDiverge(Object) at [line 26] }
 Recursion.java:36: ERROR: QUANDARY_TAINT_ERROR Error: Other(Object InferTaint.inferSecretSource() at [line 36]) -> Other(void InferTaint.inferSensitiveSink(Object) at [line 31]) via { void Recursion.safeRecursionCallSink(int,Object) at [line 36] }
 Recursion.java:42: ERROR: QUANDARY_TAINT_ERROR Error: Other(Object InferTaint.inferSecretSource() at [line 42]) -> Other(void InferTaint.inferSensitiveSink(Object) at [line 41]) via { void Recursion.recursionBad(int,Object) at [line 42] }