pghs975uc
/
infer_clone
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

[quandary] clean up source type in report

Browse Source 
Reviewed By: jeremydubreil

Differential Revision: D6487738

fbshipit-source-id: 2ac42b6
master
Sam Blackshear 7 years ago committed by Facebook Github Bot
parent 0ebdd369b0
commit 3c28e0308a
4 changed files with 53 additions and 120 deletions
Show Stats Download Patch File Download Diff File

112
infer/src/checkers/Trace.ml
Unescape View File

@ -59,17 +59,12 @@ module type S = sig
module Sinks = Sink.Set
module Passthroughs = Passthrough.Set
type path_source = Known of Source.t | Footprint of AccessPath.Abs.t
type path_sink = Sink.t
type path =
Passthroughs.t * (path_source * Passthroughs.t) list * (path_sink * Passthroughs.t) list
type path = Passthroughs.t * (Source.t * Passthroughs.t) list * (Sink.t * Passthroughs.t) list
type report =
{ issue: IssueType.t
; path_source: path_source
; path_sink: path_sink
; path_source: Source.t
; path_sink: Sink.t
; path_passthroughs: Passthroughs.t }
val empty : t
@ -93,8 +88,8 @@ module type S = sig
[cur_site] restricts the reported paths to ones introduced by the call at [cur_site] *)
val to_loc_trace :
?desc_of_source:(path_source -> string) -> ?source_should_nest:(path_source -> bool)
-> ?desc_of_sink:(path_sink -> string) -> ?sink_should_nest:(path_sink -> bool) -> path
?desc_of_source:(Source.t -> string) -> ?source_should_nest:(Source.t -> bool)
-> ?desc_of_sink:(Sink.t -> string) -> ?sink_should_nest:(Sink.t -> bool) -> path
-> Errlog.loc_trace
(** create a loc_trace from a path; [source_should_nest s] should be true when we are going one
deeper into a call-chain, ie when lt_level should be bumper in the next loc_trace_elem, and
@ -131,8 +126,6 @@ module type S = sig
val pp_path : Typ.Procname.t -> F.formatter -> path -> unit
(** pretty-print a path in the context of the given procname *)
val pp_path_source : F.formatter -> path_source -> unit
end
(** Expand a trace element (i.e., a source or sink) into a list of trace elements bottoming out in
@ -266,17 +259,12 @@ module Make (Spec : Spec) = struct
type astate = t
type path_source = Known of Source.t | Footprint of AccessPath.Abs.t
type path_sink = Sink.t
type path =
Passthroughs.t * (path_source * Passthroughs.t) list * (path_sink * Passthroughs.t) list
type path = Passthroughs.t * (Source.t * Passthroughs.t) list * (Sink.t * Passthroughs.t) list
type report =
{ issue: IssueType.t
; path_source: path_source
; path_sink: path_sink
; path_source: Source.t
; path_sink: Sink.t
; path_passthroughs: Passthroughs.t }
let pp fmt {sources; sinks; passthroughs} =
@ -291,12 +279,7 @@ module Make (Spec : Spec) = struct
F.fprintf fmt "%a ~> %a%a" Sources.pp sources pp_sinks sinks pp_passthroughs passthroughs
let get_path_source_call_site = function
| Known source ->
Source.call_site source
| Footprint _ ->
CallSite.dummy
let get_path_source_call_site = Source.call_site
let sources t = t.sources
@ -331,10 +314,7 @@ module Make (Spec : Spec) = struct
Spec.get_report source sink (Sources.Sanitizers.elements t.sources.sanitizers)
with
| Some issue ->
{ issue
; path_source= Known source
; path_sink= sink
; path_passthroughs= t.passthroughs }
{issue; path_source= source; path_sink= sink; path_passthroughs= t.passthroughs}
:: acc
| None ->
acc
@ -346,12 +326,7 @@ module Make (Spec : Spec) = struct
Sources.Known.fold report_sources t.sources.known []
let pp_path_source fmt = function
| Known source ->
Source.pp fmt source
| Footprint access_path ->
AccessPath.Abs.pp fmt access_path
let pp_path_source = Source.pp
let pp_path cur_pname fmt (cur_passthroughs, sources_passthroughs, sinks_passthroughs) =
let pp_passthroughs fmt passthroughs =
@ -396,43 +371,32 @@ module Make (Spec : Spec) = struct
in
Passthrough.Set.filter between_start_and_end passthroughs
in
let expand_path path_source sink =
match path_source with
| Known source ->
let sources_of_pname pname =
let trace = trace_of_pname pname in
(Sources.Known.elements (sources trace).known, passthroughs trace)
in
let sinks_of_pname pname =
let trace = trace_of_pname pname in
(Sinks.elements (sinks trace), passthroughs trace)
in
let sources_passthroughs =
let filter_passthroughs = filter_passthroughs_ Source in
SourceExpander.expand source ~elems_passthroughs_of_pname:sources_of_pname
~filter_passthroughs
|> List.map ~f:(fun (source, passthrough) -> (Known source, passthrough))
in
let sinks_passthroughs =
let filter_passthroughs = filter_passthroughs_ Sink in
SinkExpander.expand sink ~elems_passthroughs_of_pname:sinks_of_pname
~filter_passthroughs
in
(sources_passthroughs, sinks_passthroughs)
| Footprint _ ->
([], [])
let expand_path source sink =
let sources_of_pname pname =
let trace = trace_of_pname pname in
(Sources.Known.elements (sources trace).known, passthroughs trace)
in
let sinks_of_pname pname =
let trace = trace_of_pname pname in
(Sinks.elements (sinks trace), passthroughs trace)
in
let sources_passthroughs =
let filter_passthroughs = filter_passthroughs_ Source in
SourceExpander.expand source ~elems_passthroughs_of_pname:sources_of_pname
~filter_passthroughs
|> List.map ~f:(fun (source, passthrough) -> (source, passthrough))
in
let sinks_passthroughs =
let filter_passthroughs = filter_passthroughs_ Sink in
SinkExpander.expand sink ~elems_passthroughs_of_pname:sinks_of_pname ~filter_passthroughs
in
(sources_passthroughs, sinks_passthroughs)
in
List.map
~f:(fun {path_source; path_sink; path_passthroughs} ->
let sources_passthroughs, sinks_passthroughs = expand_path path_source path_sink in
let filtered_passthroughs =
let source_site =
match path_source with
| Known source ->
Source.call_site source
| Footprint _ ->
Option.value ~default:CallSite.dummy cur_site
in
let source_site = Source.call_site path_source in
filter_passthroughs_ Top_level source_site (Sink.call_site path_sink) path_passthroughs
in
(filtered_passthroughs, sources_passthroughs, sinks_passthroughs))
@ -440,14 +404,10 @@ module Make (Spec : Spec) = struct
let to_loc_trace
?(desc_of_source= function
| Known source ->
let callsite = Source.call_site source in
Format.asprintf "return from %a" Typ.Procname.pp
(CallSite.pname callsite)
| Footprint access_path ->
Format.asprintf "read from %a" AccessPath.Abs.pp access_path)
?(source_should_nest= fun _ -> true)
?(desc_of_source= fun source ->
let callsite = Source.call_site source in
Format.asprintf "return from %a" Typ.Procname.pp
(CallSite.pname callsite)) ?(source_should_nest= fun _ -> true)
?(desc_of_sink= fun sink ->
let callsite = Sink.call_site sink in
Format.asprintf "call to %a" Typ.Procname.pp (CallSite.pname callsite))

20
infer/src/checkers/Trace.mli
Unescape View File

@ -64,23 +64,15 @@ module type S = sig
module Sinks = Sink.Set
module Passthroughs = Passthrough.Set
type path_source =
| Known of Source.t (** source originating from a called procedure *)
| Footprint of AccessPath.Abs.t
(** source read from an access path rooted in a parameter or global *)
type path_sink = Sink.t
(** path from a source to a sink with passthroughs at each step in the call stack. the first set
of passthroughs are the ones in the "reporting" procedure that calls the first function in
both the source and sink stack *)
type path =
Passthroughs.t * (path_source * Passthroughs.t) list * (path_sink * Passthroughs.t) list
type path = Passthroughs.t * (Source.t * Passthroughs.t) list * (Sink.t * Passthroughs.t) list
type report =
{ issue: IssueType.t
; path_source: path_source
; path_sink: path_sink
; path_source: Source.t
; path_sink: Sink.t
; path_passthroughs: Passthroughs.t }
val empty : t
@ -105,8 +97,8 @@ module type S = sig
[cur_site] restricts the reported paths to ones introduced by the call at [cur_site] *)
val to_loc_trace :
?desc_of_source:(path_source -> string) -> ?source_should_nest:(path_source -> bool)
-> ?desc_of_sink:(path_sink -> string) -> ?sink_should_nest:(path_sink -> bool) -> path
?desc_of_source:(Source.t -> string) -> ?source_should_nest:(Source.t -> bool)
-> ?desc_of_sink:(Sink.t -> string) -> ?sink_should_nest:(Sink.t -> bool) -> path
-> Errlog.loc_trace
(** create a loc_trace from a path; [source_should_nest s] should be true when we are going one
deeper into a call-chain, ie when lt_level should be bumper in the next loc_trace_elem, and
@ -145,8 +137,6 @@ module type S = sig
val pp_path : Typ.Procname.t -> F.formatter -> path -> unit
(** pretty-print a path in the context of the given procname *)
val pp_path_source : F.formatter -> path_source -> unit
end
module Make (Spec : Spec) : S with module Source = Spec.Source and module Sink = Spec.Sink

34
infer/src/quandary/TaintAnalysis.ml
Unescape View File

@ -118,14 +118,11 @@ module Make (TaintSpecification : TaintSpec.S) = struct
lazy (String.Set.of_list (QuandaryConfig.Endpoint.of_json Config.quandary_endpoints))
let is_endpoint = function
| TraceDomain.Known source -> (
match CallSite.pname (TraceDomain.Source.call_site source) with
| Typ.Procname.Java java_pname ->
String.Set.mem (Lazy.force endpoints) (Typ.Procname.java_get_class_name java_pname)
| _ ->
false )
| TraceDomain.Footprint _ ->
let is_endpoint source =
match CallSite.pname (TraceDomain.Source.call_site source) with
| Typ.Procname.Java java_pname ->
String.Set.mem (Lazy.force endpoints) (Typ.Procname.java_get_class_name java_pname)
| _ ->
false
@ -143,7 +140,7 @@ module Make (TaintSpecification : TaintSpec.S) = struct
TaintDomain.empty
in
let get_short_trace_string original_path_source final_sink =
F.asprintf "%a -> %a%s" TraceDomain.pp_path_source original_path_source TraceDomain.Sink.pp
F.asprintf "%a -> %a%s" TraceDomain.Source.pp original_path_source TraceDomain.Sink.pp
final_sink
(if is_endpoint original_path_source then ". Note: source is an endpoint." else "")
in
@ -219,12 +216,7 @@ module Make (TaintSpecification : TaintSpec.S) = struct
acc
in
let expanded_sources, _ =
match path_source with
| Known source ->
let sources, calls = expand_source source ([(None, source)], CallSite.Set.empty) in
(List.map ~f:(fun (ap_opt, source) -> (ap_opt, Known source)) sources, calls)
| Footprint _ ->
([(None, path_source)], CallSite.Set.empty)
expand_source path_source ([(None, path_source)], CallSite.Set.empty)
in
let expanded_sinks, _ =
expand_sink path_sink sink_indexes ([path_sink], CallSite.Set.empty)
@ -244,14 +236,10 @@ module Make (TaintSpecification : TaintSpec.S) = struct
List.map
~f:(fun (access_path_opt, path_source) ->
let desc, loc =
match path_source with
| Known source ->
let call_site = Source.call_site source in
( Format.asprintf "Return from %a%a" Typ.Procname.pp (CallSite.pname call_site)
pp_access_path_opt access_path_opt
, CallSite.loc call_site )
| Footprint access_path ->
(Format.asprintf "Read from %a" AccessPath.Abs.pp access_path, Location.dummy)
let call_site = Source.call_site path_source in
( Format.asprintf "Return from %a%a" Typ.Procname.pp (CallSite.pname call_site)
pp_access_path_opt access_path_opt
, CallSite.loc call_site )
in
Errlog.make_trace_element 0 loc desc [])
expanded_sources

7
infer/src/unit/TraceTests.ml
Unescape View File

@ -90,12 +90,7 @@ end)
let trace_equal t1 t2 = MockTrace.( <= ) ~lhs:t1 ~rhs:t2 && MockTrace.( <= ) ~lhs:t2 ~rhs:t1
let source_equal path_source source =
match path_source with
| MockTrace.Known s ->
MockSource.equal s source
| MockTrace.Footprint _ ->
false
let source_equal s source = MockSource.equal s source
let tests =

Write Preview
Loading…
Cancel
Save