pghs975uc
/
infer_clone
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

[quandary] clean up source type in report

Browse Source 
Reviewed By: jeremydubreil

Differential Revision: D6487738

fbshipit-source-id: 2ac42b6
master
Sam Blackshear 7 years ago committed by Facebook Github Bot
parent 0ebdd369b0
commit 3c28e0308a
4 changed files with 53 additions and 120 deletions
Show Stats Download Patch File Download Diff File

112
infer/src/checkers/Trace.ml
Unescape View File

@ -59,17 +59,12 @@ module type S = sig
module Sinks = Sink.Set module Sinks = Sink.Set
module Passthroughs = Passthrough.Set module Passthroughs = Passthrough.Set
type path_source = Known of Source.t | Footprint of AccessPath.Abs.t type path = Passthroughs.t * (Source.t * Passthroughs.t) list * (Sink.t * Passthroughs.t) list
type path_sink = Sink.t
type path =
Passthroughs.t * (path_source * Passthroughs.t) list * (path_sink * Passthroughs.t) list
type report = type report =
{ issue: IssueType.t { issue: IssueType.t
; path_source: path_source ; path_source: Source.t
; path_sink: path_sink ; path_sink: Sink.t
; path_passthroughs: Passthroughs.t } ; path_passthroughs: Passthroughs.t }
val empty : t val empty : t
@ -93,8 +88,8 @@ module type S = sig
[cur_site] restricts the reported paths to ones introduced by the call at [cur_site] *) [cur_site] restricts the reported paths to ones introduced by the call at [cur_site] *)
val to_loc_trace : val to_loc_trace :
?desc_of_source:(path_source -> string) -> ?source_should_nest:(path_source -> bool) ?desc_of_source:(Source.t -> string) -> ?source_should_nest:(Source.t -> bool)
-> ?desc_of_sink:(path_sink -> string) -> ?sink_should_nest:(path_sink -> bool) -> path -> ?desc_of_sink:(Sink.t -> string) -> ?sink_should_nest:(Sink.t -> bool) -> path
-> Errlog.loc_trace -> Errlog.loc_trace
(** create a loc_trace from a path; [source_should_nest s] should be true when we are going one (** create a loc_trace from a path; [source_should_nest s] should be true when we are going one
deeper into a call-chain, ie when lt_level should be bumper in the next loc_trace_elem, and deeper into a call-chain, ie when lt_level should be bumper in the next loc_trace_elem, and
@ -131,8 +126,6 @@ module type S = sig
val pp_path : Typ.Procname.t -> F.formatter -> path -> unit val pp_path : Typ.Procname.t -> F.formatter -> path -> unit
(** pretty-print a path in the context of the given procname *) (** pretty-print a path in the context of the given procname *)
val pp_path_source : F.formatter -> path_source -> unit
end end
(** Expand a trace element (i.e., a source or sink) into a list of trace elements bottoming out in (** Expand a trace element (i.e., a source or sink) into a list of trace elements bottoming out in
@ -266,17 +259,12 @@ module Make (Spec : Spec) = struct
type astate = t type astate = t
type path_source = Known of Source.t | Footprint of AccessPath.Abs.t type path = Passthroughs.t * (Source.t * Passthroughs.t) list * (Sink.t * Passthroughs.t) list
type path_sink = Sink.t
type path =
Passthroughs.t * (path_source * Passthroughs.t) list * (path_sink * Passthroughs.t) list
type report = type report =
{ issue: IssueType.t { issue: IssueType.t
; path_source: path_source ; path_source: Source.t
; path_sink: path_sink ; path_sink: Sink.t
; path_passthroughs: Passthroughs.t } ; path_passthroughs: Passthroughs.t }
let pp fmt {sources; sinks; passthroughs} = let pp fmt {sources; sinks; passthroughs} =
@ -291,12 +279,7 @@ module Make (Spec : Spec) = struct
F.fprintf fmt "%a ~> %a%a" Sources.pp sources pp_sinks sinks pp_passthroughs passthroughs F.fprintf fmt "%a ~> %a%a" Sources.pp sources pp_sinks sinks pp_passthroughs passthroughs
let get_path_source_call_site = function let get_path_source_call_site = Source.call_site
| Known source ->
Source.call_site source
| Footprint _ ->
CallSite.dummy
let sources t = t.sources let sources t = t.sources
@ -331,10 +314,7 @@ module Make (Spec : Spec) = struct
Spec.get_report source sink (Sources.Sanitizers.elements t.sources.sanitizers) Spec.get_report source sink (Sources.Sanitizers.elements t.sources.sanitizers)
with with
| Some issue -> | Some issue ->
{ issue {issue; path_source= source; path_sink= sink; path_passthroughs= t.passthroughs}
; path_source= Known source
; path_sink= sink
; path_passthroughs= t.passthroughs }
:: acc :: acc
| None -> | None ->
acc acc
@ -346,12 +326,7 @@ module Make (Spec : Spec) = struct
Sources.Known.fold report_sources t.sources.known [] Sources.Known.fold report_sources t.sources.known []
let pp_path_source fmt = function let pp_path_source = Source.pp
| Known source ->
Source.pp fmt source
| Footprint access_path ->
AccessPath.Abs.pp fmt access_path
let pp_path cur_pname fmt (cur_passthroughs, sources_passthroughs, sinks_passthroughs) = let pp_path cur_pname fmt (cur_passthroughs, sources_passthroughs, sinks_passthroughs) =
let pp_passthroughs fmt passthroughs = let pp_passthroughs fmt passthroughs =
@ -396,43 +371,32 @@ module Make (Spec : Spec) = struct
in in
Passthrough.Set.filter between_start_and_end passthroughs Passthrough.Set.filter between_start_and_end passthroughs
in in
let expand_path path_source sink = let expand_path source sink =
match path_source with let sources_of_pname pname =
| Known source -> let trace = trace_of_pname pname in
let sources_of_pname pname = (Sources.Known.elements (sources trace).known, passthroughs trace)
let trace = trace_of_pname pname in in
(Sources.Known.elements (sources trace).known, passthroughs trace) let sinks_of_pname pname =
in let trace = trace_of_pname pname in
let sinks_of_pname pname = (Sinks.elements (sinks trace), passthroughs trace)
let trace = trace_of_pname pname in in
(Sinks.elements (sinks trace), passthroughs trace) let sources_passthroughs =
in let filter_passthroughs = filter_passthroughs_ Source in
let sources_passthroughs = SourceExpander.expand source ~elems_passthroughs_of_pname:sources_of_pname
let filter_passthroughs = filter_passthroughs_ Source in ~filter_passthroughs
SourceExpander.expand source ~elems_passthroughs_of_pname:sources_of_pname |> List.map ~f:(fun (source, passthrough) -> (source, passthrough))
~filter_passthroughs in
|> List.map ~f:(fun (source, passthrough) -> (Known source, passthrough)) let sinks_passthroughs =
in let filter_passthroughs = filter_passthroughs_ Sink in
let sinks_passthroughs = SinkExpander.expand sink ~elems_passthroughs_of_pname:sinks_of_pname ~filter_passthroughs
let filter_passthroughs = filter_passthroughs_ Sink in in
SinkExpander.expand sink ~elems_passthroughs_of_pname:sinks_of_pname (sources_passthroughs, sinks_passthroughs)
~filter_passthroughs
in
(sources_passthroughs, sinks_passthroughs)
| Footprint _ ->
([], [])
in in
List.map List.map
~f:(fun {path_source; path_sink; path_passthroughs} -> ~f:(fun {path_source; path_sink; path_passthroughs} ->
let sources_passthroughs, sinks_passthroughs = expand_path path_source path_sink in let sources_passthroughs, sinks_passthroughs = expand_path path_source path_sink in
let filtered_passthroughs = let filtered_passthroughs =
let source_site = let source_site = Source.call_site path_source in
match path_source with
| Known source ->
Source.call_site source
| Footprint _ ->
Option.value ~default:CallSite.dummy cur_site
in
filter_passthroughs_ Top_level source_site (Sink.call_site path_sink) path_passthroughs filter_passthroughs_ Top_level source_site (Sink.call_site path_sink) path_passthroughs
in in
(filtered_passthroughs, sources_passthroughs, sinks_passthroughs)) (filtered_passthroughs, sources_passthroughs, sinks_passthroughs))
@ -440,14 +404,10 @@ module Make (Spec : Spec) = struct
let to_loc_trace let to_loc_trace
?(desc_of_source= function ?(desc_of_source= fun source ->
| Known source -> let callsite = Source.call_site source in
let callsite = Source.call_site source in Format.asprintf "return from %a" Typ.Procname.pp
Format.asprintf "return from %a" Typ.Procname.pp (CallSite.pname callsite)) ?(source_should_nest= fun _ -> true)
(CallSite.pname callsite)
| Footprint access_path ->
Format.asprintf "read from %a" AccessPath.Abs.pp access_path)
?(source_should_nest= fun _ -> true)
?(desc_of_sink= fun sink -> ?(desc_of_sink= fun sink ->
let callsite = Sink.call_site sink in let callsite = Sink.call_site sink in
Format.asprintf "call to %a" Typ.Procname.pp (CallSite.pname callsite)) Format.asprintf "call to %a" Typ.Procname.pp (CallSite.pname callsite))

20
infer/src/checkers/Trace.mli
Unescape View File

@ -64,23 +64,15 @@ module type S = sig
module Sinks = Sink.Set module Sinks = Sink.Set
module Passthroughs = Passthrough.Set module Passthroughs = Passthrough.Set
type path_source =
| Known of Source.t (** source originating from a called procedure *)
| Footprint of AccessPath.Abs.t
(** source read from an access path rooted in a parameter or global *)
type path_sink = Sink.t
(** path from a source to a sink with passthroughs at each step in the call stack. the first set (** path from a source to a sink with passthroughs at each step in the call stack. the first set
of passthroughs are the ones in the "reporting" procedure that calls the first function in of passthroughs are the ones in the "reporting" procedure that calls the first function in
both the source and sink stack *) both the source and sink stack *)
type path = type path = Passthroughs.t * (Source.t * Passthroughs.t) list * (Sink.t * Passthroughs.t) list
Passthroughs.t * (path_source * Passthroughs.t) list * (path_sink * Passthroughs.t) list
type report = type report =
{ issue: IssueType.t { issue: IssueType.t
; path_source: path_source ; path_source: Source.t
; path_sink: path_sink ; path_sink: Sink.t
; path_passthroughs: Passthroughs.t } ; path_passthroughs: Passthroughs.t }
val empty : t val empty : t
@ -105,8 +97,8 @@ module type S = sig
[cur_site] restricts the reported paths to ones introduced by the call at [cur_site] *) [cur_site] restricts the reported paths to ones introduced by the call at [cur_site] *)
val to_loc_trace : val to_loc_trace :
?desc_of_source:(path_source -> string) -> ?source_should_nest:(path_source -> bool) ?desc_of_source:(Source.t -> string) -> ?source_should_nest:(Source.t -> bool)
-> ?desc_of_sink:(path_sink -> string) -> ?sink_should_nest:(path_sink -> bool) -> path -> ?desc_of_sink:(Sink.t -> string) -> ?sink_should_nest:(Sink.t -> bool) -> path
-> Errlog.loc_trace -> Errlog.loc_trace
(** create a loc_trace from a path; [source_should_nest s] should be true when we are going one (** create a loc_trace from a path; [source_should_nest s] should be true when we are going one
deeper into a call-chain, ie when lt_level should be bumper in the next loc_trace_elem, and deeper into a call-chain, ie when lt_level should be bumper in the next loc_trace_elem, and
@ -145,8 +137,6 @@ module type S = sig
val pp_path : Typ.Procname.t -> F.formatter -> path -> unit val pp_path : Typ.Procname.t -> F.formatter -> path -> unit
(** pretty-print a path in the context of the given procname *) (** pretty-print a path in the context of the given procname *)
val pp_path_source : F.formatter -> path_source -> unit
end end
module Make (Spec : Spec) : S with module Source = Spec.Source and module Sink = Spec.Sink module Make (Spec : Spec) : S with module Source = Spec.Source and module Sink = Spec.Sink

34
infer/src/quandary/TaintAnalysis.ml
Unescape View File

@ -118,14 +118,11 @@ module Make (TaintSpecification : TaintSpec.S) = struct
lazy (String.Set.of_list (QuandaryConfig.Endpoint.of_json Config.quandary_endpoints)) lazy (String.Set.of_list (QuandaryConfig.Endpoint.of_json Config.quandary_endpoints))
let is_endpoint = function let is_endpoint source =
| TraceDomain.Known source -> ( match CallSite.pname (TraceDomain.Source.call_site source) with
match CallSite.pname (TraceDomain.Source.call_site source) with | Typ.Procname.Java java_pname ->
| Typ.Procname.Java java_pname -> String.Set.mem (Lazy.force endpoints) (Typ.Procname.java_get_class_name java_pname)
String.Set.mem (Lazy.force endpoints) (Typ.Procname.java_get_class_name java_pname) | _ ->
| _ ->
false )
| TraceDomain.Footprint _ ->
false false
@ -143,7 +140,7 @@ module Make (TaintSpecification : TaintSpec.S) = struct
TaintDomain.empty TaintDomain.empty
in in
let get_short_trace_string original_path_source final_sink = let get_short_trace_string original_path_source final_sink =
F.asprintf "%a -> %a%s" TraceDomain.pp_path_source original_path_source TraceDomain.Sink.pp F.asprintf "%a -> %a%s" TraceDomain.Source.pp original_path_source TraceDomain.Sink.pp
final_sink final_sink
(if is_endpoint original_path_source then ". Note: source is an endpoint." else "") (if is_endpoint original_path_source then ". Note: source is an endpoint." else "")
in in
@ -219,12 +216,7 @@ module Make (TaintSpecification : TaintSpec.S) = struct
acc acc
in in
let expanded_sources, _ = let expanded_sources, _ =
match path_source with expand_source path_source ([(None, path_source)], CallSite.Set.empty)
| Known source ->
let sources, calls = expand_source source ([(None, source)], CallSite.Set.empty) in
(List.map ~f:(fun (ap_opt, source) -> (ap_opt, Known source)) sources, calls)
| Footprint _ ->
([(None, path_source)], CallSite.Set.empty)
in in
let expanded_sinks, _ = let expanded_sinks, _ =
expand_sink path_sink sink_indexes ([path_sink], CallSite.Set.empty) expand_sink path_sink sink_indexes ([path_sink], CallSite.Set.empty)
@ -244,14 +236,10 @@ module Make (TaintSpecification : TaintSpec.S) = struct
List.map List.map
~f:(fun (access_path_opt, path_source) -> ~f:(fun (access_path_opt, path_source) ->
let desc, loc = let desc, loc =
match path_source with let call_site = Source.call_site path_source in
| Known source -> ( Format.asprintf "Return from %a%a" Typ.Procname.pp (CallSite.pname call_site)
let call_site = Source.call_site source in pp_access_path_opt access_path_opt
( Format.asprintf "Return from %a%a" Typ.Procname.pp (CallSite.pname call_site) , CallSite.loc call_site )
pp_access_path_opt access_path_opt
, CallSite.loc call_site )
| Footprint access_path ->
(Format.asprintf "Read from %a" AccessPath.Abs.pp access_path, Location.dummy)
in in
Errlog.make_trace_element 0 loc desc []) Errlog.make_trace_element 0 loc desc [])
expanded_sources expanded_sources

7
infer/src/unit/TraceTests.ml
Unescape View File

@ -90,12 +90,7 @@ end)
let trace_equal t1 t2 = MockTrace.( <= ) ~lhs:t1 ~rhs:t2 && MockTrace.( <= ) ~lhs:t2 ~rhs:t1 let trace_equal t1 t2 = MockTrace.( <= ) ~lhs:t1 ~rhs:t2 && MockTrace.( <= ) ~lhs:t2 ~rhs:t1
let source_equal path_source source = let source_equal s source = MockSource.equal s source
match path_source with
| MockTrace.Known s ->
MockSource.equal s source
| MockTrace.Footprint _ ->
false
let tests = let tests =

Write Preview
Loading…
Cancel
Save