From 3cd7fa1c62a069a6c5839741f1b37af0b3086efb Mon Sep 17 00:00:00 2001
From: Sam Blackshear <shb@fb.com>
Date: Thu, 8 Jun 2017 15:44:32 -0700
Subject: [PATCH] [quandary] remember name of tainted parameter for endpoint
 source

Summary: This makes it possible to see which tainted parameter can flow to a sink, which is quite useful.

Reviewed By: jeremydubreil

Differential Revision: D5213297

fbshipit-source-id: 1371b5a
---
 infer/src/quandary/ClangTrace.ml | 20 ++++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/infer/src/quandary/ClangTrace.ml b/infer/src/quandary/ClangTrace.ml
index a4019eb19..6fb0fabf1 100644
--- a/infer/src/quandary/ClangTrace.ml
+++ b/infer/src/quandary/ClangTrace.ml
@@ -14,7 +14,7 @@ module L = Logging
 
 module SourceKind = struct
   type t =
-    | Endpoint (** source originating from an endpoint *)
+    | Endpoint of Mangled.t (** source originating from formal of an endpoint *)
     | EnvironmentVariable (** source that was read from an environment variable *)
     | File (** source that was read from a file *)
     | Other (** for testing or uncategorized sources *)
@@ -24,7 +24,7 @@ module SourceKind = struct
   let unknown = Unknown
 
   let of_string = function
-    | "Endpoint" -> Endpoint
+    | "Endpoint" -> Endpoint (Mangled.from_string "NONE")
     | "EnvironmentVariable" -> EnvironmentVariable
     | "File" -> File
     | _ -> Other
@@ -90,15 +90,19 @@ module SourceKind = struct
             (Typ.Procname.objc_cpp_get_class_name objc)
             (Typ.Procname.get_method pname) in
         if String.Set.mem endpoints qualified_pname
-        then List.map ~f:(fun (name, typ) -> name, typ, Some Endpoint) (Procdesc.get_formals pdesc)
-        else Source.all_formals_untainted pdesc
+        then
+          List.map
+            ~f:(fun (name, typ) -> name, typ, Some (Endpoint name))
+            (Procdesc.get_formals pdesc)
+        else
+          Source.all_formals_untainted pdesc
     | _ ->
         Source.all_formals_untainted pdesc
 
   let pp fmt kind =
-    F.fprintf fmt
+    F.fprintf fmt "%s"
       (match kind with
-       | Endpoint -> "Endpoint"
+       | Endpoint formal_name -> F.sprintf "Endpoint[%s]" (Mangled.to_string formal_name)
        | EnvironmentVariable -> "EnvironmentVariable"
        | File -> "File"
        | Other -> "Other"
@@ -189,10 +193,10 @@ include
 
     let should_report source sink =
       match Source.kind source, Sink.kind sink with
-      | (Endpoint | EnvironmentVariable | File), ShellExec ->
+      | (Endpoint _ | EnvironmentVariable | File), ShellExec ->
           (* untrusted data flowing to exec *)
           true
-      | (Endpoint | EnvironmentVariable | File), Allocation ->
+      | (Endpoint _ | EnvironmentVariable | File), Allocation ->
           (* untrusted data flowing to memory allocation *)
           true
       | _, (Allocation | Other | ShellExec) when Source.is_footprint source ->