pghs975uc
/
infer_clone
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

[quandary] remember name of tainted parameter for endpoint source

Browse Source 
Summary: This makes it possible to see which tainted parameter can flow to a sink, which is quite useful.

Reviewed By: jeremydubreil

Differential Revision: D5213297

fbshipit-source-id: 1371b5a
master
Sam Blackshear 8 years ago committed by Facebook Github Bot
parent 7dd7b460e0
commit 3cd7fa1c62
1 changed files with 12 additions and 8 deletions
Show Stats Download Patch File Download Diff File

20
infer/src/quandary/ClangTrace.ml
Unescape View File

@ -14,7 +14,7 @@ module L = Logging
module SourceKind = struct module SourceKind = struct
type t = type t =
| Endpoint (** source originating from an endpoint *) | Endpoint of Mangled.t (** source originating from formal of an endpoint *)
| EnvironmentVariable (** source that was read from an environment variable *) | EnvironmentVariable (** source that was read from an environment variable *)
| File (** source that was read from a file *) | File (** source that was read from a file *)
| Other (** for testing or uncategorized sources *) | Other (** for testing or uncategorized sources *)
@ -24,7 +24,7 @@ module SourceKind = struct
let unknown = Unknown let unknown = Unknown
let of_string = function let of_string = function
| "Endpoint" -> Endpoint | "Endpoint" -> Endpoint (Mangled.from_string "NONE")
| "EnvironmentVariable" -> EnvironmentVariable | "EnvironmentVariable" -> EnvironmentVariable
| "File" -> File | "File" -> File
| _ -> Other | _ -> Other
@ -90,15 +90,19 @@ module SourceKind = struct
(Typ.Procname.objc_cpp_get_class_name objc) (Typ.Procname.objc_cpp_get_class_name objc)
(Typ.Procname.get_method pname) in (Typ.Procname.get_method pname) in
if String.Set.mem endpoints qualified_pname if String.Set.mem endpoints qualified_pname
then List.map ~f:(fun (name, typ) -> name, typ, Some Endpoint) (Procdesc.get_formals pdesc) then
else Source.all_formals_untainted pdesc List.map
~f:(fun (name, typ) -> name, typ, Some (Endpoint name))
(Procdesc.get_formals pdesc)
else
Source.all_formals_untainted pdesc
| _ -> | _ ->
Source.all_formals_untainted pdesc Source.all_formals_untainted pdesc
let pp fmt kind = let pp fmt kind =
F.fprintf fmt F.fprintf fmt "%s"
(match kind with (match kind with
| Endpoint -> "Endpoint" | Endpoint formal_name -> F.sprintf "Endpoint[%s]" (Mangled.to_string formal_name)
| EnvironmentVariable -> "EnvironmentVariable" | EnvironmentVariable -> "EnvironmentVariable"
| File -> "File" | File -> "File"
| Other -> "Other" | Other -> "Other"
@ -189,10 +193,10 @@ include
let should_report source sink = let should_report source sink =
match Source.kind source, Sink.kind sink with match Source.kind source, Sink.kind sink with
| (Endpoint | EnvironmentVariable | File), ShellExec -> | (Endpoint _ | EnvironmentVariable | File), ShellExec ->
(* untrusted data flowing to exec *) (* untrusted data flowing to exec *)
true true
| (Endpoint | EnvironmentVariable | File), Allocation -> | (Endpoint _ | EnvironmentVariable | File), Allocation ->
(* untrusted data flowing to memory allocation *) (* untrusted data flowing to memory allocation *)
true true
| _, (Allocation | Other | ShellExec) when Source.is_footprint source -> | _, (Allocation | Other | ShellExec) when Source.is_footprint source ->

Write Preview
Loading…
Cancel
Save