pghs975uc
/
infer_clone
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

[quandary] use actuals in JavaTrace.taint_all

Browse Source 
Summary:
We previously used `Procname.java_get_parameters` to compute the indices of parameters to taint, but this doesn't always work.
`java_get_parameters` omits the `this` param, which we may sometimes want to taint.
Use the actuals (already passed to `Sink.get`) instead

Reviewed By: jvillard

Differential Revision: D4285164

fbshipit-source-id: d462a0b
master
Sam Blackshear 8 years ago committed by Facebook Github Bot
parent 56f8757337
commit 45ad904c1f
1 changed files with 9 additions and 9 deletions
Show Stats Download Patch File Download Diff File

18
infer/src/quandary/JavaTrace.ml
Unescape View File

@ -124,18 +124,18 @@ module JavaSink = struct
let make kind site = let make kind site =
{ kind; site; } { kind; site; }
let get site _ = let get site actuals =
(* taint all the inputs of [pname]. for non-static procedures, taints the "this" parameter only (* taint all the inputs of [pname]. for non-static procedures, taints the "this" parameter only
if [taint_this] is true. *) if [taint_this] is true. *)
let taint_all ?(taint_this=false) pname kind site ~report_reachable = let taint_all ?(taint_this=false) kind site ~report_reachable =
let params = let actuals_to_taint, offset =
let all_params = Procname.java_get_parameters pname in
if Procname.java_is_static (CallSite.pname site) || taint_this if Procname.java_is_static (CallSite.pname site) || taint_this
then all_params then actuals, 0
else IList.tl all_params in else IList.tl actuals, 1 in
let sink = make kind site in
IList.mapi IList.mapi
(fun param_num _ -> Sink.make_sink_param (make kind site) param_num ~report_reachable) (fun param_num _ -> Sink.make_sink_param sink (param_num + offset) ~report_reachable)
params in actuals_to_taint in
(* taint the nth non-"this" parameter (0-indexed) *) (* taint the nth non-"this" parameter (0-indexed) *)
let taint_nth n kind site ~report_reachable = let taint_nth n kind site ~report_reachable =
let first_index = if Procname.java_is_static (CallSite.pname site) then n else n + 1 in let first_index = if Procname.java_is_static (CallSite.pname site) then n else n + 1 in
@ -163,7 +163,7 @@ module JavaSink = struct
| "android.app.Activity", ("startActivityFromChild" | "startActivityFromFragment") -> | "android.app.Activity", ("startActivityFromChild" | "startActivityFromFragment") ->
taint_nth 1 Intent site ~report_reachable:true taint_nth 1 Intent site ~report_reachable:true
| "android.util.Log", ("e" | "println" | "w" | "wtf") -> | "android.util.Log", ("e" | "println" | "w" | "wtf") ->
taint_all pname Logging site ~report_reachable:true taint_all Logging site ~report_reachable:true
| "com.facebook.infer.builtins.InferTaint", "inferSensitiveSink" -> | "com.facebook.infer.builtins.InferTaint", "inferSensitiveSink" ->
[Sink.make_sink_param (make Other site) 0 ~report_reachable:false] [Sink.make_sink_param (make Other site) 0 ~report_reachable:false]
| _ -> | _ ->

Write Preview
Loading…
Cancel
Save