From 4952f1ea3bef241a53b65d2f5606e08c166ce4f5 Mon Sep 17 00:00:00 2001
From: Sam Blackshear <shb@fb.com>
Date: Wed, 14 Mar 2018 13:12:18 -0700
Subject: [PATCH] [quandary] tests documenting limitations of sanitizers

Reviewed By: mbouaziz

Differential Revision: D7257570

fbshipit-source-id: 5f97e31
---
 .../java/quandary/ExternalSpecs.java          | 25 +++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/infer/tests/codetoanalyze/java/quandary/ExternalSpecs.java b/infer/tests/codetoanalyze/java/quandary/ExternalSpecs.java
index 5b5f8d10d..e33fb263b 100644
--- a/infer/tests/codetoanalyze/java/quandary/ExternalSpecs.java
+++ b/infer/tests/codetoanalyze/java/quandary/ExternalSpecs.java
@@ -102,6 +102,31 @@ public class ExternalSpecs {
     return sanitized;
   }
 
+  void FN_sanitizeOneBranchBad(boolean b) {
+    Object source = InferTaint.inferSecretSource();
+    Object o;
+    if (b) {
+      o = sanitizer(source);
+    } else {
+      o = source;
+    }
+    InferTaint.inferSensitiveSink(o);
+  }
+
+  Object sanitizeOneBranchInCallee(Object o, boolean b) {
+    if (b) {
+      return sanitizer(o);
+    } else {
+      return o;
+    }
+  }
+
+  void FN_sanitizerWeakUpdateBad(boolean b) {
+    Object source = InferTaint.inferSecretSource();
+    Object o = sanitizeOneBranchInCallee(source, b);
+    InferTaint.inferSensitiveSink(o);
+  }
+
   // if theres' a procedure with the same name defined in .inferconfig as a sink on parameter 1,
   // we shouldn't crash
   public static void loggingSink1() {}