[quandary] don't complain about transferring extras between intents

Reviewed By: AmarBhosale

Differential Revision: D4806571

fbshipit-source-id: cf138e9

infer/src/quandary/JavaTaintAnalysis.ml

@@ -39,6 +39,10 @@ include
             match Typ.Procname.java_get_class_name java_pname,
                   Typ.Procname.java_get_method java_pname,
                   ret_typ_opt with
+            | "android.content.Intent", ("putExtra" | "putExtras"), _ ->
+                (* don't care about tainted extras. instead. we'll check that result of getExtra is
+                   always used safely *)
+                []
             | _ when Typ.Procname.is_constructor pname ->
                 [TaintSpec.Propagate_to_receiver]
             | _, _, (Some Typ.Tvoid | None) when not is_static ->

infer/tests/codetoanalyze/java/quandary/Intents.java

@@ -102,4 +102,26 @@ public class Intents {
     activity.startActivity(activity.getIntent());
   }
 
+  Activity mActivity;
+
+  void extraToDataBad() {
+    Intent taintedIntent = (Intent) InferTaint.inferSecretSource();
+    String extra = taintedIntent.getStringExtra("foo");
+
+    Intent newIntent1 = new Intent();
+    mActivity.startActivity(newIntent1.setData(Uri.parse(extra))); // should report
+    Intent newIntent2 = new Intent();
+    newIntent2.setData(Uri.parse(extra));
+    mActivity.startActivity(newIntent2); // should report
+  }
+
+  void extraToExtraOk() {
+    Intent taintedIntent = (Intent) InferTaint.inferSecretSource();
+    String extra = taintedIntent.getStringExtra("foo");
+
+    Intent newIntent = new Intent();
+    newIntent.putExtra("foo", extra);
+    mActivity.startActivity(newIntent);
+  }
+
 }

infer/tests/codetoanalyze/java/quandary/issues.exp

@@ -86,6 +86,8 @@ codetoanalyze/java/quandary/Intents.java, void Intents.callAllIntentSinks(), 10,
 codetoanalyze/java/quandary/Intents.java, void Intents.callAllIntentSinks(), 11, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),call to Intent Intent.setDataAndType(Uri,String)]
 codetoanalyze/java/quandary/Intents.java, void Intents.callAllIntentSinks(), 12, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),call to Intent Intent.setDataAndTypeAndNormalize(Uri,String)]
 codetoanalyze/java/quandary/Intents.java, void Intents.callAllIntentSinks(), 13, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),call to Intent Intent.setPackage(String)]
+codetoanalyze/java/quandary/Intents.java, void Intents.extraToDataBad(), 5, QUANDARY_TAINT_ERROR, [return from String Intent.getStringExtra(String),call to Intent Intent.setData(Uri)]
+codetoanalyze/java/quandary/Intents.java, void Intents.extraToDataBad(), 7, QUANDARY_TAINT_ERROR, [return from String Intent.getStringExtra(String),call to Intent Intent.setData(Uri)]
 codetoanalyze/java/quandary/Intents.java, void Intents.reuseIntentBad(Activity), 1, QUANDARY_TAINT_ERROR, [return from Intent Activity.getIntent(),call to void Activity.startActivity(Intent)]
 codetoanalyze/java/quandary/Intents.java, void Intents.subclassCallBad(IntentSubclass,ContextSubclass), 3, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),call to void Context.startActivity(Intent)]
 codetoanalyze/java/quandary/Intents.java, void MyActivity.onActivityResult(int,int,Intent), 1, QUANDARY_TAINT_ERROR, [return from void MyActivity.onActivityResult(int,int,Intent),call to ComponentName ContextWrapper.startService(Intent)]