From 66d03869abaaf49790d1fc89e3cb9e4ee9cc8ef9 Mon Sep 17 00:00:00 2001
From: Sam Blackshear <shb@fb.com>
Date: Tue, 20 Feb 2018 11:46:55 -0800
Subject: [PATCH] [quandary] don't treat private Java methods as endpoints

Reviewed By: the-st0rm

Differential Revision: D7031315

fbshipit-source-id: 5c61502
---
 infer/src/quandary/JavaTrace.ml                   |  4 +++-
 .../codetoanalyze/java/quandary/Services.java     | 15 +++++++++++++++
 2 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/infer/src/quandary/JavaTrace.ml b/infer/src/quandary/JavaTrace.ml
index 04d5da83d..64256171d 100644
--- a/infer/src/quandary/JavaTrace.ml
+++ b/infer/src/quandary/JavaTrace.ml
@@ -222,7 +222,9 @@ module SourceKind = struct
             | _ ->
               match Tenv.lookup tenv typename with
               | Some typ ->
-                  if Annotations.struct_typ_has_annot typ Annotations.ia_is_thrift_service then
+                  if Annotations.struct_typ_has_annot typ Annotations.ia_is_thrift_service
+                     && PredSymb.equal_access (Procdesc.get_access pdesc) PredSymb.Public
+                  then
                     (* assume every non-this formal of a Thrift service is tainted *)
                     (* TODO: may not want to taint numbers or Enum's *)
                     Some (taint_all_but_this ~make_source:(fun name desc -> Endpoint (name, desc)))
diff --git a/infer/tests/codetoanalyze/java/quandary/Services.java b/infer/tests/codetoanalyze/java/quandary/Services.java
index 3b2b31697..a3ddc4314 100644
--- a/infer/tests/codetoanalyze/java/quandary/Services.java
+++ b/infer/tests/codetoanalyze/java/quandary/Services.java
@@ -33,6 +33,21 @@ class Service1 {
     Runtime.getRuntime().exec(s); // RCE if s is tainted, we should warn
   }
 
+  // assume protected methods aren't exported to Thrift
+  protected void protectedServiceMethodOk(String s) throws IOException {
+    Runtime.getRuntime().exec(s);
+  }
+
+  // assume package-protected methods aren't exported to Thrift
+  void packageProtectedServiceMethodOk(String s) throws IOException {
+    Runtime.getRuntime().exec(s);
+  }
+
+  // private methods can't be exported to thrift
+  private void privateMethodNotEndpointOk(String s) throws IOException {
+    Runtime.getRuntime().exec(s);
+  }
+
 }
 
 @ThriftService