From 670ae4a673322d75131f7751fc4fb253c840be38 Mon Sep 17 00:00:00 2001 From: Sam Blackshear Date: Tue, 17 Apr 2018 15:45:59 -0700 Subject: [PATCH] [quandary] `WebResourceRequest.getUrl` as source Reviewed By: the-st0rm Differential Revision: D7336116 fbshipit-source-id: 5d458e5 --- infer/src/quandary/JavaTrace.ml | 2 ++ infer/tests/codetoanalyze/java/quandary/WebViews.java | 5 +++++ infer/tests/codetoanalyze/java/quandary/issues.exp | 1 + 3 files changed, 8 insertions(+) diff --git a/infer/src/quandary/JavaTrace.ml b/infer/src/quandary/JavaTrace.ml index 817f0c013..65ae0d2bf 100644 --- a/infer/src/quandary/JavaTrace.ml +++ b/infer/src/quandary/JavaTrace.ml @@ -109,6 +109,8 @@ module SourceKind = struct | ( ("android.content.ClipboardManager" | "android.text.ClipboardManager") , ("getPrimaryClip" | "getText") ) -> Some (UserControlledString, return) + | "android.webkit.WebResourceRequest", "getUrl" -> + Some (UserControlledURI, return) | "android.widget.EditText", "getText" -> Some (UserControlledString, return) | class_name, method_name -> diff --git a/infer/tests/codetoanalyze/java/quandary/WebViews.java b/infer/tests/codetoanalyze/java/quandary/WebViews.java index 0f253dbf9..4d1e8d591 100644 --- a/infer/tests/codetoanalyze/java/quandary/WebViews.java +++ b/infer/tests/codetoanalyze/java/quandary/WebViews.java @@ -9,6 +9,7 @@ package codetoanalyze.java.quandary; +import java.io.File; import java.net.URISyntaxException; import android.app.Activity; @@ -67,6 +68,10 @@ public class WebViews { return null; } + File webResourceToFileBad(WebResourceRequest request) { + return new File(request.getUrl().getPath()); + } + @Override public boolean shouldOverrideUrlLoading(WebView w, String url) { try { diff --git a/infer/tests/codetoanalyze/java/quandary/issues.exp b/infer/tests/codetoanalyze/java/quandary/issues.exp index 60a7422d0..d5888531f 100644 --- a/infer/tests/codetoanalyze/java/quandary/issues.exp +++ b/infer/tests/codetoanalyze/java/quandary/issues.exp @@ -219,6 +219,7 @@ codetoanalyze/java/quandary/UserControlledStrings.java, void UserControlledStrin codetoanalyze/java/quandary/UserControlledStrings.java, void UserControlledStrings.readClipboardSourcesBad(), 3, QUANDARY_TAINT_ERROR, ERROR, [Return from ClipData ClipboardManager.getPrimaryClip(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0] codetoanalyze/java/quandary/UserControlledStrings.java, void UserControlledStrings.readClipboardSourcesBad(), 4, QUANDARY_TAINT_ERROR, ERROR, [Return from ClipData ClipboardManager.getPrimaryClip(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0] codetoanalyze/java/quandary/UserControlledStrings.java, void UserControlledStrings.readClipboardSourcesBad(), 5, QUANDARY_TAINT_ERROR, ERROR, [Return from ClipData ClipboardManager.getPrimaryClip(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0] +codetoanalyze/java/quandary/WebViews.java, File WebViews$MyWebViewClient.webResourceToFileBad(WebResourceRequest), 1, UNTRUSTED_FILE, ERROR, [Return from Uri WebResourceRequest.getUrl(),Call to File.(String) with tainted index 1] codetoanalyze/java/quandary/WebViews.java, WebResourceResponse WebViews$MyWebViewClient.shouldInterceptRequest(WebView,WebResourceRequest), 1, CREATE_INTENT_FROM_URI, ERROR, [Return from Intent.(String,Uri),Call to void Activity.startActivity(Intent) with tainted index 1] codetoanalyze/java/quandary/WebViews.java, boolean WebViews$MyWebChromeClient.onJsAlert(WebView,String,String,JsResult), 2, UNTRUSTED_INTENT_CREATION, ERROR, [Return from boolean WebViews$MyWebChromeClient.onJsAlert(WebView,String,String,JsResult),Call to Intent Intent.parseUri(String,int) with tainted index 0] codetoanalyze/java/quandary/WebViews.java, boolean WebViews$MyWebChromeClient.onJsAlert(WebView,String,String,JsResult), 3, CREATE_INTENT_FROM_URI, ERROR, [Return from Intent Intent.parseUri(String,int),Call to void Activity.startActivity(Intent) with tainted index 1]