From 685f205ddaf29e712fbed50d08c42a63c07f2d20 Mon Sep 17 00:00:00 2001
From: Sam Blackshear <shb@fb.com>
Date: Tue, 10 Jan 2017 13:02:52 -0800
Subject: [PATCH] [quandary] skeleton for ObjC traces

Summary: Generalized the CppTrace into a Clang trace because we don't currently have separate checkers for Obj-C and Cpp. Happy to separate them later if there is a good reason

Reviewed By: akotulski

Differential Revision: D4394952

fbshipit-source-id: e288761
---
 infer/src/checkers/registerCheckers.ml        |  2 +-
 ...TaintAnalysis.ml => ClangTaintAnalysis.ml} |  6 ++--
 .../quandary/{CppTrace.ml => ClangTrace.ml}   | 13 ++++++--
 infer/src/quandary/ClangTrace.mli             | 12 +++++++
 infer/src/quandary/QuandarySummary.ml         |  6 ++--
 infer/src/quandary/QuandarySummary.mli        |  4 +--
 .../codetoanalyze/objc/quandary/Makefile      | 25 ++++++++++++++
 .../codetoanalyze/objc/quandary/basics.m      | 33 +++++++++++++++++++
 .../codetoanalyze/objc/quandary/issues.exp    |  1 +
 9 files changed, 91 insertions(+), 11 deletions(-)
 rename infer/src/quandary/{CppTaintAnalysis.ml => ClangTaintAnalysis.ml} (86%)
 rename infer/src/quandary/{CppTrace.ml => ClangTrace.ml} (87%)
 create mode 100644 infer/src/quandary/ClangTrace.mli
 create mode 100644 infer/tests/codetoanalyze/objc/quandary/Makefile
 create mode 100644 infer/tests/codetoanalyze/objc/quandary/basics.m
 create mode 100644 infer/tests/codetoanalyze/objc/quandary/issues.exp

diff --git a/infer/src/checkers/registerCheckers.ml b/infer/src/checkers/registerCheckers.ml
index ebdac30fd..91cb88e69 100644
--- a/infer/src/checkers/registerCheckers.ml
+++ b/infer/src/checkers/registerCheckers.ml
@@ -49,7 +49,7 @@ let active_procedure_checkers () =
         Checkers.callback_print_c_method_calls, false;
         CheckDeadCode.callback_check_dead_code, false;
         Checkers.callback_print_access_to_globals, false;
-        CppTaintAnalysis.checker, Config.quandary;
+        ClangTaintAnalysis.checker, Config.quandary;
         Siof.checker, checkers_enabled;
       ] in
     IList.map (fun (x, y) -> (x, y, Some Config.Clang)) l in
diff --git a/infer/src/quandary/CppTaintAnalysis.ml b/infer/src/quandary/ClangTaintAnalysis.ml
similarity index 86%
rename from infer/src/quandary/CppTaintAnalysis.ml
rename to infer/src/quandary/ClangTaintAnalysis.ml
index 32a014c4c..3789102d0 100644
--- a/infer/src/quandary/CppTaintAnalysis.ml
+++ b/infer/src/quandary/ClangTaintAnalysis.ml
@@ -14,13 +14,13 @@ module L = Logging
 
 include
   TaintAnalysis.Make(struct
-    module Trace = CppTrace
+    module Trace = ClangTrace
     module AccessTree = AccessTree.Make(Trace)
 
-    let to_summary_access_tree tree = QuandarySummary.AccessTree.Cpp tree
+    let to_summary_access_tree tree = QuandarySummary.AccessTree.Clang tree
 
     let of_summary_access_tree = function
-      | QuandarySummary.AccessTree.Cpp tree -> tree
+      | QuandarySummary.AccessTree.Clang tree -> tree
       | _ -> assert false
 
     let handle_unknown_call _ _ =
diff --git a/infer/src/quandary/CppTrace.ml b/infer/src/quandary/ClangTrace.ml
similarity index 87%
rename from infer/src/quandary/CppTrace.ml
rename to infer/src/quandary/ClangTrace.ml
index 327074e65..e2adbf54c 100644
--- a/infer/src/quandary/CppTrace.ml
+++ b/infer/src/quandary/ClangTrace.ml
@@ -26,8 +26,7 @@ module Kind = struct
     | (Procname.ObjC_Cpp cpp_pname) as pname ->
         begin
           match Procname.objc_cpp_get_class_name cpp_pname, Procname.get_method pname with
-          (* placeholder for real sources *)
-          | "Namespace here", "method name here" -> None
+          | "InferTaint", "source" -> Some Other
           | _ -> None
         end
     | (Procname.C _) as pname ->
@@ -37,6 +36,8 @@ module Kind = struct
           | "__infer_taint_source" -> Some Other
           | _ -> None
         end
+    | Procname.Block _ ->
+        None
     | pname when BuiltinDecl.is_declared pname ->
         None
     | pname ->
@@ -66,6 +67,12 @@ module SinkKind = struct
         (fun actual_num _ -> kind, actual_num, report_reachable)
         actuals in
     match pname with
+    | (Procname.ObjC_Cpp cpp_pname) as pname ->
+        begin
+          match Procname.objc_cpp_get_class_name cpp_pname, Procname.get_method pname with
+          | "InferTaint", "sink:" -> taint_all actuals Other ~report_reachable:true
+          | _ -> []
+        end
     | Procname.C _ ->
         begin
           match Procname.to_string pname with
@@ -76,6 +83,8 @@ module SinkKind = struct
           | _ ->
               []
         end
+    | Procname.Block _ ->
+        []
     | pname when BuiltinDecl.is_declared pname ->
         []
     | pname ->
diff --git a/infer/src/quandary/ClangTrace.mli b/infer/src/quandary/ClangTrace.mli
new file mode 100644
index 000000000..f288fcfab
--- /dev/null
+++ b/infer/src/quandary/ClangTrace.mli
@@ -0,0 +1,12 @@
+(*
+ * Copyright (c) 2017 - present Facebook, Inc.
+ * All rights reserved.
+ *
+ * This source code is licensed under the BSD style license found in the
+ * LICENSE file in the root directory of this source tree. An additional grant
+ * of patent rights can be found in the PATENTS file in the same directory.
+ *)
+
+open! IStd
+
+include Trace.S
diff --git a/infer/src/quandary/QuandarySummary.ml b/infer/src/quandary/QuandarySummary.ml
index 543854adf..a137a7987 100644
--- a/infer/src/quandary/QuandarySummary.ml
+++ b/infer/src/quandary/QuandarySummary.ml
@@ -15,16 +15,16 @@ module F = Format
 module L = Logging
 
 module Java = AccessTree.Make(JavaTrace)
-module Cpp = AccessTree.Make(CppTrace)
+module Clang = AccessTree.Make(ClangTrace)
 
 module AccessTree = struct
   type t =
     | Java of Java.t
-    | Cpp of Cpp.t
+    | Clang of Clang.t
 
   let pp fmt = function
     | Java access_tree -> Java.pp fmt access_tree
-    | Cpp access_tree -> Cpp.pp fmt access_tree
+    | Clang access_tree -> Clang.pp fmt access_tree
 end
 
 type t = AccessTree.t
diff --git a/infer/src/quandary/QuandarySummary.mli b/infer/src/quandary/QuandarySummary.mli
index b940bbadc..c79d4645e 100644
--- a/infer/src/quandary/QuandarySummary.mli
+++ b/infer/src/quandary/QuandarySummary.mli
@@ -15,12 +15,12 @@ open! IStd
 module F = Format
 
 module Java : module type of (AccessTree.Make(JavaTrace))
-module Cpp : module type of (AccessTree.Make(CppTrace))
+module Clang : module type of (AccessTree.Make(ClangTrace))
 
 module AccessTree : sig
   type t =
     | Java of Java.t
-    | Cpp of Cpp.t
+    | Clang of Clang.t
 end
 
 type t = AccessTree.t
diff --git a/infer/tests/codetoanalyze/objc/quandary/Makefile b/infer/tests/codetoanalyze/objc/quandary/Makefile
new file mode 100644
index 000000000..2a49d4632
--- /dev/null
+++ b/infer/tests/codetoanalyze/objc/quandary/Makefile
@@ -0,0 +1,25 @@
+# Copyright (c) 2017 - present Facebook, Inc.
+# All rights reserved.
+#
+# This source code is licensed under the BSD style license found in the
+# LICENSE file in the root directory of this source tree. An additional grant
+# of patent rights can be found in the PATENTS file in the same directory.
+
+TESTS_DIR = ../../..
+
+IPHONESIMULATOR_ISYSROOT_SUFFIX = /Platforms/iPhoneSimulator.platform/Developer/SDKs/iPhoneSimulator.sdk
+
+XCODEROOT = $(shell xcode-select -p)
+
+CLANG_OPTIONS = -x objective-c \
+  -isysroot $(XCODEROOT)$(IPHONESIMULATOR_ISYSROOT_SUFFIX) \
+  -mios-simulator-version-min=8.2 --target=x86_64-apple-darwin14 -c \
+
+ANALYZER = quandary
+INFER_OPTIONS = --no-filtering --debug-exceptions --project-root $(TESTS_DIR) --iphoneos-target-sdk-version 8.0
+INFERPRINT_OPTIONS = --issues-tests
+
+SOURCES = \
+  $(wildcard *.m) \
+
+include $(TESTS_DIR)/clang.make
diff --git a/infer/tests/codetoanalyze/objc/quandary/basics.m b/infer/tests/codetoanalyze/objc/quandary/basics.m
new file mode 100644
index 000000000..fe664a074
--- /dev/null
+++ b/infer/tests/codetoanalyze/objc/quandary/basics.m
@@ -0,0 +1,33 @@
+/*
+ * Copyright (c) 2017 - present Facebook, Inc.
+ * All rights reserved.
+ *
+ * This source code is licensed under the BSD style license found in the
+ * LICENSE file in the root directory of this source tree. An additional grant
+ * of patent rights can be found in the PATENTS file in the same directory.
+ */
+
+#import <Foundation/NSObject.h>
+
+@interface InferTaint : NSObject {
+}
+
++ (NSObject*)source;
++ (void)sink:(NSObject*)param;
++ (void)notASink:(NSObject*)param;
+@end
+
+void callSinkDirectBad() {
+  NSObject* source = [InferTaint source];
+  [InferTaint sink:source];
+}
+
+void callSinkOnNonSourceOk() {
+  NSObject* source = [NSObject new];
+  [InferTaint sink:source];
+}
+
+void callNonSinkOnSourceOk() {
+  NSObject* source = [InferTaint source];
+  [InferTaint notASink:source];
+}
diff --git a/infer/tests/codetoanalyze/objc/quandary/issues.exp b/infer/tests/codetoanalyze/objc/quandary/issues.exp
new file mode 100644
index 000000000..e76e090d7
--- /dev/null
+++ b/infer/tests/codetoanalyze/objc/quandary/issues.exp
@@ -0,0 +1 @@
+codetoanalyze/objc/quandary/basics.m, callSinkDirectBad, 2, QUANDARY_TAINT_ERROR, [return from InferTaint_source,call to InferTaint_sink:]