diff --git a/infer/tests/codetoanalyze/java/quandary/Interprocedural.java b/infer/tests/codetoanalyze/java/quandary/Interprocedural.java index 3d390d403..5521faacc 100644 --- a/infer/tests/codetoanalyze/java/quandary/Interprocedural.java +++ b/infer/tests/codetoanalyze/java/quandary/Interprocedural.java @@ -334,30 +334,79 @@ class Interprocedural { callSinkOnParam(o); } - public void callDeepSinkBad1() { - Object source = InferTaint.inferSecretSource(); - callSinkIndirectOnParam(source); - } - Obj propagate(Object param) { Obj o = new Obj(); o.f = param; return o; } - public void FN_callSinkDeepBad2() { - Obj source = propagate(InferTaint.inferSecretSource()); - callSink1(source); + static Obj id2(Obj o) { + return o; } - void callSink1(Obj o) { + void callSinkA(Obj o) { + callSink1(o); + } + + void callSinkB(Obj o) { callSink2(o); } - void callSink2(Obj o) { + void callSinkC(Obj o) { + callSink3(o); + } + + void callSinkD(Obj o) { + callSink4(o); + } + + void callSink1(Obj o) { InferTaint.inferSensitiveSink(id(o)); } + void callSink2(Obj o) { + InferTaint.inferSensitiveSink(id2(o).f); + } + + void callSink3(Obj o) { + InferTaint.inferSensitiveSink(id(o.f)); + } + + void callSink4(Obj o) { + InferTaint.inferSensitiveSink(o.f); + } + + public void callDeepSinkIndirectBad() { + Object source = InferTaint.inferSecretSource(); + callSinkIndirectOnParam(source); + } + + public void FN_callDeepSink1Bad() { + Obj source = propagate(InferTaint.inferSecretSource()); + callSinkA(source); + } + + public void FN_callDeepSink2Bad() { + Obj source = propagate(InferTaint.inferSecretSource()); + callSinkB(source); + } + + // shallow version of callSinkDeep2Bad + void FN_callShallowSinkBad(Obj o) { + o.f = InferTaint.inferSecretSource(); + InferTaint.inferSensitiveSink(id2(o).f); + } + + public void callDeepSink3Bad() { + Obj source = propagate(InferTaint.inferSecretSource()); + callSinkC(source); + } + + public void callDeepSink4Bad() { + Obj source = propagate(InferTaint.inferSecretSource()); + callSinkD(source); + } + public static void swapParams(Object o1, Object o2) { o1 = o2; } @@ -381,6 +430,4 @@ class Interprocedural { InferTaint.inferSensitiveSink(o); } - - } diff --git a/infer/tests/codetoanalyze/java/quandary/issues.exp b/infer/tests/codetoanalyze/java/quandary/issues.exp index b97d9b89d..a317bb6fe 100644 --- a/infer/tests/codetoanalyze/java/quandary/issues.exp +++ b/infer/tests/codetoanalyze/java/quandary/issues.exp @@ -92,7 +92,9 @@ codetoanalyze/java/quandary/Interprocedural.java, void Interprocedural.FP_diverg codetoanalyze/java/quandary/Interprocedural.java, void Interprocedural.FP_reassignInCallee(), 4, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),call to void InferTaint.inferSensitiveSink(Object)] codetoanalyze/java/quandary/Interprocedural.java, void Interprocedural.FP_swapParamsOk(), 4, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),flow through void Interprocedural.swapParams(Object,Object),call to void InferTaint.inferSensitiveSink(Object)] codetoanalyze/java/quandary/Interprocedural.java, void Interprocedural.FP_trackParamsOk(), 1, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),return from Object Interprocedural.returnSourceConditional(boolean),call to void InferTaint.inferSensitiveSink(Object)] -codetoanalyze/java/quandary/Interprocedural.java, void Interprocedural.callDeepSinkBad1(), 2, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),call to void Interprocedural.callSinkIndirectOnParam(Object),call to void Interprocedural.callSinkOnParam(Object),call to void InferTaint.inferSensitiveSink(Object)] +codetoanalyze/java/quandary/Interprocedural.java, void Interprocedural.callDeepSink3Bad(), 2, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),flow through Interprocedural$Obj Interprocedural.propagate(Object),call to void Interprocedural.callSinkC(Interprocedural$Obj),call to void Interprocedural.callSink3(Interprocedural$Obj),flow through Object Interprocedural.id(Object),call to void InferTaint.inferSensitiveSink(Object)] +codetoanalyze/java/quandary/Interprocedural.java, void Interprocedural.callDeepSink4Bad(), 2, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),flow through Interprocedural$Obj Interprocedural.propagate(Object),call to void Interprocedural.callSinkD(Interprocedural$Obj),call to void Interprocedural.callSink4(Interprocedural$Obj),call to void InferTaint.inferSensitiveSink(Object)] +codetoanalyze/java/quandary/Interprocedural.java, void Interprocedural.callDeepSinkIndirectBad(), 2, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),call to void Interprocedural.callSinkIndirectOnParam(Object),call to void Interprocedural.callSinkOnParam(Object),call to void InferTaint.inferSensitiveSink(Object)] codetoanalyze/java/quandary/Interprocedural.java, void Interprocedural.callSinkNoTripleReportBad(), 2, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),call to void Interprocedural.callSinkParam1(Object,Object),call to void InferTaint.inferSensitiveSink(Object)] codetoanalyze/java/quandary/Interprocedural.java, void Interprocedural.callSinkNoTripleReportBad(), 3, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),call to void Interprocedural.callSinkParam2(Object,Object),call to void InferTaint.inferSensitiveSink(Object)] codetoanalyze/java/quandary/Interprocedural.java, void Interprocedural.callSinkOnFieldDirectBad(), 2, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),call to void Interprocedural.callSinkOnFieldDirect(),call to void InferTaint.inferSensitiveSink(Object)]