[quandary] more tests

Reviewed By: jeremydubreil

Differential Revision: D4747866

fbshipit-source-id: 7ad1db7
master
Sam Blackshear 8 years ago committed by Facebook Github Bot
parent 40ae870c31
commit 68af2afb77

@ -334,30 +334,79 @@ class Interprocedural {
callSinkOnParam(o); callSinkOnParam(o);
} }
public void callDeepSinkBad1() {
Object source = InferTaint.inferSecretSource();
callSinkIndirectOnParam(source);
}
Obj propagate(Object param) { Obj propagate(Object param) {
Obj o = new Obj(); Obj o = new Obj();
o.f = param; o.f = param;
return o; return o;
} }
public void FN_callSinkDeepBad2() { static Obj id2(Obj o) {
Obj source = propagate(InferTaint.inferSecretSource()); return o;
callSink1(source);
} }
void callSink1(Obj o) { void callSinkA(Obj o) {
callSink1(o);
}
void callSinkB(Obj o) {
callSink2(o); callSink2(o);
} }
void callSink2(Obj o) { void callSinkC(Obj o) {
callSink3(o);
}
void callSinkD(Obj o) {
callSink4(o);
}
void callSink1(Obj o) {
InferTaint.inferSensitiveSink(id(o)); InferTaint.inferSensitiveSink(id(o));
} }
void callSink2(Obj o) {
InferTaint.inferSensitiveSink(id2(o).f);
}
void callSink3(Obj o) {
InferTaint.inferSensitiveSink(id(o.f));
}
void callSink4(Obj o) {
InferTaint.inferSensitiveSink(o.f);
}
public void callDeepSinkIndirectBad() {
Object source = InferTaint.inferSecretSource();
callSinkIndirectOnParam(source);
}
public void FN_callDeepSink1Bad() {
Obj source = propagate(InferTaint.inferSecretSource());
callSinkA(source);
}
public void FN_callDeepSink2Bad() {
Obj source = propagate(InferTaint.inferSecretSource());
callSinkB(source);
}
// shallow version of callSinkDeep2Bad
void FN_callShallowSinkBad(Obj o) {
o.f = InferTaint.inferSecretSource();
InferTaint.inferSensitiveSink(id2(o).f);
}
public void callDeepSink3Bad() {
Obj source = propagate(InferTaint.inferSecretSource());
callSinkC(source);
}
public void callDeepSink4Bad() {
Obj source = propagate(InferTaint.inferSecretSource());
callSinkD(source);
}
public static void swapParams(Object o1, Object o2) { public static void swapParams(Object o1, Object o2) {
o1 = o2; o1 = o2;
} }
@ -381,6 +430,4 @@ class Interprocedural {
InferTaint.inferSensitiveSink(o); InferTaint.inferSensitiveSink(o);
} }
} }

@ -92,7 +92,9 @@ codetoanalyze/java/quandary/Interprocedural.java, void Interprocedural.FP_diverg
codetoanalyze/java/quandary/Interprocedural.java, void Interprocedural.FP_reassignInCallee(), 4, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),call to void InferTaint.inferSensitiveSink(Object)] codetoanalyze/java/quandary/Interprocedural.java, void Interprocedural.FP_reassignInCallee(), 4, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),call to void InferTaint.inferSensitiveSink(Object)]
codetoanalyze/java/quandary/Interprocedural.java, void Interprocedural.FP_swapParamsOk(), 4, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),flow through void Interprocedural.swapParams(Object,Object),call to void InferTaint.inferSensitiveSink(Object)] codetoanalyze/java/quandary/Interprocedural.java, void Interprocedural.FP_swapParamsOk(), 4, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),flow through void Interprocedural.swapParams(Object,Object),call to void InferTaint.inferSensitiveSink(Object)]
codetoanalyze/java/quandary/Interprocedural.java, void Interprocedural.FP_trackParamsOk(), 1, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),return from Object Interprocedural.returnSourceConditional(boolean),call to void InferTaint.inferSensitiveSink(Object)] codetoanalyze/java/quandary/Interprocedural.java, void Interprocedural.FP_trackParamsOk(), 1, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),return from Object Interprocedural.returnSourceConditional(boolean),call to void InferTaint.inferSensitiveSink(Object)]
codetoanalyze/java/quandary/Interprocedural.java, void Interprocedural.callDeepSinkBad1(), 2, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),call to void Interprocedural.callSinkIndirectOnParam(Object),call to void Interprocedural.callSinkOnParam(Object),call to void InferTaint.inferSensitiveSink(Object)] codetoanalyze/java/quandary/Interprocedural.java, void Interprocedural.callDeepSink3Bad(), 2, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),flow through Interprocedural$Obj Interprocedural.propagate(Object),call to void Interprocedural.callSinkC(Interprocedural$Obj),call to void Interprocedural.callSink3(Interprocedural$Obj),flow through Object Interprocedural.id(Object),call to void InferTaint.inferSensitiveSink(Object)]
codetoanalyze/java/quandary/Interprocedural.java, void Interprocedural.callDeepSink4Bad(), 2, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),flow through Interprocedural$Obj Interprocedural.propagate(Object),call to void Interprocedural.callSinkD(Interprocedural$Obj),call to void Interprocedural.callSink4(Interprocedural$Obj),call to void InferTaint.inferSensitiveSink(Object)]
codetoanalyze/java/quandary/Interprocedural.java, void Interprocedural.callDeepSinkIndirectBad(), 2, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),call to void Interprocedural.callSinkIndirectOnParam(Object),call to void Interprocedural.callSinkOnParam(Object),call to void InferTaint.inferSensitiveSink(Object)]
codetoanalyze/java/quandary/Interprocedural.java, void Interprocedural.callSinkNoTripleReportBad(), 2, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),call to void Interprocedural.callSinkParam1(Object,Object),call to void InferTaint.inferSensitiveSink(Object)] codetoanalyze/java/quandary/Interprocedural.java, void Interprocedural.callSinkNoTripleReportBad(), 2, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),call to void Interprocedural.callSinkParam1(Object,Object),call to void InferTaint.inferSensitiveSink(Object)]
codetoanalyze/java/quandary/Interprocedural.java, void Interprocedural.callSinkNoTripleReportBad(), 3, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),call to void Interprocedural.callSinkParam2(Object,Object),call to void InferTaint.inferSensitiveSink(Object)] codetoanalyze/java/quandary/Interprocedural.java, void Interprocedural.callSinkNoTripleReportBad(), 3, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),call to void Interprocedural.callSinkParam2(Object,Object),call to void InferTaint.inferSensitiveSink(Object)]
codetoanalyze/java/quandary/Interprocedural.java, void Interprocedural.callSinkOnFieldDirectBad(), 2, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),call to void Interprocedural.callSinkOnFieldDirect(),call to void InferTaint.inferSensitiveSink(Object)] codetoanalyze/java/quandary/Interprocedural.java, void Interprocedural.callSinkOnFieldDirectBad(), 2, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),call to void Interprocedural.callSinkOnFieldDirect(),call to void InferTaint.inferSensitiveSink(Object)]

Loading…
Cancel
Save