From 6ca990be8cd5fc41d149b7b57dbb904b4b7da912 Mon Sep 17 00:00:00 2001
From: Sam Blackshear <shb@fb.com>
Date: Wed, 7 Sep 2016 11:39:32 -0700
Subject: [PATCH] adding tests for manipulating fields

Reviewed By: cristianoc

Differential Revision: D3824276

fbshipit-source-id: c412f17
---
 .../codetoanalyze/java/quandary/Fields.java   | 152 ++++++++++++++++++
 .../codetoanalyze/java/quandary/Makefile      |   1 +
 .../codetoanalyze/java/quandary/issues.exp    |   5 +
 3 files changed, 158 insertions(+)
 create mode 100644 infer/tests/codetoanalyze/java/quandary/Fields.java

diff --git a/infer/tests/codetoanalyze/java/quandary/Fields.java b/infer/tests/codetoanalyze/java/quandary/Fields.java
new file mode 100644
index 000000000..5ce122f40
--- /dev/null
+++ b/infer/tests/codetoanalyze/java/quandary/Fields.java
@@ -0,0 +1,152 @@
+/*
+ * Copyright (c) 2016 - present Facebook, Inc.
+ * All rights reserved.
+ *
+ * This source code is licensed under the BSD style license found in the
+ * LICENSE file in the root directory of this source tree. An additional grant
+ * of patent rights can be found in the PATENTS file in the same directory.
+ */
+
+package codetoanalyze.java.quandary;
+
+import com.facebook.infer.models.InferTaint;
+
+public class Fields {
+
+  static class Obj {
+    Object f;
+    Obj g;
+  }
+
+  Object mFld;
+  static Object sFld;
+
+  /** should report on these tests */
+
+  void instanceFieldBad() {
+    this.mFld = InferTaint.inferSecretSource();
+    InferTaint.inferSensitiveSink(this.mFld);
+  }
+
+  void staticFieldBad() {
+    sFld = InferTaint.inferSecretSource();
+    InferTaint.inferSensitiveSink(sFld);
+  }
+
+  void viaFieldBad1(Obj obj) {
+    obj.f = InferTaint.inferSecretSource();
+    InferTaint.inferSensitiveSink(obj.f);
+  }
+
+  void viaFieldBad2() {
+    Obj obj = new Obj();
+    obj.f = InferTaint.inferSecretSource();
+    InferTaint.inferSensitiveSink(obj.f);
+  }
+
+  void viaFieldBad3() {
+    Obj obj = new Obj();
+    obj.f = InferTaint.inferSecretSource();
+    Object src = obj.f;
+    InferTaint.inferSensitiveSink(src);
+  }
+
+  /** should not report on these tests */
+
+  void viaFieldOk1(Obj obj) {
+    obj.f = InferTaint.inferSecretSource();
+    InferTaint.inferSensitiveSink(obj);
+  }
+
+  void viaFieldOk2() {
+    Obj obj = new Obj();
+    obj.f = InferTaint.inferSecretSource();
+    InferTaint.inferSensitiveSink(obj);
+  }
+
+  void viaFieldOk3(Obj obj) {
+    obj.g.f = InferTaint.inferSecretSource();
+    InferTaint.inferSensitiveSink(obj.g);
+  }
+
+  void viaFieldOk3() {
+    Obj obj = new Obj();
+    obj.f = InferTaint.inferSecretSource();
+    obj.g = new Obj();
+    InferTaint.inferSensitiveSink(obj.g);
+  }
+
+  void viaFieldStrongUpdateOk() {
+    Obj obj = new Obj();
+    obj.f = InferTaint.inferSecretSource();
+    obj.f = null;
+    InferTaint.inferSensitiveSink(obj.f);
+  }
+
+  void viaNestedFieldOK1(Obj obj) {
+    obj.g.f = InferTaint.inferSecretSource();
+    obj.g.f = null;
+    InferTaint.inferSensitiveSink(obj.g.f);
+  }
+
+  void viaNestedFieldOK2(Obj obj) {
+    obj.g.f = InferTaint.inferSecretSource();
+    InferTaint.inferSensitiveSink(obj.g);
+  }
+
+  void viaNestedFieldOK3(Obj obj) {
+    obj.g.f = InferTaint.inferSecretSource();
+    InferTaint.inferSensitiveSink(obj);
+  }
+
+  void viaNestedFieldOK4() {
+    Obj obj = new Obj();
+    obj.g = new Obj();
+    obj.g.f = InferTaint.inferSecretSource();
+    obj.g.f = null;
+    InferTaint.inferSensitiveSink(obj.g.f);
+  }
+
+  /** an ideal analysis would report on these tests, but we currently do not */
+
+  // need to handle aliasing to get these examples
+  // in the first few cases, this is due to intermediate pvar's introduced by Infer's translation
+
+  void FN_viaNestedFieldBad1(Obj obj) {
+    obj.g.f = InferTaint.inferSecretSource();
+    InferTaint.inferSensitiveSink(obj.g.f);
+  }
+
+  void FN_viaNestedFieldBad2() {
+    Obj obj = new Obj();
+    obj.g = new Obj();
+    obj.g.f = InferTaint.inferSecretSource();
+    InferTaint.inferSensitiveSink(obj.g.f);
+  }
+
+  void FN_aliasBad1() {
+    Obj obj1 = new Obj();
+    Obj obj2 = obj1;
+    obj2.f = InferTaint.inferSecretSource();
+    InferTaint.inferSensitiveSink(obj1.f);
+  }
+
+  void FN_AliasBad2(Obj obj) {
+    Obj x = obj.g;
+    x.f = InferTaint.inferSecretSource();
+    InferTaint.inferSensitiveSink(obj.g.f);
+  }
+
+  // need to fix our widening in order to report on this
+
+  void FN_loopFieldBad(Obj obj, int i) {
+    Obj loopObj = obj;
+    while (i < 10) {
+      loopObj.f = InferTaint.inferSecretSource();
+      loopObj = loopObj.g;
+      i++;
+    }
+    InferTaint.inferSensitiveSink(obj.g.g.f);
+  }
+
+}
diff --git a/infer/tests/codetoanalyze/java/quandary/Makefile b/infer/tests/codetoanalyze/java/quandary/Makefile
index 98af3b9b8..4bae418ec 100644
--- a/infer/tests/codetoanalyze/java/quandary/Makefile
+++ b/infer/tests/codetoanalyze/java/quandary/Makefile
@@ -12,6 +12,7 @@ INFERPRINT_OPTIONS = --issues-txt
 
 FILES = \
   Basics.java \
+  Fields.java \
   LoggingPrivateData.java \
 
 compile:
diff --git a/infer/tests/codetoanalyze/java/quandary/issues.exp b/infer/tests/codetoanalyze/java/quandary/issues.exp
index 632e73209..92254ee44 100644
--- a/infer/tests/codetoanalyze/java/quandary/issues.exp
+++ b/infer/tests/codetoanalyze/java/quandary/issues.exp
@@ -16,5 +16,10 @@ Basics.java:67: ERROR: QUANDARY_TAINT_ERROR Error: Other(Object InferTaint.infer
 Basics.java:77: ERROR: QUANDARY_TAINT_ERROR Error: Other(Object InferTaint.inferSecretSource() at [line 75]) -> Other(void InferTaint.inferSensitiveSink(Object) at [line 77]) via {  }
 Basics.java:89: ERROR: QUANDARY_TAINT_ERROR Error: Other(Object InferTaint.inferSecretSource() at [line 85]) -> Other(void InferTaint.inferSensitiveSink(Object) at [line 89]) via {  }
 Basics.java:95: ERROR: QUANDARY_TAINT_ERROR Error: Other(Object InferTaint.inferSecretSource() at [line 93]) -> Other(void InferTaint.inferSensitiveSink(Object) at [line 95]) via {  }
+Fields.java:28: ERROR: QUANDARY_TAINT_ERROR Error: Other(Object InferTaint.inferSecretSource() at [line 27]) -> Other(void InferTaint.inferSensitiveSink(Object) at [line 28]) via {  }
+Fields.java:33: ERROR: QUANDARY_TAINT_ERROR Error: Other(Object InferTaint.inferSecretSource() at [line 32]) -> Other(void InferTaint.inferSensitiveSink(Object) at [line 33]) via {  }
+Fields.java:38: ERROR: QUANDARY_TAINT_ERROR Error: Other(Object InferTaint.inferSecretSource() at [line 37]) -> Other(void InferTaint.inferSensitiveSink(Object) at [line 38]) via {  }
+Fields.java:44: ERROR: QUANDARY_TAINT_ERROR Error: Other(Object InferTaint.inferSecretSource() at [line 43]) -> Other(void InferTaint.inferSensitiveSink(Object) at [line 44]) via {  }
+Fields.java:51: ERROR: QUANDARY_TAINT_ERROR Error: Other(Object InferTaint.inferSecretSource() at [line 49]) -> Other(void InferTaint.inferSensitiveSink(Object) at [line 51]) via {  }
 LoggingPrivateData.java:18: ERROR: QUANDARY_TAINT_ERROR Error: SharedPreferences(String SharedPreferences.getString(String,String) at [line 18]) -> Logging(int Log.d(String,String) at [line 18]) via {  }
 LoggingPrivateData.java:22: ERROR: QUANDARY_TAINT_ERROR Error: SharedPreferences(String SharedPreferences.getString(String,String) at [line 22]) -> Logging(int Log.d(String,String) at [line 22]) via {  }