pghs975uc
/
infer_clone
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

[quandary] more fine-grained issue types for Java

Browse Source 
Reviewed By: AmarBhosale

Differential Revision: D6513437

fbshipit-source-id: b9acbcf
master
Sam Blackshear 7 years ago committed by Facebook Github Bot
parent d81faea3b3
commit 7e8739de0a
4 changed files with 112 additions and 92 deletions
Show Stats Download Patch File Download Diff File

14
infer/src/base/IssueType.ml
Unescape View File

@ -120,8 +120,6 @@ let class_cast_exception = from_string ~enabled:false "CLASS_CAST_EXCEPTION"
let cluster_callback = from_string "CLUSTER_CALLBACK"
let create_intent_from_uri = from_string "CREATE_INTENT_FROM_URI"
let codequery = from_string "Codequery"
let comparing_floats_for_equality = from_string "COMPARING_FLOAT_FOR_EQUALITY"
@ -132,6 +130,10 @@ let condition_always_true = from_string ~enabled:false "CONDITION_ALWAYS_TRUE"
let context_leak = from_string "CONTEXT_LEAK"
let create_intent_from_uri = from_string "CREATE_INTENT_FROM_URI"
let cross_site_scripting = from_string "CROSS_SITE_SCRIPTING"
let dangling_pointer_dereference = from_string ~enabled:false "DANGLING_POINTER_DEREFERENCE"
let dead_store = from_string "DEAD_STORE"
@ -247,12 +249,16 @@ let interface_not_thread_safe = from_string "INTERFACE_NOT_THREAD_SAFE"
let internal_error = from_string "Internal_error"
let javascript_injection = from_string "JAVASCRIPT_INJECTION"
let leak_after_array_abstraction = from_string "Leak_after_array_abstraction"
let leak_in_footprint = from_string "Leak_in_footprint"
let lock_consistency_violation = from_string "LOCK_CONSISTENCY_VIOLATION"
let logging_private_data = from_string "LOGGING_PRIVATE_DATA"
let memory_leak = from_string "MEMORY_LEAK"
let missing_fld = from_string "Missing_fld" ~hum:"Missing Field"
@ -323,10 +329,14 @@ let unsafe_guarded_by_access = from_string "UNSAFE_GUARDED_BY_ACCESS"
let use_after_free = from_string "USE_AFTER_FREE"
let untrusted_deserialization = from_string "UNTRUSTED_DESERIALIZATION"
let untrusted_file = from_string "UNTRUSTED_FILE"
let untrusted_file_risk = from_string "UNTRUSTED_FILE_RISK"
let untrusted_intent_creation = from_string "UNTRUSTED_INTENT_CREATION"
let untrusted_variable_length_array = from_string "UNTRUSTED_VARIABLE_LENGTH_ARRAY"
let user_controlled_sql_risk = from_string "USER_CONTROLLED_SQL_RISK"

18
infer/src/base/IssueType.mli
Unescape View File

@ -71,8 +71,6 @@ val class_cast_exception : t
val cluster_callback : t
val create_intent_from_uri : t
val codequery : t
val comparing_floats_for_equality : t
@ -83,6 +81,10 @@ val condition_always_true : t
val context_leak : t
val create_intent_from_uri : t
val cross_site_scripting : t
val dangling_pointer_dereference : t
val dead_store : t
@ -160,12 +162,16 @@ val interface_not_thread_safe : t
val internal_error : t
val javascript_injection : t
val leak_after_array_abstraction : t
val leak_in_footprint : t
val lock_consistency_violation : t
val logging_private_data : t
val memory_leak : t
val missing_fld : t
@ -232,12 +238,16 @@ val unsafe_guarded_by_access : t
val use_after_free : t
val user_controlled_sql_risk : t
val untrusted_deserialization : t
val untrusted_file : t
val untrusted_file_risk : t
val untrusted_variable_length_array : t
val untrusted_intent_creation : t
val user_controlled_sql_risk : t
val untrusted_variable_length_array : t
val wrong_argument_number : t

40
infer/src/quandary/JavaTrace.ml
Unescape View File

@ -398,24 +398,21 @@ include Trace.Make (struct
| _ when not (List.is_empty sanitizers) ->
(* assume any sanitizer clears all forms of taint *)
None
| PrivateData, Logging
(* logging private data issue *)
| Intent, StartComponent
(* intent reuse issue *)
| Intent, CreateIntent
(* intent configured with external values issue *)
| Intent, JavaScript
(* external data flows into JS: remote code execution risk *)
| PrivateData, JavaScript
(* create intent/launch component from user-controlled URI *)
| UserControlledURI, CreateFile
(* create file from user-controller URI; potential path-traversal vulnerability *)
| UserControlledString, (StartComponent | CreateIntent | JavaScript | CreateFile | HTML) ->
(* do something sensitive with a user-controlled string *)
Some IssueType.quandary_taint_error
| (Intent | UserControlledURI | UserControlledString), Deserialization ->
| (Intent | UserControlledString | UserControlledURI), CreateIntent ->
(* creating Intent from user-congrolled data *)
Some IssueType.untrusted_intent_creation
| (Intent | IntentFromURI | UserControlledString | UserControlledURI), CreateFile ->
(* user-controlled file creation; may be vulnerable to path traversal + more *)
Some IssueType.untrusted_file
| (Intent | IntentFromURI | UserControlledString | UserControlledURI), Deserialization ->
(* shouldn't let anyone external control what we deserialize *)
Some IssueType.quandary_taint_error
Some IssueType.untrusted_deserialization
| (Intent | IntentFromURI | UserControlledString | UserControlledURI), HTML ->
(* untrusted data flows into HTML; XSS risk *)
Some IssueType.cross_site_scripting
| (Intent | IntentFromURI | UserControlledString | UserControlledURI), JavaScript ->
(* untrusted data flows into JS *)
Some IssueType.javascript_injection
| DrawableResource _, OpenDrawableResource ->
(* not a security issue, but useful for debugging flows from resource IDs to inflation *)
Some IssueType.quandary_taint_error
@ -423,10 +420,17 @@ include Trace.Make (struct
(* create an intent/start a component using a (possibly user-controlled) URI. may or may not
be an issue; depends on where the URI comes from *)
Some IssueType.create_intent_from_uri
| PrivateData, Logging ->
Some IssueType.logging_private_data
| Other, _ | _, Other ->
(* for testing purposes, Other matches everything *)
Some IssueType.quandary_taint_error
| _ ->
| DrawableResource _, _
| IntentFromURI, _
| PrivateData, _
| _, Logging
| _, OpenDrawableResource
| _, StartComponent ->
None
end)

132
infer/tests/codetoanalyze/java/quandary/issues.exp
Unescape View File

@ -25,16 +25,16 @@ codetoanalyze/java/quandary/Basics.java, void Basics.viaVarBad2(), 3, QUANDARY_T
codetoanalyze/java/quandary/Basics.java, void Basics.viaVarBad3(), 4, QUANDARY_TAINT_ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object)]
codetoanalyze/java/quandary/Basics.java, void Basics.whileBad1(int), 3, QUANDARY_TAINT_ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object)]
codetoanalyze/java/quandary/Basics.java, void Basics.whileBad2(int), 6, QUANDARY_TAINT_ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object)]
codetoanalyze/java/quandary/ContentProviders.java, AssetFileDescriptor ContentProviders.openAssetFile(Uri,String,CancellationSignal), 1, QUANDARY_TAINT_ERROR, [Return from AssetFileDescriptor ContentProviders.openAssetFile(Uri,String,CancellationSignal),Call to File.<init>(String)]
codetoanalyze/java/quandary/ContentProviders.java, AssetFileDescriptor ContentProviders.openTypedAssetFile(Uri,String,Bundle,CancellationSignal), 2, QUANDARY_TAINT_ERROR, [Return from AssetFileDescriptor ContentProviders.openTypedAssetFile(Uri,String,Bundle,CancellationSignal),Call to File.<init>(String)]
codetoanalyze/java/quandary/ContentProviders.java, Bundle ContentProviders.call(String,String,Bundle), 1, QUANDARY_TAINT_ERROR, [Return from Bundle ContentProviders.call(String,String,Bundle),Call to File.<init>(String)]
codetoanalyze/java/quandary/ContentProviders.java, Cursor ContentProviders.query(Uri,java.lang.String[],String,java.lang.String[],String), 2, QUANDARY_TAINT_ERROR, [Return from Cursor ContentProviders.query(Uri,java.lang.String[],String,java.lang.String[],String),Call to File.<init>(String)]
codetoanalyze/java/quandary/ContentProviders.java, ParcelFileDescriptor ContentProviders.openFile(Uri,String,CancellationSignal), 1, QUANDARY_TAINT_ERROR, [Return from ParcelFileDescriptor ContentProviders.openFile(Uri,String,CancellationSignal),Call to File.<init>(String)]
codetoanalyze/java/quandary/ContentProviders.java, String ContentProviders.getType(Uri), 1, QUANDARY_TAINT_ERROR, [Return from String ContentProviders.getType(Uri),Call to File.<init>(String)]
codetoanalyze/java/quandary/ContentProviders.java, Uri ContentProviders.insert(Uri,ContentValues), 1, QUANDARY_TAINT_ERROR, [Return from Uri ContentProviders.insert(Uri,ContentValues),Call to File.<init>(String)]
codetoanalyze/java/quandary/ContentProviders.java, int ContentProviders.bulkInsert(Uri,android.content.ContentValues[]), 1, QUANDARY_TAINT_ERROR, [Return from int ContentProviders.bulkInsert(Uri,android.content.ContentValues[]),Call to File.<init>(String)]
codetoanalyze/java/quandary/ContentProviders.java, int ContentProviders.delete(Uri,String,java.lang.String[]), 1, QUANDARY_TAINT_ERROR, [Return from int ContentProviders.delete(Uri,String,java.lang.String[]),Call to File.<init>(String)]
codetoanalyze/java/quandary/ContentProviders.java, int ContentProviders.update(Uri,ContentValues,String,java.lang.String[]), 1, QUANDARY_TAINT_ERROR, [Return from int ContentProviders.update(Uri,ContentValues,String,java.lang.String[]),Call to File.<init>(String)]
codetoanalyze/java/quandary/ContentProviders.java, AssetFileDescriptor ContentProviders.openAssetFile(Uri,String,CancellationSignal), 1, UNTRUSTED_FILE, [Return from AssetFileDescriptor ContentProviders.openAssetFile(Uri,String,CancellationSignal),Call to File.<init>(String)]
codetoanalyze/java/quandary/ContentProviders.java, AssetFileDescriptor ContentProviders.openTypedAssetFile(Uri,String,Bundle,CancellationSignal), 2, UNTRUSTED_FILE, [Return from AssetFileDescriptor ContentProviders.openTypedAssetFile(Uri,String,Bundle,CancellationSignal),Call to File.<init>(String)]
codetoanalyze/java/quandary/ContentProviders.java, Bundle ContentProviders.call(String,String,Bundle), 1, UNTRUSTED_FILE, [Return from Bundle ContentProviders.call(String,String,Bundle),Call to File.<init>(String)]
codetoanalyze/java/quandary/ContentProviders.java, Cursor ContentProviders.query(Uri,java.lang.String[],String,java.lang.String[],String), 2, UNTRUSTED_FILE, [Return from Cursor ContentProviders.query(Uri,java.lang.String[],String,java.lang.String[],String),Call to File.<init>(String)]
codetoanalyze/java/quandary/ContentProviders.java, ParcelFileDescriptor ContentProviders.openFile(Uri,String,CancellationSignal), 1, UNTRUSTED_FILE, [Return from ParcelFileDescriptor ContentProviders.openFile(Uri,String,CancellationSignal),Call to File.<init>(String)]
codetoanalyze/java/quandary/ContentProviders.java, String ContentProviders.getType(Uri), 1, UNTRUSTED_FILE, [Return from String ContentProviders.getType(Uri),Call to File.<init>(String)]
codetoanalyze/java/quandary/ContentProviders.java, Uri ContentProviders.insert(Uri,ContentValues), 1, UNTRUSTED_FILE, [Return from Uri ContentProviders.insert(Uri,ContentValues),Call to File.<init>(String)]
codetoanalyze/java/quandary/ContentProviders.java, int ContentProviders.bulkInsert(Uri,android.content.ContentValues[]), 1, UNTRUSTED_FILE, [Return from int ContentProviders.bulkInsert(Uri,android.content.ContentValues[]),Call to File.<init>(String)]
codetoanalyze/java/quandary/ContentProviders.java, int ContentProviders.delete(Uri,String,java.lang.String[]), 1, UNTRUSTED_FILE, [Return from int ContentProviders.delete(Uri,String,java.lang.String[]),Call to File.<init>(String)]
codetoanalyze/java/quandary/ContentProviders.java, int ContentProviders.update(Uri,ContentValues,String,java.lang.String[]), 1, UNTRUSTED_FILE, [Return from int ContentProviders.update(Uri,ContentValues,String,java.lang.String[]),Call to File.<init>(String)]
codetoanalyze/java/quandary/DynamicDispatch.java, void DynamicDispatch.propagateViaInterfaceBad(DynamicDispatch$Interface), 3, QUANDARY_TAINT_ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object)]
codetoanalyze/java/quandary/Exceptions.java, void Exceptions.callSinkThenThrowBad(), 1, QUANDARY_TAINT_ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void Exceptions.callSinkThenThrow(Object),Call to void InferTaint.inferSensitiveSink(Object)]
codetoanalyze/java/quandary/Exceptions.java, void Exceptions.sinkAfterCatchBad(), 7, QUANDARY_TAINT_ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object)]
@ -44,12 +44,12 @@ codetoanalyze/java/quandary/Exceptions.java, void Exceptions.sinkInFinallyBad1()
codetoanalyze/java/quandary/Exceptions.java, void Exceptions.sinkInFinallyBad2(), 6, QUANDARY_TAINT_ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object)]
codetoanalyze/java/quandary/Exceptions.java, void Exceptions.sinkInFinallyBad3(), 7, QUANDARY_TAINT_ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object)]
codetoanalyze/java/quandary/ExternalSpecs.java, Object ExternalSpecs.missedSanitizerBad(), 3, QUANDARY_TAINT_ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object)]
codetoanalyze/java/quandary/ExternalSpecs.java, void ExternalSpecs.callExternalSink2Bad1(), 1, QUANDARY_TAINT_ERROR, [Return from Object ExternalSpecs.privateDataSource(),Call to void ExternalSpecs.loggingSink2(Object,Object)]
codetoanalyze/java/quandary/ExternalSpecs.java, void ExternalSpecs.callExternalSink2Bad2(), 1, QUANDARY_TAINT_ERROR, [Return from Object ExternalSpecs.privateDataSource(),Call to void ExternalSpecs.loggingSink2(Object,Object)]
codetoanalyze/java/quandary/ExternalSpecs.java, void ExternalSpecs.callExternalSinkBad(), 1, QUANDARY_TAINT_ERROR, [Return from Object ExternalSpecs.privateDataSource(),Call to void ExternalSpecs.loggingSink1(Object,Object)]
codetoanalyze/java/quandary/ExternalSpecs.java, void ExternalSpecs.callExternalSink2Bad1(), 1, LOGGING_PRIVATE_DATA, [Return from Object ExternalSpecs.privateDataSource(),Call to void ExternalSpecs.loggingSink2(Object,Object)]
codetoanalyze/java/quandary/ExternalSpecs.java, void ExternalSpecs.callExternalSink2Bad2(), 1, LOGGING_PRIVATE_DATA, [Return from Object ExternalSpecs.privateDataSource(),Call to void ExternalSpecs.loggingSink2(Object,Object)]
codetoanalyze/java/quandary/ExternalSpecs.java, void ExternalSpecs.callExternalSinkBad(), 1, LOGGING_PRIVATE_DATA, [Return from Object ExternalSpecs.privateDataSource(),Call to void ExternalSpecs.loggingSink1(Object,Object)]
codetoanalyze/java/quandary/ExternalSpecs.java, void ExternalSpecs.callSinkThatPropagatesBad(), 2, QUANDARY_TAINT_ERROR, [Return from Object InferTaint.inferSecretSource(),Call to Object ExternalSpecs.sinkThatPropagates(Object)]
codetoanalyze/java/quandary/ExternalSpecs.java, void ExternalSpecs.callSinkThatPropagatesBad(), 3, QUANDARY_TAINT_ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void ExternalSpecs.loggingSink1(Object,Object)]
codetoanalyze/java/quandary/ExternalSpecs.java, void ExternalSpecs.logExternalSourceBad(), 1, QUANDARY_TAINT_ERROR, [Return from Object ExternalSpecs.privateDataSource(),Call to int Log.e(String,String)]
codetoanalyze/java/quandary/ExternalSpecs.java, void ExternalSpecs.logExternalSourceBad(), 1, LOGGING_PRIVATE_DATA, [Return from Object ExternalSpecs.privateDataSource(),Call to int Log.e(String,String)]
codetoanalyze/java/quandary/Fields.java, void Fields.instanceFieldBad(), 2, QUANDARY_TAINT_ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object)]
codetoanalyze/java/quandary/Fields.java, void Fields.staticFieldBad(), 2, QUANDARY_TAINT_ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object)]
codetoanalyze/java/quandary/Fields.java, void Fields.viaFieldBad1(Fields$Obj), 2, QUANDARY_TAINT_ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object)]
@ -65,9 +65,6 @@ codetoanalyze/java/quandary/Files.java, Path Files.pathsSinkBad2(), 2, QUANDARY_
codetoanalyze/java/quandary/FlowSensitivity.java, void FlowSensitivity.callSourceAndSinkBad1(FlowSensitivity$Obj), 2, QUANDARY_TAINT_ERROR, [Return from Object InferTaint.inferSecretSource() with tainted data @val$0.codetoanalyze.java.quandary.FlowSensitivity$Obj.f*,Return from void FlowSensitivity.sourceAndSink(FlowSensitivity$Obj),Call to void InferTaint.inferSensitiveSink(Object)]
codetoanalyze/java/quandary/FlowSensitivity.java, void FlowSensitivity.callSourceAndSinkBad2(FlowSensitivity$Obj), 2, QUANDARY_TAINT_ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void FlowSensitivity.sourceAndSink(FlowSensitivity$Obj),Call to void InferTaint.inferSensitiveSink(Object)]
codetoanalyze/java/quandary/FlowSensitivity.java, void FlowSensitivity.interproceduralFlowSensitivityBad(FlowSensitivity$Obj), 2, QUANDARY_TAINT_ERROR, [Return from Object InferTaint.inferSecretSource() with tainted data @val$0.codetoanalyze.java.quandary.FlowSensitivity$Obj.f*,Return from void FlowSensitivity.returnSource(FlowSensitivity$Obj),Call to void FlowSensitivity.callSink(FlowSensitivity$Obj),Call to void InferTaint.inferSensitiveSink(Object)]
codetoanalyze/java/quandary/Intents.java, IBinder MyService.onBind(Intent), 1, QUANDARY_TAINT_ERROR, [Return from IBinder MyService.onBind(Intent),Call to ComponentName ContextWrapper.startService(Intent)]
codetoanalyze/java/quandary/Intents.java, boolean MyService.onUnbind(Intent), 1, QUANDARY_TAINT_ERROR, [Return from boolean MyService.onUnbind(Intent),Call to ComponentName ContextWrapper.startService(Intent)]
codetoanalyze/java/quandary/Intents.java, int MyService.onStartCommand(Intent,int,int), 1, QUANDARY_TAINT_ERROR, [Return from int MyService.onStartCommand(Intent,int,int),Call to ComponentName ContextWrapper.startService(Intent)]
codetoanalyze/java/quandary/Intents.java, void Intents.callAllActivitySinksBad(Activity,String), 4, QUANDARY_TAINT_ERROR, [Return from Object InferTaint.inferSecretSource(),Call to boolean ContextWrapper.bindService(Intent,ServiceConnection,int)]
codetoanalyze/java/quandary/Intents.java, void Intents.callAllActivitySinksBad(Activity,String), 5, QUANDARY_TAINT_ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void ContextWrapper.sendBroadcast(Intent)]
codetoanalyze/java/quandary/Intents.java, void Intents.callAllActivitySinksBad(Activity,String), 6, QUANDARY_TAINT_ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void ContextWrapper.sendBroadcastAsUser(Intent,UserHandle)]
@ -97,17 +94,10 @@ codetoanalyze/java/quandary/Intents.java, void Intents.callAllIntentSinks(), 10,
codetoanalyze/java/quandary/Intents.java, void Intents.callAllIntentSinks(), 11, QUANDARY_TAINT_ERROR, [Return from Object InferTaint.inferSecretSource(),Call to Intent Intent.setDataAndType(Uri,String)]
codetoanalyze/java/quandary/Intents.java, void Intents.callAllIntentSinks(), 12, QUANDARY_TAINT_ERROR, [Return from Object InferTaint.inferSecretSource(),Call to Intent Intent.setDataAndTypeAndNormalize(Uri,String)]
codetoanalyze/java/quandary/Intents.java, void Intents.callAllIntentSinks(), 13, QUANDARY_TAINT_ERROR, [Return from Object InferTaint.inferSecretSource(),Call to Intent Intent.setPackage(String)]
codetoanalyze/java/quandary/Intents.java, void Intents.extraToDataBad(), 5, QUANDARY_TAINT_ERROR, [Return from String Intent.getStringExtra(String),Call to Intent Intent.setData(Uri)]
codetoanalyze/java/quandary/Intents.java, void Intents.extraToDataBad(), 7, QUANDARY_TAINT_ERROR, [Return from String Intent.getStringExtra(String),Call to Intent Intent.setData(Uri)]
codetoanalyze/java/quandary/Intents.java, void Intents.reuseIntentBad(Activity), 1, QUANDARY_TAINT_ERROR, [Return from Intent Activity.getIntent(),Call to void Activity.startActivity(Intent)]
codetoanalyze/java/quandary/Intents.java, void Intents.extraToDataBad(), 5, UNTRUSTED_INTENT_CREATION, [Return from String Intent.getStringExtra(String),Call to Intent Intent.setData(Uri)]
codetoanalyze/java/quandary/Intents.java, void Intents.extraToDataBad(), 7, UNTRUSTED_INTENT_CREATION, [Return from String Intent.getStringExtra(String),Call to Intent Intent.setData(Uri)]
codetoanalyze/java/quandary/Intents.java, void Intents.subclassCallBad(IntentSubclass,ContextSubclass), 3, QUANDARY_TAINT_ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void Context.startActivity(Intent)]
codetoanalyze/java/quandary/Intents.java, void MyActivity.onActivityResult(int,int,Intent), 1, QUANDARY_TAINT_ERROR, [Return from void MyActivity.onActivityResult(int,int,Intent),Call to ComponentName ContextWrapper.startService(Intent)]
codetoanalyze/java/quandary/Intents.java, void MyActivity.onNewIntent(Intent), 1, QUANDARY_TAINT_ERROR, [Return from void MyActivity.onNewIntent(Intent),Call to ComponentName ContextWrapper.startService(Intent)]
codetoanalyze/java/quandary/Intents.java, void MyActivity.startServiceWithTaintedIntent(), 2, CREATE_INTENT_FROM_URI, [Return from Intent.<init>(String,Uri),Call to ComponentName ContextWrapper.startService(Intent)]
codetoanalyze/java/quandary/Intents.java, void MyBroadcastReceiver.onReceive(Context,Intent), 1, QUANDARY_TAINT_ERROR, [Return from void MyBroadcastReceiver.onReceive(Context,Intent),Call to ComponentName ContextWrapper.startService(Intent)]
codetoanalyze/java/quandary/Intents.java, void MyService.onRebind(Intent), 1, QUANDARY_TAINT_ERROR, [Return from void MyService.onRebind(Intent),Call to ComponentName ContextWrapper.startService(Intent)]
codetoanalyze/java/quandary/Intents.java, void MyService.onStart(Intent,int), 1, QUANDARY_TAINT_ERROR, [Return from void MyService.onStart(Intent,int),Call to ComponentName ContextWrapper.startService(Intent)]
codetoanalyze/java/quandary/Intents.java, void MyService.onTaskRemoved(Intent), 1, QUANDARY_TAINT_ERROR, [Return from void MyService.onTaskRemoved(Intent),Call to ComponentName ContextWrapper.startService(Intent)]
codetoanalyze/java/quandary/Interprocedural.java, Object Interprocedural.irrelevantPassthroughsIntraprocedural(Object), 4, QUANDARY_TAINT_ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object)]
codetoanalyze/java/quandary/Interprocedural.java, Object Interprocedural.irrelevantPassthroughsSinkInterprocedural(Object), 3, QUANDARY_TAINT_ERROR, [Return from Object InferTaint.inferSecretSource(),Call to Object Interprocedural.callSinkIrrelevantPassthrough(Object),Call to void InferTaint.inferSensitiveSink(Object)]
codetoanalyze/java/quandary/Interprocedural.java, Object Interprocedural.irrelevantPassthroughsSourceAndSinkInterprocedural(Object), 4, QUANDARY_TAINT_ERROR, [Return from Object InferTaint.inferSecretSource() with tainted data &return,Return from Object Interprocedural.returnSourceIrrelevantPassthrough(Object),Call to Object Interprocedural.callSinkIrrelevantPassthrough(Object),Call to void InferTaint.inferSensitiveSink(Object)]
@ -139,46 +129,46 @@ codetoanalyze/java/quandary/Interprocedural.java, void Interprocedural.returnSou
codetoanalyze/java/quandary/Interprocedural.java, void Interprocedural.returnSourceViaParameter2Bad(Interprocedural$Obj,Interprocedural$Obj), 3, QUANDARY_TAINT_ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object)]
codetoanalyze/java/quandary/Interprocedural.java, void Interprocedural.setGlobalThenCallSinkBad(), 2, QUANDARY_TAINT_ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void Interprocedural.callSinkOnGlobal(),Call to void InferTaint.inferSensitiveSink(Object)]
codetoanalyze/java/quandary/Interprocedural.java, void Interprocedural.singlePassthroughBad(), 3, QUANDARY_TAINT_ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object)]
codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 36, QUANDARY_TAINT_ERROR, [Return from String TelephonyManager.getLine1Number(),Call to int Log.e(String,String)]
codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 36, QUANDARY_TAINT_ERROR, [Return from double Location.getLatitude(),Call to int Log.e(String,String)]
codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 36, QUANDARY_TAINT_ERROR, [Return from String TelephonyManager.getVoiceMailNumber(),Call to int Log.e(String,String)]
codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 36, QUANDARY_TAINT_ERROR, [Return from String TelephonyManager.getSimSerialNumber(),Call to int Log.e(String,String)]
codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 36, QUANDARY_TAINT_ERROR, [Return from float Location.getSpeed(),Call to int Log.e(String,String)]
codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 36, QUANDARY_TAINT_ERROR, [Return from double Location.getLongitude(),Call to int Log.e(String,String)]
codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 36, QUANDARY_TAINT_ERROR, [Return from String TelephonyManager.getDeviceId(),Call to int Log.e(String,String)]
codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 36, QUANDARY_TAINT_ERROR, [Return from String TelephonyManager.getSubscriberId(),Call to int Log.e(String,String)]
codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 36, QUANDARY_TAINT_ERROR, [Return from float Location.getBearing(),Call to int Log.e(String,String)]
codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 36, QUANDARY_TAINT_ERROR, [Return from double Location.getAltitude(),Call to int Log.e(String,String)]
codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 37, QUANDARY_TAINT_ERROR, [Return from double Location.getLatitude(),Call to int Log.println(int,String,String)]
codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 37, QUANDARY_TAINT_ERROR, [Return from float Location.getSpeed(),Call to int Log.println(int,String,String)]
codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 37, QUANDARY_TAINT_ERROR, [Return from String TelephonyManager.getDeviceId(),Call to int Log.println(int,String,String)]
codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 37, QUANDARY_TAINT_ERROR, [Return from String TelephonyManager.getSubscriberId(),Call to int Log.println(int,String,String)]
codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 37, QUANDARY_TAINT_ERROR, [Return from double Location.getLongitude(),Call to int Log.println(int,String,String)]
codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 37, QUANDARY_TAINT_ERROR, [Return from String TelephonyManager.getLine1Number(),Call to int Log.println(int,String,String)]
codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 37, QUANDARY_TAINT_ERROR, [Return from float Location.getBearing(),Call to int Log.println(int,String,String)]
codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 37, QUANDARY_TAINT_ERROR, [Return from double Location.getAltitude(),Call to int Log.println(int,String,String)]
codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 37, QUANDARY_TAINT_ERROR, [Return from String TelephonyManager.getVoiceMailNumber(),Call to int Log.println(int,String,String)]
codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 37, QUANDARY_TAINT_ERROR, [Return from String TelephonyManager.getSimSerialNumber(),Call to int Log.println(int,String,String)]
codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 38, QUANDARY_TAINT_ERROR, [Return from String TelephonyManager.getVoiceMailNumber(),Call to int Log.w(String,String)]
codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 38, QUANDARY_TAINT_ERROR, [Return from String TelephonyManager.getLine1Number(),Call to int Log.w(String,String)]
codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 38, QUANDARY_TAINT_ERROR, [Return from String TelephonyManager.getDeviceId(),Call to int Log.w(String,String)]
codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 38, QUANDARY_TAINT_ERROR, [Return from double Location.getAltitude(),Call to int Log.w(String,String)]
codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 38, QUANDARY_TAINT_ERROR, [Return from float Location.getSpeed(),Call to int Log.w(String,String)]
codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 38, QUANDARY_TAINT_ERROR, [Return from float Location.getBearing(),Call to int Log.w(String,String)]
codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 38, QUANDARY_TAINT_ERROR, [Return from double Location.getLongitude(),Call to int Log.w(String,String)]
codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 38, QUANDARY_TAINT_ERROR, [Return from String TelephonyManager.getSimSerialNumber(),Call to int Log.w(String,String)]
codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 38, QUANDARY_TAINT_ERROR, [Return from String TelephonyManager.getSubscriberId(),Call to int Log.w(String,String)]
codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 38, QUANDARY_TAINT_ERROR, [Return from double Location.getLatitude(),Call to int Log.w(String,String)]
codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 39, QUANDARY_TAINT_ERROR, [Return from double Location.getAltitude(),Call to int Log.wtf(String,String)]
codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 39, QUANDARY_TAINT_ERROR, [Return from String TelephonyManager.getSubscriberId(),Call to int Log.wtf(String,String)]
codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 39, QUANDARY_TAINT_ERROR, [Return from float Location.getBearing(),Call to int Log.wtf(String,String)]
codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 39, QUANDARY_TAINT_ERROR, [Return from String TelephonyManager.getVoiceMailNumber(),Call to int Log.wtf(String,String)]
codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 39, QUANDARY_TAINT_ERROR, [Return from String TelephonyManager.getLine1Number(),Call to int Log.wtf(String,String)]
codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 39, QUANDARY_TAINT_ERROR, [Return from double Location.getLongitude(),Call to int Log.wtf(String,String)]
codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 39, QUANDARY_TAINT_ERROR, [Return from String TelephonyManager.getDeviceId(),Call to int Log.wtf(String,String)]
codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 39, QUANDARY_TAINT_ERROR, [Return from double Location.getLatitude(),Call to int Log.wtf(String,String)]
codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 39, QUANDARY_TAINT_ERROR, [Return from String TelephonyManager.getSimSerialNumber(),Call to int Log.wtf(String,String)]
codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 39, QUANDARY_TAINT_ERROR, [Return from float Location.getSpeed(),Call to int Log.wtf(String,String)]
codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 36, LOGGING_PRIVATE_DATA, [Return from String TelephonyManager.getVoiceMailNumber(),Call to int Log.e(String,String)]
codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 36, LOGGING_PRIVATE_DATA, [Return from float Location.getSpeed(),Call to int Log.e(String,String)]
codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 36, LOGGING_PRIVATE_DATA, [Return from String TelephonyManager.getDeviceId(),Call to int Log.e(String,String)]
codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 36, LOGGING_PRIVATE_DATA, [Return from String TelephonyManager.getSimSerialNumber(),Call to int Log.e(String,String)]
codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 36, LOGGING_PRIVATE_DATA, [Return from String TelephonyManager.getLine1Number(),Call to int Log.e(String,String)]
codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 36, LOGGING_PRIVATE_DATA, [Return from double Location.getAltitude(),Call to int Log.e(String,String)]
codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 36, LOGGING_PRIVATE_DATA, [Return from String TelephonyManager.getSubscriberId(),Call to int Log.e(String,String)]
codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 36, LOGGING_PRIVATE_DATA, [Return from double Location.getLongitude(),Call to int Log.e(String,String)]
codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 36, LOGGING_PRIVATE_DATA, [Return from float Location.getBearing(),Call to int Log.e(String,String)]
codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 36, LOGGING_PRIVATE_DATA, [Return from double Location.getLatitude(),Call to int Log.e(String,String)]
codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 37, LOGGING_PRIVATE_DATA, [Return from String TelephonyManager.getSubscriberId(),Call to int Log.println(int,String,String)]
codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 37, LOGGING_PRIVATE_DATA, [Return from String TelephonyManager.getDeviceId(),Call to int Log.println(int,String,String)]
codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 37, LOGGING_PRIVATE_DATA, [Return from double Location.getLongitude(),Call to int Log.println(int,String,String)]
codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 37, LOGGING_PRIVATE_DATA, [Return from String TelephonyManager.getLine1Number(),Call to int Log.println(int,String,String)]
codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 37, LOGGING_PRIVATE_DATA, [Return from double Location.getAltitude(),Call to int Log.println(int,String,String)]
codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 37, LOGGING_PRIVATE_DATA, [Return from String TelephonyManager.getVoiceMailNumber(),Call to int Log.println(int,String,String)]
codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 37, LOGGING_PRIVATE_DATA, [Return from float Location.getBearing(),Call to int Log.println(int,String,String)]
codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 37, LOGGING_PRIVATE_DATA, [Return from double Location.getLatitude(),Call to int Log.println(int,String,String)]
codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 37, LOGGING_PRIVATE_DATA, [Return from float Location.getSpeed(),Call to int Log.println(int,String,String)]
codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 37, LOGGING_PRIVATE_DATA, [Return from String TelephonyManager.getSimSerialNumber(),Call to int Log.println(int,String,String)]
codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 38, LOGGING_PRIVATE_DATA, [Return from String TelephonyManager.getSimSerialNumber(),Call to int Log.w(String,String)]
codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 38, LOGGING_PRIVATE_DATA, [Return from String TelephonyManager.getSubscriberId(),Call to int Log.w(String,String)]
codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 38, LOGGING_PRIVATE_DATA, [Return from String TelephonyManager.getVoiceMailNumber(),Call to int Log.w(String,String)]
codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 38, LOGGING_PRIVATE_DATA, [Return from double Location.getAltitude(),Call to int Log.w(String,String)]
codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 38, LOGGING_PRIVATE_DATA, [Return from double Location.getLatitude(),Call to int Log.w(String,String)]
codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 38, LOGGING_PRIVATE_DATA, [Return from float Location.getBearing(),Call to int Log.w(String,String)]
codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 38, LOGGING_PRIVATE_DATA, [Return from double Location.getLongitude(),Call to int Log.w(String,String)]
codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 38, LOGGING_PRIVATE_DATA, [Return from String TelephonyManager.getLine1Number(),Call to int Log.w(String,String)]
codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 38, LOGGING_PRIVATE_DATA, [Return from String TelephonyManager.getDeviceId(),Call to int Log.w(String,String)]
codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 38, LOGGING_PRIVATE_DATA, [Return from float Location.getSpeed(),Call to int Log.w(String,String)]
codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 39, LOGGING_PRIVATE_DATA, [Return from String TelephonyManager.getVoiceMailNumber(),Call to int Log.wtf(String,String)]
codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 39, LOGGING_PRIVATE_DATA, [Return from float Location.getSpeed(),Call to int Log.wtf(String,String)]
codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 39, LOGGING_PRIVATE_DATA, [Return from double Location.getLongitude(),Call to int Log.wtf(String,String)]
codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 39, LOGGING_PRIVATE_DATA, [Return from String TelephonyManager.getSubscriberId(),Call to int Log.wtf(String,String)]
codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 39, LOGGING_PRIVATE_DATA, [Return from String TelephonyManager.getSimSerialNumber(),Call to int Log.wtf(String,String)]
codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 39, LOGGING_PRIVATE_DATA, [Return from double Location.getLatitude(),Call to int Log.wtf(String,String)]
codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 39, LOGGING_PRIVATE_DATA, [Return from double Location.getAltitude(),Call to int Log.wtf(String,String)]
codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 39, LOGGING_PRIVATE_DATA, [Return from float Location.getBearing(),Call to int Log.wtf(String,String)]
codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 39, LOGGING_PRIVATE_DATA, [Return from String TelephonyManager.getDeviceId(),Call to int Log.wtf(String,String)]
codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 39, LOGGING_PRIVATE_DATA, [Return from String TelephonyManager.getLine1Number(),Call to int Log.wtf(String,String)]
codetoanalyze/java/quandary/Recursion.java, void Recursion.callSinkThenDivergeBad(), 1, QUANDARY_TAINT_ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void Recursion.callSinkThenDiverge(Object),Call to void InferTaint.inferSensitiveSink(Object)]
codetoanalyze/java/quandary/Recursion.java, void Recursion.safeRecursionCallSinkBad(), 1, QUANDARY_TAINT_ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void Recursion.safeRecursionCallSink(int,Object),Call to void InferTaint.inferSensitiveSink(Object)]
codetoanalyze/java/quandary/Serialization.java, Object Serialization.taintedObjectInputStreamBad(), 2, QUANDARY_TAINT_ERROR, [Return from Object InferTaint.inferSecretSource(),Call to ObjectInputStream.<init>(InputStream)]
@ -210,19 +200,25 @@ codetoanalyze/java/quandary/UnknownCode.java, void UnknownCode.propagateViaInter
codetoanalyze/java/quandary/UnknownCode.java, void UnknownCode.propagateViaUnknownAbstractCodeBad(), 3, QUANDARY_TAINT_ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object)]
codetoanalyze/java/quandary/UnknownCode.java, void UnknownCode.propagateViaUnknownConstructorBad(), 4, QUANDARY_TAINT_ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object)]
codetoanalyze/java/quandary/UnknownCode.java, void UnknownCode.propagateViaUnknownNativeCodeBad(), 3, QUANDARY_TAINT_ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object)]
codetoanalyze/java/quandary/UserControlledStrings.java, Spanned UserControlledStrings.clipboardToHtmlBad(), 1, QUANDARY_TAINT_ERROR, [Return from CharSequence ClipboardManager.getText(),Call to Spanned Html.fromHtml(String)]
codetoanalyze/java/quandary/UserControlledStrings.java, Spanned UserControlledStrings.editTextToHtmlBad(), 1, QUANDARY_TAINT_ERROR, [Return from Editable EditText.getText(),Call to Spanned Html.fromHtml(String)]
codetoanalyze/java/quandary/UserControlledStrings.java, Spanned UserControlledStrings.clipboardToHtmlBad(), 1, CROSS_SITE_SCRIPTING, [Return from CharSequence ClipboardManager.getText(),Call to Spanned Html.fromHtml(String)]
codetoanalyze/java/quandary/UserControlledStrings.java, Spanned UserControlledStrings.editTextToHtmlBad(), 1, CROSS_SITE_SCRIPTING, [Return from Editable EditText.getText(),Call to Spanned Html.fromHtml(String)]
codetoanalyze/java/quandary/UserControlledStrings.java, void UserControlledStrings.readClipboardSourcesBad(), 1, QUANDARY_TAINT_ERROR, [Return from CharSequence ClipboardManager.getText(),Call to void InferTaint.inferSensitiveSink(Object)]
codetoanalyze/java/quandary/UserControlledStrings.java, void UserControlledStrings.readClipboardSourcesBad(), 2, QUANDARY_TAINT_ERROR, [Return from ClipData ClipboardManager.getPrimaryClip(),Call to void InferTaint.inferSensitiveSink(Object)]
codetoanalyze/java/quandary/UserControlledStrings.java, void UserControlledStrings.readClipboardSourcesBad(), 3, QUANDARY_TAINT_ERROR, [Return from ClipData ClipboardManager.getPrimaryClip(),Call to void InferTaint.inferSensitiveSink(Object)]
codetoanalyze/java/quandary/UserControlledStrings.java, void UserControlledStrings.readClipboardSourcesBad(), 4, QUANDARY_TAINT_ERROR, [Return from ClipData ClipboardManager.getPrimaryClip(),Call to void InferTaint.inferSensitiveSink(Object)]
codetoanalyze/java/quandary/UserControlledStrings.java, void UserControlledStrings.readClipboardSourcesBad(), 5, QUANDARY_TAINT_ERROR, [Return from ClipData ClipboardManager.getPrimaryClip(),Call to void InferTaint.inferSensitiveSink(Object)]
codetoanalyze/java/quandary/WebViews.java, WebResourceResponse WebViews$MyWebViewClient.shouldInterceptRequest(WebView,WebResourceRequest), 1, CREATE_INTENT_FROM_URI, [Return from Intent.<init>(String,Uri),Call to void Activity.startActivity(Intent)]
codetoanalyze/java/quandary/WebViews.java, boolean WebViews$MyWebChromeClient.onJsAlert(WebView,String,String,JsResult), 2, UNTRUSTED_INTENT_CREATION, [Return from boolean WebViews$MyWebChromeClient.onJsAlert(WebView,String,String,JsResult),Call to Intent Intent.parseUri(String,int)]
codetoanalyze/java/quandary/WebViews.java, boolean WebViews$MyWebChromeClient.onJsAlert(WebView,String,String,JsResult), 3, CREATE_INTENT_FROM_URI, [Return from Intent Intent.parseUri(String,int),Call to void Activity.startActivity(Intent)]
codetoanalyze/java/quandary/WebViews.java, boolean WebViews$MyWebChromeClient.onJsBeforeUnload(WebView,String,String,JsResult), 2, UNTRUSTED_INTENT_CREATION, [Return from boolean WebViews$MyWebChromeClient.onJsBeforeUnload(WebView,String,String,JsResult),Call to Intent Intent.parseUri(String,int)]
codetoanalyze/java/quandary/WebViews.java, boolean WebViews$MyWebChromeClient.onJsBeforeUnload(WebView,String,String,JsResult), 3, CREATE_INTENT_FROM_URI, [Return from Intent Intent.parseUri(String,int),Call to void Activity.startActivity(Intent)]
codetoanalyze/java/quandary/WebViews.java, boolean WebViews$MyWebChromeClient.onJsConfirm(WebView,String,String,JsResult), 2, UNTRUSTED_INTENT_CREATION, [Return from boolean WebViews$MyWebChromeClient.onJsConfirm(WebView,String,String,JsResult),Call to Intent Intent.parseUri(String,int)]
codetoanalyze/java/quandary/WebViews.java, boolean WebViews$MyWebChromeClient.onJsConfirm(WebView,String,String,JsResult), 3, CREATE_INTENT_FROM_URI, [Return from Intent Intent.parseUri(String,int),Call to void Activity.startActivity(Intent)]
codetoanalyze/java/quandary/WebViews.java, boolean WebViews$MyWebChromeClient.onJsPrompt(WebView,String,String,String,JsPromptResult), 2, UNTRUSTED_INTENT_CREATION, [Return from boolean WebViews$MyWebChromeClient.onJsPrompt(WebView,String,String,String,JsPromptResult),Call to Intent Intent.parseUri(String,int)]
codetoanalyze/java/quandary/WebViews.java, boolean WebViews$MyWebChromeClient.onJsPrompt(WebView,String,String,String,JsPromptResult), 3, CREATE_INTENT_FROM_URI, [Return from Intent Intent.parseUri(String,int),Call to void Activity.startActivity(Intent)]
codetoanalyze/java/quandary/WebViews.java, boolean WebViews$MyWebViewClient.shouldOverrideUrlLoading(WebView,String), 2, UNTRUSTED_INTENT_CREATION, [Return from boolean WebViews$MyWebViewClient.shouldOverrideUrlLoading(WebView,String),Call to Intent Intent.parseUri(String,int)]
codetoanalyze/java/quandary/WebViews.java, boolean WebViews$MyWebViewClient.shouldOverrideUrlLoading(WebView,String), 3, CREATE_INTENT_FROM_URI, [Return from Intent Intent.parseUri(String,int),Call to void Activity.startActivity(Intent)]
codetoanalyze/java/quandary/WebViews.java, void WebViews$MyWebViewClient.onLoadResource(WebView,String), 2, UNTRUSTED_INTENT_CREATION, [Return from void WebViews$MyWebViewClient.onLoadResource(WebView,String),Call to Intent Intent.parseUri(String,int)]
codetoanalyze/java/quandary/WebViews.java, void WebViews$MyWebViewClient.onLoadResource(WebView,String), 3, CREATE_INTENT_FROM_URI, [Return from Intent Intent.parseUri(String,int),Call to void Activity.startActivity(Intent)]
codetoanalyze/java/quandary/WebViews.java, void WebViews.callWebviewSinks(WebView), 3, QUANDARY_TAINT_ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void WebView.evaluateJavascript(String,ValueCallback)]
codetoanalyze/java/quandary/WebViews.java, void WebViews.callWebviewSinks(WebView), 4, QUANDARY_TAINT_ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void WebView.loadData(String,String,String)]

Write Preview
Loading…
Cancel
Save