From 7e8739de0a058308b0159573ce032e58487cdf90 Mon Sep 17 00:00:00 2001 From: Sam Blackshear Date: Fri, 8 Dec 2017 11:23:40 -0800 Subject: [PATCH] [quandary] more fine-grained issue types for Java Reviewed By: AmarBhosale Differential Revision: D6513437 fbshipit-source-id: b9acbcf --- infer/src/base/IssueType.ml | 14 +- infer/src/base/IssueType.mli | 18 ++- infer/src/quandary/JavaTrace.ml | 40 +++--- .../codetoanalyze/java/quandary/issues.exp | 132 +++++++++--------- 4 files changed, 112 insertions(+), 92 deletions(-) diff --git a/infer/src/base/IssueType.ml b/infer/src/base/IssueType.ml index d29909d6c..e569df9a7 100644 --- a/infer/src/base/IssueType.ml +++ b/infer/src/base/IssueType.ml @@ -120,8 +120,6 @@ let class_cast_exception = from_string ~enabled:false "CLASS_CAST_EXCEPTION" let cluster_callback = from_string "CLUSTER_CALLBACK" -let create_intent_from_uri = from_string "CREATE_INTENT_FROM_URI" - let codequery = from_string "Codequery" let comparing_floats_for_equality = from_string "COMPARING_FLOAT_FOR_EQUALITY" @@ -132,6 +130,10 @@ let condition_always_true = from_string ~enabled:false "CONDITION_ALWAYS_TRUE" let context_leak = from_string "CONTEXT_LEAK" +let create_intent_from_uri = from_string "CREATE_INTENT_FROM_URI" + +let cross_site_scripting = from_string "CROSS_SITE_SCRIPTING" + let dangling_pointer_dereference = from_string ~enabled:false "DANGLING_POINTER_DEREFERENCE" let dead_store = from_string "DEAD_STORE" @@ -247,12 +249,16 @@ let interface_not_thread_safe = from_string "INTERFACE_NOT_THREAD_SAFE" let internal_error = from_string "Internal_error" +let javascript_injection = from_string "JAVASCRIPT_INJECTION" + let leak_after_array_abstraction = from_string "Leak_after_array_abstraction" let leak_in_footprint = from_string "Leak_in_footprint" let lock_consistency_violation = from_string "LOCK_CONSISTENCY_VIOLATION" +let logging_private_data = from_string "LOGGING_PRIVATE_DATA" + let memory_leak = from_string "MEMORY_LEAK" let missing_fld = from_string "Missing_fld" ~hum:"Missing Field" @@ -323,10 +329,14 @@ let unsafe_guarded_by_access = from_string "UNSAFE_GUARDED_BY_ACCESS" let use_after_free = from_string "USE_AFTER_FREE" +let untrusted_deserialization = from_string "UNTRUSTED_DESERIALIZATION" + let untrusted_file = from_string "UNTRUSTED_FILE" let untrusted_file_risk = from_string "UNTRUSTED_FILE_RISK" +let untrusted_intent_creation = from_string "UNTRUSTED_INTENT_CREATION" + let untrusted_variable_length_array = from_string "UNTRUSTED_VARIABLE_LENGTH_ARRAY" let user_controlled_sql_risk = from_string "USER_CONTROLLED_SQL_RISK" diff --git a/infer/src/base/IssueType.mli b/infer/src/base/IssueType.mli index c3a74bb9e..56c6e6bde 100644 --- a/infer/src/base/IssueType.mli +++ b/infer/src/base/IssueType.mli @@ -71,8 +71,6 @@ val class_cast_exception : t val cluster_callback : t -val create_intent_from_uri : t - val codequery : t val comparing_floats_for_equality : t @@ -83,6 +81,10 @@ val condition_always_true : t val context_leak : t +val create_intent_from_uri : t + +val cross_site_scripting : t + val dangling_pointer_dereference : t val dead_store : t @@ -160,12 +162,16 @@ val interface_not_thread_safe : t val internal_error : t +val javascript_injection : t + val leak_after_array_abstraction : t val leak_in_footprint : t val lock_consistency_violation : t +val logging_private_data : t + val memory_leak : t val missing_fld : t @@ -232,12 +238,16 @@ val unsafe_guarded_by_access : t val use_after_free : t +val user_controlled_sql_risk : t + +val untrusted_deserialization : t + val untrusted_file : t val untrusted_file_risk : t -val untrusted_variable_length_array : t +val untrusted_intent_creation : t -val user_controlled_sql_risk : t +val untrusted_variable_length_array : t val wrong_argument_number : t diff --git a/infer/src/quandary/JavaTrace.ml b/infer/src/quandary/JavaTrace.ml index 5b1963047..40d824f2e 100644 --- a/infer/src/quandary/JavaTrace.ml +++ b/infer/src/quandary/JavaTrace.ml @@ -398,24 +398,21 @@ include Trace.Make (struct | _ when not (List.is_empty sanitizers) -> (* assume any sanitizer clears all forms of taint *) None - | PrivateData, Logging - (* logging private data issue *) - | Intent, StartComponent - (* intent reuse issue *) - | Intent, CreateIntent - (* intent configured with external values issue *) - | Intent, JavaScript - (* external data flows into JS: remote code execution risk *) - | PrivateData, JavaScript - (* create intent/launch component from user-controlled URI *) - | UserControlledURI, CreateFile - (* create file from user-controller URI; potential path-traversal vulnerability *) - | UserControlledString, (StartComponent | CreateIntent | JavaScript | CreateFile | HTML) -> - (* do something sensitive with a user-controlled string *) - Some IssueType.quandary_taint_error - | (Intent | UserControlledURI | UserControlledString), Deserialization -> + | (Intent | UserControlledString | UserControlledURI), CreateIntent -> + (* creating Intent from user-congrolled data *) + Some IssueType.untrusted_intent_creation + | (Intent | IntentFromURI | UserControlledString | UserControlledURI), CreateFile -> + (* user-controlled file creation; may be vulnerable to path traversal + more *) + Some IssueType.untrusted_file + | (Intent | IntentFromURI | UserControlledString | UserControlledURI), Deserialization -> (* shouldn't let anyone external control what we deserialize *) - Some IssueType.quandary_taint_error + Some IssueType.untrusted_deserialization + | (Intent | IntentFromURI | UserControlledString | UserControlledURI), HTML -> + (* untrusted data flows into HTML; XSS risk *) + Some IssueType.cross_site_scripting + | (Intent | IntentFromURI | UserControlledString | UserControlledURI), JavaScript -> + (* untrusted data flows into JS *) + Some IssueType.javascript_injection | DrawableResource _, OpenDrawableResource -> (* not a security issue, but useful for debugging flows from resource IDs to inflation *) Some IssueType.quandary_taint_error @@ -423,10 +420,17 @@ include Trace.Make (struct (* create an intent/start a component using a (possibly user-controlled) URI. may or may not be an issue; depends on where the URI comes from *) Some IssueType.create_intent_from_uri + | PrivateData, Logging -> + Some IssueType.logging_private_data | Other, _ | _, Other -> (* for testing purposes, Other matches everything *) Some IssueType.quandary_taint_error - | _ -> + | DrawableResource _, _ + | IntentFromURI, _ + | PrivateData, _ + | _, Logging + | _, OpenDrawableResource + | _, StartComponent -> None end) diff --git a/infer/tests/codetoanalyze/java/quandary/issues.exp b/infer/tests/codetoanalyze/java/quandary/issues.exp index 17da3afc3..74ac7cb34 100644 --- a/infer/tests/codetoanalyze/java/quandary/issues.exp +++ b/infer/tests/codetoanalyze/java/quandary/issues.exp @@ -25,16 +25,16 @@ codetoanalyze/java/quandary/Basics.java, void Basics.viaVarBad2(), 3, QUANDARY_T codetoanalyze/java/quandary/Basics.java, void Basics.viaVarBad3(), 4, QUANDARY_TAINT_ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object)] codetoanalyze/java/quandary/Basics.java, void Basics.whileBad1(int), 3, QUANDARY_TAINT_ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object)] codetoanalyze/java/quandary/Basics.java, void Basics.whileBad2(int), 6, QUANDARY_TAINT_ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object)] -codetoanalyze/java/quandary/ContentProviders.java, AssetFileDescriptor ContentProviders.openAssetFile(Uri,String,CancellationSignal), 1, QUANDARY_TAINT_ERROR, [Return from AssetFileDescriptor ContentProviders.openAssetFile(Uri,String,CancellationSignal),Call to File.(String)] -codetoanalyze/java/quandary/ContentProviders.java, AssetFileDescriptor ContentProviders.openTypedAssetFile(Uri,String,Bundle,CancellationSignal), 2, QUANDARY_TAINT_ERROR, [Return from AssetFileDescriptor ContentProviders.openTypedAssetFile(Uri,String,Bundle,CancellationSignal),Call to File.(String)] -codetoanalyze/java/quandary/ContentProviders.java, Bundle ContentProviders.call(String,String,Bundle), 1, QUANDARY_TAINT_ERROR, [Return from Bundle ContentProviders.call(String,String,Bundle),Call to File.(String)] -codetoanalyze/java/quandary/ContentProviders.java, Cursor ContentProviders.query(Uri,java.lang.String[],String,java.lang.String[],String), 2, QUANDARY_TAINT_ERROR, [Return from Cursor ContentProviders.query(Uri,java.lang.String[],String,java.lang.String[],String),Call to File.(String)] -codetoanalyze/java/quandary/ContentProviders.java, ParcelFileDescriptor ContentProviders.openFile(Uri,String,CancellationSignal), 1, QUANDARY_TAINT_ERROR, [Return from ParcelFileDescriptor ContentProviders.openFile(Uri,String,CancellationSignal),Call to File.(String)] -codetoanalyze/java/quandary/ContentProviders.java, String ContentProviders.getType(Uri), 1, QUANDARY_TAINT_ERROR, [Return from String ContentProviders.getType(Uri),Call to File.(String)] -codetoanalyze/java/quandary/ContentProviders.java, Uri ContentProviders.insert(Uri,ContentValues), 1, QUANDARY_TAINT_ERROR, [Return from Uri ContentProviders.insert(Uri,ContentValues),Call to File.(String)] -codetoanalyze/java/quandary/ContentProviders.java, int ContentProviders.bulkInsert(Uri,android.content.ContentValues[]), 1, QUANDARY_TAINT_ERROR, [Return from int ContentProviders.bulkInsert(Uri,android.content.ContentValues[]),Call to File.(String)] -codetoanalyze/java/quandary/ContentProviders.java, int ContentProviders.delete(Uri,String,java.lang.String[]), 1, QUANDARY_TAINT_ERROR, [Return from int ContentProviders.delete(Uri,String,java.lang.String[]),Call to File.(String)] -codetoanalyze/java/quandary/ContentProviders.java, int ContentProviders.update(Uri,ContentValues,String,java.lang.String[]), 1, QUANDARY_TAINT_ERROR, [Return from int ContentProviders.update(Uri,ContentValues,String,java.lang.String[]),Call to File.(String)] +codetoanalyze/java/quandary/ContentProviders.java, AssetFileDescriptor ContentProviders.openAssetFile(Uri,String,CancellationSignal), 1, UNTRUSTED_FILE, [Return from AssetFileDescriptor ContentProviders.openAssetFile(Uri,String,CancellationSignal),Call to File.(String)] +codetoanalyze/java/quandary/ContentProviders.java, AssetFileDescriptor ContentProviders.openTypedAssetFile(Uri,String,Bundle,CancellationSignal), 2, UNTRUSTED_FILE, [Return from AssetFileDescriptor ContentProviders.openTypedAssetFile(Uri,String,Bundle,CancellationSignal),Call to File.(String)] +codetoanalyze/java/quandary/ContentProviders.java, Bundle ContentProviders.call(String,String,Bundle), 1, UNTRUSTED_FILE, [Return from Bundle ContentProviders.call(String,String,Bundle),Call to File.(String)] +codetoanalyze/java/quandary/ContentProviders.java, Cursor ContentProviders.query(Uri,java.lang.String[],String,java.lang.String[],String), 2, UNTRUSTED_FILE, [Return from Cursor ContentProviders.query(Uri,java.lang.String[],String,java.lang.String[],String),Call to File.(String)] +codetoanalyze/java/quandary/ContentProviders.java, ParcelFileDescriptor ContentProviders.openFile(Uri,String,CancellationSignal), 1, UNTRUSTED_FILE, [Return from ParcelFileDescriptor ContentProviders.openFile(Uri,String,CancellationSignal),Call to File.(String)] +codetoanalyze/java/quandary/ContentProviders.java, String ContentProviders.getType(Uri), 1, UNTRUSTED_FILE, [Return from String ContentProviders.getType(Uri),Call to File.(String)] +codetoanalyze/java/quandary/ContentProviders.java, Uri ContentProviders.insert(Uri,ContentValues), 1, UNTRUSTED_FILE, [Return from Uri ContentProviders.insert(Uri,ContentValues),Call to File.(String)] +codetoanalyze/java/quandary/ContentProviders.java, int ContentProviders.bulkInsert(Uri,android.content.ContentValues[]), 1, UNTRUSTED_FILE, [Return from int ContentProviders.bulkInsert(Uri,android.content.ContentValues[]),Call to File.(String)] +codetoanalyze/java/quandary/ContentProviders.java, int ContentProviders.delete(Uri,String,java.lang.String[]), 1, UNTRUSTED_FILE, [Return from int ContentProviders.delete(Uri,String,java.lang.String[]),Call to File.(String)] +codetoanalyze/java/quandary/ContentProviders.java, int ContentProviders.update(Uri,ContentValues,String,java.lang.String[]), 1, UNTRUSTED_FILE, [Return from int ContentProviders.update(Uri,ContentValues,String,java.lang.String[]),Call to File.(String)] codetoanalyze/java/quandary/DynamicDispatch.java, void DynamicDispatch.propagateViaInterfaceBad(DynamicDispatch$Interface), 3, QUANDARY_TAINT_ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object)] codetoanalyze/java/quandary/Exceptions.java, void Exceptions.callSinkThenThrowBad(), 1, QUANDARY_TAINT_ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void Exceptions.callSinkThenThrow(Object),Call to void InferTaint.inferSensitiveSink(Object)] codetoanalyze/java/quandary/Exceptions.java, void Exceptions.sinkAfterCatchBad(), 7, QUANDARY_TAINT_ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object)] @@ -44,12 +44,12 @@ codetoanalyze/java/quandary/Exceptions.java, void Exceptions.sinkInFinallyBad1() codetoanalyze/java/quandary/Exceptions.java, void Exceptions.sinkInFinallyBad2(), 6, QUANDARY_TAINT_ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object)] codetoanalyze/java/quandary/Exceptions.java, void Exceptions.sinkInFinallyBad3(), 7, QUANDARY_TAINT_ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object)] codetoanalyze/java/quandary/ExternalSpecs.java, Object ExternalSpecs.missedSanitizerBad(), 3, QUANDARY_TAINT_ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object)] -codetoanalyze/java/quandary/ExternalSpecs.java, void ExternalSpecs.callExternalSink2Bad1(), 1, QUANDARY_TAINT_ERROR, [Return from Object ExternalSpecs.privateDataSource(),Call to void ExternalSpecs.loggingSink2(Object,Object)] -codetoanalyze/java/quandary/ExternalSpecs.java, void ExternalSpecs.callExternalSink2Bad2(), 1, QUANDARY_TAINT_ERROR, [Return from Object ExternalSpecs.privateDataSource(),Call to void ExternalSpecs.loggingSink2(Object,Object)] -codetoanalyze/java/quandary/ExternalSpecs.java, void ExternalSpecs.callExternalSinkBad(), 1, QUANDARY_TAINT_ERROR, [Return from Object ExternalSpecs.privateDataSource(),Call to void ExternalSpecs.loggingSink1(Object,Object)] +codetoanalyze/java/quandary/ExternalSpecs.java, void ExternalSpecs.callExternalSink2Bad1(), 1, LOGGING_PRIVATE_DATA, [Return from Object ExternalSpecs.privateDataSource(),Call to void ExternalSpecs.loggingSink2(Object,Object)] +codetoanalyze/java/quandary/ExternalSpecs.java, void ExternalSpecs.callExternalSink2Bad2(), 1, LOGGING_PRIVATE_DATA, [Return from Object ExternalSpecs.privateDataSource(),Call to void ExternalSpecs.loggingSink2(Object,Object)] +codetoanalyze/java/quandary/ExternalSpecs.java, void ExternalSpecs.callExternalSinkBad(), 1, LOGGING_PRIVATE_DATA, [Return from Object ExternalSpecs.privateDataSource(),Call to void ExternalSpecs.loggingSink1(Object,Object)] codetoanalyze/java/quandary/ExternalSpecs.java, void ExternalSpecs.callSinkThatPropagatesBad(), 2, QUANDARY_TAINT_ERROR, [Return from Object InferTaint.inferSecretSource(),Call to Object ExternalSpecs.sinkThatPropagates(Object)] codetoanalyze/java/quandary/ExternalSpecs.java, void ExternalSpecs.callSinkThatPropagatesBad(), 3, QUANDARY_TAINT_ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void ExternalSpecs.loggingSink1(Object,Object)] -codetoanalyze/java/quandary/ExternalSpecs.java, void ExternalSpecs.logExternalSourceBad(), 1, QUANDARY_TAINT_ERROR, [Return from Object ExternalSpecs.privateDataSource(),Call to int Log.e(String,String)] +codetoanalyze/java/quandary/ExternalSpecs.java, void ExternalSpecs.logExternalSourceBad(), 1, LOGGING_PRIVATE_DATA, [Return from Object ExternalSpecs.privateDataSource(),Call to int Log.e(String,String)] codetoanalyze/java/quandary/Fields.java, void Fields.instanceFieldBad(), 2, QUANDARY_TAINT_ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object)] codetoanalyze/java/quandary/Fields.java, void Fields.staticFieldBad(), 2, QUANDARY_TAINT_ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object)] codetoanalyze/java/quandary/Fields.java, void Fields.viaFieldBad1(Fields$Obj), 2, QUANDARY_TAINT_ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object)] @@ -65,9 +65,6 @@ codetoanalyze/java/quandary/Files.java, Path Files.pathsSinkBad2(), 2, QUANDARY_ codetoanalyze/java/quandary/FlowSensitivity.java, void FlowSensitivity.callSourceAndSinkBad1(FlowSensitivity$Obj), 2, QUANDARY_TAINT_ERROR, [Return from Object InferTaint.inferSecretSource() with tainted data @val$0.codetoanalyze.java.quandary.FlowSensitivity$Obj.f*,Return from void FlowSensitivity.sourceAndSink(FlowSensitivity$Obj),Call to void InferTaint.inferSensitiveSink(Object)] codetoanalyze/java/quandary/FlowSensitivity.java, void FlowSensitivity.callSourceAndSinkBad2(FlowSensitivity$Obj), 2, QUANDARY_TAINT_ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void FlowSensitivity.sourceAndSink(FlowSensitivity$Obj),Call to void InferTaint.inferSensitiveSink(Object)] codetoanalyze/java/quandary/FlowSensitivity.java, void FlowSensitivity.interproceduralFlowSensitivityBad(FlowSensitivity$Obj), 2, QUANDARY_TAINT_ERROR, [Return from Object InferTaint.inferSecretSource() with tainted data @val$0.codetoanalyze.java.quandary.FlowSensitivity$Obj.f*,Return from void FlowSensitivity.returnSource(FlowSensitivity$Obj),Call to void FlowSensitivity.callSink(FlowSensitivity$Obj),Call to void InferTaint.inferSensitiveSink(Object)] -codetoanalyze/java/quandary/Intents.java, IBinder MyService.onBind(Intent), 1, QUANDARY_TAINT_ERROR, [Return from IBinder MyService.onBind(Intent),Call to ComponentName ContextWrapper.startService(Intent)] -codetoanalyze/java/quandary/Intents.java, boolean MyService.onUnbind(Intent), 1, QUANDARY_TAINT_ERROR, [Return from boolean MyService.onUnbind(Intent),Call to ComponentName ContextWrapper.startService(Intent)] -codetoanalyze/java/quandary/Intents.java, int MyService.onStartCommand(Intent,int,int), 1, QUANDARY_TAINT_ERROR, [Return from int MyService.onStartCommand(Intent,int,int),Call to ComponentName ContextWrapper.startService(Intent)] codetoanalyze/java/quandary/Intents.java, void Intents.callAllActivitySinksBad(Activity,String), 4, QUANDARY_TAINT_ERROR, [Return from Object InferTaint.inferSecretSource(),Call to boolean ContextWrapper.bindService(Intent,ServiceConnection,int)] codetoanalyze/java/quandary/Intents.java, void Intents.callAllActivitySinksBad(Activity,String), 5, QUANDARY_TAINT_ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void ContextWrapper.sendBroadcast(Intent)] codetoanalyze/java/quandary/Intents.java, void Intents.callAllActivitySinksBad(Activity,String), 6, QUANDARY_TAINT_ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void ContextWrapper.sendBroadcastAsUser(Intent,UserHandle)] @@ -97,17 +94,10 @@ codetoanalyze/java/quandary/Intents.java, void Intents.callAllIntentSinks(), 10, codetoanalyze/java/quandary/Intents.java, void Intents.callAllIntentSinks(), 11, QUANDARY_TAINT_ERROR, [Return from Object InferTaint.inferSecretSource(),Call to Intent Intent.setDataAndType(Uri,String)] codetoanalyze/java/quandary/Intents.java, void Intents.callAllIntentSinks(), 12, QUANDARY_TAINT_ERROR, [Return from Object InferTaint.inferSecretSource(),Call to Intent Intent.setDataAndTypeAndNormalize(Uri,String)] codetoanalyze/java/quandary/Intents.java, void Intents.callAllIntentSinks(), 13, QUANDARY_TAINT_ERROR, [Return from Object InferTaint.inferSecretSource(),Call to Intent Intent.setPackage(String)] -codetoanalyze/java/quandary/Intents.java, void Intents.extraToDataBad(), 5, QUANDARY_TAINT_ERROR, [Return from String Intent.getStringExtra(String),Call to Intent Intent.setData(Uri)] -codetoanalyze/java/quandary/Intents.java, void Intents.extraToDataBad(), 7, QUANDARY_TAINT_ERROR, [Return from String Intent.getStringExtra(String),Call to Intent Intent.setData(Uri)] -codetoanalyze/java/quandary/Intents.java, void Intents.reuseIntentBad(Activity), 1, QUANDARY_TAINT_ERROR, [Return from Intent Activity.getIntent(),Call to void Activity.startActivity(Intent)] +codetoanalyze/java/quandary/Intents.java, void Intents.extraToDataBad(), 5, UNTRUSTED_INTENT_CREATION, [Return from String Intent.getStringExtra(String),Call to Intent Intent.setData(Uri)] +codetoanalyze/java/quandary/Intents.java, void Intents.extraToDataBad(), 7, UNTRUSTED_INTENT_CREATION, [Return from String Intent.getStringExtra(String),Call to Intent Intent.setData(Uri)] codetoanalyze/java/quandary/Intents.java, void Intents.subclassCallBad(IntentSubclass,ContextSubclass), 3, QUANDARY_TAINT_ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void Context.startActivity(Intent)] -codetoanalyze/java/quandary/Intents.java, void MyActivity.onActivityResult(int,int,Intent), 1, QUANDARY_TAINT_ERROR, [Return from void MyActivity.onActivityResult(int,int,Intent),Call to ComponentName ContextWrapper.startService(Intent)] -codetoanalyze/java/quandary/Intents.java, void MyActivity.onNewIntent(Intent), 1, QUANDARY_TAINT_ERROR, [Return from void MyActivity.onNewIntent(Intent),Call to ComponentName ContextWrapper.startService(Intent)] codetoanalyze/java/quandary/Intents.java, void MyActivity.startServiceWithTaintedIntent(), 2, CREATE_INTENT_FROM_URI, [Return from Intent.(String,Uri),Call to ComponentName ContextWrapper.startService(Intent)] -codetoanalyze/java/quandary/Intents.java, void MyBroadcastReceiver.onReceive(Context,Intent), 1, QUANDARY_TAINT_ERROR, [Return from void MyBroadcastReceiver.onReceive(Context,Intent),Call to ComponentName ContextWrapper.startService(Intent)] -codetoanalyze/java/quandary/Intents.java, void MyService.onRebind(Intent), 1, QUANDARY_TAINT_ERROR, [Return from void MyService.onRebind(Intent),Call to ComponentName ContextWrapper.startService(Intent)] -codetoanalyze/java/quandary/Intents.java, void MyService.onStart(Intent,int), 1, QUANDARY_TAINT_ERROR, [Return from void MyService.onStart(Intent,int),Call to ComponentName ContextWrapper.startService(Intent)] -codetoanalyze/java/quandary/Intents.java, void MyService.onTaskRemoved(Intent), 1, QUANDARY_TAINT_ERROR, [Return from void MyService.onTaskRemoved(Intent),Call to ComponentName ContextWrapper.startService(Intent)] codetoanalyze/java/quandary/Interprocedural.java, Object Interprocedural.irrelevantPassthroughsIntraprocedural(Object), 4, QUANDARY_TAINT_ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object)] codetoanalyze/java/quandary/Interprocedural.java, Object Interprocedural.irrelevantPassthroughsSinkInterprocedural(Object), 3, QUANDARY_TAINT_ERROR, [Return from Object InferTaint.inferSecretSource(),Call to Object Interprocedural.callSinkIrrelevantPassthrough(Object),Call to void InferTaint.inferSensitiveSink(Object)] codetoanalyze/java/quandary/Interprocedural.java, Object Interprocedural.irrelevantPassthroughsSourceAndSinkInterprocedural(Object), 4, QUANDARY_TAINT_ERROR, [Return from Object InferTaint.inferSecretSource() with tainted data &return,Return from Object Interprocedural.returnSourceIrrelevantPassthrough(Object),Call to Object Interprocedural.callSinkIrrelevantPassthrough(Object),Call to void InferTaint.inferSensitiveSink(Object)] @@ -139,46 +129,46 @@ codetoanalyze/java/quandary/Interprocedural.java, void Interprocedural.returnSou codetoanalyze/java/quandary/Interprocedural.java, void Interprocedural.returnSourceViaParameter2Bad(Interprocedural$Obj,Interprocedural$Obj), 3, QUANDARY_TAINT_ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object)] codetoanalyze/java/quandary/Interprocedural.java, void Interprocedural.setGlobalThenCallSinkBad(), 2, QUANDARY_TAINT_ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void Interprocedural.callSinkOnGlobal(),Call to void InferTaint.inferSensitiveSink(Object)] codetoanalyze/java/quandary/Interprocedural.java, void Interprocedural.singlePassthroughBad(), 3, QUANDARY_TAINT_ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object)] -codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 36, QUANDARY_TAINT_ERROR, [Return from String TelephonyManager.getLine1Number(),Call to int Log.e(String,String)] -codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 36, QUANDARY_TAINT_ERROR, [Return from double Location.getLatitude(),Call to int Log.e(String,String)] -codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 36, QUANDARY_TAINT_ERROR, [Return from String TelephonyManager.getVoiceMailNumber(),Call to int Log.e(String,String)] -codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 36, QUANDARY_TAINT_ERROR, [Return from String TelephonyManager.getSimSerialNumber(),Call to int Log.e(String,String)] -codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 36, QUANDARY_TAINT_ERROR, [Return from float Location.getSpeed(),Call to int Log.e(String,String)] -codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 36, QUANDARY_TAINT_ERROR, [Return from double Location.getLongitude(),Call to int Log.e(String,String)] -codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 36, QUANDARY_TAINT_ERROR, [Return from String TelephonyManager.getDeviceId(),Call to int Log.e(String,String)] -codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 36, QUANDARY_TAINT_ERROR, [Return from String TelephonyManager.getSubscriberId(),Call to int Log.e(String,String)] -codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 36, QUANDARY_TAINT_ERROR, [Return from float Location.getBearing(),Call to int Log.e(String,String)] -codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 36, QUANDARY_TAINT_ERROR, [Return from double Location.getAltitude(),Call to int Log.e(String,String)] -codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 37, QUANDARY_TAINT_ERROR, [Return from double Location.getLatitude(),Call to int Log.println(int,String,String)] -codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 37, QUANDARY_TAINT_ERROR, [Return from float Location.getSpeed(),Call to int Log.println(int,String,String)] -codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 37, QUANDARY_TAINT_ERROR, [Return from String TelephonyManager.getDeviceId(),Call to int Log.println(int,String,String)] -codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 37, QUANDARY_TAINT_ERROR, [Return from String TelephonyManager.getSubscriberId(),Call to int Log.println(int,String,String)] -codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 37, QUANDARY_TAINT_ERROR, [Return from double Location.getLongitude(),Call to int Log.println(int,String,String)] -codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 37, QUANDARY_TAINT_ERROR, [Return from String TelephonyManager.getLine1Number(),Call to int Log.println(int,String,String)] -codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 37, QUANDARY_TAINT_ERROR, [Return from float Location.getBearing(),Call to int Log.println(int,String,String)] -codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 37, QUANDARY_TAINT_ERROR, [Return from double Location.getAltitude(),Call to int Log.println(int,String,String)] -codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 37, QUANDARY_TAINT_ERROR, [Return from String TelephonyManager.getVoiceMailNumber(),Call to int Log.println(int,String,String)] -codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 37, QUANDARY_TAINT_ERROR, [Return from String TelephonyManager.getSimSerialNumber(),Call to int Log.println(int,String,String)] -codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 38, QUANDARY_TAINT_ERROR, [Return from String TelephonyManager.getVoiceMailNumber(),Call to int Log.w(String,String)] -codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 38, QUANDARY_TAINT_ERROR, [Return from String TelephonyManager.getLine1Number(),Call to int Log.w(String,String)] -codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 38, QUANDARY_TAINT_ERROR, [Return from String TelephonyManager.getDeviceId(),Call to int Log.w(String,String)] -codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 38, QUANDARY_TAINT_ERROR, [Return from double Location.getAltitude(),Call to int Log.w(String,String)] -codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 38, QUANDARY_TAINT_ERROR, [Return from float Location.getSpeed(),Call to int Log.w(String,String)] -codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 38, QUANDARY_TAINT_ERROR, [Return from float Location.getBearing(),Call to int Log.w(String,String)] -codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 38, QUANDARY_TAINT_ERROR, [Return from double Location.getLongitude(),Call to int Log.w(String,String)] -codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 38, QUANDARY_TAINT_ERROR, [Return from String TelephonyManager.getSimSerialNumber(),Call to int Log.w(String,String)] -codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 38, QUANDARY_TAINT_ERROR, [Return from String TelephonyManager.getSubscriberId(),Call to int Log.w(String,String)] -codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 38, QUANDARY_TAINT_ERROR, [Return from double Location.getLatitude(),Call to int Log.w(String,String)] -codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 39, QUANDARY_TAINT_ERROR, [Return from double Location.getAltitude(),Call to int Log.wtf(String,String)] -codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 39, QUANDARY_TAINT_ERROR, [Return from String TelephonyManager.getSubscriberId(),Call to int Log.wtf(String,String)] -codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 39, QUANDARY_TAINT_ERROR, [Return from float Location.getBearing(),Call to int Log.wtf(String,String)] -codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 39, QUANDARY_TAINT_ERROR, [Return from String TelephonyManager.getVoiceMailNumber(),Call to int Log.wtf(String,String)] -codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 39, QUANDARY_TAINT_ERROR, [Return from String TelephonyManager.getLine1Number(),Call to int Log.wtf(String,String)] -codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 39, QUANDARY_TAINT_ERROR, [Return from double Location.getLongitude(),Call to int Log.wtf(String,String)] -codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 39, QUANDARY_TAINT_ERROR, [Return from String TelephonyManager.getDeviceId(),Call to int Log.wtf(String,String)] -codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 39, QUANDARY_TAINT_ERROR, [Return from double Location.getLatitude(),Call to int Log.wtf(String,String)] -codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 39, QUANDARY_TAINT_ERROR, [Return from String TelephonyManager.getSimSerialNumber(),Call to int Log.wtf(String,String)] -codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 39, QUANDARY_TAINT_ERROR, [Return from float Location.getSpeed(),Call to int Log.wtf(String,String)] +codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 36, LOGGING_PRIVATE_DATA, [Return from String TelephonyManager.getVoiceMailNumber(),Call to int Log.e(String,String)] +codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 36, LOGGING_PRIVATE_DATA, [Return from float Location.getSpeed(),Call to int Log.e(String,String)] +codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 36, LOGGING_PRIVATE_DATA, [Return from String TelephonyManager.getDeviceId(),Call to int Log.e(String,String)] +codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 36, LOGGING_PRIVATE_DATA, [Return from String TelephonyManager.getSimSerialNumber(),Call to int Log.e(String,String)] +codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 36, LOGGING_PRIVATE_DATA, [Return from String TelephonyManager.getLine1Number(),Call to int Log.e(String,String)] +codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 36, LOGGING_PRIVATE_DATA, [Return from double Location.getAltitude(),Call to int Log.e(String,String)] +codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 36, LOGGING_PRIVATE_DATA, [Return from String TelephonyManager.getSubscriberId(),Call to int Log.e(String,String)] +codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 36, LOGGING_PRIVATE_DATA, [Return from double Location.getLongitude(),Call to int Log.e(String,String)] +codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 36, LOGGING_PRIVATE_DATA, [Return from float Location.getBearing(),Call to int Log.e(String,String)] +codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 36, LOGGING_PRIVATE_DATA, [Return from double Location.getLatitude(),Call to int Log.e(String,String)] +codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 37, LOGGING_PRIVATE_DATA, [Return from String TelephonyManager.getSubscriberId(),Call to int Log.println(int,String,String)] +codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 37, LOGGING_PRIVATE_DATA, [Return from String TelephonyManager.getDeviceId(),Call to int Log.println(int,String,String)] +codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 37, LOGGING_PRIVATE_DATA, [Return from double Location.getLongitude(),Call to int Log.println(int,String,String)] +codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 37, LOGGING_PRIVATE_DATA, [Return from String TelephonyManager.getLine1Number(),Call to int Log.println(int,String,String)] +codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 37, LOGGING_PRIVATE_DATA, [Return from double Location.getAltitude(),Call to int Log.println(int,String,String)] +codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 37, LOGGING_PRIVATE_DATA, [Return from String TelephonyManager.getVoiceMailNumber(),Call to int Log.println(int,String,String)] +codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 37, LOGGING_PRIVATE_DATA, [Return from float Location.getBearing(),Call to int Log.println(int,String,String)] +codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 37, LOGGING_PRIVATE_DATA, [Return from double Location.getLatitude(),Call to int Log.println(int,String,String)] +codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 37, LOGGING_PRIVATE_DATA, [Return from float Location.getSpeed(),Call to int Log.println(int,String,String)] +codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 37, LOGGING_PRIVATE_DATA, [Return from String TelephonyManager.getSimSerialNumber(),Call to int Log.println(int,String,String)] +codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 38, LOGGING_PRIVATE_DATA, [Return from String TelephonyManager.getSimSerialNumber(),Call to int Log.w(String,String)] +codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 38, LOGGING_PRIVATE_DATA, [Return from String TelephonyManager.getSubscriberId(),Call to int Log.w(String,String)] +codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 38, LOGGING_PRIVATE_DATA, [Return from String TelephonyManager.getVoiceMailNumber(),Call to int Log.w(String,String)] +codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 38, LOGGING_PRIVATE_DATA, [Return from double Location.getAltitude(),Call to int Log.w(String,String)] +codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 38, LOGGING_PRIVATE_DATA, [Return from double Location.getLatitude(),Call to int Log.w(String,String)] +codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 38, LOGGING_PRIVATE_DATA, [Return from float Location.getBearing(),Call to int Log.w(String,String)] +codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 38, LOGGING_PRIVATE_DATA, [Return from double Location.getLongitude(),Call to int Log.w(String,String)] +codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 38, LOGGING_PRIVATE_DATA, [Return from String TelephonyManager.getLine1Number(),Call to int Log.w(String,String)] +codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 38, LOGGING_PRIVATE_DATA, [Return from String TelephonyManager.getDeviceId(),Call to int Log.w(String,String)] +codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 38, LOGGING_PRIVATE_DATA, [Return from float Location.getSpeed(),Call to int Log.w(String,String)] +codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 39, LOGGING_PRIVATE_DATA, [Return from String TelephonyManager.getVoiceMailNumber(),Call to int Log.wtf(String,String)] +codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 39, LOGGING_PRIVATE_DATA, [Return from float Location.getSpeed(),Call to int Log.wtf(String,String)] +codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 39, LOGGING_PRIVATE_DATA, [Return from double Location.getLongitude(),Call to int Log.wtf(String,String)] +codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 39, LOGGING_PRIVATE_DATA, [Return from String TelephonyManager.getSubscriberId(),Call to int Log.wtf(String,String)] +codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 39, LOGGING_PRIVATE_DATA, [Return from String TelephonyManager.getSimSerialNumber(),Call to int Log.wtf(String,String)] +codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 39, LOGGING_PRIVATE_DATA, [Return from double Location.getLatitude(),Call to int Log.wtf(String,String)] +codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 39, LOGGING_PRIVATE_DATA, [Return from double Location.getAltitude(),Call to int Log.wtf(String,String)] +codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 39, LOGGING_PRIVATE_DATA, [Return from float Location.getBearing(),Call to int Log.wtf(String,String)] +codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 39, LOGGING_PRIVATE_DATA, [Return from String TelephonyManager.getDeviceId(),Call to int Log.wtf(String,String)] +codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 39, LOGGING_PRIVATE_DATA, [Return from String TelephonyManager.getLine1Number(),Call to int Log.wtf(String,String)] codetoanalyze/java/quandary/Recursion.java, void Recursion.callSinkThenDivergeBad(), 1, QUANDARY_TAINT_ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void Recursion.callSinkThenDiverge(Object),Call to void InferTaint.inferSensitiveSink(Object)] codetoanalyze/java/quandary/Recursion.java, void Recursion.safeRecursionCallSinkBad(), 1, QUANDARY_TAINT_ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void Recursion.safeRecursionCallSink(int,Object),Call to void InferTaint.inferSensitiveSink(Object)] codetoanalyze/java/quandary/Serialization.java, Object Serialization.taintedObjectInputStreamBad(), 2, QUANDARY_TAINT_ERROR, [Return from Object InferTaint.inferSecretSource(),Call to ObjectInputStream.(InputStream)] @@ -210,19 +200,25 @@ codetoanalyze/java/quandary/UnknownCode.java, void UnknownCode.propagateViaInter codetoanalyze/java/quandary/UnknownCode.java, void UnknownCode.propagateViaUnknownAbstractCodeBad(), 3, QUANDARY_TAINT_ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object)] codetoanalyze/java/quandary/UnknownCode.java, void UnknownCode.propagateViaUnknownConstructorBad(), 4, QUANDARY_TAINT_ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object)] codetoanalyze/java/quandary/UnknownCode.java, void UnknownCode.propagateViaUnknownNativeCodeBad(), 3, QUANDARY_TAINT_ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object)] -codetoanalyze/java/quandary/UserControlledStrings.java, Spanned UserControlledStrings.clipboardToHtmlBad(), 1, QUANDARY_TAINT_ERROR, [Return from CharSequence ClipboardManager.getText(),Call to Spanned Html.fromHtml(String)] -codetoanalyze/java/quandary/UserControlledStrings.java, Spanned UserControlledStrings.editTextToHtmlBad(), 1, QUANDARY_TAINT_ERROR, [Return from Editable EditText.getText(),Call to Spanned Html.fromHtml(String)] +codetoanalyze/java/quandary/UserControlledStrings.java, Spanned UserControlledStrings.clipboardToHtmlBad(), 1, CROSS_SITE_SCRIPTING, [Return from CharSequence ClipboardManager.getText(),Call to Spanned Html.fromHtml(String)] +codetoanalyze/java/quandary/UserControlledStrings.java, Spanned UserControlledStrings.editTextToHtmlBad(), 1, CROSS_SITE_SCRIPTING, [Return from Editable EditText.getText(),Call to Spanned Html.fromHtml(String)] codetoanalyze/java/quandary/UserControlledStrings.java, void UserControlledStrings.readClipboardSourcesBad(), 1, QUANDARY_TAINT_ERROR, [Return from CharSequence ClipboardManager.getText(),Call to void InferTaint.inferSensitiveSink(Object)] codetoanalyze/java/quandary/UserControlledStrings.java, void UserControlledStrings.readClipboardSourcesBad(), 2, QUANDARY_TAINT_ERROR, [Return from ClipData ClipboardManager.getPrimaryClip(),Call to void InferTaint.inferSensitiveSink(Object)] codetoanalyze/java/quandary/UserControlledStrings.java, void UserControlledStrings.readClipboardSourcesBad(), 3, QUANDARY_TAINT_ERROR, [Return from ClipData ClipboardManager.getPrimaryClip(),Call to void InferTaint.inferSensitiveSink(Object)] codetoanalyze/java/quandary/UserControlledStrings.java, void UserControlledStrings.readClipboardSourcesBad(), 4, QUANDARY_TAINT_ERROR, [Return from ClipData ClipboardManager.getPrimaryClip(),Call to void InferTaint.inferSensitiveSink(Object)] codetoanalyze/java/quandary/UserControlledStrings.java, void UserControlledStrings.readClipboardSourcesBad(), 5, QUANDARY_TAINT_ERROR, [Return from ClipData ClipboardManager.getPrimaryClip(),Call to void InferTaint.inferSensitiveSink(Object)] codetoanalyze/java/quandary/WebViews.java, WebResourceResponse WebViews$MyWebViewClient.shouldInterceptRequest(WebView,WebResourceRequest), 1, CREATE_INTENT_FROM_URI, [Return from Intent.(String,Uri),Call to void Activity.startActivity(Intent)] +codetoanalyze/java/quandary/WebViews.java, boolean WebViews$MyWebChromeClient.onJsAlert(WebView,String,String,JsResult), 2, UNTRUSTED_INTENT_CREATION, [Return from boolean WebViews$MyWebChromeClient.onJsAlert(WebView,String,String,JsResult),Call to Intent Intent.parseUri(String,int)] codetoanalyze/java/quandary/WebViews.java, boolean WebViews$MyWebChromeClient.onJsAlert(WebView,String,String,JsResult), 3, CREATE_INTENT_FROM_URI, [Return from Intent Intent.parseUri(String,int),Call to void Activity.startActivity(Intent)] +codetoanalyze/java/quandary/WebViews.java, boolean WebViews$MyWebChromeClient.onJsBeforeUnload(WebView,String,String,JsResult), 2, UNTRUSTED_INTENT_CREATION, [Return from boolean WebViews$MyWebChromeClient.onJsBeforeUnload(WebView,String,String,JsResult),Call to Intent Intent.parseUri(String,int)] codetoanalyze/java/quandary/WebViews.java, boolean WebViews$MyWebChromeClient.onJsBeforeUnload(WebView,String,String,JsResult), 3, CREATE_INTENT_FROM_URI, [Return from Intent Intent.parseUri(String,int),Call to void Activity.startActivity(Intent)] +codetoanalyze/java/quandary/WebViews.java, boolean WebViews$MyWebChromeClient.onJsConfirm(WebView,String,String,JsResult), 2, UNTRUSTED_INTENT_CREATION, [Return from boolean WebViews$MyWebChromeClient.onJsConfirm(WebView,String,String,JsResult),Call to Intent Intent.parseUri(String,int)] codetoanalyze/java/quandary/WebViews.java, boolean WebViews$MyWebChromeClient.onJsConfirm(WebView,String,String,JsResult), 3, CREATE_INTENT_FROM_URI, [Return from Intent Intent.parseUri(String,int),Call to void Activity.startActivity(Intent)] +codetoanalyze/java/quandary/WebViews.java, boolean WebViews$MyWebChromeClient.onJsPrompt(WebView,String,String,String,JsPromptResult), 2, UNTRUSTED_INTENT_CREATION, [Return from boolean WebViews$MyWebChromeClient.onJsPrompt(WebView,String,String,String,JsPromptResult),Call to Intent Intent.parseUri(String,int)] codetoanalyze/java/quandary/WebViews.java, boolean WebViews$MyWebChromeClient.onJsPrompt(WebView,String,String,String,JsPromptResult), 3, CREATE_INTENT_FROM_URI, [Return from Intent Intent.parseUri(String,int),Call to void Activity.startActivity(Intent)] +codetoanalyze/java/quandary/WebViews.java, boolean WebViews$MyWebViewClient.shouldOverrideUrlLoading(WebView,String), 2, UNTRUSTED_INTENT_CREATION, [Return from boolean WebViews$MyWebViewClient.shouldOverrideUrlLoading(WebView,String),Call to Intent Intent.parseUri(String,int)] codetoanalyze/java/quandary/WebViews.java, boolean WebViews$MyWebViewClient.shouldOverrideUrlLoading(WebView,String), 3, CREATE_INTENT_FROM_URI, [Return from Intent Intent.parseUri(String,int),Call to void Activity.startActivity(Intent)] +codetoanalyze/java/quandary/WebViews.java, void WebViews$MyWebViewClient.onLoadResource(WebView,String), 2, UNTRUSTED_INTENT_CREATION, [Return from void WebViews$MyWebViewClient.onLoadResource(WebView,String),Call to Intent Intent.parseUri(String,int)] codetoanalyze/java/quandary/WebViews.java, void WebViews$MyWebViewClient.onLoadResource(WebView,String), 3, CREATE_INTENT_FROM_URI, [Return from Intent Intent.parseUri(String,int),Call to void Activity.startActivity(Intent)] codetoanalyze/java/quandary/WebViews.java, void WebViews.callWebviewSinks(WebView), 3, QUANDARY_TAINT_ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void WebView.evaluateJavascript(String,ValueCallback)] codetoanalyze/java/quandary/WebViews.java, void WebViews.callWebviewSinks(WebView), 4, QUANDARY_TAINT_ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void WebView.loadData(String,String,String)]