diff --git a/infer/src/base/Config.ml b/infer/src/base/Config.ml index 696a61094..895cf6e17 100644 --- a/infer/src/base/Config.ml +++ b/infer/src/base/Config.ml @@ -2302,16 +2302,6 @@ let inferconfig_file = find (Sys.getcwd ()) |> Option.map ~f:(fun dir -> dir ^/ CommandDoc.inferconfig_file) -let quandaryBO_filtered_issues = - ref - IssueType. - [ buffer_overrun_u5 - ; buffer_overrun_l5 - ; buffer_overrun_l4 - ; untrusted_buffer_access - ; untrusted_heap_allocation ] - - let post_parsing_initialization command_opt = if CommandLineOption.is_originator then ( (* let subprocesses know where the toplevel process' results dir is *) @@ -2450,11 +2440,6 @@ let post_parsing_initialization command_opt = linters := true | Some (CaptureOnly | Checkers | CompileOnly) | None -> () ) ; - if !quandaryBO then - quandaryBO_filtered_issues := - List.filter !quandaryBO_filtered_issues ~f:(fun issue -> - let enabled = issue.IssueType.enabled in - IssueType.set_enabled issue true ; not enabled ) ; Option.value ~default:InferCommand.Run command_opt @@ -2878,8 +2863,6 @@ and quandary = !quandary and quandaryBO = !quandaryBO -and quandaryBO_filtered_issues = !quandaryBO_filtered_issues - and quandary_endpoints = !quandary_endpoints and quandary_sanitizers = !quandary_sanitizers @@ -3070,6 +3053,20 @@ let dynamic_dispatch = !dynamic_dispatch let specs_library = !specs_library +let quandaryBO_filtered_issues = + if quandaryBO then + IssueType. + [ buffer_overrun_u5 + ; buffer_overrun_l5 + ; buffer_overrun_l4 + ; untrusted_buffer_access + ; untrusted_heap_allocation ] + |> List.filter ~f:(fun issue -> + let enabled = issue.IssueType.enabled || not filtering in + IssueType.set_enabled issue true ; not enabled ) + else [] + + (** Check if a Java package is external to the repository *) let java_package_is_external package = match external_java_packages with diff --git a/infer/tests/codetoanalyze/cpp/quandaryBO/Makefile b/infer/tests/codetoanalyze/cpp/quandaryBO/Makefile index 83bd6aa29..86f44ce3b 100644 --- a/infer/tests/codetoanalyze/cpp/quandaryBO/Makefile +++ b/infer/tests/codetoanalyze/cpp/quandaryBO/Makefile @@ -5,18 +5,24 @@ TESTS_DIR = ../../.. OPTIONS_1 = \ - --quandaryBO-only --passthroughs --debug-exceptions \ + --quandaryBO-only --passthroughs --debug-exceptions --filtering \ --project-root $(TESTS_DIR) \ OPTIONS_2 = \ - --quandaryBO-only --quandary --enable-issue-type UNTRUSTED_BUFFER_ACCESS --passthroughs --debug-exceptions \ + --quandaryBO-only --quandary --enable-issue-type UNTRUSTED_BUFFER_ACCESS \ + --passthroughs --debug-exceptions --filtering \ --project-root $(TESTS_DIR) \ OPTIONS_3 = \ - --quandaryBO-only --bufferoverrun --enable-issue-type BUFFER_OVERRUN_U5 --passthroughs --debug-exceptions \ + --quandaryBO-only --bufferoverrun --enable-issue-type BUFFER_OVERRUN_U5 \ + --passthroughs --debug-exceptions --filtering \ --project-root $(TESTS_DIR) \ -test: test1 test2 test3 +OPTIONS_4 = \ + --quandaryBO-only --bufferoverrun --debug-exceptions --no-filtering \ + --project-root $(TESTS_DIR) \ + +test: test1 test2 test3 test4 test1: $(MAKE) -f multitest.make test TEST_SUFFIX=-t1 TEST_RESULT_SUFFIX=-t1 INFER_OPTIONS="$(OPTIONS_1)" @@ -27,18 +33,25 @@ test2: test3: $(MAKE) -f multitest.make test TEST_SUFFIX=-t3 TEST_RESULT_SUFFIX=-t3 INFER_OPTIONS="$(OPTIONS_3)" -replace: replace1 replace2 replace3 +test4: + $(MAKE) -f multitest.make test TEST_SUFFIX=-t4 TEST_RESULT_SUFFIX=-t4 INFER_OPTIONS="$(OPTIONS_4)" -replace1: +replace: replace1 replace2 replace3 replace4 + +replace1: $(MAKE) -f multitest.make replace TEST_SUFFIX=-t1 TEST_RESULT_SUFFIX=-t1 -replace2: +replace2: $(MAKE) -f multitest.make replace TEST_SUFFIX=-t2 TEST_RESULT_SUFFIX=-t2 -replace3: +replace3: $(MAKE) -f multitest.make replace TEST_SUFFIX=-t3 TEST_RESULT_SUFFIX=-t3 +replace4: + $(MAKE) -f multitest.make replace TEST_SUFFIX=-t4 TEST_RESULT_SUFFIX=-t4 + clean: $(MAKE) -f multitest.make clean TEST_SUFFIX=-t1 $(MAKE) -f multitest.make clean TEST_SUFFIX=-t2 $(MAKE) -f multitest.make clean TEST_SUFFIX=-t3 + $(MAKE) -f multitest.make clean TEST_SUFFIX=-t4 diff --git a/infer/tests/codetoanalyze/cpp/quandaryBO/issues.exp-t4 b/infer/tests/codetoanalyze/cpp/quandaryBO/issues.exp-t4 new file mode 100644 index 000000000..235908eaa --- /dev/null +++ b/infer/tests/codetoanalyze/cpp/quandaryBO/issues.exp-t4 @@ -0,0 +1,7 @@ +codetoanalyze/cpp/quandaryBO/tainted_index.cpp, basic_bad, 3, BUFFER_OVERRUN_U5, no_bucket, ERROR, [ArrayDeclaration,Unknown value from: __infer_taint_source,Assignment,ArrayAccess: Offset: [-oo, +oo] Size: 10] +codetoanalyze/cpp/quandaryBO/tainted_index.cpp, basic_bad, 3, TAINTED_BUFFER_ACCESS, no_bucket, ERROR, [Return from __infer_taint_source,Call to __array_access with tainted index 0,-----------,ArrayDeclaration,Unknown value from: __infer_taint_source,Assignment,ArrayAccess: Offset: [-oo, +oo] Size: 10] +codetoanalyze/cpp/quandaryBO/tainted_index.cpp, memory_alloc_bad2, 3, INFERBO_ALLOC_MAY_BE_BIG, no_bucket, ERROR, [Unknown value from: __infer_taint_source,Assignment,Alloc: Length: [-oo, 2147483647]] +codetoanalyze/cpp/quandaryBO/tainted_index.cpp, memory_alloc_bad2, 3, TAINTED_MEMORY_ALLOCATION, no_bucket, ERROR, [Return from __infer_taint_source,Call to __set_array_length with tainted index 1,-----------,Unknown value from: __infer_taint_source,Assignment,Alloc: Length: [-oo, 2147483647]] +codetoanalyze/cpp/quandaryBO/tainted_index.cpp, multi_level_bad, 2, BUFFER_OVERRUN_U5, no_bucket, ERROR, [Call,Unknown value from: __infer_taint_source,Assignment,Return,Assignment,Call,ArrayDeclaration,Parameter: i,ArrayAccess: Offset: [1, +oo] Size: 10 by call to `multi_level_sink_bad` ] +codetoanalyze/cpp/quandaryBO/tainted_index.cpp, multi_level_bad, 2, TAINTED_BUFFER_ACCESS, no_bucket, ERROR, [Return from __infer_taint_source with tainted data return*,Return from multi_level_source_bad,Call to multi_level_sink_bad with tainted index 0,Call to __array_access with tainted index 0,-----------,Call,Unknown value from: __infer_taint_source,Assignment,Return,Assignment,Call,ArrayDeclaration,Parameter: i,ArrayAccess: Offset: [1, +oo] Size: 10 by call to `multi_level_sink_bad` ] +codetoanalyze/cpp/quandaryBO/tainted_index.cpp, overlapping_issues_good, 1, BUFFER_OVERRUN_L5, no_bucket, ERROR, [Offset: 10 Size: [0, +oo] by call to `overlapping_issues_sink_good` ]