QuandaryBO issue filtering: fix --no-filtering behavior

Reviewed By: jvillard

Differential Revision: D9989904

fbshipit-source-id: 3330e4154
master
Mehdi Bouaziz 6 years ago committed by Facebook Github Bot
parent 69f8ebaef6
commit 82a7f14f90

@ -2302,16 +2302,6 @@ let inferconfig_file =
find (Sys.getcwd ()) |> Option.map ~f:(fun dir -> dir ^/ CommandDoc.inferconfig_file) find (Sys.getcwd ()) |> Option.map ~f:(fun dir -> dir ^/ CommandDoc.inferconfig_file)
let quandaryBO_filtered_issues =
ref
IssueType.
[ buffer_overrun_u5
; buffer_overrun_l5
; buffer_overrun_l4
; untrusted_buffer_access
; untrusted_heap_allocation ]
let post_parsing_initialization command_opt = let post_parsing_initialization command_opt =
if CommandLineOption.is_originator then ( if CommandLineOption.is_originator then (
(* let subprocesses know where the toplevel process' results dir is *) (* let subprocesses know where the toplevel process' results dir is *)
@ -2450,11 +2440,6 @@ let post_parsing_initialization command_opt =
linters := true linters := true
| Some (CaptureOnly | Checkers | CompileOnly) | None -> | Some (CaptureOnly | Checkers | CompileOnly) | None ->
() ) ; () ) ;
if !quandaryBO then
quandaryBO_filtered_issues :=
List.filter !quandaryBO_filtered_issues ~f:(fun issue ->
let enabled = issue.IssueType.enabled in
IssueType.set_enabled issue true ; not enabled ) ;
Option.value ~default:InferCommand.Run command_opt Option.value ~default:InferCommand.Run command_opt
@ -2878,8 +2863,6 @@ and quandary = !quandary
and quandaryBO = !quandaryBO and quandaryBO = !quandaryBO
and quandaryBO_filtered_issues = !quandaryBO_filtered_issues
and quandary_endpoints = !quandary_endpoints and quandary_endpoints = !quandary_endpoints
and quandary_sanitizers = !quandary_sanitizers and quandary_sanitizers = !quandary_sanitizers
@ -3070,6 +3053,20 @@ let dynamic_dispatch = !dynamic_dispatch
let specs_library = !specs_library let specs_library = !specs_library
let quandaryBO_filtered_issues =
if quandaryBO then
IssueType.
[ buffer_overrun_u5
; buffer_overrun_l5
; buffer_overrun_l4
; untrusted_buffer_access
; untrusted_heap_allocation ]
|> List.filter ~f:(fun issue ->
let enabled = issue.IssueType.enabled || not filtering in
IssueType.set_enabled issue true ; not enabled )
else []
(** Check if a Java package is external to the repository *) (** Check if a Java package is external to the repository *)
let java_package_is_external package = let java_package_is_external package =
match external_java_packages with match external_java_packages with

@ -5,18 +5,24 @@
TESTS_DIR = ../../.. TESTS_DIR = ../../..
OPTIONS_1 = \ OPTIONS_1 = \
--quandaryBO-only --passthroughs --debug-exceptions \ --quandaryBO-only --passthroughs --debug-exceptions --filtering \
--project-root $(TESTS_DIR) \ --project-root $(TESTS_DIR) \
OPTIONS_2 = \ OPTIONS_2 = \
--quandaryBO-only --quandary --enable-issue-type UNTRUSTED_BUFFER_ACCESS --passthroughs --debug-exceptions \ --quandaryBO-only --quandary --enable-issue-type UNTRUSTED_BUFFER_ACCESS \
--passthroughs --debug-exceptions --filtering \
--project-root $(TESTS_DIR) \ --project-root $(TESTS_DIR) \
OPTIONS_3 = \ OPTIONS_3 = \
--quandaryBO-only --bufferoverrun --enable-issue-type BUFFER_OVERRUN_U5 --passthroughs --debug-exceptions \ --quandaryBO-only --bufferoverrun --enable-issue-type BUFFER_OVERRUN_U5 \
--passthroughs --debug-exceptions --filtering \
--project-root $(TESTS_DIR) \ --project-root $(TESTS_DIR) \
test: test1 test2 test3 OPTIONS_4 = \
--quandaryBO-only --bufferoverrun --debug-exceptions --no-filtering \
--project-root $(TESTS_DIR) \
test: test1 test2 test3 test4
test1: test1:
$(MAKE) -f multitest.make test TEST_SUFFIX=-t1 TEST_RESULT_SUFFIX=-t1 INFER_OPTIONS="$(OPTIONS_1)" $(MAKE) -f multitest.make test TEST_SUFFIX=-t1 TEST_RESULT_SUFFIX=-t1 INFER_OPTIONS="$(OPTIONS_1)"
@ -27,7 +33,10 @@ test2:
test3: test3:
$(MAKE) -f multitest.make test TEST_SUFFIX=-t3 TEST_RESULT_SUFFIX=-t3 INFER_OPTIONS="$(OPTIONS_3)" $(MAKE) -f multitest.make test TEST_SUFFIX=-t3 TEST_RESULT_SUFFIX=-t3 INFER_OPTIONS="$(OPTIONS_3)"
replace: replace1 replace2 replace3 test4:
$(MAKE) -f multitest.make test TEST_SUFFIX=-t4 TEST_RESULT_SUFFIX=-t4 INFER_OPTIONS="$(OPTIONS_4)"
replace: replace1 replace2 replace3 replace4
replace1: replace1:
$(MAKE) -f multitest.make replace TEST_SUFFIX=-t1 TEST_RESULT_SUFFIX=-t1 $(MAKE) -f multitest.make replace TEST_SUFFIX=-t1 TEST_RESULT_SUFFIX=-t1
@ -38,7 +47,11 @@ replace2:
replace3: replace3:
$(MAKE) -f multitest.make replace TEST_SUFFIX=-t3 TEST_RESULT_SUFFIX=-t3 $(MAKE) -f multitest.make replace TEST_SUFFIX=-t3 TEST_RESULT_SUFFIX=-t3
replace4:
$(MAKE) -f multitest.make replace TEST_SUFFIX=-t4 TEST_RESULT_SUFFIX=-t4
clean: clean:
$(MAKE) -f multitest.make clean TEST_SUFFIX=-t1 $(MAKE) -f multitest.make clean TEST_SUFFIX=-t1
$(MAKE) -f multitest.make clean TEST_SUFFIX=-t2 $(MAKE) -f multitest.make clean TEST_SUFFIX=-t2
$(MAKE) -f multitest.make clean TEST_SUFFIX=-t3 $(MAKE) -f multitest.make clean TEST_SUFFIX=-t3
$(MAKE) -f multitest.make clean TEST_SUFFIX=-t4

@ -0,0 +1,7 @@
codetoanalyze/cpp/quandaryBO/tainted_index.cpp, basic_bad, 3, BUFFER_OVERRUN_U5, no_bucket, ERROR, [ArrayDeclaration,Unknown value from: __infer_taint_source,Assignment,ArrayAccess: Offset: [-oo, +oo] Size: 10]
codetoanalyze/cpp/quandaryBO/tainted_index.cpp, basic_bad, 3, TAINTED_BUFFER_ACCESS, no_bucket, ERROR, [Return from __infer_taint_source,Call to __array_access with tainted index 0,-----------,ArrayDeclaration,Unknown value from: __infer_taint_source,Assignment,ArrayAccess: Offset: [-oo, +oo] Size: 10]
codetoanalyze/cpp/quandaryBO/tainted_index.cpp, memory_alloc_bad2, 3, INFERBO_ALLOC_MAY_BE_BIG, no_bucket, ERROR, [Unknown value from: __infer_taint_source,Assignment,Alloc: Length: [-oo, 2147483647]]
codetoanalyze/cpp/quandaryBO/tainted_index.cpp, memory_alloc_bad2, 3, TAINTED_MEMORY_ALLOCATION, no_bucket, ERROR, [Return from __infer_taint_source,Call to __set_array_length with tainted index 1,-----------,Unknown value from: __infer_taint_source,Assignment,Alloc: Length: [-oo, 2147483647]]
codetoanalyze/cpp/quandaryBO/tainted_index.cpp, multi_level_bad, 2, BUFFER_OVERRUN_U5, no_bucket, ERROR, [Call,Unknown value from: __infer_taint_source,Assignment,Return,Assignment,Call,ArrayDeclaration,Parameter: i,ArrayAccess: Offset: [1, +oo] Size: 10 by call to `multi_level_sink_bad` ]
codetoanalyze/cpp/quandaryBO/tainted_index.cpp, multi_level_bad, 2, TAINTED_BUFFER_ACCESS, no_bucket, ERROR, [Return from __infer_taint_source with tainted data return*,Return from multi_level_source_bad,Call to multi_level_sink_bad with tainted index 0,Call to __array_access with tainted index 0,-----------,Call,Unknown value from: __infer_taint_source,Assignment,Return,Assignment,Call,ArrayDeclaration,Parameter: i,ArrayAccess: Offset: [1, +oo] Size: 10 by call to `multi_level_sink_bad` ]
codetoanalyze/cpp/quandaryBO/tainted_index.cpp, overlapping_issues_good, 1, BUFFER_OVERRUN_L5, no_bucket, ERROR, [Offset: 10 Size: [0, +oo] by call to `overlapping_issues_sink_good` ]
Loading…
Cancel
Save