From 8a99f4b3bb09f0a0cd39204f3c77a96b98c7e99d Mon Sep 17 00:00:00 2001 From: Nikos Gorogiannis Date: Thu, 12 Mar 2020 03:59:59 -0700 Subject: [PATCH] [java] bug fix for type translation Summary: `JavaSplitName` is used to represent Java types (in `Procname` in particular). The type itself is a pair of string (an optional package qualifier) and a "type name" (the quotes are there because it may contain array qualifiers). For example `java.lang.Object[][]` should be represented as ``` {package=Some "java.lang"; typename="Object[][]"} ``` The constructor `make` was misused to construct instead types such as ``` {package=None; typename="java.lang.Object[][]"}` ``` This is evident when we print the return type of a `Procname` non-verbosely (the default), but we still see the package qualifier. Obviously this is not just a pretty-printing bug, the values were themselves wrong. The fix is to use the `of_string` constructor which will parse the package and separate it correctly. Another bug (in response to this one) had to be fixed in `Procname.is_vararg` to maintain behaviour in Nullsafe and Quandary. Reviewed By: mityal Differential Revision: D20394146 fbshipit-source-id: 4633902eb --- infer/src/IR/JavaSplitName.ml | 2 ++ infer/src/IR/JavaSplitName.mli | 3 ++ infer/src/IR/Procname.ml | 5 +--- infer/src/java/jTransType.ml | 4 +-- .../reverse_analysis_callgraph.dot | 2 +- .../codetoanalyze/java/hoisting/issues.exp | 2 +- .../codetoanalyze/java/performance/issues.exp | 2 +- .../codetoanalyze/java/quandary/issues.exp | 28 +++++++++---------- .../codetoanalyze/java/starvation/issues.exp | 4 +-- 9 files changed, 27 insertions(+), 25 deletions(-) diff --git a/infer/src/IR/JavaSplitName.ml b/infer/src/IR/JavaSplitName.ml index b6d28df62..f878c5f91 100644 --- a/infer/src/IR/JavaSplitName.ml +++ b/infer/src/IR/JavaSplitName.ml @@ -28,6 +28,8 @@ let type_name {type_name} = type_name let java_lang_object = make ~package:"java.lang" "Object" +let java_lang_object_array = make ~package:"java.lang" "Object[]" + let java_lang_string = make ~package:"java.lang" "String" let void = make "void" diff --git a/infer/src/IR/JavaSplitName.mli b/infer/src/IR/JavaSplitName.mli index 505889e42..9b439a7df 100644 --- a/infer/src/IR/JavaSplitName.mli +++ b/infer/src/IR/JavaSplitName.mli @@ -22,6 +22,9 @@ val of_string : string -> t val java_lang_object : t (** [java.lang.Object] type *) +val java_lang_object_array : t +(** [java.lang.Object\[\]] type *) + val java_lang_string : t (** [java.lang.String] type *) diff --git a/infer/src/IR/Procname.ml b/infer/src/IR/Procname.ml index 94a11cf9b..edd4d7372 100644 --- a/infer/src/IR/Procname.ml +++ b/infer/src/IR/Procname.ml @@ -199,10 +199,7 @@ module Java = struct (** Check if the proc name has the type of a java vararg. Note: currently only checks that the last argument has type Object[]. *) let is_vararg {parameters} = - (* FIXME this looks wrong due to the dot in the type name *) - List.last parameters - |> Option.exists ~f:(fun java_type -> - String.equal "java.lang.Object[]" (JavaSplitName.type_name java_type) ) + List.last parameters |> Option.exists ~f:JavaSplitName.(equal java_lang_object_array) let is_external java_pname = diff --git a/infer/src/java/jTransType.ml b/infer/src/java/jTransType.ml index 1a4cb04c5..bc1b8e809 100644 --- a/infer/src/java/jTransType.ml +++ b/infer/src/java/jTransType.ml @@ -161,11 +161,11 @@ let cn_to_java_type cn = let vt_to_java_type vt = match vt with | JBasics.TBasic bt -> - JavaSplitName.make (string_of_basic_type bt) + JavaSplitName.of_string (string_of_basic_type bt) | JBasics.TObject ot -> ( match ot with | JBasics.TArray vt -> - JavaSplitName.make (string_of_type vt ^ "[]") + JavaSplitName.of_string (string_of_type vt ^ "[]") | JBasics.TClass cn -> cn_to_java_type cn ) diff --git a/infer/tests/build_systems/incremental_analysis_cost_change/reverse_analysis_callgraph.dot b/infer/tests/build_systems/incremental_analysis_cost_change/reverse_analysis_callgraph.dot index 9f6ca4302..db3a224f9 100644 --- a/infer/tests/build_systems/incremental_analysis_cost_change/reverse_analysis_callgraph.dot +++ b/infer/tests/build_systems/incremental_analysis_cost_change/reverse_analysis_callgraph.dot @@ -2,7 +2,7 @@ digraph callgraph { N1 [ label = "Test.()", flag = true ]; - N5 [ label = "void Test.main(java.lang.String[])", flag = true ]; + N5 [ label = "void Test.main(String[])", flag = true ]; N0 [ label = "Object.()", flag = false ]; N0 -> N7 ; diff --git a/infer/tests/codetoanalyze/java/hoisting/issues.exp b/infer/tests/codetoanalyze/java/hoisting/issues.exp index 439f4d005..b6908347a 100644 --- a/infer/tests/codetoanalyze/java/hoisting/issues.exp +++ b/infer/tests/codetoanalyze/java/hoisting/issues.exp @@ -68,6 +68,6 @@ codetoanalyze/java/hoisting/HoistNoIndirectMod.java, HoistNoIndirectMod.calcNext codetoanalyze/java/hoisting/HoistNoIndirectMod.java, HoistNoIndirectMod.calcSame():int, 0, PURE_FUNCTION, no_bucket, ERROR, [Side-effect free function int HoistNoIndirectMod.calcSame()] codetoanalyze/java/hoisting/HoistNoIndirectMod.java, HoistNoIndirectMod.increment_dont_hoist_FP(int):int, 1, INVARIANT_CALL, no_bucket, ERROR, [The call to int HoistNoIndirectMod.calcNext() at line 28 is loop-invariant] codetoanalyze/java/hoisting/HoistNoIndirectMod.java, HoistNoIndirectMod.modify_and_increment_dont_hoist_FP(int):int, 2, INVARIANT_CALL, no_bucket, ERROR, [The call to int HoistNoIndirectMod.calcNext() at line 36 is loop-invariant] -codetoanalyze/java/hoisting/HoistNoIndirectMod.java, HoistNoIndirectMod.no_mod_hoist(java.lang.Integer[],java.util.ArrayList):void, 0, PURE_FUNCTION, no_bucket, ERROR, [Side-effect free function void HoistNoIndirectMod.no_mod_hoist(java.lang.Integer[],ArrayList)] +codetoanalyze/java/hoisting/HoistNoIndirectMod.java, HoistNoIndirectMod.no_mod_hoist(java.lang.Integer[],java.util.ArrayList):void, 0, PURE_FUNCTION, no_bucket, ERROR, [Side-effect free function void HoistNoIndirectMod.no_mod_hoist(Integer[],ArrayList)] codetoanalyze/java/hoisting/HoistNoIndirectMod.java, HoistNoIndirectMod.no_mod_hoist(java.lang.Integer[],java.util.ArrayList):void, 1, INVARIANT_CALL, no_bucket, ERROR, [The call to int HoistNoIndirectMod.avg(ArrayList) at line 77 is loop-invariant] codetoanalyze/java/hoisting/HoistUnmodeled.java, HoistUnmodeled.harmless_pure():void, 0, PURE_FUNCTION, no_bucket, ERROR, [Side-effect free function void HoistUnmodeled.harmless_pure()] diff --git a/infer/tests/codetoanalyze/java/performance/issues.exp b/infer/tests/codetoanalyze/java/performance/issues.exp index 872f30d18..ba9ea74cc 100644 --- a/infer/tests/codetoanalyze/java/performance/issues.exp +++ b/infer/tests/codetoanalyze/java/performance/issues.exp @@ -3,7 +3,7 @@ codetoanalyze/java/performance/Array.java, codetoanalyze.java.performance.Array. codetoanalyze/java/performance/Array.java, codetoanalyze.java.performance.Array.array_access_weird_ok(long[],int):void, 0, EXPENSIVE_EXECUTION_TIME, no_bucket, ERROR, [with estimated cost 2 + 13 ⋅ length, O(length), degree = 1,{length},Loop at line 30] codetoanalyze/java/performance/Array.java, codetoanalyze.java.performance.Array.binary_search_log(java.lang.String[]):int, 0, EXPENSIVE_EXECUTION_TIME, no_bucket, ERROR, [with estimated cost 2 + log(arr.length), O(log(arr.length)), degree = 0 + 1⋅log,{arr.length},Modeled call to Arrays.binarySearch] codetoanalyze/java/performance/Array.java, codetoanalyze.java.performance.Array.bsearch_log(int):void, 1, EXPENSIVE_EXECUTION_TIME, no_bucket, ERROR, [with estimated cost 5 + log(i), O(log(i)), degree = 0 + 1⋅log,{i},Modeled call to Arrays.binarySearch] -codetoanalyze/java/performance/Array.java, codetoanalyze.java.performance.Array.call_gen_and_iter_types(int):void, 0, EXPENSIVE_EXECUTION_TIME, no_bucket, ERROR, [with estimated cost 13 + 5 ⋅ x, O(x), degree = 1,{x},call to java.lang.String[] Array.gen_and_iter_types(int),Loop at line 76] +codetoanalyze/java/performance/Array.java, codetoanalyze.java.performance.Array.call_gen_and_iter_types(int):void, 0, EXPENSIVE_EXECUTION_TIME, no_bucket, ERROR, [with estimated cost 13 + 5 ⋅ x, O(x), degree = 1,{x},call to String[] Array.gen_and_iter_types(int),Loop at line 76] codetoanalyze/java/performance/Array.java, codetoanalyze.java.performance.Array.call_gen_and_iter_types_linear_FP(int,int):void, 0, INFINITE_EXECUTION_TIME, no_bucket, ERROR, [Unbounded loop,Loop at line 88] codetoanalyze/java/performance/Array.java, codetoanalyze.java.performance.Array.call_gen_and_iter_types_linear_FP(int,int):void, 2, INTEGER_OVERFLOW_L5, no_bucket, ERROR, [,Assignment,Binary operation: ([0, +oo] + 1):signed32] codetoanalyze/java/performance/Array.java, codetoanalyze.java.performance.Array.copyOf_linear(java.lang.String[]):void, 0, EXPENSIVE_EXECUTION_TIME, no_bucket, ERROR, [with estimated cost 4 + arr.length, O(arr.length), degree = 1,{arr.length},Modeled call to Arrays.copyOf] diff --git a/infer/tests/codetoanalyze/java/quandary/issues.exp b/infer/tests/codetoanalyze/java/quandary/issues.exp index 17ab07c4f..0ca4a4422 100644 --- a/infer/tests/codetoanalyze/java/quandary/issues.exp +++ b/infer/tests/codetoanalyze/java/quandary/issues.exp @@ -27,16 +27,16 @@ codetoanalyze/java/quandary/Basics.java, codetoanalyze.java.quandary.Basics.viaV codetoanalyze/java/quandary/Basics.java, codetoanalyze.java.quandary.Basics.whileBad1(int):void, 2, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0] codetoanalyze/java/quandary/Basics.java, codetoanalyze.java.quandary.Basics.whileBad2(int):void, 5, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0] codetoanalyze/java/quandary/ClassLoading.java, codetoanalyze.java.quandary.ClassLoading.clipboardToClassForNameBad():void, 0, SHELL_INJECTION, no_bucket, ERROR, [Return from CharSequence ClipboardManager.getText() with tainted data return*,Return from String ClassLoading.getUserControlledString(),Call to Class Class.forName(String) with tainted index 0] -codetoanalyze/java/quandary/ContentProviders.java, codetoanalyze.java.quandary.ContentProviders.bulkInsert(android.net.Uri,android.content.ContentValues[]):int, 0, UNTRUSTED_FILE, no_bucket, ERROR, [Return from int ContentProviders.bulkInsert(Uri,android.content.ContentValues[]),Call to File.(String) with tainted index 1] +codetoanalyze/java/quandary/ContentProviders.java, codetoanalyze.java.quandary.ContentProviders.bulkInsert(android.net.Uri,android.content.ContentValues[]):int, 0, UNTRUSTED_FILE, no_bucket, ERROR, [Return from int ContentProviders.bulkInsert(Uri,ContentValues[]),Call to File.(String) with tainted index 1] codetoanalyze/java/quandary/ContentProviders.java, codetoanalyze.java.quandary.ContentProviders.call(java.lang.String,java.lang.String,android.os.Bundle):android.os.Bundle, 0, UNTRUSTED_FILE, no_bucket, ERROR, [Return from Bundle ContentProviders.call(String,String,Bundle),Call to File.(String) with tainted index 1] -codetoanalyze/java/quandary/ContentProviders.java, codetoanalyze.java.quandary.ContentProviders.delete(android.net.Uri,java.lang.String,java.lang.String[]):int, 0, UNTRUSTED_FILE, no_bucket, ERROR, [Return from int ContentProviders.delete(Uri,String,java.lang.String[]),Call to File.(String) with tainted index 1] +codetoanalyze/java/quandary/ContentProviders.java, codetoanalyze.java.quandary.ContentProviders.delete(android.net.Uri,java.lang.String,java.lang.String[]):int, 0, UNTRUSTED_FILE, no_bucket, ERROR, [Return from int ContentProviders.delete(Uri,String,String[]),Call to File.(String) with tainted index 1] codetoanalyze/java/quandary/ContentProviders.java, codetoanalyze.java.quandary.ContentProviders.getType(android.net.Uri):java.lang.String, 0, UNTRUSTED_FILE, no_bucket, ERROR, [Return from String ContentProviders.getType(Uri),Call to File.(String) with tainted index 1] codetoanalyze/java/quandary/ContentProviders.java, codetoanalyze.java.quandary.ContentProviders.insert(android.net.Uri,android.content.ContentValues):android.net.Uri, 0, UNTRUSTED_FILE, no_bucket, ERROR, [Return from Uri ContentProviders.insert(Uri,ContentValues),Call to File.(String) with tainted index 1] codetoanalyze/java/quandary/ContentProviders.java, codetoanalyze.java.quandary.ContentProviders.openAssetFile(android.net.Uri,java.lang.String,android.os.CancellationSignal):android.content.res.AssetFileDescriptor, 0, UNTRUSTED_FILE, no_bucket, ERROR, [Return from AssetFileDescriptor ContentProviders.openAssetFile(Uri,String,CancellationSignal),Call to File.(String) with tainted index 1] codetoanalyze/java/quandary/ContentProviders.java, codetoanalyze.java.quandary.ContentProviders.openFile(android.net.Uri,java.lang.String,android.os.CancellationSignal):android.os.ParcelFileDescriptor, 0, UNTRUSTED_FILE, no_bucket, ERROR, [Return from ParcelFileDescriptor ContentProviders.openFile(Uri,String,CancellationSignal),Call to File.(String) with tainted index 1] codetoanalyze/java/quandary/ContentProviders.java, codetoanalyze.java.quandary.ContentProviders.openTypedAssetFile(android.net.Uri,java.lang.String,android.os.Bundle,android.os.CancellationSignal):android.content.res.AssetFileDescriptor, 0, UNTRUSTED_FILE, no_bucket, ERROR, [Return from AssetFileDescriptor ContentProviders.openTypedAssetFile(Uri,String,Bundle,CancellationSignal),Call to File.(String) with tainted index 1] -codetoanalyze/java/quandary/ContentProviders.java, codetoanalyze.java.quandary.ContentProviders.query(android.net.Uri,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String):android.database.Cursor, 0, UNTRUSTED_FILE, no_bucket, ERROR, [Return from Cursor ContentProviders.query(Uri,java.lang.String[],String,java.lang.String[],String),Call to File.(String) with tainted index 1] -codetoanalyze/java/quandary/ContentProviders.java, codetoanalyze.java.quandary.ContentProviders.update(android.net.Uri,android.content.ContentValues,java.lang.String,java.lang.String[]):int, 0, UNTRUSTED_FILE, no_bucket, ERROR, [Return from int ContentProviders.update(Uri,ContentValues,String,java.lang.String[]),Call to File.(String) with tainted index 1] +codetoanalyze/java/quandary/ContentProviders.java, codetoanalyze.java.quandary.ContentProviders.query(android.net.Uri,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String):android.database.Cursor, 0, UNTRUSTED_FILE, no_bucket, ERROR, [Return from Cursor ContentProviders.query(Uri,String[],String,String[],String),Call to File.(String) with tainted index 1] +codetoanalyze/java/quandary/ContentProviders.java, codetoanalyze.java.quandary.ContentProviders.update(android.net.Uri,android.content.ContentValues,java.lang.String,java.lang.String[]):int, 0, UNTRUSTED_FILE, no_bucket, ERROR, [Return from int ContentProviders.update(Uri,ContentValues,String,String[]),Call to File.(String) with tainted index 1] codetoanalyze/java/quandary/DynamicDispatch.java, codetoanalyze.java.quandary.DynamicDispatch.propagateViaInterfaceBad(codetoanalyze.java.quandary.DynamicDispatch$Interface):void, 2, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0] codetoanalyze/java/quandary/Exceptions.java, codetoanalyze.java.quandary.Exceptions.callSinkThenThrowBad():void, 0, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void Exceptions.callSinkThenThrow(Object) with tainted index 0,Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0] codetoanalyze/java/quandary/Exceptions.java, codetoanalyze.java.quandary.Exceptions.sinkAfterCatchBad():void, 6, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0] @@ -63,10 +63,10 @@ codetoanalyze/java/quandary/Fields.java, codetoanalyze.java.quandary.Fields.viaF codetoanalyze/java/quandary/Fields.java, codetoanalyze.java.quandary.Fields.viaNestedFieldBad1(codetoanalyze.java.quandary.Fields$Obj):void, 1, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0] codetoanalyze/java/quandary/Fields.java, codetoanalyze.java.quandary.Fields.viaNestedFieldBad2():void, 3, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0] codetoanalyze/java/quandary/Files.java, codetoanalyze.java.quandary.Files.fileConstructorSinkBad():java.io.File, 1, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to File.(String) with tainted index 1] -codetoanalyze/java/quandary/Files.java, codetoanalyze.java.quandary.Files.fileSystemConstructorSinkBad1():java.nio.file.Path, 1, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to Path FileSystem.getPath(String,java.lang.String[]) with tainted index 1] -codetoanalyze/java/quandary/Files.java, codetoanalyze.java.quandary.Files.fileSystemConstructorSinkBad2():java.nio.file.Path, 1, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to Path FileSystem.getPath(String,java.lang.String[]) with tainted index 2] -codetoanalyze/java/quandary/Files.java, codetoanalyze.java.quandary.Files.pathsSinkBad1():java.nio.file.Path, 1, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to Path Paths.get(String,java.lang.String[]) with tainted index 0] -codetoanalyze/java/quandary/Files.java, codetoanalyze.java.quandary.Files.pathsSinkBad2():java.nio.file.Path, 1, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to Path Paths.get(String,java.lang.String[]) with tainted index 1] +codetoanalyze/java/quandary/Files.java, codetoanalyze.java.quandary.Files.fileSystemConstructorSinkBad1():java.nio.file.Path, 1, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to Path FileSystem.getPath(String,String[]) with tainted index 1] +codetoanalyze/java/quandary/Files.java, codetoanalyze.java.quandary.Files.fileSystemConstructorSinkBad2():java.nio.file.Path, 1, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to Path FileSystem.getPath(String,String[]) with tainted index 2] +codetoanalyze/java/quandary/Files.java, codetoanalyze.java.quandary.Files.pathsSinkBad1():java.nio.file.Path, 1, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to Path Paths.get(String,String[]) with tainted index 0] +codetoanalyze/java/quandary/Files.java, codetoanalyze.java.quandary.Files.pathsSinkBad2():java.nio.file.Path, 1, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to Path Paths.get(String,String[]) with tainted index 1] codetoanalyze/java/quandary/FlowSensitivity.java, codetoanalyze.java.quandary.FlowSensitivity.callSourceAndSinkBad1(codetoanalyze.java.quandary.FlowSensitivity$Obj):void, 1, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource() with tainted data @val$0.f*,Return from void FlowSensitivity.sourceAndSink(FlowSensitivity$Obj),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0] codetoanalyze/java/quandary/FlowSensitivity.java, codetoanalyze.java.quandary.FlowSensitivity.callSourceAndSinkBad2(codetoanalyze.java.quandary.FlowSensitivity$Obj):void, 1, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void FlowSensitivity.sourceAndSink(FlowSensitivity$Obj) with tainted index 0,Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0] codetoanalyze/java/quandary/FlowSensitivity.java, codetoanalyze.java.quandary.FlowSensitivity.interproceduralFlowSensitivityBad(codetoanalyze.java.quandary.FlowSensitivity$Obj):void, 1, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource() with tainted data @val$0.f*,Return from void FlowSensitivity.returnSource(FlowSensitivity$Obj),Call to void FlowSensitivity.callSink(FlowSensitivity$Obj) with tainted index 0,Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0] @@ -79,7 +79,7 @@ codetoanalyze/java/quandary/Intents.java, codetoanalyze.java.quandary.Intents.ca codetoanalyze/java/quandary/Intents.java, codetoanalyze.java.quandary.Intents.callAllActivitySinksBad(android.app.Activity,java.lang.String):void, 8, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void ContextWrapper.sendStickyBroadcastAsUser(Intent,UserHandle) with tainted index 1] codetoanalyze/java/quandary/Intents.java, codetoanalyze.java.quandary.Intents.callAllActivitySinksBad(android.app.Activity,java.lang.String):void, 9, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void ContextWrapper.sendStickyOrderedBroadcast(Intent,BroadcastReceiver,Handler,int,String,Bundle) with tainted index 1] codetoanalyze/java/quandary/Intents.java, codetoanalyze.java.quandary.Intents.callAllActivitySinksBad(android.app.Activity,java.lang.String):void, 10, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void ContextWrapper.sendStickyOrderedBroadcastAsUser(Intent,UserHandle,BroadcastReceiver,Handler,int,String,Bundle) with tainted index 1] -codetoanalyze/java/quandary/Intents.java, codetoanalyze.java.quandary.Intents.callAllActivitySinksBad(android.app.Activity,java.lang.String):void, 11, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void Activity.startActivities(android.content.Intent[]) with tainted index 1] +codetoanalyze/java/quandary/Intents.java, codetoanalyze.java.quandary.Intents.callAllActivitySinksBad(android.app.Activity,java.lang.String):void, 11, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void Activity.startActivities(Intent[]) with tainted index 1] codetoanalyze/java/quandary/Intents.java, codetoanalyze.java.quandary.Intents.callAllActivitySinksBad(android.app.Activity,java.lang.String):void, 12, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void Activity.startActivity(Intent) with tainted index 1] codetoanalyze/java/quandary/Intents.java, codetoanalyze.java.quandary.Intents.callAllActivitySinksBad(android.app.Activity,java.lang.String):void, 13, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void Activity.startActivityForResult(Intent,int) with tainted index 1] codetoanalyze/java/quandary/Intents.java, codetoanalyze.java.quandary.Intents.callAllActivitySinksBad(android.app.Activity,java.lang.String):void, 14, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to boolean Activity.startActivityIfNeeded(Intent,int) with tainted index 1] @@ -124,7 +124,7 @@ codetoanalyze/java/quandary/Interprocedural.java, codetoanalyze.java.quandary.In codetoanalyze/java/quandary/Interprocedural.java, codetoanalyze.java.quandary.Interprocedural.callSinkParam1Bad():void, 0, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void Interprocedural.callSinkParam1(Object,Object) with tainted index 0,Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0] codetoanalyze/java/quandary/Interprocedural.java, codetoanalyze.java.quandary.Interprocedural.callSinkParam2Bad():void, 0, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void Interprocedural.callSinkParam2(Object,Object) with tainted index 1,Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0] codetoanalyze/java/quandary/Interprocedural.java, codetoanalyze.java.quandary.Interprocedural.callSinkThenDivergeBad():void, 0, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void Interprocedural.callSinkThenDiverge(Object) with tainted index 0,Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0] -codetoanalyze/java/quandary/Interprocedural.java, codetoanalyze.java.quandary.Interprocedural.callSinkVariadicBad():void, 0, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void Interprocedural.callSinkVariadic(java.lang.Object[]) with tainted index 0,Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0] +codetoanalyze/java/quandary/Interprocedural.java, codetoanalyze.java.quandary.Interprocedural.callSinkVariadicBad():void, 0, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void Interprocedural.callSinkVariadic(Object[]) with tainted index 0,Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0] codetoanalyze/java/quandary/Interprocedural.java, codetoanalyze.java.quandary.Interprocedural.doublePassthroughBad():void, 3, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0] codetoanalyze/java/quandary/Interprocedural.java, codetoanalyze.java.quandary.Interprocedural.getGlobalThenCallSinkBad():void, 1, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void Interprocedural.getGlobalThenCallSink(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0] codetoanalyze/java/quandary/Interprocedural.java, codetoanalyze.java.quandary.Interprocedural.irrelevantPassthroughsIntraprocedural(java.lang.Object):java.lang.Object, 3, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0] @@ -219,11 +219,11 @@ codetoanalyze/java/quandary/UnknownCode.java, codetoanalyze.java.quandary.Unknow codetoanalyze/java/quandary/UnknownCode.java, codetoanalyze.java.quandary.UnknownCode.propagateViaUnknownConstructorBad():void, 3, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0] codetoanalyze/java/quandary/UnknownCode.java, codetoanalyze.java.quandary.UnknownCode.propagateViaUnknownNativeCodeBad():void, 2, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0] codetoanalyze/java/quandary/UserControlledStrings.java, codetoanalyze.java.quandary.UserControlledStrings.clipboardToHtmlBad():android.text.Spanned, 0, CROSS_SITE_SCRIPTING, no_bucket, ERROR, [Return from CharSequence ClipboardManager.getText(),Call to Spanned Html.fromHtml(String) with tainted index 0] -codetoanalyze/java/quandary/UserControlledStrings.java, codetoanalyze.java.quandary.UserControlledStrings.clipboardToProcessBuilder1Bad():java.lang.ProcessBuilder, 0, SHELL_INJECTION, no_bucket, ERROR, [Return from CharSequence ClipboardManager.getText(),Call to ProcessBuilder.(java.lang.String[]) with tainted index 1] -codetoanalyze/java/quandary/UserControlledStrings.java, codetoanalyze.java.quandary.UserControlledStrings.clipboardToProcessBuilder2Bad():java.lang.ProcessBuilder, 0, SHELL_INJECTION, no_bucket, ERROR, [Return from CharSequence ClipboardManager.getText(),Call to ProcessBuilder.(java.lang.String[]) with tainted index 1] -codetoanalyze/java/quandary/UserControlledStrings.java, codetoanalyze.java.quandary.UserControlledStrings.clipboardToProcessBuilder3Bad(java.lang.ProcessBuilder):java.lang.ProcessBuilder, 0, SHELL_INJECTION, no_bucket, ERROR, [Return from CharSequence ClipboardManager.getText(),Call to ProcessBuilder ProcessBuilder.command(java.lang.String[]) with tainted index 1] +codetoanalyze/java/quandary/UserControlledStrings.java, codetoanalyze.java.quandary.UserControlledStrings.clipboardToProcessBuilder1Bad():java.lang.ProcessBuilder, 0, SHELL_INJECTION, no_bucket, ERROR, [Return from CharSequence ClipboardManager.getText(),Call to ProcessBuilder.(String[]) with tainted index 1] +codetoanalyze/java/quandary/UserControlledStrings.java, codetoanalyze.java.quandary.UserControlledStrings.clipboardToProcessBuilder2Bad():java.lang.ProcessBuilder, 0, SHELL_INJECTION, no_bucket, ERROR, [Return from CharSequence ClipboardManager.getText(),Call to ProcessBuilder.(String[]) with tainted index 1] +codetoanalyze/java/quandary/UserControlledStrings.java, codetoanalyze.java.quandary.UserControlledStrings.clipboardToProcessBuilder3Bad(java.lang.ProcessBuilder):java.lang.ProcessBuilder, 0, SHELL_INJECTION, no_bucket, ERROR, [Return from CharSequence ClipboardManager.getText(),Call to ProcessBuilder ProcessBuilder.command(String[]) with tainted index 1] codetoanalyze/java/quandary/UserControlledStrings.java, codetoanalyze.java.quandary.UserControlledStrings.clipboardToProcessBuilder4Bad(java.lang.ProcessBuilder):java.lang.ProcessBuilder, 2, SHELL_INJECTION, no_bucket, ERROR, [Return from CharSequence ClipboardManager.getText(),Call to ProcessBuilder ProcessBuilder.command(List) with tainted index 1] -codetoanalyze/java/quandary/UserControlledStrings.java, codetoanalyze.java.quandary.UserControlledStrings.clipboardToShellArrayBad():void, 1, SHELL_INJECTION, no_bucket, ERROR, [Return from CharSequence ClipboardManager.getText(),Call to Process Runtime.exec(java.lang.String[]) with tainted index 1] +codetoanalyze/java/quandary/UserControlledStrings.java, codetoanalyze.java.quandary.UserControlledStrings.clipboardToShellArrayBad():void, 1, SHELL_INJECTION, no_bucket, ERROR, [Return from CharSequence ClipboardManager.getText(),Call to Process Runtime.exec(String[]) with tainted index 1] codetoanalyze/java/quandary/UserControlledStrings.java, codetoanalyze.java.quandary.UserControlledStrings.clipboardToShellDirectBad():void, 0, SHELL_INJECTION, no_bucket, ERROR, [Return from CharSequence ClipboardManager.getText(),Call to Process Runtime.exec(String) with tainted index 1] codetoanalyze/java/quandary/UserControlledStrings.java, codetoanalyze.java.quandary.UserControlledStrings.editTextToHtmlBad():android.text.Spanned, 0, CROSS_SITE_SCRIPTING, no_bucket, ERROR, [Return from Editable EditText.getText(),Call to Spanned Html.fromHtml(String) with tainted index 0] codetoanalyze/java/quandary/UserControlledStrings.java, codetoanalyze.java.quandary.UserControlledStrings.readClipboardSourcesBad():void, 0, QUANDARY_TAINT_ERROR, no_bucket, ERROR, [Return from CharSequence ClipboardManager.getText(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0] diff --git a/infer/tests/codetoanalyze/java/starvation/issues.exp b/infer/tests/codetoanalyze/java/starvation/issues.exp index 8c6788bea..add007038 100644 --- a/infer/tests/codetoanalyze/java/starvation/issues.exp +++ b/infer/tests/codetoanalyze/java/starvation/issues.exp @@ -64,8 +64,8 @@ codetoanalyze/java/starvation/StrictModeViolation.java, StrictModeViolation.viol codetoanalyze/java/starvation/StrictModeViolation.java, StrictModeViolation.violateStrictModeBad():void, 24, STRICT_MODE_VIOLATION, no_bucket, ERROR, [`void StrictModeViolation.violateStrictModeBad()`,calls `long File.getTotalSpace()`] codetoanalyze/java/starvation/StrictModeViolation.java, StrictModeViolation.violateStrictModeBad():void, 25, STRICT_MODE_VIOLATION, no_bucket, ERROR, [`void StrictModeViolation.violateStrictModeBad()`,calls `long File.getUsableSpace()`] codetoanalyze/java/starvation/StrictModeViolation.java, StrictModeViolation.violateStrictModeBad():void, 29, STRICT_MODE_VIOLATION, no_bucket, ERROR, [`void StrictModeViolation.violateStrictModeBad()`,calls `long File.lastModified()`] -codetoanalyze/java/starvation/StrictModeViolation.java, StrictModeViolation.violateStrictModeBad():void, 31, STRICT_MODE_VIOLATION, no_bucket, ERROR, [`void StrictModeViolation.violateStrictModeBad()`,calls `java.lang.String[] File.list()`] -codetoanalyze/java/starvation/StrictModeViolation.java, StrictModeViolation.violateStrictModeBad():void, 32, STRICT_MODE_VIOLATION, no_bucket, ERROR, [`void StrictModeViolation.violateStrictModeBad()`,calls `java.io.File[] File.listFiles()`] +codetoanalyze/java/starvation/StrictModeViolation.java, StrictModeViolation.violateStrictModeBad():void, 31, STRICT_MODE_VIOLATION, no_bucket, ERROR, [`void StrictModeViolation.violateStrictModeBad()`,calls `String[] File.list()`] +codetoanalyze/java/starvation/StrictModeViolation.java, StrictModeViolation.violateStrictModeBad():void, 32, STRICT_MODE_VIOLATION, no_bucket, ERROR, [`void StrictModeViolation.violateStrictModeBad()`,calls `File[] File.listFiles()`] codetoanalyze/java/starvation/StrictModeViolation.java, StrictModeViolation.violateStrictModeBad():void, 33, STRICT_MODE_VIOLATION, no_bucket, ERROR, [`void StrictModeViolation.violateStrictModeBad()`,calls `boolean File.mkdir()`] codetoanalyze/java/starvation/StrictModeViolation.java, StrictModeViolation.violateStrictModeBad():void, 34, STRICT_MODE_VIOLATION, no_bucket, ERROR, [`void StrictModeViolation.violateStrictModeBad()`,calls `boolean File.renameTo(File)`] codetoanalyze/java/starvation/StrictModeViolation.java, StrictModeViolation.violateStrictModeBad():void, 35, STRICT_MODE_VIOLATION, no_bucket, ERROR, [`void StrictModeViolation.violateStrictModeBad()`,calls `boolean File.setExecutable(boolean)`]