pghs975uc
/
infer_clone
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

adding ContentValues as sink

Browse Source 
Reviewed By: jeremydubreil

Differential Revision: D2735179

fb-gh-sync-id: a9e4d59
master
Sam Blackshear 9 years ago committed by facebook-github-bot-5
parent d66261a1f4
commit 99f79587cd
5 changed files with 62 additions and 1 deletions
Show Stats Download Patch File Download Diff File

38
infer/models/java/src/android/content/ContentValues.java
Unescape View File

@ -0,0 +1,38 @@
/*
* Copyright (c) 2013 - present Facebook, Inc.
* All rights reserved.
*
* This source code is licensed under the BSD style license found in the
* LICENSE file in the root directory of this source tree. An additional grant
* of patent rights can be found in the PATENTS file in the same directory.
*/
package android.content;
import com.facebook.infer.models.InferBuiltins;
public class ContentValues {
/**
* We want to treat this as a sink for both privacy and security purposes.
*
* Privacy: The purpose of ContentValues is to feed information into a ContentProvider, a core
* Android component that can expose data for other Android applications to query. Thus, you do
* not want secret information to flow into ContentValues because you don't want to give other
* apps an interface that lets them query your secret information. There's a possibility for false
* positives here because ContentProviders can control access to information via permissions, but
* in general it's just a bad idea to let secret info into a ContentProvider.
*
* Security: You don't want untrusted external content to flow into ContentValues because it may
* be used to store data in a ContentProvider, potentially giving an external app control over
* what goes into the database backing the ContentProvider/giving them direct access to make
* queries on your content provider (rather than exposing a small set of trusted queries, which is
* what should be done). This could have any number of security implications depending on how the
* ContentProvider is used.
**/
public void put(String key, String value) {
InferBuiltins.__check_untainted(key);
InferBuiltins.__check_untainted(value);
}
}

5
infer/tests/ant_report.json
Unescape View File

@ -4,6 +4,11 @@
"file": "codetoanalyze/java/infer/TaintExample.java", "file": "codetoanalyze/java/infer/TaintExample.java",
"procedure": "Socket TaintExample.callReadInputStreamCauseTaintError(SSLSocketFactory)" "procedure": "Socket TaintExample.callReadInputStreamCauseTaintError(SSLSocketFactory)"
}, },
{
"bug_type": "TAINTED_VALUE_REACHING_SENSITIVE_FUNCTION",
"file": "codetoanalyze/java/infer/TaintExample.java",
"procedure": "void TaintExample.contentValuesPutWithTaintedString(ContentValues,SharedPreferences,String,String)"
},
{ {
"bug_type": "CONTEXT_LEAK", "bug_type": "CONTEXT_LEAK",
"file": "codetoanalyze/java/infer/ContextLeaks.java", "file": "codetoanalyze/java/infer/ContextLeaks.java",

5
infer/tests/buck_report.json
Unescape View File

@ -4,6 +4,11 @@
"file": "infer/tests/codetoanalyze/java/infer/TaintExample.java", "file": "infer/tests/codetoanalyze/java/infer/TaintExample.java",
"procedure": "Socket TaintExample.callReadInputStreamCauseTaintError(SSLSocketFactory)" "procedure": "Socket TaintExample.callReadInputStreamCauseTaintError(SSLSocketFactory)"
}, },
{
"bug_type": "TAINTED_VALUE_REACHING_SENSITIVE_FUNCTION",
"file": "infer/tests/codetoanalyze/java/infer/TaintExample.java",
"procedure": "void TaintExample.contentValuesPutWithTaintedString(ContentValues,SharedPreferences,String,String)"
},
{ {
"bug_type": "CONTEXT_LEAK", "bug_type": "CONTEXT_LEAK",
"file": "infer/tests/codetoanalyze/java/infer/ContextLeaks.java", "file": "infer/tests/codetoanalyze/java/infer/ContextLeaks.java",

12
infer/tests/codetoanalyze/java/infer/TaintExample.java
Unescape View File

@ -21,6 +21,9 @@ import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket; import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory; import javax.net.ssl.SSLSocketFactory;
import android.content.ContentValues;
import android.content.SharedPreferences;
import com.facebook.infer.models.InferTaint; import com.facebook.infer.models.InferTaint;
public class TaintExample { public class TaintExample {
@ -158,4 +161,13 @@ public class TaintExample {
callSinkMethodModelMethodsUndefined(returnTaintedSourceModelMethodsUndefined()); callSinkMethodModelMethodsUndefined(returnTaintedSourceModelMethodsUndefined());
} }
public void contentValuesPutWithTaintedString(ContentValues values, SharedPreferences prefs,
String key, String value) {
values.put(key, prefs.getString(key, value));
}
public void contentValuesPutOk(ContentValues values, String key, String value) {
values.put(key, value);
}
} }

3
infer/tests/endtoend/java/infer/TaintTest.java
Unescape View File

@ -53,7 +53,8 @@ public class TaintTest {
"simpleTaintErrorWithModelMethodsUndefined", "simpleTaintErrorWithModelMethodsUndefined",
"interprocTaintErrorWithModelMethodsUndefined1", "interprocTaintErrorWithModelMethodsUndefined1",
"interprocTaintErrorWithModelMethodsUndefined2", "interprocTaintErrorWithModelMethodsUndefined2",
"interprocTaintErrorWithModelMethodsUndefined3" "interprocTaintErrorWithModelMethodsUndefined3",
"contentValuesPutWithTaintedString"
}; };
assertThat( assertThat(

Write Preview
Loading…
Cancel
Save