From a130556869e51214fc4d23f8fba1b22bcac6bd98 Mon Sep 17 00:00:00 2001
From: Mehdi Bouaziz <mbouaziz@fb.com>
Date: Tue, 18 Dec 2018 12:28:41 -0800
Subject: [PATCH] [quandary] Separate insecure intent handling issue type when
 call is in an exposed class

Reviewed By: AmarBhosale

Differential Revision: D13465395

fbshipit-source-id: ad0ed5b17
---
 infer/src/base/IssueType.ml     | 2 ++
 infer/src/base/IssueType.mli    | 2 ++
 infer/src/quandary/JavaTrace.ml | 4 +++-
 3 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/infer/src/base/IssueType.ml b/infer/src/base/IssueType.ml
index 6d58bc1ac..ad727a885 100644
--- a/infer/src/base/IssueType.ml
+++ b/infer/src/base/IssueType.ml
@@ -252,6 +252,8 @@ let eradicate_value_not_present =
 
 let expensive_execution_time_call = from_string ~enabled:false "EXPENSIVE_EXECUTION_TIME_CALL"
 
+let exposed_insecure_intent_handling = from_string "EXPOSED_INSECURE_INTENT_HANDLING"
+
 let failure_exe = from_string "Failure_exe"
 
 let nullsafe_field_not_nullable =
diff --git a/infer/src/base/IssueType.mli b/infer/src/base/IssueType.mli
index 76fd9b662..2a6e6d3ed 100644
--- a/infer/src/base/IssueType.mli
+++ b/infer/src/base/IssueType.mli
@@ -165,6 +165,8 @@ val eradicate_value_not_present : t
 
 val expensive_execution_time_call : t
 
+val exposed_insecure_intent_handling : t
+
 val failure_exe : t
 
 val nullsafe_field_not_nullable : t
diff --git a/infer/src/quandary/JavaTrace.ml b/infer/src/quandary/JavaTrace.ml
index 12f8caea3..8b140d7c4 100644
--- a/infer/src/quandary/JavaTrace.ml
+++ b/infer/src/quandary/JavaTrace.ml
@@ -606,7 +606,9 @@ include Trace.Make (struct
     | DrawableResource _, OpenDrawableResource ->
         (* not a security issue, but useful for debugging flows from resource IDs to inflation *)
         Some IssueType.quandary_taint_error
-    | IntentForInsecureIntentHandling _, StartComponentForInsecureIntentHandling ->
+    | IntentForInsecureIntentHandling {exposed= true}, StartComponentForInsecureIntentHandling ->
+        Some IssueType.exposed_insecure_intent_handling
+    | IntentForInsecureIntentHandling {exposed= false}, StartComponentForInsecureIntentHandling ->
         Some IssueType.insecure_intent_handling
     | IntentFromURI, StartComponent ->
         (* create an intent/start a component using a (possibly user-controlled) URI. may or may not