pghs975uc
/
infer_clone
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

[quandary] a few more ContentProvider sinks

Browse Source 
Reviewed By: mburman

Differential Revision: D4939239

fbshipit-source-id: 1d3f797
master
Sam Blackshear 8 years ago committed by Facebook Github Bot
parent a77594ff2b
commit a4f2d99be9
3 changed files with 19 additions and 1 deletions
Show Stats Download Patch File Download Diff File

6
infer/src/quandary/JavaTrace.ml
Unescape View File

@ -122,8 +122,10 @@ module SourceKind = struct
Some (taint_formals_with_types ["android.content.Intent"] Intent formals) Some (taint_formals_with_types ["android.content.Intent"] Intent formals)
| "android.content.ContentProvider", | "android.content.ContentProvider",
("bulkInsert" | ("bulkInsert" |
"call" |
"delete" | "delete" |
"insert" | "insert" |
"getType" |
"openAssetFile" | "openAssetFile" |
"openFile" | "openFile" |
"openPipeHelper" | "openPipeHelper" |
@ -131,7 +133,9 @@ module SourceKind = struct
"query" | "query" |
"refresh" | "refresh" |
"update") -> "update") ->
Some (taint_formals_with_types ["android.net.Uri"] UserControlledURI formals) Some
(taint_formals_with_types
["android.net.Uri"; "java.lang.String"] UserControlledURI formals)
| "android.webkit.WebViewClient", | "android.webkit.WebViewClient",
("onLoadResource" | "shouldInterceptRequest" | "shouldOverrideUrlLoading") -> ("onLoadResource" | "shouldInterceptRequest" | "shouldOverrideUrlLoading") ->
Some Some

12
infer/tests/codetoanalyze/java/quandary/ContentProviders.java
Unescape View File

@ -30,6 +30,12 @@ public abstract class ContentProviders extends ContentProvider {
return 0; return 0;
} }
@Override
public Bundle call(String method, String args, Bundle extras) {
mFile = new File(method);
return extras;
}
@Override @Override
public int delete(Uri uri, String selection, String[] selectionArgs) { public int delete(Uri uri, String selection, String[] selectionArgs) {
mFile = new File(uri.toString()); mFile = new File(uri.toString());
@ -42,6 +48,12 @@ public abstract class ContentProviders extends ContentProvider {
return null; return null;
} }
@Override
public String getType(Uri uri) {
mFile = new File(uri.toString());
return null;
}
@Override @Override
public AssetFileDescriptor openAssetFile(Uri uri, String mode, CancellationSignal signal) { public AssetFileDescriptor openAssetFile(Uri uri, String mode, CancellationSignal signal) {
mFile = new File(uri.toString()); mFile = new File(uri.toString());

2
infer/tests/codetoanalyze/java/quandary/issues.exp
Unescape View File

@ -27,8 +27,10 @@ codetoanalyze/java/quandary/Basics.java, void Basics.whileBad1(int), 3, QUANDARY
codetoanalyze/java/quandary/Basics.java, void Basics.whileBad2(int), 6, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),call to void InferTaint.inferSensitiveSink(Object)] codetoanalyze/java/quandary/Basics.java, void Basics.whileBad2(int), 6, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),call to void InferTaint.inferSensitiveSink(Object)]
codetoanalyze/java/quandary/ContentProviders.java, AssetFileDescriptor ContentProviders.openAssetFile(Uri,String,CancellationSignal), 1, QUANDARY_TAINT_ERROR, [return from AssetFileDescriptor ContentProviders.openAssetFile(Uri,String,CancellationSignal),call to File.<init>(String)] codetoanalyze/java/quandary/ContentProviders.java, AssetFileDescriptor ContentProviders.openAssetFile(Uri,String,CancellationSignal), 1, QUANDARY_TAINT_ERROR, [return from AssetFileDescriptor ContentProviders.openAssetFile(Uri,String,CancellationSignal),call to File.<init>(String)]
codetoanalyze/java/quandary/ContentProviders.java, AssetFileDescriptor ContentProviders.openTypedAssetFile(Uri,String,Bundle,CancellationSignal), 2, QUANDARY_TAINT_ERROR, [return from AssetFileDescriptor ContentProviders.openTypedAssetFile(Uri,String,Bundle,CancellationSignal),call to File.<init>(String)] codetoanalyze/java/quandary/ContentProviders.java, AssetFileDescriptor ContentProviders.openTypedAssetFile(Uri,String,Bundle,CancellationSignal), 2, QUANDARY_TAINT_ERROR, [return from AssetFileDescriptor ContentProviders.openTypedAssetFile(Uri,String,Bundle,CancellationSignal),call to File.<init>(String)]
codetoanalyze/java/quandary/ContentProviders.java, Bundle ContentProviders.call(String,String,Bundle), 1, QUANDARY_TAINT_ERROR, [return from Bundle ContentProviders.call(String,String,Bundle),call to File.<init>(String)]
codetoanalyze/java/quandary/ContentProviders.java, Cursor ContentProviders.query(Uri,java.lang.String[],String,java.lang.String[],String), 2, QUANDARY_TAINT_ERROR, [return from Cursor ContentProviders.query(Uri,java.lang.String[],String,java.lang.String[],String),call to File.<init>(String)] codetoanalyze/java/quandary/ContentProviders.java, Cursor ContentProviders.query(Uri,java.lang.String[],String,java.lang.String[],String), 2, QUANDARY_TAINT_ERROR, [return from Cursor ContentProviders.query(Uri,java.lang.String[],String,java.lang.String[],String),call to File.<init>(String)]
codetoanalyze/java/quandary/ContentProviders.java, ParcelFileDescriptor ContentProviders.openFile(Uri,String,CancellationSignal), 1, QUANDARY_TAINT_ERROR, [return from ParcelFileDescriptor ContentProviders.openFile(Uri,String,CancellationSignal),call to File.<init>(String)] codetoanalyze/java/quandary/ContentProviders.java, ParcelFileDescriptor ContentProviders.openFile(Uri,String,CancellationSignal), 1, QUANDARY_TAINT_ERROR, [return from ParcelFileDescriptor ContentProviders.openFile(Uri,String,CancellationSignal),call to File.<init>(String)]
codetoanalyze/java/quandary/ContentProviders.java, String ContentProviders.getType(Uri), 1, QUANDARY_TAINT_ERROR, [return from String ContentProviders.getType(Uri),call to File.<init>(String)]
codetoanalyze/java/quandary/ContentProviders.java, Uri ContentProviders.insert(Uri,ContentValues), 1, QUANDARY_TAINT_ERROR, [return from Uri ContentProviders.insert(Uri,ContentValues),call to File.<init>(String)] codetoanalyze/java/quandary/ContentProviders.java, Uri ContentProviders.insert(Uri,ContentValues), 1, QUANDARY_TAINT_ERROR, [return from Uri ContentProviders.insert(Uri,ContentValues),call to File.<init>(String)]
codetoanalyze/java/quandary/ContentProviders.java, int ContentProviders.bulkInsert(Uri,android.content.ContentValues[]), 1, QUANDARY_TAINT_ERROR, [return from int ContentProviders.bulkInsert(Uri,android.content.ContentValues[]),call to File.<init>(String)] codetoanalyze/java/quandary/ContentProviders.java, int ContentProviders.bulkInsert(Uri,android.content.ContentValues[]), 1, QUANDARY_TAINT_ERROR, [return from int ContentProviders.bulkInsert(Uri,android.content.ContentValues[]),call to File.<init>(String)]
codetoanalyze/java/quandary/ContentProviders.java, int ContentProviders.delete(Uri,String,java.lang.String[]), 1, QUANDARY_TAINT_ERROR, [return from int ContentProviders.delete(Uri,String,java.lang.String[]),call to File.<init>(String)] codetoanalyze/java/quandary/ContentProviders.java, int ContentProviders.delete(Uri,String,java.lang.String[]), 1, QUANDARY_TAINT_ERROR, [return from int ContentProviders.delete(Uri,String,java.lang.String[]),call to File.<init>(String)]

Write Preview
Loading…
Cancel
Save