pghs975uc
/
infer_clone
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

[quandary] use `_risk` warning types for endpoint sources in Java

Browse Source 
Summary: Matching what we do on the C++ side.

Reviewed By: jeremydubreil

Differential Revision: D7374902

fbshipit-source-id: 7b25e6d
master
Sam Blackshear 7 years ago committed by Facebook Github Bot
parent e48cc3a370
commit aabf8aec55
2 changed files with 9 additions and 4 deletions
Show Stats Download Patch File Download Diff File

9
infer/src/quandary/JavaTrace.ml
Unescape View File

@ -496,9 +496,12 @@ include Trace.Make (struct
| (Endpoint _ | Intent | UserControlledString | UserControlledURI), CreateIntent -> | (Endpoint _ | Intent | UserControlledString | UserControlledURI), CreateIntent ->
(* creating Intent from user-congrolled data *) (* creating Intent from user-congrolled data *)
Some IssueType.untrusted_intent_creation Some IssueType.untrusted_intent_creation
| (Endpoint _ | Intent | IntentFromURI | UserControlledString | UserControlledURI), CreateFile -> | (Intent | IntentFromURI | UserControlledString | UserControlledURI), CreateFile ->
(* user-controlled file creation; may be vulnerable to path traversal + more *) (* user-controlled file creation; may be vulnerable to path traversal + more *)
Some IssueType.untrusted_file Some IssueType.untrusted_file
| Endpoint _, CreateFile ->
(* user-controlled file creation; may be vulnerable to path traversal + more *)
Some IssueType.untrusted_file_risk
| ( (Endpoint _ | Intent | IntentFromURI | UserControlledString | UserControlledURI) | ( (Endpoint _ | Intent | IntentFromURI | UserControlledString | UserControlledURI)
, Deserialization ) -> , Deserialization ) ->
(* shouldn't let anyone external control what we deserialize *) (* shouldn't let anyone external control what we deserialize *)
@ -518,8 +521,10 @@ include Trace.Make (struct
Some IssueType.create_intent_from_uri Some IssueType.create_intent_from_uri
| PrivateData, Logging -> | PrivateData, Logging ->
Some IssueType.logging_private_data Some IssueType.logging_private_data
| (Endpoint _ | Intent | UserControlledString | UserControlledURI), ShellExec -> | (Intent | UserControlledString | UserControlledURI), ShellExec ->
Some IssueType.shell_injection Some IssueType.shell_injection
| Endpoint _, ShellExec ->
Some IssueType.shell_injection_risk
| Other, _ | _, Other -> | Other, _ | _, Other ->
(* for testing purposes, Other matches everything *) (* for testing purposes, Other matches everything *)
Some IssueType.quandary_taint_error Some IssueType.quandary_taint_error

4
infer/tests/codetoanalyze/java/quandary/issues.exp
Unescape View File

@ -176,8 +176,8 @@ codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.log
codetoanalyze/java/quandary/Recursion.java, void Recursion.callSinkThenDivergeBad(), 1, QUANDARY_TAINT_ERROR, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void Recursion.callSinkThenDiverge(Object) with tainted index 0,Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0] codetoanalyze/java/quandary/Recursion.java, void Recursion.callSinkThenDivergeBad(), 1, QUANDARY_TAINT_ERROR, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void Recursion.callSinkThenDiverge(Object) with tainted index 0,Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
codetoanalyze/java/quandary/Recursion.java, void Recursion.safeRecursionCallSinkBad(), 1, QUANDARY_TAINT_ERROR, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void Recursion.safeRecursionCallSink(int,Object) with tainted index 0,Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0] codetoanalyze/java/quandary/Recursion.java, void Recursion.safeRecursionCallSinkBad(), 1, QUANDARY_TAINT_ERROR, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void Recursion.safeRecursionCallSink(int,Object) with tainted index 0,Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
codetoanalyze/java/quandary/Serialization.java, Object Serialization.taintedObjectInputStreamBad(), 2, QUANDARY_TAINT_ERROR, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to ObjectInputStream.<init>(InputStream) with tainted index 1] codetoanalyze/java/quandary/Serialization.java, Object Serialization.taintedObjectInputStreamBad(), 2, QUANDARY_TAINT_ERROR, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to ObjectInputStream.<init>(InputStream) with tainted index 1]
codetoanalyze/java/quandary/Services.java, void Implementer.interfaceServiceMethodBad(String), 1, SHELL_INJECTION, ERROR, [Return from void Implementer.interfaceServiceMethodBad(String),Call to Process Runtime.exec(String) with tainted index 1] codetoanalyze/java/quandary/Services.java, void Implementer.interfaceServiceMethodBad(String), 1, SHELL_INJECTION_RISK, ERROR, [Return from void Implementer.interfaceServiceMethodBad(String),Call to Process Runtime.exec(String) with tainted index 1]
codetoanalyze/java/quandary/Services.java, void Service1.serviceMethodBad(String), 1, SHELL_INJECTION, ERROR, [Return from void Service1.serviceMethodBad(String),Call to Process Runtime.exec(String) with tainted index 1] codetoanalyze/java/quandary/Services.java, void Service1.serviceMethodBad(String), 1, SHELL_INJECTION_RISK, ERROR, [Return from void Service1.serviceMethodBad(String),Call to Process Runtime.exec(String) with tainted index 1]
codetoanalyze/java/quandary/Strings.java, void Strings.viaFormatterBad(), 3, QUANDARY_TAINT_ERROR, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0] codetoanalyze/java/quandary/Strings.java, void Strings.viaFormatterBad(), 3, QUANDARY_TAINT_ERROR, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
codetoanalyze/java/quandary/Strings.java, void Strings.viaFormatterIgnoreReturnBad(), 4, QUANDARY_TAINT_ERROR, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0] codetoanalyze/java/quandary/Strings.java, void Strings.viaFormatterIgnoreReturnBad(), 4, QUANDARY_TAINT_ERROR, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]
codetoanalyze/java/quandary/Strings.java, void Strings.viaStringBufferBad(), 3, QUANDARY_TAINT_ERROR, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0] codetoanalyze/java/quandary/Strings.java, void Strings.viaStringBufferBad(), 3, QUANDARY_TAINT_ERROR, ERROR, [Return from Object InferTaint.inferSecretSource(),Call to void InferTaint.inferSensitiveSink(Object) with tainted index 0]

Write Preview
Loading…
Cancel
Save