From ad5ff00dcd685e1a648baef65b44b9f0ab046472 Mon Sep 17 00:00:00 2001
From: Sam Blackshear <shb@fb.com>
Date: Mon, 28 Nov 2016 17:00:34 -0800
Subject: [PATCH] [quandary] making it easier to specify behavior for unknown
 functions

Summary:
In Java, we handle unknown code by propagating behavior from the parameters of the unknown function call to the return value (or constructed object, in the case of a constructor). But we do this in a somewhat silly way--generating a new summary with these semantics at each unknown call site. Instead, this diff introduces these two options as predefined behaviors and adds specialized code for them.

As a side effect of this approach, unknown functions are no longer counted as passthroughs. This is ok; the original behavior was less of a reasoned decision and more of an unintended consequence of the way we decided to handle unknown code.

This new approach ought to be more efficient than the old one, and as a virtuous side effect it will be easier to specify how to handle unknown code in other languages like C++.

Reviewed By: jeremydubreil

Differential Revision: D4205624

fbshipit-source-id: bf97445
---
 infer/src/quandary/CppTaintAnalysis.ml        |  2 +-
 infer/src/quandary/JavaTaintAnalysis.ml       | 69 ++-----------
 infer/src/quandary/TaintAnalysis.ml           | 69 ++++++++++---
 infer/src/quandary/TaintSpec.ml               |  6 +-
 infer/src/unit/TaintTests.ml                  |  2 +-
 .../codetoanalyze/java/quandary/issues.exp    | 96 +++++++++----------
 6 files changed, 118 insertions(+), 126 deletions(-)

diff --git a/infer/src/quandary/CppTaintAnalysis.ml b/infer/src/quandary/CppTaintAnalysis.ml
index 70baddfac..b73e77287 100644
--- a/infer/src/quandary/CppTaintAnalysis.ml
+++ b/infer/src/quandary/CppTaintAnalysis.ml
@@ -22,6 +22,6 @@ include
       | QuandarySummary.Cpp trace -> trace
       | _ -> assert false
 
-    let handle_unknown_call _ _ _ =
+    let handle_unknown_call _ _ =
       []
   end)
diff --git a/infer/src/quandary/JavaTaintAnalysis.ml b/infer/src/quandary/JavaTaintAnalysis.ml
index 6becaad14..f219bebea 100644
--- a/infer/src/quandary/JavaTaintAnalysis.ml
+++ b/infer/src/quandary/JavaTaintAnalysis.ml
@@ -22,76 +22,21 @@ include
       | QuandarySummary.Java trace -> trace
       | _ -> assert false
 
-    let make_nth_param_ap n pname ~propagate_all =
-      let raw_ap =
-        (* base of this access path is always ignored, so type/name don't matter *)
-        AccessPath.of_pvar
-          (Pvar.mk (Mangled.from_string ("fake_param" ^ string_of_int n)) pname) Typ.Tvoid in
-      if propagate_all then AccessPath.Abstracted raw_ap else AccessPath.Exact raw_ap
-
-    (* propagate the trace from the nth parameter of [site.pname] to the return value of
-       [site.pname]. if [propagate_all] is true, all traces reachable from the parameter will
-       be propagated as well (e.g., for foo(x), we'll also propagate the traces associated with x.f,
-       x.f.g, and so on) *)
-    let propagate_nth_to_return n site ret_typ ~propagate_all =
-      let pname = CallSite.pname site in
-      let nth_param_ap = make_nth_param_ap n pname ~propagate_all in
-      let input = QuandarySummary.make_formal_input n nth_param_ap in
-      let output =
-        QuandarySummary.make_return_output
-          (AccessPath.Exact (AccessPath.of_pvar (Pvar.get_ret_pvar pname) ret_typ)) in
-      let footprint_source = Trace.Source.make_footprint nth_param_ap site in
-      let footprint_trace = Trace.of_source footprint_source in
-      QuandarySummary.make_in_out_summary input output (to_summary_trace footprint_trace)
-
-    (* propagate the trace associated with non-receiver actual to the receiver actual. also useful
-       for propagating taint from constructor actuals to the constructed object (which, like the
-       receiver, is also the first argument) *)
-    let propagate_to_receiver site actuals ~propagate_all =
-      match actuals with
-      | [] ->
-          failwithf
-            "Constructor %a has 0 actuals, which should never happen"
-            Procname.pp (CallSite.pname site)
-      | _ :: [] ->
-          (* constructor has no actuals, nothing to propagate *)
-          []
-      | _ :: actuals ->
-          let pname = CallSite.pname site in
-          let constructor_ap = make_nth_param_ap 0 pname ~propagate_all in
-          let output = QuandarySummary.make_formal_output 0 constructor_ap in
-          let make_propagation_summary acc n _ =
-            let n = n + 1 in (* skip the constructor actual *)
-            let nth_param_ap = make_nth_param_ap n pname ~propagate_all in
-            let input = QuandarySummary.make_formal_input n nth_param_ap in
-            let footprint_source = Trace.Source.make_footprint nth_param_ap site in
-            let footprint_trace = Trace.of_source footprint_source in
-            let summary =
-              QuandarySummary.make_in_out_summary input output (to_summary_trace footprint_trace) in
-            summary :: acc in
-          IList.fold_lefti make_propagation_summary [] actuals
-
-    let propagate_actuals_to_return site ret_type actuals ~propagate_all =
-      IList.mapi
-        (fun actual_num _-> propagate_nth_to_return actual_num site ret_type ~propagate_all)
-        actuals
-
-    let handle_unknown_call site ret_typ_opt actuals =
-      match CallSite.pname site with
+    let handle_unknown_call pname ret_typ_opt =
+      match pname with
       | (Procname.Java java_pname) as pname ->
           begin
             match Procname.java_get_class_name java_pname,
                   Procname.java_get_method java_pname,
                   ret_typ_opt with
             | _ when Procname.is_constructor pname ->
-                propagate_to_receiver site actuals ~propagate_all:true
+                [TaintSpec.Propagate_to_receiver]
             | ("java.lang.StringBuffer" | "java.lang.StringBuilder" | "java.util.Formatter"), _,
-              Some ret_typ
+              Some _
               when not (Procname.java_is_static pname) ->
-                (propagate_actuals_to_return site ret_typ actuals ~propagate_all:true) @
-                (propagate_to_receiver site actuals ~propagate_all:true)
-            | _, _, Some ret_typ ->
-                propagate_actuals_to_return site ret_typ actuals ~propagate_all:true
+                [TaintSpec.Propagate_to_receiver; TaintSpec.Propagate_to_return]
+            | _, _, Some _ ->
+                [TaintSpec.Propagate_to_return]
             | _ ->
                 []
           end
diff --git a/infer/src/quandary/TaintAnalysis.ml b/infer/src/quandary/TaintAnalysis.ml
index 5c8e5401c..0cbe7445f 100644
--- a/infer/src/quandary/TaintAnalysis.ml
+++ b/infer/src/quandary/TaintAnalysis.ml
@@ -29,9 +29,9 @@ module Summary = Summary.Make(struct
           summary_opt
   end)
 
-module Make (TaintSpec : TaintSpec.S) = struct
+module Make (TaintSpecification : TaintSpec.S) = struct
 
-  module TraceDomain = TaintSpec.Trace
+  module TraceDomain = TaintSpecification.Trace
   module TaintDomain = AccessTree.Make (TraceDomain)
   module IdMapDomain = IdAccessPathMapDomain
 
@@ -118,11 +118,15 @@ module Make (TaintSpec : TaintSpec.S) = struct
       | None -> TraceDomain.initial
 
     (* get the node associated with [exp] in [access_tree] *)
-    let exp_get_node exp typ { Domain.access_tree; id_map; } proc_data loc =
+    let exp_get_node ?(abstracted=false) exp typ { Domain.access_tree; id_map; } proc_data loc =
       let f_resolve_id = resolve_id id_map in
       match AccessPath.of_lhs_exp exp typ ~f_resolve_id with
-      | Some access_path ->
-          access_path_get_node (AccessPath.Exact access_path) access_tree proc_data loc
+      | Some raw_access_path ->
+          let access_path =
+            if abstracted
+            then AccessPath.Abstracted raw_access_path
+            else AccessPath.Exact raw_access_path in
+          access_path_get_node access_path access_tree proc_data loc
       | None ->
           (* can't make an access path from [exp] *)
           None
@@ -155,7 +159,7 @@ module Make (TaintSpec : TaintSpec.S) = struct
         match Summary.read_summary proc_data.tenv proc_data.pdesc pname with
         | Some summary ->
             let join_output_trace acc { QuandarySummary.output_trace; } =
-              TraceDomain.join (TaintSpec.of_summary_trace output_trace) acc in
+              TraceDomain.join (TaintSpecification.of_summary_trace output_trace) acc in
             IList.fold_left join_output_trace TraceDomain.initial summary
         | None ->
             TraceDomain.initial in
@@ -295,7 +299,7 @@ module Make (TaintSpec : TaintSpec.S) = struct
               Some (global_ap, global_trace) in
         match caller_ap_trace_opt with
         | Some (caller_ap, caller_trace) ->
-            let output_trace = TaintSpec.of_summary_trace in_out_summary.output_trace in
+            let output_trace = TaintSpecification.of_summary_trace in_out_summary.output_trace in
             let appended_trace = TraceDomain.append in_trace output_trace callee_site in
             let joined_trace = TraceDomain.join caller_trace appended_trace in
             let filtered_trace = report_and_filter_trace joined_trace callee_site proc_data in
@@ -365,6 +369,45 @@ module Make (TaintSpec : TaintSpec.S) = struct
             astate
 
       | Sil.Call (ret, Const (Cfun called_pname), actuals, callee_loc, call_flags) ->
+
+          let handle_unknown_call callee_pname astate =
+            let exp_join_traces trace_acc (exp, typ) =
+              match exp_get_node ~abstracted:true exp typ astate proc_data callee_loc with
+              | Some (trace, _) -> TraceDomain.join trace trace_acc
+              | None -> trace_acc in
+            let propagate_to_access_path access_path actuals (astate : Domain.astate) =
+              let trace_with_propagation =
+                IList.fold_left exp_join_traces TraceDomain.initial actuals in
+              let access_tree =
+                TaintDomain.add_trace access_path trace_with_propagation astate.access_tree in
+              { astate with access_tree; } in
+            let handle_unknown_call_ astate_acc propagation =
+              match propagation, actuals, ret with
+              | _, [], _ ->
+                  astate_acc
+              | TaintSpec.Propagate_to_return, actuals, Some (ret_id, ret_typ) ->
+                  let ret_ap = AccessPath.Exact (AccessPath.of_id ret_id ret_typ) in
+                  propagate_to_access_path ret_ap actuals astate_acc
+              | TaintSpec.Propagate_to_receiver,
+                (receiver_exp, receiver_typ) :: (_ :: _ as other_actuals),
+                _ ->
+                  let receiver_ap =
+                    match AccessPath.of_lhs_exp receiver_exp receiver_typ ~f_resolve_id with
+                    | Some ap ->
+                        AccessPath.Exact ap
+                    | None ->
+                        failwithf
+                          "Receiver for called procedure %a does not have an access path"
+                          Procname.pp
+                          callee_pname in
+                  propagate_to_access_path receiver_ap other_actuals astate_acc
+              | _ ->
+                  astate_acc in
+
+            let propagations =
+              TaintSpecification.handle_unknown_call callee_pname (Option.map snd ret) in
+            IList.fold_left handle_unknown_call_ astate propagations in
+
           let analyze_call astate_acc callee_pname =
             let call_site = CallSite.make callee_pname callee_loc in
 
@@ -391,11 +434,11 @@ module Make (TaintSpec : TaintSpec.S) = struct
                 (* don't use a summary for a procedure that is a direct source or sink *)
                 astate_with_source
               else
-                let summary =
-                  match Summary.read_summary proc_data.tenv proc_data.pdesc callee_pname with
-                  | Some summary -> summary
-                  | None -> TaintSpec.handle_unknown_call call_site (Option.map snd ret) actuals in
-                apply_summary ret actuals summary astate_with_source proc_data call_site in
+                match Summary.read_summary proc_data.tenv proc_data.pdesc callee_pname with
+                | Some summary ->
+                    apply_summary ret actuals summary astate_with_source proc_data call_site
+                | None ->
+                    handle_unknown_call callee_pname astate_with_source in
 
             Domain.join astate_acc astate_with_summary in
 
@@ -443,7 +486,7 @@ module Make (TaintSpec : TaintSpec.S) = struct
       | Var.ProgramVar pvar -> Pvar.is_return pvar
       | Var.LogicalVar _ -> false in
     let add_summaries_for_trace summary_acc access_path trace =
-      let summary_trace = TaintSpec.to_summary_trace trace in
+      let summary_trace = TaintSpecification.to_summary_trace trace in
       let output_opt =
         let base, accesses = AccessPath.extract access_path in
         match AccessPath.BaseMap.find base formal_map with
diff --git a/infer/src/quandary/TaintSpec.ml b/infer/src/quandary/TaintSpec.ml
index f82e38093..09ef6d576 100644
--- a/infer/src/quandary/TaintSpec.ml
+++ b/infer/src/quandary/TaintSpec.ml
@@ -10,12 +10,16 @@
 (** combination of a trace with functions for handling unknown code and converting to and from
     summaries *)
 
+type handle_unknown =
+  | Propagate_to_return
+  | Propagate_to_receiver
+
 module type S = sig
   module Trace : Trace.S
 
   (** return a summary for handling an unknown call at the given site with the given return type
       and actuals *)
-  val handle_unknown_call : CallSite.t -> Typ.t option -> (Exp.t * Typ.t) list -> QuandarySummary.t
+  val handle_unknown_call : Procname.t -> Typ.t option -> handle_unknown list
 
   (** convert a trace type into a summary trace. can be killed if we functorize specs.ml *)
   val to_summary_trace : Trace.t -> QuandarySummary.summary_trace
diff --git a/infer/src/unit/TaintTests.ml b/infer/src/unit/TaintTests.ml
index 7843937ab..cb789f734 100644
--- a/infer/src/unit/TaintTests.ml
+++ b/infer/src/unit/TaintTests.ml
@@ -67,7 +67,7 @@ module MockTaintAnalysis = TaintAnalysis.Make(struct
 
     let of_summary_trace _ = assert false
     let to_summary_trace _ = assert false
-    let handle_unknown_call _ _ _ = []
+    let handle_unknown_call _ _ = []
   end)
 
 module TestInterpreter = AnalyzerTester.Make
diff --git a/infer/tests/codetoanalyze/java/quandary/issues.exp b/infer/tests/codetoanalyze/java/quandary/issues.exp
index 133b38784..6cf65f358 100644
--- a/infer/tests/codetoanalyze/java/quandary/issues.exp
+++ b/infer/tests/codetoanalyze/java/quandary/issues.exp
@@ -105,54 +105,54 @@ codetoanalyze/java/quandary/Interprocedural.java, void Interprocedural.returnSou
 codetoanalyze/java/quandary/Interprocedural.java, void Interprocedural.returnSourceViaParameter2Bad(Interprocedural$Obj,Interprocedural$Obj), 3, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),flow through void Interprocedural.returnSourceViaParameter2(Interprocedural$Obj,Interprocedural$Obj),call to void InferTaint.inferSensitiveSink(Object)]
 codetoanalyze/java/quandary/Interprocedural.java, void Interprocedural.setGlobalThenCallSinkBad(), 2, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),flow through void Interprocedural.setGlobal(Object),call to void Interprocedural.callSinkOnGlobal(),call to void InferTaint.inferSensitiveSink(Object)]
 codetoanalyze/java/quandary/Interprocedural.java, void Interprocedural.singlePassthroughBad(), 3, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),flow through Object Interprocedural.id(Object),call to void InferTaint.inferSensitiveSink(Object)]
-codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 36, QUANDARY_TAINT_ERROR, [return from String TelephonyManager.getDeviceId(),flow through String String.valueOf(double),flow through String String.valueOf(float),flow through String String.valueOf(double),flow through String String.valueOf(double),flow through String String.valueOf(float),call to int Log.e(String,String)]
-codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 36, QUANDARY_TAINT_ERROR, [return from float Location.getSpeed(),flow through String String.valueOf(double),flow through String String.valueOf(float),flow through String String.valueOf(double),flow through String String.valueOf(double),flow through String String.valueOf(float),call to int Log.e(String,String)]
-codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 36, QUANDARY_TAINT_ERROR, [return from String TelephonyManager.getVoiceMailNumber(),flow through String String.valueOf(double),flow through String String.valueOf(float),flow through String String.valueOf(double),flow through String String.valueOf(double),flow through String String.valueOf(float),call to int Log.e(String,String)]
-codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 36, QUANDARY_TAINT_ERROR, [return from String TelephonyManager.getSimSerialNumber(),flow through String String.valueOf(double),flow through String String.valueOf(float),flow through String String.valueOf(double),flow through String String.valueOf(double),flow through String String.valueOf(float),call to int Log.e(String,String)]
-codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 36, QUANDARY_TAINT_ERROR, [return from float Location.getBearing(),flow through String String.valueOf(double),flow through String String.valueOf(float),flow through String String.valueOf(double),flow through String String.valueOf(double),flow through String String.valueOf(float),call to int Log.e(String,String)]
-codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 36, QUANDARY_TAINT_ERROR, [return from String TelephonyManager.getSubscriberId(),flow through String String.valueOf(double),flow through String String.valueOf(float),flow through String String.valueOf(double),flow through String String.valueOf(double),flow through String String.valueOf(float),call to int Log.e(String,String)]
-codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 36, QUANDARY_TAINT_ERROR, [return from double Location.getAltitude(),flow through String String.valueOf(double),flow through String String.valueOf(float),flow through String String.valueOf(double),flow through String String.valueOf(double),flow through String String.valueOf(float),call to int Log.e(String,String)]
-codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 36, QUANDARY_TAINT_ERROR, [return from String TelephonyManager.getLine1Number(),flow through String String.valueOf(double),flow through String String.valueOf(float),flow through String String.valueOf(double),flow through String String.valueOf(double),flow through String String.valueOf(float),call to int Log.e(String,String)]
-codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 36, QUANDARY_TAINT_ERROR, [return from double Location.getLatitude(),flow through String String.valueOf(double),flow through String String.valueOf(float),flow through String String.valueOf(double),flow through String String.valueOf(double),flow through String String.valueOf(float),call to int Log.e(String,String)]
-codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 36, QUANDARY_TAINT_ERROR, [return from double Location.getLongitude(),flow through String String.valueOf(double),flow through String String.valueOf(float),flow through String String.valueOf(double),flow through String String.valueOf(double),flow through String String.valueOf(float),call to int Log.e(String,String)]
-codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 37, QUANDARY_TAINT_ERROR, [return from String TelephonyManager.getVoiceMailNumber(),flow through String String.valueOf(double),flow through String String.valueOf(float),flow through String String.valueOf(double),flow through String String.valueOf(double),flow through String String.valueOf(float),call to int Log.println(int,String,String)]
-codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 37, QUANDARY_TAINT_ERROR, [return from float Location.getBearing(),flow through String String.valueOf(double),flow through String String.valueOf(float),flow through String String.valueOf(double),flow through String String.valueOf(double),flow through String String.valueOf(float),call to int Log.println(int,String,String)]
-codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 37, QUANDARY_TAINT_ERROR, [return from String TelephonyManager.getLine1Number(),flow through String String.valueOf(double),flow through String String.valueOf(float),flow through String String.valueOf(double),flow through String String.valueOf(double),flow through String String.valueOf(float),call to int Log.println(int,String,String)]
-codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 37, QUANDARY_TAINT_ERROR, [return from String TelephonyManager.getSubscriberId(),flow through String String.valueOf(double),flow through String String.valueOf(float),flow through String String.valueOf(double),flow through String String.valueOf(double),flow through String String.valueOf(float),call to int Log.println(int,String,String)]
-codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 37, QUANDARY_TAINT_ERROR, [return from double Location.getLatitude(),flow through String String.valueOf(double),flow through String String.valueOf(float),flow through String String.valueOf(double),flow through String String.valueOf(double),flow through String String.valueOf(float),call to int Log.println(int,String,String)]
-codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 37, QUANDARY_TAINT_ERROR, [return from float Location.getSpeed(),flow through String String.valueOf(double),flow through String String.valueOf(float),flow through String String.valueOf(double),flow through String String.valueOf(double),flow through String String.valueOf(float),call to int Log.println(int,String,String)]
-codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 37, QUANDARY_TAINT_ERROR, [return from String TelephonyManager.getSimSerialNumber(),flow through String String.valueOf(double),flow through String String.valueOf(float),flow through String String.valueOf(double),flow through String String.valueOf(double),flow through String String.valueOf(float),call to int Log.println(int,String,String)]
-codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 37, QUANDARY_TAINT_ERROR, [return from double Location.getAltitude(),flow through String String.valueOf(double),flow through String String.valueOf(float),flow through String String.valueOf(double),flow through String String.valueOf(double),flow through String String.valueOf(float),call to int Log.println(int,String,String)]
-codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 37, QUANDARY_TAINT_ERROR, [return from double Location.getLongitude(),flow through String String.valueOf(double),flow through String String.valueOf(float),flow through String String.valueOf(double),flow through String String.valueOf(double),flow through String String.valueOf(float),call to int Log.println(int,String,String)]
-codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 37, QUANDARY_TAINT_ERROR, [return from String TelephonyManager.getDeviceId(),flow through String String.valueOf(double),flow through String String.valueOf(float),flow through String String.valueOf(double),flow through String String.valueOf(double),flow through String String.valueOf(float),call to int Log.println(int,String,String)]
-codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 38, QUANDARY_TAINT_ERROR, [return from String TelephonyManager.getSimSerialNumber(),flow through String String.valueOf(double),flow through String String.valueOf(float),flow through String String.valueOf(double),flow through String String.valueOf(double),flow through String String.valueOf(float),call to int Log.w(String,String)]
-codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 38, QUANDARY_TAINT_ERROR, [return from double Location.getAltitude(),flow through String String.valueOf(double),flow through String String.valueOf(float),flow through String String.valueOf(double),flow through String String.valueOf(double),flow through String String.valueOf(float),call to int Log.w(String,String)]
-codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 38, QUANDARY_TAINT_ERROR, [return from String TelephonyManager.getLine1Number(),flow through String String.valueOf(double),flow through String String.valueOf(float),flow through String String.valueOf(double),flow through String String.valueOf(double),flow through String String.valueOf(float),call to int Log.w(String,String)]
-codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 38, QUANDARY_TAINT_ERROR, [return from double Location.getLongitude(),flow through String String.valueOf(double),flow through String String.valueOf(float),flow through String String.valueOf(double),flow through String String.valueOf(double),flow through String String.valueOf(float),call to int Log.w(String,String)]
-codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 38, QUANDARY_TAINT_ERROR, [return from String TelephonyManager.getDeviceId(),flow through String String.valueOf(double),flow through String String.valueOf(float),flow through String String.valueOf(double),flow through String String.valueOf(double),flow through String String.valueOf(float),call to int Log.w(String,String)]
-codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 38, QUANDARY_TAINT_ERROR, [return from String TelephonyManager.getVoiceMailNumber(),flow through String String.valueOf(double),flow through String String.valueOf(float),flow through String String.valueOf(double),flow through String String.valueOf(double),flow through String String.valueOf(float),call to int Log.w(String,String)]
-codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 38, QUANDARY_TAINT_ERROR, [return from float Location.getSpeed(),flow through String String.valueOf(double),flow through String String.valueOf(float),flow through String String.valueOf(double),flow through String String.valueOf(double),flow through String String.valueOf(float),call to int Log.w(String,String)]
-codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 38, QUANDARY_TAINT_ERROR, [return from float Location.getBearing(),flow through String String.valueOf(double),flow through String String.valueOf(float),flow through String String.valueOf(double),flow through String String.valueOf(double),flow through String String.valueOf(float),call to int Log.w(String,String)]
-codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 38, QUANDARY_TAINT_ERROR, [return from double Location.getLatitude(),flow through String String.valueOf(double),flow through String String.valueOf(float),flow through String String.valueOf(double),flow through String String.valueOf(double),flow through String String.valueOf(float),call to int Log.w(String,String)]
-codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 38, QUANDARY_TAINT_ERROR, [return from String TelephonyManager.getSubscriberId(),flow through String String.valueOf(double),flow through String String.valueOf(float),flow through String String.valueOf(double),flow through String String.valueOf(double),flow through String String.valueOf(float),call to int Log.w(String,String)]
-codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 39, QUANDARY_TAINT_ERROR, [return from String TelephonyManager.getSubscriberId(),flow through String String.valueOf(double),flow through String String.valueOf(float),flow through String String.valueOf(double),flow through String String.valueOf(double),flow through String String.valueOf(float),call to int Log.wtf(String,String)]
-codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 39, QUANDARY_TAINT_ERROR, [return from String TelephonyManager.getSimSerialNumber(),flow through String String.valueOf(double),flow through String String.valueOf(float),flow through String String.valueOf(double),flow through String String.valueOf(double),flow through String String.valueOf(float),call to int Log.wtf(String,String)]
-codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 39, QUANDARY_TAINT_ERROR, [return from double Location.getLongitude(),flow through String String.valueOf(double),flow through String String.valueOf(float),flow through String String.valueOf(double),flow through String String.valueOf(double),flow through String String.valueOf(float),call to int Log.wtf(String,String)]
-codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 39, QUANDARY_TAINT_ERROR, [return from String TelephonyManager.getDeviceId(),flow through String String.valueOf(double),flow through String String.valueOf(float),flow through String String.valueOf(double),flow through String String.valueOf(double),flow through String String.valueOf(float),call to int Log.wtf(String,String)]
-codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 39, QUANDARY_TAINT_ERROR, [return from double Location.getAltitude(),flow through String String.valueOf(double),flow through String String.valueOf(float),flow through String String.valueOf(double),flow through String String.valueOf(double),flow through String String.valueOf(float),call to int Log.wtf(String,String)]
-codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 39, QUANDARY_TAINT_ERROR, [return from double Location.getLatitude(),flow through String String.valueOf(double),flow through String String.valueOf(float),flow through String String.valueOf(double),flow through String String.valueOf(double),flow through String String.valueOf(float),call to int Log.wtf(String,String)]
-codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 39, QUANDARY_TAINT_ERROR, [return from String TelephonyManager.getVoiceMailNumber(),flow through String String.valueOf(double),flow through String String.valueOf(float),flow through String String.valueOf(double),flow through String String.valueOf(double),flow through String String.valueOf(float),call to int Log.wtf(String,String)]
-codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 39, QUANDARY_TAINT_ERROR, [return from float Location.getBearing(),flow through String String.valueOf(double),flow through String String.valueOf(float),flow through String String.valueOf(double),flow through String String.valueOf(double),flow through String String.valueOf(float),call to int Log.wtf(String,String)]
-codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 39, QUANDARY_TAINT_ERROR, [return from String TelephonyManager.getLine1Number(),flow through String String.valueOf(double),flow through String String.valueOf(float),flow through String String.valueOf(double),flow through String String.valueOf(double),flow through String String.valueOf(float),call to int Log.wtf(String,String)]
-codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 39, QUANDARY_TAINT_ERROR, [return from float Location.getSpeed(),flow through String String.valueOf(double),flow through String String.valueOf(float),flow through String String.valueOf(double),flow through String String.valueOf(double),flow through String String.valueOf(float),call to int Log.wtf(String,String)]
+codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 36, QUANDARY_TAINT_ERROR, [return from String TelephonyManager.getDeviceId(),call to int Log.e(String,String)]
+codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 36, QUANDARY_TAINT_ERROR, [return from float Location.getSpeed(),call to int Log.e(String,String)]
+codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 36, QUANDARY_TAINT_ERROR, [return from String TelephonyManager.getVoiceMailNumber(),call to int Log.e(String,String)]
+codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 36, QUANDARY_TAINT_ERROR, [return from String TelephonyManager.getSimSerialNumber(),call to int Log.e(String,String)]
+codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 36, QUANDARY_TAINT_ERROR, [return from float Location.getBearing(),call to int Log.e(String,String)]
+codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 36, QUANDARY_TAINT_ERROR, [return from String TelephonyManager.getSubscriberId(),call to int Log.e(String,String)]
+codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 36, QUANDARY_TAINT_ERROR, [return from double Location.getAltitude(),call to int Log.e(String,String)]
+codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 36, QUANDARY_TAINT_ERROR, [return from String TelephonyManager.getLine1Number(),call to int Log.e(String,String)]
+codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 36, QUANDARY_TAINT_ERROR, [return from double Location.getLatitude(),call to int Log.e(String,String)]
+codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 36, QUANDARY_TAINT_ERROR, [return from double Location.getLongitude(),call to int Log.e(String,String)]
+codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 37, QUANDARY_TAINT_ERROR, [return from String TelephonyManager.getVoiceMailNumber(),call to int Log.println(int,String,String)]
+codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 37, QUANDARY_TAINT_ERROR, [return from float Location.getBearing(),call to int Log.println(int,String,String)]
+codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 37, QUANDARY_TAINT_ERROR, [return from String TelephonyManager.getLine1Number(),call to int Log.println(int,String,String)]
+codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 37, QUANDARY_TAINT_ERROR, [return from String TelephonyManager.getSubscriberId(),call to int Log.println(int,String,String)]
+codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 37, QUANDARY_TAINT_ERROR, [return from double Location.getLatitude(),call to int Log.println(int,String,String)]
+codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 37, QUANDARY_TAINT_ERROR, [return from float Location.getSpeed(),call to int Log.println(int,String,String)]
+codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 37, QUANDARY_TAINT_ERROR, [return from String TelephonyManager.getSimSerialNumber(),call to int Log.println(int,String,String)]
+codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 37, QUANDARY_TAINT_ERROR, [return from double Location.getAltitude(),call to int Log.println(int,String,String)]
+codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 37, QUANDARY_TAINT_ERROR, [return from double Location.getLongitude(),call to int Log.println(int,String,String)]
+codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 37, QUANDARY_TAINT_ERROR, [return from String TelephonyManager.getDeviceId(),call to int Log.println(int,String,String)]
+codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 38, QUANDARY_TAINT_ERROR, [return from String TelephonyManager.getSimSerialNumber(),call to int Log.w(String,String)]
+codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 38, QUANDARY_TAINT_ERROR, [return from double Location.getAltitude(),call to int Log.w(String,String)]
+codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 38, QUANDARY_TAINT_ERROR, [return from String TelephonyManager.getLine1Number(),call to int Log.w(String,String)]
+codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 38, QUANDARY_TAINT_ERROR, [return from double Location.getLongitude(),call to int Log.w(String,String)]
+codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 38, QUANDARY_TAINT_ERROR, [return from String TelephonyManager.getDeviceId(),call to int Log.w(String,String)]
+codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 38, QUANDARY_TAINT_ERROR, [return from String TelephonyManager.getVoiceMailNumber(),call to int Log.w(String,String)]
+codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 38, QUANDARY_TAINT_ERROR, [return from float Location.getSpeed(),call to int Log.w(String,String)]
+codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 38, QUANDARY_TAINT_ERROR, [return from float Location.getBearing(),call to int Log.w(String,String)]
+codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 38, QUANDARY_TAINT_ERROR, [return from double Location.getLatitude(),call to int Log.w(String,String)]
+codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 38, QUANDARY_TAINT_ERROR, [return from String TelephonyManager.getSubscriberId(),call to int Log.w(String,String)]
+codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 39, QUANDARY_TAINT_ERROR, [return from String TelephonyManager.getSubscriberId(),call to int Log.wtf(String,String)]
+codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 39, QUANDARY_TAINT_ERROR, [return from String TelephonyManager.getSimSerialNumber(),call to int Log.wtf(String,String)]
+codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 39, QUANDARY_TAINT_ERROR, [return from double Location.getLongitude(),call to int Log.wtf(String,String)]
+codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 39, QUANDARY_TAINT_ERROR, [return from String TelephonyManager.getDeviceId(),call to int Log.wtf(String,String)]
+codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 39, QUANDARY_TAINT_ERROR, [return from double Location.getAltitude(),call to int Log.wtf(String,String)]
+codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 39, QUANDARY_TAINT_ERROR, [return from double Location.getLatitude(),call to int Log.wtf(String,String)]
+codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 39, QUANDARY_TAINT_ERROR, [return from String TelephonyManager.getVoiceMailNumber(),call to int Log.wtf(String,String)]
+codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 39, QUANDARY_TAINT_ERROR, [return from float Location.getBearing(),call to int Log.wtf(String,String)]
+codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 39, QUANDARY_TAINT_ERROR, [return from String TelephonyManager.getLine1Number(),call to int Log.wtf(String,String)]
+codetoanalyze/java/quandary/LoggingPrivateData.java, void LoggingPrivateData.logAllSourcesBad(Location,TelephonyManager), 39, QUANDARY_TAINT_ERROR, [return from float Location.getSpeed(),call to int Log.wtf(String,String)]
 codetoanalyze/java/quandary/Recursion.java, void Recursion.callSinkThenDivergeBad(), 1, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),call to void Recursion.callSinkThenDiverge(Object),call to void InferTaint.inferSensitiveSink(Object)]
 codetoanalyze/java/quandary/Recursion.java, void Recursion.recursionBad(int,Object), 3, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),call to void Recursion.recursionBad(int,Object),call to void InferTaint.inferSensitiveSink(Object)]
 codetoanalyze/java/quandary/Recursion.java, void Recursion.safeRecursionCallSinkBad(), 1, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),call to void Recursion.safeRecursionCallSink(int,Object),call to void InferTaint.inferSensitiveSink(Object)]
-codetoanalyze/java/quandary/Strings.java, void Strings.viaFormatterBad(), 3, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),flow through Formatter Formatter.format(String,java.lang.Object[]),flow through String Formatter.toString(),call to void InferTaint.inferSensitiveSink(Object)]
-codetoanalyze/java/quandary/Strings.java, void Strings.viaFormatterIgnoreReturnBad(), 4, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),flow through Formatter Formatter.format(String,java.lang.Object[]),flow through String Formatter.toString(),call to void InferTaint.inferSensitiveSink(Object)]
-codetoanalyze/java/quandary/Strings.java, void Strings.viaStringBufferBad(), 3, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),flow through StringBuffer StringBuffer.append(Object),flow through StringBuffer StringBuffer.append(String),flow through String StringBuffer.toString(),call to void InferTaint.inferSensitiveSink(Object)]
-codetoanalyze/java/quandary/Strings.java, void Strings.viaStringBufferIgnoreReturnBad(), 4, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),flow through StringBuffer StringBuffer.append(Object),flow through String StringBuffer.toString(),call to void InferTaint.inferSensitiveSink(Object)]
-codetoanalyze/java/quandary/Strings.java, void Strings.viaStringBuilderBad(), 3, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),flow through StringBuilder StringBuilder.append(Object),flow through StringBuilder StringBuilder.append(String),flow through String StringBuilder.toString(),call to void InferTaint.inferSensitiveSink(Object)]
-codetoanalyze/java/quandary/Strings.java, void Strings.viaStringBuilderIgnoreReturnBad(), 5, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),flow through StringBuilder StringBuilder.append(Object),flow through String StringBuilder.toString(),call to void InferTaint.inferSensitiveSink(Object)]
-codetoanalyze/java/quandary/Strings.java, void Strings.viaStringBuilderSugarBad(), 2, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),flow through StringBuilder StringBuilder.append(Object),flow through StringBuilder StringBuilder.append(String),flow through String StringBuilder.toString(),call to void InferTaint.inferSensitiveSink(Object)]
-codetoanalyze/java/quandary/UnknownCode.java, void UnknownCode.propagateViaUnknownConstructorBad(), 4, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),flow through String.<init>(String),call to void InferTaint.inferSensitiveSink(Object)]
+codetoanalyze/java/quandary/Strings.java, void Strings.viaFormatterBad(), 3, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),call to void InferTaint.inferSensitiveSink(Object)]
+codetoanalyze/java/quandary/Strings.java, void Strings.viaFormatterIgnoreReturnBad(), 4, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),call to void InferTaint.inferSensitiveSink(Object)]
+codetoanalyze/java/quandary/Strings.java, void Strings.viaStringBufferBad(), 3, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),call to void InferTaint.inferSensitiveSink(Object)]
+codetoanalyze/java/quandary/Strings.java, void Strings.viaStringBufferIgnoreReturnBad(), 4, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),call to void InferTaint.inferSensitiveSink(Object)]
+codetoanalyze/java/quandary/Strings.java, void Strings.viaStringBuilderBad(), 3, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),call to void InferTaint.inferSensitiveSink(Object)]
+codetoanalyze/java/quandary/Strings.java, void Strings.viaStringBuilderIgnoreReturnBad(), 5, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),call to void InferTaint.inferSensitiveSink(Object)]
+codetoanalyze/java/quandary/Strings.java, void Strings.viaStringBuilderSugarBad(), 2, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),call to void InferTaint.inferSensitiveSink(Object)]
+codetoanalyze/java/quandary/UnknownCode.java, void UnknownCode.propagateViaUnknownConstructorBad(), 4, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),call to void InferTaint.inferSensitiveSink(Object)]