diff --git a/infer/src/quandary/TaintAnalysis.ml b/infer/src/quandary/TaintAnalysis.ml index 27e897cca..733203837 100644 --- a/infer/src/quandary/TaintAnalysis.ml +++ b/infer/src/quandary/TaintAnalysis.ml @@ -23,7 +23,7 @@ module Summary = Summary.Make(struct let read_from_payload payload = match payload.Specs.quandary with | Some summary -> summary - | None -> failwith "Failed to load summary" + | None -> [] end) diff --git a/infer/tests/codetoanalyze/java/quandary/Makefile b/infer/tests/codetoanalyze/java/quandary/Makefile index a0765347a..065b5ab04 100644 --- a/infer/tests/codetoanalyze/java/quandary/Makefile +++ b/infer/tests/codetoanalyze/java/quandary/Makefile @@ -16,6 +16,7 @@ FILES = \ Fields.java \ Interprocedural.java \ LoggingPrivateData.java \ + Recursion.java \ compile: javac -cp $(CLASSPATH) $(FILES) diff --git a/infer/tests/codetoanalyze/java/quandary/Recursion.java b/infer/tests/codetoanalyze/java/quandary/Recursion.java new file mode 100644 index 000000000..cd0451445 --- /dev/null +++ b/infer/tests/codetoanalyze/java/quandary/Recursion.java @@ -0,0 +1,45 @@ +/* + * Copyright (c) 2016 - present Facebook, Inc. + * All rights reserved. + * + * This source code is licensed under the BSD style license found in the + * LICENSE file in the root directory of this source tree. An additional grant + * of patent rights can be found in the PATENTS file in the same directory. + */ + +package codetoanalyze.java.quandary; + +import com.facebook.infer.models.InferTaint; + +public class Recursion { + + public static void divergeOk() { + divergeOk(); + } + + public static void callSinkThenDiverge(Object param) { + InferTaint.inferSensitiveSink(param); + callSinkThenDiverge(param); + } + + public static void callSinkThenDivergeBad() { + callSinkThenDiverge(InferTaint.inferSecretSource()); + } + + public static void safeRecursionCallSink(int i, Object param) { + if (i == 0) return; + InferTaint.inferSensitiveSink(param); + safeRecursionCallSink(i - 1, param); + } + + public static void safeRecursionCallSinkBad() { + safeRecursionCallSink(5, InferTaint.inferSecretSource()); + } + + public static void recursionBad(int i, Object param) { + if (i == 0) return; + InferTaint.inferSensitiveSink(param); + recursionBad(i - 1, InferTaint.inferSecretSource()); + } + +} diff --git a/infer/tests/codetoanalyze/java/quandary/issues.exp b/infer/tests/codetoanalyze/java/quandary/issues.exp index 520d94891..ef1e0b110 100644 --- a/infer/tests/codetoanalyze/java/quandary/issues.exp +++ b/infer/tests/codetoanalyze/java/quandary/issues.exp @@ -44,3 +44,6 @@ Interprocedural.java:138: ERROR: QUANDARY_TAINT_ERROR Error: Other(Object InferT LoggingPrivateData.java:18: ERROR: QUANDARY_TAINT_ERROR Error: SharedPreferences(String SharedPreferences.getString(String,String) at [line 18]) -> Logging(int Log.d(String,String) at [line 18]) via { } LoggingPrivateData.java:22: ERROR: QUANDARY_TAINT_ERROR Error: SharedPreferences(String SharedPreferences.getString(String,String) at [line 22]) -> Logging(int Log.d(String,String) at [line 22]) via { } LoggingPrivateData.java:37: ERROR: QUANDARY_TAINT_ERROR Error: SharedPreferences(String SharedPreferences.getString(String,String) at [line 36]) -> Logging(int Log.w(String,Throwable) at [line 37]) via { } +Recursion.java:26: ERROR: QUANDARY_TAINT_ERROR Error: Other(Object InferTaint.inferSecretSource() at [line 26]) -> Other(void InferTaint.inferSensitiveSink(Object) at [line 21]) via { void Recursion.callSinkThenDiverge(Object) at [line 26] } +Recursion.java:36: ERROR: QUANDARY_TAINT_ERROR Error: Other(Object InferTaint.inferSecretSource() at [line 36]) -> Other(void InferTaint.inferSensitiveSink(Object) at [line 31]) via { void Recursion.safeRecursionCallSink(int,Object) at [line 36] } +Recursion.java:42: ERROR: QUANDARY_TAINT_ERROR Error: Other(Object InferTaint.inferSecretSource() at [line 42]) -> Other(void InferTaint.inferSensitiveSink(Object) at [line 41]) via { void Recursion.recursionBad(int,Object) at [line 42] }