From bcacd95176a33ad0540622754a3ca3beaa5b9190 Mon Sep 17 00:00:00 2001
From: Sam Blackshear <shb@fb.com>
Date: Wed, 7 Sep 2016 17:26:06 -0700
Subject: [PATCH] tests for arrays

Reviewed By: jeremydubreil

Differential Revision: D3826552

fbshipit-source-id: 3b98b76
---
 .../codetoanalyze/java/quandary/Arrays.java   | 78 +++++++++++++++++++
 .../codetoanalyze/java/quandary/Makefile      |  1 +
 .../codetoanalyze/java/quandary/issues.exp    |  6 ++
 3 files changed, 85 insertions(+)
 create mode 100644 infer/tests/codetoanalyze/java/quandary/Arrays.java

diff --git a/infer/tests/codetoanalyze/java/quandary/Arrays.java b/infer/tests/codetoanalyze/java/quandary/Arrays.java
new file mode 100644
index 000000000..dc3d3092b
--- /dev/null
+++ b/infer/tests/codetoanalyze/java/quandary/Arrays.java
@@ -0,0 +1,78 @@
+/*
+ * Copyright (c) 2016 - present Facebook, Inc.
+ * All rights reserved.
+ *
+ * This source code is licensed under the BSD style license found in the
+ * LICENSE file in the root directory of this source tree. An additional grant
+ * of patent rights can be found in the PATENTS file in the same directory.
+ */
+
+package codetoanalyze.java.quandary;
+
+import com.facebook.infer.models.InferTaint;
+
+public class Arrays {
+
+  static class Obj {
+    Object f;
+    Object[] arr;
+  }
+
+  /** should report on these tests */
+
+  void viaArrayBad() {
+    Object[] arr = new Object[1];
+    arr[0] = InferTaint.inferSecretSource();
+    InferTaint.inferSensitiveSink(arr[0]);
+  }
+
+  void viaArrayThenFieldBad() {
+    Obj[] arr = new Obj[1];
+    arr[0].f = InferTaint.inferSecretSource();
+    InferTaint.inferSensitiveSink(arr[0].f);
+  }
+
+  void viaFieldThenArrayBad1(Obj obj) {
+    obj.arr[0] = InferTaint.inferSecretSource();
+    InferTaint.inferSensitiveSink(obj.arr[0]);
+  }
+
+  void viaFieldThenArrayBad2() {
+    Obj obj = new Obj();
+    obj.arr = new Obj[1];
+    obj.arr[0] = InferTaint.inferSecretSource();
+    InferTaint.inferSensitiveSink(obj.arr[0]);
+  }
+
+  /** should not report on these tests */
+
+  void viaArrayOk() {
+    Object[] arr = new Object[1];
+    arr[0] = new Object();
+    InferTaint.inferSensitiveSink(arr[0]);
+  }
+
+  void viaArrayThenFieldOk() {
+    Obj[] arr = new Obj[1];
+    arr[0].f = InferTaint.inferSecretSource();
+    InferTaint.inferSensitiveSink(arr[0]);
+  }
+
+  /** false positives: an ideal analysis would not report on these, but we do */
+
+  // we don't track array indices precisely
+  void FP_viaArrayOk1(Object y, Object[] z) {
+    Object[] arr = new Object[2];
+    arr[0] = InferTaint.inferSecretSource();
+    InferTaint.inferSensitiveSink(arr[1]);
+  }
+
+  // we use weak update semantics on arrays
+  void FP_viaArrayOk2(Object y, Object[] z) {
+    Object[] arr = new Object[1];
+    arr[0] = InferTaint.inferSecretSource();
+    arr[0] = null;
+    InferTaint.inferSensitiveSink(arr[0]);
+  }
+
+}
diff --git a/infer/tests/codetoanalyze/java/quandary/Makefile b/infer/tests/codetoanalyze/java/quandary/Makefile
index 4bae418ec..c1c6bce5d 100644
--- a/infer/tests/codetoanalyze/java/quandary/Makefile
+++ b/infer/tests/codetoanalyze/java/quandary/Makefile
@@ -11,6 +11,7 @@ ANALYZER = quandary
 INFERPRINT_OPTIONS = --issues-txt
 
 FILES = \
+  Arrays.java \
   Basics.java \
   Fields.java \
   LoggingPrivateData.java \
diff --git a/infer/tests/codetoanalyze/java/quandary/issues.exp b/infer/tests/codetoanalyze/java/quandary/issues.exp
index 4646935e5..d7699dbaf 100644
--- a/infer/tests/codetoanalyze/java/quandary/issues.exp
+++ b/infer/tests/codetoanalyze/java/quandary/issues.exp
@@ -1,3 +1,9 @@
+Arrays.java:26: ERROR: QUANDARY_TAINT_ERROR Error: Other(Object InferTaint.inferSecretSource() at [line 25]) -> Other(void InferTaint.inferSensitiveSink(Object) at [line 26]) via {  }
+Arrays.java:32: ERROR: QUANDARY_TAINT_ERROR Error: Other(Object InferTaint.inferSecretSource() at [line 31]) -> Other(void InferTaint.inferSensitiveSink(Object) at [line 32]) via {  }
+Arrays.java:37: ERROR: QUANDARY_TAINT_ERROR Error: Other(Object InferTaint.inferSecretSource() at [line 36]) -> Other(void InferTaint.inferSensitiveSink(Object) at [line 37]) via {  }
+Arrays.java:44: ERROR: QUANDARY_TAINT_ERROR Error: Other(Object InferTaint.inferSecretSource() at [line 43]) -> Other(void InferTaint.inferSensitiveSink(Object) at [line 44]) via {  }
+Arrays.java:67: ERROR: QUANDARY_TAINT_ERROR Error: Other(Object InferTaint.inferSecretSource() at [line 66]) -> Other(void InferTaint.inferSensitiveSink(Object) at [line 67]) via {  }
+Arrays.java:75: ERROR: QUANDARY_TAINT_ERROR Error: Other(Object InferTaint.inferSecretSource() at [line 73]) -> Other(void InferTaint.inferSensitiveSink(Object) at [line 75]) via {  }
 Basics.java:24: ERROR: QUANDARY_TAINT_ERROR Error: Other(Object InferTaint.inferSecretSource() at [line 24]) -> Other(void InferTaint.inferSensitiveSink(Object) at [line 24]) via {  }
 Basics.java:29: ERROR: QUANDARY_TAINT_ERROR Error: Other(Object InferTaint.inferSecretSource() at [line 28]) -> Other(void InferTaint.inferSensitiveSink(Object) at [line 29]) via {  }
 Basics.java:35: ERROR: QUANDARY_TAINT_ERROR Error: Other(Object InferTaint.inferSecretSource() at [line 33]) -> Other(void InferTaint.inferSensitiveSink(Object) at [line 35]) via {  }