tests for arrays

Reviewed By: jeremydubreil

Differential Revision: D3826552

fbshipit-source-id: 3b98b76
master
Sam Blackshear 8 years ago committed by Facebook Github Bot 9
parent 30ff9eda22
commit bcacd95176

@ -0,0 +1,78 @@
/*
* Copyright (c) 2016 - present Facebook, Inc.
* All rights reserved.
*
* This source code is licensed under the BSD style license found in the
* LICENSE file in the root directory of this source tree. An additional grant
* of patent rights can be found in the PATENTS file in the same directory.
*/
package codetoanalyze.java.quandary;
import com.facebook.infer.models.InferTaint;
public class Arrays {
static class Obj {
Object f;
Object[] arr;
}
/** should report on these tests */
void viaArrayBad() {
Object[] arr = new Object[1];
arr[0] = InferTaint.inferSecretSource();
InferTaint.inferSensitiveSink(arr[0]);
}
void viaArrayThenFieldBad() {
Obj[] arr = new Obj[1];
arr[0].f = InferTaint.inferSecretSource();
InferTaint.inferSensitiveSink(arr[0].f);
}
void viaFieldThenArrayBad1(Obj obj) {
obj.arr[0] = InferTaint.inferSecretSource();
InferTaint.inferSensitiveSink(obj.arr[0]);
}
void viaFieldThenArrayBad2() {
Obj obj = new Obj();
obj.arr = new Obj[1];
obj.arr[0] = InferTaint.inferSecretSource();
InferTaint.inferSensitiveSink(obj.arr[0]);
}
/** should not report on these tests */
void viaArrayOk() {
Object[] arr = new Object[1];
arr[0] = new Object();
InferTaint.inferSensitiveSink(arr[0]);
}
void viaArrayThenFieldOk() {
Obj[] arr = new Obj[1];
arr[0].f = InferTaint.inferSecretSource();
InferTaint.inferSensitiveSink(arr[0]);
}
/** false positives: an ideal analysis would not report on these, but we do */
// we don't track array indices precisely
void FP_viaArrayOk1(Object y, Object[] z) {
Object[] arr = new Object[2];
arr[0] = InferTaint.inferSecretSource();
InferTaint.inferSensitiveSink(arr[1]);
}
// we use weak update semantics on arrays
void FP_viaArrayOk2(Object y, Object[] z) {
Object[] arr = new Object[1];
arr[0] = InferTaint.inferSecretSource();
arr[0] = null;
InferTaint.inferSensitiveSink(arr[0]);
}
}

@ -11,6 +11,7 @@ ANALYZER = quandary
INFERPRINT_OPTIONS = --issues-txt INFERPRINT_OPTIONS = --issues-txt
FILES = \ FILES = \
Arrays.java \
Basics.java \ Basics.java \
Fields.java \ Fields.java \
LoggingPrivateData.java \ LoggingPrivateData.java \

@ -1,3 +1,9 @@
Arrays.java:26: ERROR: QUANDARY_TAINT_ERROR Error: Other(Object InferTaint.inferSecretSource() at [line 25]) -> Other(void InferTaint.inferSensitiveSink(Object) at [line 26]) via { }
Arrays.java:32: ERROR: QUANDARY_TAINT_ERROR Error: Other(Object InferTaint.inferSecretSource() at [line 31]) -> Other(void InferTaint.inferSensitiveSink(Object) at [line 32]) via { }
Arrays.java:37: ERROR: QUANDARY_TAINT_ERROR Error: Other(Object InferTaint.inferSecretSource() at [line 36]) -> Other(void InferTaint.inferSensitiveSink(Object) at [line 37]) via { }
Arrays.java:44: ERROR: QUANDARY_TAINT_ERROR Error: Other(Object InferTaint.inferSecretSource() at [line 43]) -> Other(void InferTaint.inferSensitiveSink(Object) at [line 44]) via { }
Arrays.java:67: ERROR: QUANDARY_TAINT_ERROR Error: Other(Object InferTaint.inferSecretSource() at [line 66]) -> Other(void InferTaint.inferSensitiveSink(Object) at [line 67]) via { }
Arrays.java:75: ERROR: QUANDARY_TAINT_ERROR Error: Other(Object InferTaint.inferSecretSource() at [line 73]) -> Other(void InferTaint.inferSensitiveSink(Object) at [line 75]) via { }
Basics.java:24: ERROR: QUANDARY_TAINT_ERROR Error: Other(Object InferTaint.inferSecretSource() at [line 24]) -> Other(void InferTaint.inferSensitiveSink(Object) at [line 24]) via { } Basics.java:24: ERROR: QUANDARY_TAINT_ERROR Error: Other(Object InferTaint.inferSecretSource() at [line 24]) -> Other(void InferTaint.inferSensitiveSink(Object) at [line 24]) via { }
Basics.java:29: ERROR: QUANDARY_TAINT_ERROR Error: Other(Object InferTaint.inferSecretSource() at [line 28]) -> Other(void InferTaint.inferSensitiveSink(Object) at [line 29]) via { } Basics.java:29: ERROR: QUANDARY_TAINT_ERROR Error: Other(Object InferTaint.inferSecretSource() at [line 28]) -> Other(void InferTaint.inferSensitiveSink(Object) at [line 29]) via { }
Basics.java:35: ERROR: QUANDARY_TAINT_ERROR Error: Other(Object InferTaint.inferSecretSource() at [line 33]) -> Other(void InferTaint.inferSensitiveSink(Object) at [line 35]) via { } Basics.java:35: ERROR: QUANDARY_TAINT_ERROR Error: Other(Object InferTaint.inferSecretSource() at [line 33]) -> Other(void InferTaint.inferSensitiveSink(Object) at [line 35]) via { }

Loading…
Cancel
Save