From bcbb0320521845e7bea0fda3812406ee0ec83bca Mon Sep 17 00:00:00 2001 From: Sam Blackshear Date: Wed, 19 Apr 2017 16:59:43 -0700 Subject: [PATCH] [quandary] WebView.postUrl is a sink Reviewed By: helios175 Differential Revision: D4914050 fbshipit-source-id: 7619baa --- infer/src/quandary/JavaTrace.ml | 1 + infer/tests/codetoanalyze/java/quandary/WebViews.java | 1 + infer/tests/codetoanalyze/java/quandary/issues.exp | 3 ++- 3 files changed, 4 insertions(+), 1 deletion(-) diff --git a/infer/src/quandary/JavaTrace.ml b/infer/src/quandary/JavaTrace.ml index adff79f9a..f338afda5 100644 --- a/infer/src/quandary/JavaTrace.ml +++ b/infer/src/quandary/JavaTrace.ml @@ -237,6 +237,7 @@ module SinkKind = struct "loadData" | "loadDataWithBaseURL" | "loadUrl" | + "postUrl" | "postWebMessage") -> Some (taint_all JavaScript ~report_reachable:true) | class_name, method_name -> diff --git a/infer/tests/codetoanalyze/java/quandary/WebViews.java b/infer/tests/codetoanalyze/java/quandary/WebViews.java index b27df2ea4..de63f73c6 100644 --- a/infer/tests/codetoanalyze/java/quandary/WebViews.java +++ b/infer/tests/codetoanalyze/java/quandary/WebViews.java @@ -37,6 +37,7 @@ public class WebViews { webview.loadData(stringSource, "", ""); webview.loadDataWithBaseURL("", stringSource, "", "", ""); webview.loadUrl(stringSource); // should have 5 reports + webview.postUrl(stringSource, null); webview.postWebMessage(null, (Uri) InferTaint.inferSecretSource()); } diff --git a/infer/tests/codetoanalyze/java/quandary/issues.exp b/infer/tests/codetoanalyze/java/quandary/issues.exp index 12fb9161e..8525912f7 100644 --- a/infer/tests/codetoanalyze/java/quandary/issues.exp +++ b/infer/tests/codetoanalyze/java/quandary/issues.exp @@ -197,5 +197,6 @@ codetoanalyze/java/quandary/WebViews.java, void WebViews.callWebviewSinks(WebVie codetoanalyze/java/quandary/WebViews.java, void WebViews.callWebviewSinks(WebView), 4, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),call to void WebView.loadData(String,String,String)] codetoanalyze/java/quandary/WebViews.java, void WebViews.callWebviewSinks(WebView), 5, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),call to void WebView.loadDataWithBaseURL(String,String,String,String,String)] codetoanalyze/java/quandary/WebViews.java, void WebViews.callWebviewSinks(WebView), 6, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),call to void WebView.loadUrl(String)] -codetoanalyze/java/quandary/WebViews.java, void WebViews.callWebviewSinks(WebView), 7, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),call to void WebView.postWebMessage(WebMessage,Uri)] +codetoanalyze/java/quandary/WebViews.java, void WebViews.callWebviewSinks(WebView), 7, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),call to void WebView.postUrl(String,byte[])] +codetoanalyze/java/quandary/WebViews.java, void WebViews.callWebviewSinks(WebView), 8, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),call to void WebView.postWebMessage(WebMessage,Uri)] codetoanalyze/java/quandary/WebViews.java, void WebViews.callWebviewSubclassSink(WebViews$MyWebView), 2, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),call to void WebView.evaluateJavascript(String,ValueCallback)]