pghs975uc
/
infer_clone
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

[quandary] clean up `Intent` sinks

Browse Source 
Reviewed By: jeremydubreil

Differential Revision: D4782315

fbshipit-source-id: 50c5b4d
master
Sam Blackshear 8 years ago committed by Facebook Github Bot
parent afb26a9804
commit c255823673
3 changed files with 35 additions and 14 deletions
Show Stats Download Patch File Download Diff File

13
infer/src/quandary/JavaTrace.ml
Unescape View File

@ -202,7 +202,18 @@ module SinkKind = struct
Some (taint_nth 0 Intent ~report_reachable:true) Some (taint_nth 0 Intent ~report_reachable:true)
| "android.content.Context", "startIntentSender" -> | "android.content.Context", "startIntentSender" ->
Some (taint_nth 1 Intent ~report_reachable:true) Some (taint_nth 1 Intent ~report_reachable:true)
| "android.content.Intent", ("fillIn" | "parseIntent" | "parseUri") -> | "android.content.Intent",
("parseUri" |
"getIntent" |
"getIntentOld" |
"setComponent" |
"setData" |
"setDataAndNormalize" |
"setDataAndType" |
"setDataAndTypeAndNormalize" |
"setPackage") ->
Some (taint_nth 0 Intent ~report_reachable:true)
| "android.content.Intent", "setClassName" ->
Some (taint_all Intent ~report_reachable:true) Some (taint_all Intent ~report_reachable:true)
| "android.webkit.WebChromeClient", | "android.webkit.WebChromeClient",
("onJsAlert" | "onJsBeforeUnload" | "onJsConfirm" | "onJsPrompt") -> ("onJsAlert" | "onJsBeforeUnload" | "onJsConfirm" | "onJsPrompt") ->

25
infer/tests/codetoanalyze/java/quandary/Intents.java
Unescape View File

@ -75,17 +75,20 @@ public class Intents {
activity.stopService(intent); // 20 sinks, 20 expected reports activity.stopService(intent); // 20 sinks, 20 expected reports
} }
public void callAllIntentSinksBad(Intent cleanIntent) throws public void callAllIntentSinks() throws IOException, URISyntaxException, XmlPullParserException {
IOException, URISyntaxException, XmlPullParserException { String taintedString = (String) InferTaint.inferSecretSource();
String taintedString = cleanIntent.getStringExtra(""); Intent.parseUri(taintedString, 0);
Intent taintedIntent = (Intent) InferTaint.inferSecretSource(); Intent.getIntent(taintedString);
Resources taintedResources = (Resources) ((Object) taintedString); Intent.getIntentOld(taintedString);
Uri taintedUri = taintedIntent.getData();
Uri taintedUri = (Uri) InferTaint.inferSecretSource();
Intent intent = new Intent(); Intent i = new Intent();
intent.fillIn(taintedIntent, 0); i.setClassName(taintedString, "");
intent.makeMainSelectorActivity(taintedString, null); i.setData(taintedUri);
intent.parseIntent(taintedResources, null, null); // 3 sinks, 3 expected results i.setDataAndNormalize(taintedUri);
i.setDataAndType(taintedUri, "");
i.setDataAndTypeAndNormalize(taintedUri, "");
i.setPackage(taintedString); // 9 sinks, 9 expected reports
} }
// make sure the rules apply to subclasses of Intent and Context too // make sure the rules apply to subclasses of Intent and Context too

11
infer/tests/codetoanalyze/java/quandary/issues.exp
Unescape View File

@ -77,8 +77,15 @@ codetoanalyze/java/quandary/Intents.java, void Intents.callAllActivitySinksBad(A
codetoanalyze/java/quandary/Intents.java, void Intents.callAllActivitySinksBad(Activity,String), 21, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),call to void Activity.startIntentSenderFromChild(Activity,IntentSender,int,Intent,int,int,int)] codetoanalyze/java/quandary/Intents.java, void Intents.callAllActivitySinksBad(Activity,String), 21, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),call to void Activity.startIntentSenderFromChild(Activity,IntentSender,int,Intent,int,int,int)]
codetoanalyze/java/quandary/Intents.java, void Intents.callAllActivitySinksBad(Activity,String), 22, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),call to ComponentName ContextWrapper.startService(Intent)] codetoanalyze/java/quandary/Intents.java, void Intents.callAllActivitySinksBad(Activity,String), 22, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),call to ComponentName ContextWrapper.startService(Intent)]
codetoanalyze/java/quandary/Intents.java, void Intents.callAllActivitySinksBad(Activity,String), 23, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),call to boolean ContextWrapper.stopService(Intent)] codetoanalyze/java/quandary/Intents.java, void Intents.callAllActivitySinksBad(Activity,String), 23, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),call to boolean ContextWrapper.stopService(Intent)]
codetoanalyze/java/quandary/Intents.java, void Intents.callAllIntentSinksBad(Intent), 8, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),call to int Intent.fillIn(Intent,int)] codetoanalyze/java/quandary/Intents.java, void Intents.callAllIntentSinks(), 2, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),call to Intent Intent.parseUri(String,int)]
codetoanalyze/java/quandary/Intents.java, void Intents.callAllIntentSinksBad(Intent), 10, QUANDARY_TAINT_ERROR, [return from String Intent.getStringExtra(String),call to Intent Intent.parseIntent(Resources,XmlPullParser,AttributeSet)] codetoanalyze/java/quandary/Intents.java, void Intents.callAllIntentSinks(), 3, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),call to Intent Intent.getIntent(String)]
codetoanalyze/java/quandary/Intents.java, void Intents.callAllIntentSinks(), 4, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),call to Intent Intent.getIntentOld(String)]
codetoanalyze/java/quandary/Intents.java, void Intents.callAllIntentSinks(), 8, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),call to Intent Intent.setClassName(String,String)]
codetoanalyze/java/quandary/Intents.java, void Intents.callAllIntentSinks(), 9, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),call to Intent Intent.setData(Uri)]
codetoanalyze/java/quandary/Intents.java, void Intents.callAllIntentSinks(), 10, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),call to Intent Intent.setDataAndNormalize(Uri)]
codetoanalyze/java/quandary/Intents.java, void Intents.callAllIntentSinks(), 11, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),call to Intent Intent.setDataAndType(Uri,String)]
codetoanalyze/java/quandary/Intents.java, void Intents.callAllIntentSinks(), 12, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),call to Intent Intent.setDataAndTypeAndNormalize(Uri,String)]
codetoanalyze/java/quandary/Intents.java, void Intents.callAllIntentSinks(), 13, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),call to Intent Intent.setPackage(String)]
codetoanalyze/java/quandary/Intents.java, void Intents.reuseIntentBad(Activity), 1, QUANDARY_TAINT_ERROR, [return from Intent Activity.getIntent(),call to void Activity.startActivity(Intent)] codetoanalyze/java/quandary/Intents.java, void Intents.reuseIntentBad(Activity), 1, QUANDARY_TAINT_ERROR, [return from Intent Activity.getIntent(),call to void Activity.startActivity(Intent)]
codetoanalyze/java/quandary/Intents.java, void Intents.subclassCallBad(IntentSubclass,ContextSubclass), 3, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),call to void Context.startActivity(Intent)] codetoanalyze/java/quandary/Intents.java, void Intents.subclassCallBad(IntentSubclass,ContextSubclass), 3, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),call to void Context.startActivity(Intent)]
codetoanalyze/java/quandary/Intents.java, void MyActivity.onActivityResult(int,int,Intent), 1, QUANDARY_TAINT_ERROR, [return from void MyActivity.onActivityResult(int,int,Intent),call to ComponentName ContextWrapper.startService(Intent)] codetoanalyze/java/quandary/Intents.java, void MyActivity.onActivityResult(int,int,Intent), 1, QUANDARY_TAINT_ERROR, [return from void MyActivity.onActivityResult(int,int,Intent),call to ComponentName ContextWrapper.startService(Intent)]

Write Preview
Loading…
Cancel
Save