From d70d23c5f3a0f03d650f2526fa2738ac4b468de6 Mon Sep 17 00:00:00 2001 From: Sam Blackshear Date: Mon, 14 May 2018 06:03:12 -0700 Subject: [PATCH] [quandary] treat Fragments like other Context types Summary: Makes sense given that they share a lot of the same `Intent`-related sinks. Reviewed By: mbouaziz Differential Revision: D7877282 fbshipit-source-id: 38b2040 --- infer/src/quandary/JavaTrace.ml | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/infer/src/quandary/JavaTrace.ml b/infer/src/quandary/JavaTrace.ml index d356b9846..e9bed38f3 100644 --- a/infer/src/quandary/JavaTrace.ml +++ b/infer/src/quandary/JavaTrace.ml @@ -176,7 +176,8 @@ module SourceKind = struct let method_name = Typ.Procname.Java.get_method java_pname in let taint_matching_supertype typename = match (Typ.Name.name typename, method_name) with - | "android.app.Activity", ("onActivityResult" | "onNewIntent") -> + | ( ("android.app.Activity" | "android.app.Fragment" | "android.support.v4.app.Fragment") + , ("onActivityResult" | "onNewIntent") ) -> Some (taint_formals_with_types ["android.content.Intent"] Intent formals) | ( "android.app.Service" , ("onBind" | "onRebind" | "onStart" | "onStartCommand" | "onTaskRemoved" | "onUnbind") @@ -356,11 +357,16 @@ module SinkKind = struct match (Typ.Name.name typename, method_name) with | "android.app.Activity", ("startActivityFromChild" | "startActivityFromFragment") -> taint_nth 1 StartComponent - | "android.app.Activity", "startIntentSenderForResult" -> + | ( ( "android.app.Activity" + | "android.content.Context" + | "android.support.v4.app.Fragment" ) + , "startIntentSenderForResult" ) -> taint_nth 2 StartComponent | "android.app.Activity", "startIntentSenderFromChild" -> taint_nth 3 StartComponent - | ( "android.content.Context" + | ( ( "android.app.Fragment" + | "android.content.Context" + | "android.support.v4.app.Fragment" ) , ( "bindService" | "sendBroadcast" | "sendBroadcastAsUser"