[quandary] add a few missing Intent sinks

Reviewed By: mburman Differential Revision: D4399440 fbshipit-source-id: 54fba49
8 years ago · e5ef592f11
parent ddccb0cce1
commit e5ef592f11
3 changed files with 11 additions and 3 deletions
--- a/infer/src/quandary/JavaTrace.ml
+++ b/infer/src/quandary/JavaTrace.ml
@ -147,6 +147,10 @@ module SinkKind = struct
                | "android.app.Activity",
                  ("startActivityFromChild" | "startActivityFromFragment") ->
                    Some (taint_nth 1 Intent ~report_reachable:true)
+                | "android.app.Activity", "startIntentSenderForResult"  ->
+                    Some (taint_nth 2 Intent ~report_reachable:true)
+                | "android.app.Activity", "startIntentSenderFromChild"  ->
+                    Some (taint_nth 3 Intent ~report_reachable:true)
                | "android.content.Context",
                  ("bindService" |
                   "sendBroadcast" |
--- a/infer/tests/codetoanalyze/java/quandary/Intents.java
+++ b/infer/tests/codetoanalyze/java/quandary/Intents.java
@ -69,8 +69,10 @@ public class Intents {
    activity.startActivityFromChild(null, intent, 0);
    activity.startActivityFromFragment(null, intent, 0);
    activity.startIntentSender(null, intent, 0, 0, 0);
+    activity.startIntentSenderForResult(null, 0, intent, 0, 0, 0);
+    activity.startIntentSenderFromChild(null, null, 0, intent, 0, 0, 0);
    activity.startService(intent);
-    activity.stopService(intent); // 18 sinks, 18 expected reports
+    activity.stopService(intent); // 20 sinks, 20 expected reports
  }

  public void callAllIntentSinksBad(Intent cleanIntent) throws
--- a/infer/tests/codetoanalyze/java/quandary/issues.exp
+++ b/infer/tests/codetoanalyze/java/quandary/issues.exp
@ -69,8 +69,10 @@ codetoanalyze/java/quandary/Intents.java, void Intents.callAllActivitySinksBad(A
 codetoanalyze/java/quandary/Intents.java, void Intents.callAllActivitySinksBad(Activity,String), 17, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),call to void Activity.startActivityFromChild(Activity,Intent,int)]
 codetoanalyze/java/quandary/Intents.java, void Intents.callAllActivitySinksBad(Activity,String), 18, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),call to void Activity.startActivityFromFragment(Fragment,Intent,int)]
 codetoanalyze/java/quandary/Intents.java, void Intents.callAllActivitySinksBad(Activity,String), 19, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),call to void Activity.startIntentSender(IntentSender,Intent,int,int,int)]
-codetoanalyze/java/quandary/Intents.java, void Intents.callAllActivitySinksBad(Activity,String), 20, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),call to ComponentName ContextWrapper.startService(Intent)]
-codetoanalyze/java/quandary/Intents.java, void Intents.callAllActivitySinksBad(Activity,String), 21, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),call to boolean ContextWrapper.stopService(Intent)]
+codetoanalyze/java/quandary/Intents.java, void Intents.callAllActivitySinksBad(Activity,String), 20, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),call to void Activity.startIntentSenderForResult(IntentSender,int,Intent,int,int,int)]
+codetoanalyze/java/quandary/Intents.java, void Intents.callAllActivitySinksBad(Activity,String), 21, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),call to void Activity.startIntentSenderFromChild(Activity,IntentSender,int,Intent,int,int,int)]
+codetoanalyze/java/quandary/Intents.java, void Intents.callAllActivitySinksBad(Activity,String), 22, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),call to ComponentName ContextWrapper.startService(Intent)]
+codetoanalyze/java/quandary/Intents.java, void Intents.callAllActivitySinksBad(Activity,String), 23, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),call to boolean ContextWrapper.stopService(Intent)]
 codetoanalyze/java/quandary/Intents.java, void Intents.callAllIntentSinksBad(Intent), 8, QUANDARY_TAINT_ERROR, [return from Object InferTaint.inferSecretSource(),call to int Intent.fillIn(Intent,int)]
 codetoanalyze/java/quandary/Intents.java, void Intents.callAllIntentSinksBad(Intent), 9, QUANDARY_TAINT_ERROR, [return from String Intent.getStringExtra(String),call to Intent Intent.makeMainSelectorActivity(String,String)]
 codetoanalyze/java/quandary/Intents.java, void Intents.callAllIntentSinksBad(Intent), 10, QUANDARY_TAINT_ERROR, [return from String Intent.getStringExtra(String),call to Intent Intent.parseIntent(Resources,XmlPullParser,AttributeSet)]