Reviewed By: jberdine Differential Revision: D3811191 fbshipit-source-id: 9d967f2master
Sam Blackshear
8 years ago
committed by
Facebook Github Bot 7
parent
f6636c6d41
commit
f2487513c5
@ -0,0 +1,200 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2016 - present Facebook, Inc.
|
||||||
|
* All rights reserved.
|
||||||
|
*
|
||||||
|
* This source code is licensed under the BSD style license found in the
|
||||||
|
* LICENSE file in the root directory of this source tree. An additional grant
|
||||||
|
* of patent rights can be found in the PATENTS file in the same directory.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package codetoanalyze.java.quandary;
|
||||||
|
|
||||||
|
import com.facebook.infer.models.InferTaint;
|
||||||
|
|
||||||
|
/** testing basic intraprocedural functionality: assignment, ifs, loops, casts */
|
||||||
|
|
||||||
|
public class Basics {
|
||||||
|
|
||||||
|
native Object notASource();
|
||||||
|
native void notASink(Object o);
|
||||||
|
|
||||||
|
/** should report on these tests */
|
||||||
|
|
||||||
|
void directBad() {
|
||||||
|
InferTaint.inferSensitiveSink(InferTaint.inferSecretSource());
|
||||||
|
}
|
||||||
|
|
||||||
|
void viaVarBad1() {
|
||||||
|
Object src = InferTaint.inferSecretSource();
|
||||||
|
InferTaint.inferSensitiveSink(src);
|
||||||
|
}
|
||||||
|
|
||||||
|
void viaVarBad2() {
|
||||||
|
Object src = InferTaint.inferSecretSource();
|
||||||
|
Object alias = src;
|
||||||
|
InferTaint.inferSensitiveSink(alias);
|
||||||
|
}
|
||||||
|
|
||||||
|
void viaVarBad3() {
|
||||||
|
Object src = InferTaint.inferSecretSource();
|
||||||
|
Object alias = src;
|
||||||
|
src = null;
|
||||||
|
InferTaint.inferSensitiveSink(alias);
|
||||||
|
}
|
||||||
|
|
||||||
|
void viaCastBad1() {
|
||||||
|
InferTaint.inferSensitiveSink((String) InferTaint.inferSecretSource());
|
||||||
|
}
|
||||||
|
|
||||||
|
void viaCastBad2() {
|
||||||
|
Object src = InferTaint.inferSecretSource();
|
||||||
|
InferTaint.inferSensitiveSink((String) src);
|
||||||
|
}
|
||||||
|
|
||||||
|
void ifBad1(boolean b) {
|
||||||
|
Object src = null;
|
||||||
|
if (b) {
|
||||||
|
src = InferTaint.inferSecretSource();
|
||||||
|
}
|
||||||
|
InferTaint.inferSensitiveSink(src);
|
||||||
|
}
|
||||||
|
|
||||||
|
void ifBad2(boolean b) {
|
||||||
|
Object src = InferTaint.inferSecretSource();
|
||||||
|
if (b) {
|
||||||
|
src = null;
|
||||||
|
}
|
||||||
|
InferTaint.inferSensitiveSink(src);
|
||||||
|
}
|
||||||
|
|
||||||
|
void ifBad3(boolean b) {
|
||||||
|
Object src;
|
||||||
|
if (b) {
|
||||||
|
src = new Object();
|
||||||
|
} else {
|
||||||
|
src = InferTaint.inferSecretSource();
|
||||||
|
}
|
||||||
|
InferTaint.inferSensitiveSink(src);
|
||||||
|
}
|
||||||
|
|
||||||
|
void ifBad4(boolean b1, boolean b2) {
|
||||||
|
Object src;
|
||||||
|
if (b1) {
|
||||||
|
src = new Object();
|
||||||
|
} else if (b2) {
|
||||||
|
src = InferTaint.inferSecretSource();
|
||||||
|
} else {
|
||||||
|
src = null;
|
||||||
|
}
|
||||||
|
InferTaint.inferSensitiveSink(src);
|
||||||
|
}
|
||||||
|
|
||||||
|
void ifBad5(boolean b) {
|
||||||
|
Object src = InferTaint.inferSecretSource();
|
||||||
|
if (b) {
|
||||||
|
InferTaint.inferSensitiveSink(src);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
void switchBad1(int i) {
|
||||||
|
Object src = InferTaint.inferSecretSource();
|
||||||
|
switch (i) {
|
||||||
|
case 1:
|
||||||
|
InferTaint.inferSensitiveSink(src);
|
||||||
|
break;
|
||||||
|
case 2:
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
void switchBad2(int i) {
|
||||||
|
Object src = InferTaint.inferSecretSource();
|
||||||
|
switch (i) {
|
||||||
|
case 1:
|
||||||
|
break;
|
||||||
|
case 2:
|
||||||
|
InferTaint.inferSensitiveSink(src);
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
void switchBad3(int i) {
|
||||||
|
Object src = null;
|
||||||
|
switch (i) {
|
||||||
|
case 1:
|
||||||
|
src = InferTaint.inferSecretSource();
|
||||||
|
// fallthrough
|
||||||
|
case 2:
|
||||||
|
InferTaint.inferSensitiveSink(src);
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
void whileBad1(int i) {
|
||||||
|
Object src = InferTaint.inferSecretSource();
|
||||||
|
while (i < 10) {
|
||||||
|
InferTaint.inferSensitiveSink(src);
|
||||||
|
i++;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
void whileBad2(int i) {
|
||||||
|
Object src = null;
|
||||||
|
while (i < 10) {
|
||||||
|
src = InferTaint.inferSecretSource();
|
||||||
|
i++;
|
||||||
|
}
|
||||||
|
InferTaint.inferSensitiveSink(src);
|
||||||
|
}
|
||||||
|
|
||||||
|
/** should not report on these tests */
|
||||||
|
|
||||||
|
void directOk1() {
|
||||||
|
notASink(notASource());
|
||||||
|
}
|
||||||
|
|
||||||
|
void directOk2() {
|
||||||
|
notASink(InferTaint.inferSecretSource());
|
||||||
|
}
|
||||||
|
|
||||||
|
void directOk3() {
|
||||||
|
InferTaint.inferSensitiveSink(notASource());
|
||||||
|
}
|
||||||
|
|
||||||
|
void viaVarOk() {
|
||||||
|
Object src = new Object();
|
||||||
|
InferTaint.inferSensitiveSink(src);
|
||||||
|
}
|
||||||
|
|
||||||
|
void viaVarStrongUpdateOk() {
|
||||||
|
Object src = InferTaint.inferSecretSource();
|
||||||
|
src = null;
|
||||||
|
InferTaint.inferSensitiveSink(src);
|
||||||
|
}
|
||||||
|
|
||||||
|
/** "known false positive" tests demonstrating limitations. an ideal analysis would not report on
|
||||||
|
these tests, but we do. */
|
||||||
|
|
||||||
|
void FP_deadCodeOk() {
|
||||||
|
Object src = InferTaint.inferSecretSource();
|
||||||
|
boolean b = false;
|
||||||
|
if (b) {
|
||||||
|
InferTaint.inferSensitiveSink(src);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
void FP_loopInvariantOk() {
|
||||||
|
Object src = InferTaint.inferSecretSource();
|
||||||
|
for (int i = 0; i < 10; i++) {
|
||||||
|
src = null;
|
||||||
|
}
|
||||||
|
InferTaint.inferSensitiveSink(src);
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
@ -1,2 +1,20 @@
|
|||||||
|
Basics.java:103: ERROR: QUANDARY_TAINT_ERROR Error: Other(Object InferTaint.inferSecretSource() at [line 100]) -> Other(void InferTaint.inferSensitiveSink(Object) at [line 103]) via { }
|
||||||
|
Basics.java:118: ERROR: QUANDARY_TAINT_ERROR Error: Other(Object InferTaint.inferSecretSource() at [line 113]) -> Other(void InferTaint.inferSensitiveSink(Object) at [line 118]) via { }
|
||||||
|
Basics.java:132: ERROR: QUANDARY_TAINT_ERROR Error: Other(Object InferTaint.inferSecretSource() at [line 129]) -> Other(void InferTaint.inferSensitiveSink(Object) at [line 132]) via { }
|
||||||
|
Basics.java:142: ERROR: QUANDARY_TAINT_ERROR Error: Other(Object InferTaint.inferSecretSource() at [line 140]) -> Other(void InferTaint.inferSensitiveSink(Object) at [line 142]) via { }
|
||||||
|
Basics.java:153: ERROR: QUANDARY_TAINT_ERROR Error: Other(Object InferTaint.inferSecretSource() at [line 150]) -> Other(void InferTaint.inferSensitiveSink(Object) at [line 153]) via { }
|
||||||
|
Basics.java:188: ERROR: QUANDARY_TAINT_ERROR Error: Other(Object InferTaint.inferSecretSource() at [line 185]) -> Other(void InferTaint.inferSensitiveSink(Object) at [line 188]) via { }
|
||||||
|
Basics.java:197: ERROR: QUANDARY_TAINT_ERROR Error: Other(Object InferTaint.inferSecretSource() at [line 193]) -> Other(void InferTaint.inferSensitiveSink(Object) at [line 197]) via { }
|
||||||
|
Basics.java:24: ERROR: QUANDARY_TAINT_ERROR Error: Other(Object InferTaint.inferSecretSource() at [line 24]) -> Other(void InferTaint.inferSensitiveSink(Object) at [line 24]) via { }
|
||||||
|
Basics.java:29: ERROR: QUANDARY_TAINT_ERROR Error: Other(Object InferTaint.inferSecretSource() at [line 28]) -> Other(void InferTaint.inferSensitiveSink(Object) at [line 29]) via { }
|
||||||
|
Basics.java:35: ERROR: QUANDARY_TAINT_ERROR Error: Other(Object InferTaint.inferSecretSource() at [line 33]) -> Other(void InferTaint.inferSensitiveSink(Object) at [line 35]) via { }
|
||||||
|
Basics.java:42: ERROR: QUANDARY_TAINT_ERROR Error: Other(Object InferTaint.inferSecretSource() at [line 39]) -> Other(void InferTaint.inferSensitiveSink(Object) at [line 42]) via { }
|
||||||
|
Basics.java:46: ERROR: QUANDARY_TAINT_ERROR Error: Other(Object InferTaint.inferSecretSource() at [line 46]) -> Other(void InferTaint.inferSensitiveSink(Object) at [line 46]) via { }
|
||||||
|
Basics.java:51: ERROR: QUANDARY_TAINT_ERROR Error: Other(Object InferTaint.inferSecretSource() at [line 50]) -> Other(void InferTaint.inferSensitiveSink(Object) at [line 51]) via { }
|
||||||
|
Basics.java:59: ERROR: QUANDARY_TAINT_ERROR Error: Other(Object InferTaint.inferSecretSource() at [line 57]) -> Other(void InferTaint.inferSensitiveSink(Object) at [line 59]) via { }
|
||||||
|
Basics.java:67: ERROR: QUANDARY_TAINT_ERROR Error: Other(Object InferTaint.inferSecretSource() at [line 63]) -> Other(void InferTaint.inferSensitiveSink(Object) at [line 67]) via { }
|
||||||
|
Basics.java:77: ERROR: QUANDARY_TAINT_ERROR Error: Other(Object InferTaint.inferSecretSource() at [line 75]) -> Other(void InferTaint.inferSensitiveSink(Object) at [line 77]) via { }
|
||||||
|
Basics.java:89: ERROR: QUANDARY_TAINT_ERROR Error: Other(Object InferTaint.inferSecretSource() at [line 85]) -> Other(void InferTaint.inferSensitiveSink(Object) at [line 89]) via { }
|
||||||
|
Basics.java:95: ERROR: QUANDARY_TAINT_ERROR Error: Other(Object InferTaint.inferSecretSource() at [line 93]) -> Other(void InferTaint.inferSensitiveSink(Object) at [line 95]) via { }
|
||||||
LoggingPrivateData.java:18: ERROR: QUANDARY_TAINT_ERROR Error: SharedPreferences(String SharedPreferences.getString(String,String) at [line 18]) -> Logging(int Log.d(String,String) at [line 18]) via { }
|
LoggingPrivateData.java:18: ERROR: QUANDARY_TAINT_ERROR Error: SharedPreferences(String SharedPreferences.getString(String,String) at [line 18]) -> Logging(int Log.d(String,String) at [line 18]) via { }
|
||||||
LoggingPrivateData.java:22: ERROR: QUANDARY_TAINT_ERROR Error: SharedPreferences(String SharedPreferences.getString(String,String) at [line 22]) -> Logging(int Log.d(String,String) at [line 22]) via { }
|
LoggingPrivateData.java:22: ERROR: QUANDARY_TAINT_ERROR Error: SharedPreferences(String SharedPreferences.getString(String,String) at [line 22]) -> Logging(int Log.d(String,String) at [line 22]) via { }
|
||||||
|
|||||||
Loading…
Reference in new issue