[quandary] report gflags to shell exec, but not file or url creation

Reviewed By: mbouaziz Differential Revision: D6716776 fbshipit-source-id: 942f716
7 years ago · fb7556816f
parent d0a30d61c4
commit fb7556816f
3 changed files with 16 additions and 6 deletions
--- a/infer/src/quandary/ClangTrace.ml
+++ b/infer/src/quandary/ClangTrace.ml
@ -76,8 +76,7 @@ module SourceKind = struct
            Some (ReadFile, Some 1)
        | _ ->
            get_external_source qualified_pname )
-    | Typ.Procname.C _
-      when Config.developer_mode && Typ.Procname.equal pname BuiltinDecl.__global_access
+    | Typ.Procname.C _ when Typ.Procname.equal pname BuiltinDecl.__global_access
      -> (
        (* is this var a command line flag created by the popular C++ gflags library for creating
           command-line flags (https://github.com/gflags/gflags)? *)
@ -438,7 +437,7 @@ include Trace.Make (struct
        Option.some_if
          (is_injection_possible ~typ Sanitizer.EscapeShell sanitizers)
          IssueType.untrusted_file
-    | (Endpoint (_, typ) | CommandLineFlag (_, typ)), CreateFile ->
+    | Endpoint (_, typ), CreateFile ->
        Option.some_if
          (is_injection_possible ~typ Sanitizer.EscapeShell sanitizers)
          IssueType.untrusted_file_risk
@ -446,11 +445,11 @@ include Trace.Make (struct
        Option.some_if
          (is_injection_possible ~typ Sanitizer.EscapeURL sanitizers)
          IssueType.untrusted_url
-    | (Endpoint (_, typ) | CommandLineFlag (_, typ)), URL ->
+    | Endpoint (_, typ), URL ->
        Option.some_if
          (is_injection_possible ~typ Sanitizer.EscapeURL sanitizers)
          IssueType.untrusted_url_risk
-    | (EnvironmentVariable | ReadFile), URL ->
+    | (CommandLineFlag _ | EnvironmentVariable | ReadFile), URL ->
        None
    | (UserControlledEndpoint (_, typ) | CommandLineFlag (_, typ)), SQL ->
        if is_injection_possible ~typ Sanitizer.EscapeSQL sanitizers then
@ -508,7 +507,7 @@ include Trace.Make (struct
        (* untrusted data of any kind flowing to stack buffer allocation. trying to allocate a stack
           buffer that's too large will cause a stack overflow. *)
        Some IssueType.untrusted_variable_length_array
-    | (EnvironmentVariable | ReadFile), CreateFile ->
+    | (CommandLineFlag _ | EnvironmentVariable | ReadFile), CreateFile ->
        None
    | Other, _ ->
        (* Other matches everything *)
--- a/infer/tests/codetoanalyze/cpp/quandary/endpoints.cpp
+++ b/infer/tests/codetoanalyze/cpp/quandary/endpoints.cpp
@ -9,6 +9,7 @@

 #include <fcntl.h>
 #include <fstream>
+#include <iostream>
 #include <string>

 extern void __infer_sql_sink(std::string);
--- a/infer/tests/codetoanalyze/cpp/quandary/files.cpp
+++ b/infer/tests/codetoanalyze/cpp/quandary/files.cpp
@ -10,8 +10,12 @@
 #include <fstream>
 #include <unistd.h>

+extern void __infer_url_sink(char*);
+
 namespace files {

+extern char* FLAGS_cli_string;
+
 void read_file_call_exec_bad1(int length) {
  std::ifstream is("test.txt", std::ifstream::binary);
  if (is) {
@ -62,4 +66,10 @@ void read_file_call_exec_bad5(std::iostream is, int length) {
  }
 }

+void read_file_from_flag_ok(int length) {
+  std::ofstream file1(FLAGS_cli_string, std::ifstream::binary);
+}
+
+void url_from_flag_ok() { __infer_url_sink(FLAGS_cli_string); }
+
 }