You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

92 lines
2.2 KiB

/*
* Copyright (c) 2016-present, Facebook, Inc.
*
* This source code is licensed under the MIT license found in the
* LICENSE file in the root directory of this source tree.
*/
#include <string>
#include <iostream>
extern std::string* __infer_taint_source();
extern void __infer_taint_sink(std::string);
namespace pointers {
void assign_pointer_to_source(std::string* pointer) {
*pointer = *__infer_taint_source();
}
void assign_pointer_pass_to_sink_bad1(std::string* pointer) {
assign_pointer_to_source(pointer);
__infer_taint_sink(*pointer);
}
void assign_pointer_pass_to_sink_bad2() {
std::string* pointer = new std::string();
assign_pointer_to_source(pointer);
__infer_taint_sink(*pointer);
}
void assign_source_by_reference(std::string& reference) {
reference = *__infer_taint_source();
}
void assign_source_by_reference_bad1() {
std::string local;
assign_source_by_reference(local);
__infer_taint_sink(local);
}
void assign_source_by_reference_bad2(std::string formal) {
assign_source_by_reference(formal);
__infer_taint_sink(formal);
}
void call_assign_source_by_reference(std::string& formal) {
assign_source_by_reference(formal);
}
void assign_source_by_reference_bad3() {
std::string local;
call_assign_source_by_reference(local);
__infer_taint_sink(local);
}
void reuse_pointer_as_local(std::string* pointer) {
pointer = __infer_taint_source();
std::cout << *pointer;
}
// need to understand that assigning a reference doesn't change the value in the
// caller
void FP_reuse_pointer_as_local_ok(std::string* pointer) {
reuse_pointer_as_local(pointer);
__infer_taint_sink(*pointer);
}
void funptr_bad0() {
auto f = __infer_taint_sink;
f(*(__infer_taint_source()));
}
void funptr_helper_bad1(void (*sink)(std::string)) {
sink(*(__infer_taint_source()));
}
void funptr_bad1_FN() {
auto f = __infer_taint_sink;
funptr_helper_bad1(f);
}
void funptr_helper_bad2(std::string* (*source)()) {
__infer_taint_sink(*(source()));
}
void funptr_bad2() { funptr_helper_bad2(__infer_taint_source); }
void pointer_arithmetic_ok1(int* i) { *(i + 1) = 7; }
void pointer_arithmetic_ok2(int* i) { *(2 + 7 + 5 + i + 1) = 7; }
} // namespace pointers