You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
239 lines
4.9 KiB
239 lines
4.9 KiB
/*
|
|
* Copyright (c) 2016-present, Facebook, Inc.
|
|
*
|
|
* This source code is licensed under the MIT license found in the
|
|
* LICENSE file in the root directory of this source tree.
|
|
*/
|
|
|
|
package codetoanalyze.java.quandary;
|
|
|
|
import com.facebook.infer.builtins.InferTaint;
|
|
|
|
/** testing basic intraprocedural functionality: assignment, ifs, loops, casts */
|
|
|
|
public class Basics {
|
|
|
|
native Object notASource();
|
|
native void notASink(Object o);
|
|
|
|
/** should report on these tests */
|
|
|
|
void directBad() {
|
|
InferTaint.inferSensitiveSink(InferTaint.inferSecretSource());
|
|
}
|
|
|
|
void viaVarBad1() {
|
|
Object src = InferTaint.inferSecretSource();
|
|
InferTaint.inferSensitiveSink(src);
|
|
}
|
|
|
|
void viaVarBad2() {
|
|
Object src = InferTaint.inferSecretSource();
|
|
Object alias = src;
|
|
InferTaint.inferSensitiveSink(alias);
|
|
}
|
|
|
|
void viaVarBad3() {
|
|
Object src = InferTaint.inferSecretSource();
|
|
Object alias = src;
|
|
src = null;
|
|
InferTaint.inferSensitiveSink(alias);
|
|
}
|
|
|
|
void viaCastBad1() {
|
|
InferTaint.inferSensitiveSink((String) InferTaint.inferSecretSource());
|
|
}
|
|
|
|
void viaCastBad2() {
|
|
Object src = InferTaint.inferSecretSource();
|
|
InferTaint.inferSensitiveSink((String) src);
|
|
}
|
|
|
|
void ifBad1(boolean b) {
|
|
Object src = null;
|
|
if (b) {
|
|
src = InferTaint.inferSecretSource();
|
|
}
|
|
InferTaint.inferSensitiveSink(src);
|
|
}
|
|
|
|
void ifBad2(boolean b) {
|
|
Object src = InferTaint.inferSecretSource();
|
|
if (b) {
|
|
src = null;
|
|
}
|
|
InferTaint.inferSensitiveSink(src);
|
|
}
|
|
|
|
void ifBad3(boolean b) {
|
|
Object src;
|
|
if (b) {
|
|
src = new Object();
|
|
} else {
|
|
src = InferTaint.inferSecretSource();
|
|
}
|
|
InferTaint.inferSensitiveSink(src);
|
|
}
|
|
|
|
void ifBad4(boolean b1, boolean b2) {
|
|
Object src;
|
|
if (b1) {
|
|
src = new Object();
|
|
} else if (b2) {
|
|
src = InferTaint.inferSecretSource();
|
|
} else {
|
|
src = null;
|
|
}
|
|
InferTaint.inferSensitiveSink(src);
|
|
}
|
|
|
|
void ifBad5(boolean b) {
|
|
Object src = InferTaint.inferSecretSource();
|
|
if (b) {
|
|
InferTaint.inferSensitiveSink(src);
|
|
}
|
|
}
|
|
|
|
void switchBad1(int i) {
|
|
Object src = InferTaint.inferSecretSource();
|
|
switch (i) {
|
|
case 1:
|
|
InferTaint.inferSensitiveSink(src);
|
|
break;
|
|
case 2:
|
|
break;
|
|
default:
|
|
break;
|
|
}
|
|
}
|
|
|
|
void switchBad2(int i) {
|
|
Object src = InferTaint.inferSecretSource();
|
|
switch (i) {
|
|
case 1:
|
|
break;
|
|
case 2:
|
|
InferTaint.inferSensitiveSink(src);
|
|
break;
|
|
default:
|
|
break;
|
|
}
|
|
}
|
|
|
|
void switchBad3(int i) {
|
|
Object src = null;
|
|
switch (i) {
|
|
case 1:
|
|
src = InferTaint.inferSecretSource();
|
|
// fallthrough
|
|
case 2:
|
|
InferTaint.inferSensitiveSink(src);
|
|
break;
|
|
default:
|
|
break;
|
|
}
|
|
}
|
|
|
|
void whileBad1(int i) {
|
|
Object src = InferTaint.inferSecretSource();
|
|
while (i < 10) {
|
|
InferTaint.inferSensitiveSink(src);
|
|
i++;
|
|
}
|
|
}
|
|
|
|
void whileBad2(int i) {
|
|
Object src = null;
|
|
while (i < 10) {
|
|
src = InferTaint.inferSecretSource();
|
|
i++;
|
|
}
|
|
InferTaint.inferSensitiveSink(src);
|
|
}
|
|
|
|
// this should report only two alarms, not three
|
|
void noTripleReportBad() {
|
|
Object src = InferTaint.inferSecretSource();
|
|
InferTaint.inferSensitiveSink(src);
|
|
InferTaint.inferSensitiveSink(src);
|
|
}
|
|
|
|
void arrayWithTaintedContentsBad() {
|
|
Object src = InferTaint.inferSecretSource();
|
|
Object[] arr = new Object[] { src };
|
|
InferTaint.inferSensitiveSink(arr);
|
|
}
|
|
|
|
void funCallBad1() {
|
|
Object src = InferTaint.inferSecretSource();
|
|
funCallBad2(2, src);
|
|
}
|
|
|
|
void funCallBad2(int x, Object src) {
|
|
InferTaint.inferSensitiveSink(src);
|
|
}
|
|
|
|
/** should not report on these tests */
|
|
|
|
void directOk1() {
|
|
notASink(notASource());
|
|
}
|
|
|
|
void directOk2() {
|
|
notASink(InferTaint.inferSecretSource());
|
|
}
|
|
|
|
void directOk3() {
|
|
InferTaint.inferSensitiveSink(notASource());
|
|
}
|
|
|
|
void viaVarOk() {
|
|
Object src = new Object();
|
|
InferTaint.inferSensitiveSink(src);
|
|
}
|
|
|
|
void viaVarStrongUpdateOk() {
|
|
Object src = InferTaint.inferSecretSource();
|
|
src = null;
|
|
InferTaint.inferSensitiveSink(src);
|
|
}
|
|
|
|
Object exceptionOk(boolean b, Object o) {
|
|
if (b) {
|
|
throw new AssertionError("exception");
|
|
}
|
|
o.toString();
|
|
return o;
|
|
}
|
|
|
|
void synchronizedOk(Object o) {
|
|
synchronized(o) {
|
|
}
|
|
}
|
|
|
|
// this is to test that we don't crash due to the slightly odd translation of synchronized
|
|
void callSynchronizedOk(Object o) {
|
|
synchronizedOk(o);
|
|
}
|
|
|
|
/** "known false positive" tests demonstrating limitations. an ideal analysis would not report on
|
|
these tests, but we do. */
|
|
|
|
void FP_deadCodeOk() {
|
|
Object src = InferTaint.inferSecretSource();
|
|
boolean b = false;
|
|
if (b) {
|
|
InferTaint.inferSensitiveSink(src);
|
|
}
|
|
}
|
|
|
|
void FP_loopInvariantOk() {
|
|
Object src = InferTaint.inferSecretSource();
|
|
for (int i = 0; i < 10; i++) {
|
|
src = null;
|
|
}
|
|
InferTaint.inferSensitiveSink(src);
|
|
}
|
|
|
|
}
|