You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
95 lines
3.1 KiB
95 lines
3.1 KiB
/*
|
|
* Copyright (c) 2016 - present Facebook, Inc.
|
|
* All rights reserved.
|
|
*
|
|
* This source code is licensed under the BSD style license found in the
|
|
* LICENSE file in the root directory of this source tree. An additional grant
|
|
* of patent rights can be found in the PATENTS file in the same directory.
|
|
*/
|
|
|
|
package codetoanalyze.java.quandary;
|
|
|
|
import com.facebook.infer.builtins.InferTaint;
|
|
|
|
import android.content.Intent;
|
|
import android.os.Parcel;
|
|
|
|
/** testing how the analysis handles missing/unknown code */
|
|
|
|
public abstract class UnknownCode {
|
|
|
|
native static Object nativeMethod(Object o);
|
|
|
|
abstract Object abstractMethod(Object o);
|
|
|
|
static interface Interface {
|
|
Object interfaceMethod(Object o);
|
|
}
|
|
|
|
static void propagateViaUnknownConstructorBad() {
|
|
String source = (String) InferTaint.inferSecretSource();
|
|
// we don't analyze the code for the core Java libraries, so this constructor will be unknown
|
|
String unknownConstructor = new String(source);
|
|
InferTaint.inferSensitiveSink(unknownConstructor);
|
|
}
|
|
|
|
static void propagateViaUnknownConstructorOk() {
|
|
String unknownConstructor = new String("");
|
|
InferTaint.inferSensitiveSink(unknownConstructor);
|
|
}
|
|
|
|
void propagateViaUnknownCodeOk(Interface i) {
|
|
Object notASource = new Object();
|
|
Object launderedSource1 = nativeMethod(notASource);
|
|
Object launderedSource2 = abstractMethod(launderedSource1);
|
|
Object launderedSource3 = i.interfaceMethod(launderedSource2);
|
|
InferTaint.inferSensitiveSink(launderedSource3);
|
|
}
|
|
|
|
void callUnknownSetterBad(Intent i) {
|
|
Object source = InferTaint.inferSecretSource();
|
|
// we don't analyze the source code for Android, so this will be unknown
|
|
i.writeToParcel((Parcel) source, 0);
|
|
InferTaint.inferSensitiveSink(i);
|
|
}
|
|
|
|
void propagateEmptyBad() {
|
|
String source = (String) InferTaint.inferSecretSource();
|
|
StringBuffer buffer = new StringBuffer();
|
|
buffer.append(source); // buffer is now tainted
|
|
// even though "" is not tainted, buffer and alias should still be tainted
|
|
StringBuffer alias = buffer.append("");
|
|
InferTaint.inferSensitiveSink(buffer); // should report
|
|
InferTaint.inferSensitiveSink(alias); // should report
|
|
}
|
|
|
|
void propagateFootprint(String param) {
|
|
StringBuffer buffer = new StringBuffer();
|
|
buffer.append(param);
|
|
InferTaint.inferSensitiveSink(buffer);
|
|
}
|
|
|
|
void callPropagateFootprintBad() {
|
|
propagateFootprint((String) InferTaint.inferSecretSource());
|
|
}
|
|
|
|
static void propagateViaInterfaceCodeBad(Interface i) {
|
|
Object source = InferTaint.inferSecretSource();
|
|
Object launderedSource = i.interfaceMethod(source);
|
|
InferTaint.inferSensitiveSink(launderedSource);
|
|
}
|
|
|
|
void propagateViaUnknownNativeCodeBad() {
|
|
Object source = InferTaint.inferSecretSource();
|
|
Object launderedSource = nativeMethod(source);
|
|
InferTaint.inferSensitiveSink(launderedSource);
|
|
}
|
|
|
|
static void propagateViaUnknownAbstractCodeBad() {
|
|
Object source = InferTaint.inferSecretSource();
|
|
Object launderedSource = nativeMethod(source);
|
|
InferTaint.inferSensitiveSink(launderedSource);
|
|
}
|
|
|
|
}
|