[pulse][taint][report] Add JSON fields for taint sources/sinks

Summary: Add string fields for taint sources and sinks to the `jsonbug` type, in the `extra` field. This will permit clear reporting of taint source/sink flows from the JSON format reports. Reviewed By: dulmarod Differential Revision: D36640831 fbshipit-source-id: 06eb97259ffcdecac0b88e8c2f728e3000fa3ad3
facebook · May 25, 2022 · 808b8a7 · 808b8a7
1 parent 323d9e6
commit 808b8a7
Show file tree

Hide file tree

Showing 5 changed files with 22 additions and 4 deletions.
diff --git a/infer/src/atd/jsonbug.atd b/infer/src/atd/jsonbug.atd
@@ -100,6 +100,8 @@ type extra = {
   ?cost_degree : int option;
   ?nullsafe_extra : nullsafe_extra option;
   ?copy_type : string option;
+  ?taint_source : string option;
+  ?taint_sink : string option;
 }
 
 type jsonbug = {

diff --git a/infer/src/cost/cost.ml b/infer/src/cost/cost.ml
@@ -255,7 +255,9 @@ let compute_errlog_extras cost =
     { cost_polynomial= Some (Format.asprintf "%a" BasicCostWithReason.pp_hum cost)
     ; cost_degree= BasicCostWithReason.degree cost |> Option.map ~f:Polynomials.Degree.encode_to_int
     ; nullsafe_extra= None
-    ; copy_type= None }
+    ; copy_type= None
+    ; taint_source= None
+    ; taint_sink= None }
 
 
 (** Calculate the final Worst Case Cost of the cfg. It is the dot product of the symbolic cost of

diff --git a/infer/src/nullsafe/ClassLevelAnalysis.ml b/infer/src/nullsafe/ClassLevelAnalysis.ml
@@ -14,7 +14,9 @@ let log_issue ?proc_name ~issue_log ~loc ~severity ~nullsafe_extra issue_type er
       { nullsafe_extra= Some nullsafe_extra
       ; cost_polynomial= None
       ; cost_degree= None
-      ; copy_type= None }
+      ; copy_type= None
+      ; taint_source= None
+      ; taint_sink= None }
   in
   let proc_name = Option.value proc_name ~default:Procname.Linters_dummy_method in
   let trace = [Errlog.make_trace_element 0 loc error_message []] in

diff --git a/infer/src/nullsafe/EradicateReporting.ml b/infer/src/nullsafe/EradicateReporting.ml
@@ -25,7 +25,13 @@ let report_error {IntraproceduralAnalysis.proc_desc; tenv; err_log} checker ?(fi
   let proc_name = get_proc_name proc_attrs in
   let nullsafe_extra = Some (NullsafeIssue.get_nullsafe_extra nullsafe_issue proc_name) in
   let extras =
-    Jsonbug_t.{nullsafe_extra; cost_degree= None; cost_polynomial= None; copy_type= None}
+    Jsonbug_t.
+      { nullsafe_extra
+      ; cost_degree= None
+      ; cost_polynomial= None
+      ; copy_type= None
+      ; taint_source= None
+      ; taint_sink= None }
   in
   let suppressed = Reporting.is_suppressed tenv proc_attrs issue_type ~field_name in
   if suppressed then Logging.debug Analysis Medium "Reporting is suppressed!@\n"

diff --git a/infer/src/pulse/PulseReport.ml b/infer/src/pulse/PulseReport.ml
@@ -26,7 +26,13 @@ let report ~is_suppressed ~latent proc_desc err_log diagnostic =
     in
     let extras =
       let copy_type = get_copy_type diagnostic |> Option.map ~f:Typ.to_string in
-      Jsonbug_t.{cost_polynomial= None; cost_degree= None; nullsafe_extra= None; copy_type}
+      Jsonbug_t.
+        { cost_polynomial= None
+        ; cost_degree= None
+        ; nullsafe_extra= None
+        ; copy_type
+        ; taint_source= None
+        ; taint_sink= None }
     in
     Reporting.log_issue proc_desc err_log ~loc:(get_location diagnostic)
       ~ltr:(extra_trace @ get_trace diagnostic)