From 808b8a7cd6bb761d029485557df3f9898af74955 Mon Sep 17 00:00:00 2001 From: Hrutvik Kanabar Date: Wed, 25 May 2022 08:01:13 -0700 Subject: [PATCH] [pulse][taint][report] Add JSON fields for taint sources/sinks Summary: Add string fields for taint sources and sinks to the `jsonbug` type, in the `extra` field. This will permit clear reporting of taint source/sink flows from the JSON format reports. Reviewed By: dulmarod Differential Revision: D36640831 fbshipit-source-id: 06eb97259ffcdecac0b88e8c2f728e3000fa3ad3 --- infer/src/atd/jsonbug.atd | 2 ++ infer/src/cost/cost.ml | 4 +++- infer/src/nullsafe/ClassLevelAnalysis.ml | 4 +++- infer/src/nullsafe/EradicateReporting.ml | 8 +++++++- infer/src/pulse/PulseReport.ml | 8 +++++++- 5 files changed, 22 insertions(+), 4 deletions(-) diff --git a/infer/src/atd/jsonbug.atd b/infer/src/atd/jsonbug.atd index 7672007fba6..e3f0588cf19 100644 --- a/infer/src/atd/jsonbug.atd +++ b/infer/src/atd/jsonbug.atd @@ -100,6 +100,8 @@ type extra = { ?cost_degree : int option; ?nullsafe_extra : nullsafe_extra option; ?copy_type : string option; + ?taint_source : string option; + ?taint_sink : string option; } type jsonbug = { diff --git a/infer/src/cost/cost.ml b/infer/src/cost/cost.ml index 0c24250890c..7629efeb737 100644 --- a/infer/src/cost/cost.ml +++ b/infer/src/cost/cost.ml @@ -255,7 +255,9 @@ let compute_errlog_extras cost = { cost_polynomial= Some (Format.asprintf "%a" BasicCostWithReason.pp_hum cost) ; cost_degree= BasicCostWithReason.degree cost |> Option.map ~f:Polynomials.Degree.encode_to_int ; nullsafe_extra= None - ; copy_type= None } + ; copy_type= None + ; taint_source= None + ; taint_sink= None } (** Calculate the final Worst Case Cost of the cfg. It is the dot product of the symbolic cost of diff --git a/infer/src/nullsafe/ClassLevelAnalysis.ml b/infer/src/nullsafe/ClassLevelAnalysis.ml index 24f1e5d6435..5e7fe0b24be 100644 --- a/infer/src/nullsafe/ClassLevelAnalysis.ml +++ b/infer/src/nullsafe/ClassLevelAnalysis.ml @@ -14,7 +14,9 @@ let log_issue ?proc_name ~issue_log ~loc ~severity ~nullsafe_extra issue_type er { nullsafe_extra= Some nullsafe_extra ; cost_polynomial= None ; cost_degree= None - ; copy_type= None } + ; copy_type= None + ; taint_source= None + ; taint_sink= None } in let proc_name = Option.value proc_name ~default:Procname.Linters_dummy_method in let trace = [Errlog.make_trace_element 0 loc error_message []] in diff --git a/infer/src/nullsafe/EradicateReporting.ml b/infer/src/nullsafe/EradicateReporting.ml index aceb7ebfcfc..98213cf6395 100644 --- a/infer/src/nullsafe/EradicateReporting.ml +++ b/infer/src/nullsafe/EradicateReporting.ml @@ -25,7 +25,13 @@ let report_error {IntraproceduralAnalysis.proc_desc; tenv; err_log} checker ?(fi let proc_name = get_proc_name proc_attrs in let nullsafe_extra = Some (NullsafeIssue.get_nullsafe_extra nullsafe_issue proc_name) in let extras = - Jsonbug_t.{nullsafe_extra; cost_degree= None; cost_polynomial= None; copy_type= None} + Jsonbug_t. + { nullsafe_extra + ; cost_degree= None + ; cost_polynomial= None + ; copy_type= None + ; taint_source= None + ; taint_sink= None } in let suppressed = Reporting.is_suppressed tenv proc_attrs issue_type ~field_name in if suppressed then Logging.debug Analysis Medium "Reporting is suppressed!@\n" diff --git a/infer/src/pulse/PulseReport.ml b/infer/src/pulse/PulseReport.ml index 31cdb13544d..20f3a213768 100644 --- a/infer/src/pulse/PulseReport.ml +++ b/infer/src/pulse/PulseReport.ml @@ -26,7 +26,13 @@ let report ~is_suppressed ~latent proc_desc err_log diagnostic = in let extras = let copy_type = get_copy_type diagnostic |> Option.map ~f:Typ.to_string in - Jsonbug_t.{cost_polynomial= None; cost_degree= None; nullsafe_extra= None; copy_type} + Jsonbug_t. + { cost_polynomial= None + ; cost_degree= None + ; nullsafe_extra= None + ; copy_type + ; taint_source= None + ; taint_sink= None } in Reporting.log_issue proc_desc err_log ~loc:(get_location diagnostic) ~ltr:(extra_trace @ get_trace diagnostic)