[hack] Add an FN example with closures

Summary: Here we have a taint sink inside a closure. Closure's `$static.__invoke` has the tainting info, however the tainting info gets lost between `$static.__invoke` and instance's `__invoke` Reviewed By: davidpichardie Differential Revision: D45950604 fbshipit-source-id: b009a426e9b9f1b32429bb7b5f1aad6e704e136c
facebook · May 18, 2023 · e12c3da · e12c3da
1 parent 3f8f3b6
commit e12c3da
Showing 1 changed file with 26 additions and 0 deletions.
diff --git a/infer/tests/codetoanalyze/hack/pulse/closures.hack b/infer/tests/codetoanalyze/hack/pulse/closures.hack
@@ -0,0 +1,26 @@
+// Copyright (c) Facebook, Inc. and its affiliates.
+//
+// This source code is licensed under the MIT license found in the
+// LICENSE file in the root directory of this source tree.
+
+namespace Closures;
+
+class Delayed {
+  public function startAndWait((function(): Awaitable<void>) $action) : void {
+    \HH\Asio\join($action());
+  }
+}
+
+class Utils {
+  public function logDelayed(mixed $data) : void {
+    new Delayed()->startAndWait(async () ==> {
+      \Level1\taintSink($data);
+    });
+  }
+}
+
+class C1 {
+  public function FN_f1Bad(SensitiveClass $sc) : void {
+    new Utils()->logDelayed($sc);
+  }
+}