Add integration test for false positive due to attribute assignments (see #179)

arthaud · facebook-github-bot · commit e6181f6bb562 · 2025-03-17T09:19:08.000-07:00
Summary: As titled.

Reviewed By: anwesht

Differential Revision: D71311222

fbshipit-source-id: 7e718d7de5db5bb5d0e5518975951ff8eb029528
diff --git a/source/tests/integration/end-to-end/code/strong_update/Flow.java b/source/tests/integration/end-to-end/code/strong_update/Flow.java
@@ -45,7 +45,20 @@ public Object field_getter() {
   }
 
   public void no_issue_inlining() {
+    this.field = Origin.source();
     field_setter(new Object());
     Origin.sink(field_getter());
   }
+
+  // TODO(T218206443): False positive with field assignment to non-tainted value
+
+  public void field_set_empty() {
+    this.field = new Object();
+  }
+
+  public void no_issue_field_set_empty() {
+    this.field = Origin.source();
+    field_set_empty();
+    Origin.sink(this.field);
+  }
 }
diff --git a/source/tests/integration/end-to-end/code/strong_update/expected_call_graph.json b/source/tests/integration/end-to-end/code/strong_update/expected_call_graph.json
@@ -225,6 +225,13 @@
       "Ljava/lang/Object;.<init>:()V"
     ]
   },
+  "Lcom/facebook/marianatrench/integrationtests/Flow;.field_set_empty:()V" : 
+  {
+    "static" : 
+    [
+      "Ljava/lang/Object;.<init>:()V"
+    ]
+  },
   "Lcom/facebook/marianatrench/integrationtests/Flow;.issue_propagation:()V" : 
   {
     "static" : 
@@ -237,6 +244,18 @@
       "Lcom/facebook/marianatrench/integrationtests/Flow;.add_propagation:(Ljava/lang/Object;)V"
     ]
   },
+  "Lcom/facebook/marianatrench/integrationtests/Flow;.no_issue_field_set_empty:()V" : 
+  {
+    "static" : 
+    [
+      "Lcom/facebook/marianatrench/integrationtests/Origin;.sink:(Ljava/lang/Object;)V",
+      "Lcom/facebook/marianatrench/integrationtests/Origin;.source:()Ljava/lang/Object;"
+    ],
+    "virtual" : 
+    [
+      "Lcom/facebook/marianatrench/integrationtests/Flow;.field_set_empty:()V"
+    ]
+  },
   "Lcom/facebook/marianatrench/integrationtests/Flow;.no_issue_generation:()V" : 
   {
     "static" : 
@@ -253,6 +272,7 @@
     "static" : 
     [
       "Lcom/facebook/marianatrench/integrationtests/Origin;.sink:(Ljava/lang/Object;)V",
+      "Lcom/facebook/marianatrench/integrationtests/Origin;.source:()Ljava/lang/Object;",
       "Ljava/lang/Object;.<init>:()V"
     ],
     "virtual" : 
diff --git a/source/tests/integration/end-to-end/code/strong_update/expected_dependencies.json b/source/tests/integration/end-to-end/code/strong_update/expected_dependencies.json
@@ -43,20 +43,27 @@
   [
     "Lcom/facebook/marianatrench/integrationtests/Flow;.no_issue_inlining:()V"
   ],
+  "Lcom/facebook/marianatrench/integrationtests/Flow;.field_set_empty:()V" : 
+  [
+    "Lcom/facebook/marianatrench/integrationtests/Flow;.no_issue_field_set_empty:()V"
+  ],
   "Lcom/facebook/marianatrench/integrationtests/Flow;.field_setter:(Ljava/lang/Object;)V" : 
   [
     "Lcom/facebook/marianatrench/integrationtests/Flow;.no_issue_inlining:()V"
   ],
   "Lcom/facebook/marianatrench/integrationtests/Origin;.sink:(Ljava/lang/Object;)V" : 
   [
     "Lcom/facebook/marianatrench/integrationtests/Flow;.issue_propagation:()V",
+    "Lcom/facebook/marianatrench/integrationtests/Flow;.no_issue_field_set_empty:()V",
     "Lcom/facebook/marianatrench/integrationtests/Flow;.no_issue_generation:()V",
     "Lcom/facebook/marianatrench/integrationtests/Flow;.no_issue_inlining:()V"
   ],
   "Lcom/facebook/marianatrench/integrationtests/Origin;.source:()Ljava/lang/Object;" : 
   [
     "Lcom/facebook/marianatrench/integrationtests/Flow;.add_generation:()V",
-    "Lcom/facebook/marianatrench/integrationtests/Flow;.issue_propagation:()V"
+    "Lcom/facebook/marianatrench/integrationtests/Flow;.issue_propagation:()V",
+    "Lcom/facebook/marianatrench/integrationtests/Flow;.no_issue_field_set_empty:()V",
+    "Lcom/facebook/marianatrench/integrationtests/Flow;.no_issue_inlining:()V"
   ],
   "Lcom/facebook/secure/context/IntentLauncher;.<init>:()V" : 
   [
@@ -101,6 +108,7 @@
     "Lcom/facebook/marianatrench/integrationtests/Flow;.<init>:()V",
     "Lcom/facebook/marianatrench/integrationtests/Flow;.add_generation:()V",
     "Lcom/facebook/marianatrench/integrationtests/Flow;.add_propagation:(Ljava/lang/Object;)V",
+    "Lcom/facebook/marianatrench/integrationtests/Flow;.field_set_empty:()V",
     "Lcom/facebook/marianatrench/integrationtests/Flow;.no_issue_inlining:()V",
     "Lcom/facebook/marianatrench/integrationtests/Origin;.<init>:()V",
     "Lcom/facebook/marianatrench/integrationtests/Origin;.source:()Ljava/lang/Object;",
diff --git a/source/tests/integration/end-to-end/code/strong_update/expected_output.json b/source/tests/integration/end-to-end/code/strong_update/expected_output.json
@@ -1037,6 +1037,14 @@
     }
   ]
 }
+{
+  "method" : "Lcom/facebook/marianatrench/integrationtests/Flow;.field_set_empty:()V",
+  "position" : 
+  {
+    "line" : 55,
+    "path" : "Flow.java"
+  }
+}
 {
   "inline_as_setter" : 
   {
@@ -1269,6 +1277,157 @@
     }
   ]
 }
+{
+  "generations" : 
+  [
+    {
+      "port" : "Argument(0).field",
+      "taint" : 
+      [
+        {
+          "call_info" : 
+          {
+            "call_kind" : "Origin",
+            "port" : "Return",
+            "position" : 
+            {
+              "end" : 29,
+              "line" : 60,
+              "path" : "Flow.java",
+              "start" : 24
+            }
+          },
+          "kinds" : 
+          [
+            {
+              "callee_interval" : 
+              [
+                32,
+                33
+              ],
+              "kind" : "Source",
+              "origins" : 
+              [
+                {
+                  "method" : "Lcom/facebook/marianatrench/integrationtests/Origin;.source:()Ljava/lang/Object;",
+                  "port" : "Return"
+                }
+              ],
+              "preserves_type_context" : true
+            }
+          ],
+          "local_positions" : 
+          [
+            {
+              "end" : 32,
+              "line" : 60,
+              "start" : 17
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "issues" : 
+  [
+    {
+      "callee" : "Lcom/facebook/marianatrench/integrationtests/Origin;.sink:(Ljava/lang/Object;)V",
+      "position" : 
+      {
+        "line" : 62,
+        "path" : "Flow.java"
+      },
+      "rule" : 1,
+      "sink_index" : "0",
+      "sinks" : 
+      [
+        {
+          "call_info" : 
+          {
+            "call_kind" : "Origin",
+            "port" : "Argument(0)",
+            "position" : 
+            {
+              "end" : 25,
+              "line" : 62,
+              "path" : "Flow.java",
+              "start" : 16
+            }
+          },
+          "kinds" : 
+          [
+            {
+              "callee_interval" : 
+              [
+                32,
+                33
+              ],
+              "kind" : "Sink",
+              "origins" : 
+              [
+                {
+                  "method" : "Lcom/facebook/marianatrench/integrationtests/Origin;.sink:(Ljava/lang/Object;)V",
+                  "port" : "Argument(0)"
+                }
+              ],
+              "preserves_type_context" : true
+            }
+          ]
+        }
+      ],
+      "sources" : 
+      [
+        {
+          "call_info" : 
+          {
+            "call_kind" : "Origin",
+            "port" : "Return",
+            "position" : 
+            {
+              "end" : 29,
+              "line" : 60,
+              "path" : "Flow.java",
+              "start" : 24
+            }
+          },
+          "kinds" : 
+          [
+            {
+              "callee_interval" : 
+              [
+                32,
+                33
+              ],
+              "kind" : "Source",
+              "origins" : 
+              [
+                {
+                  "method" : "Lcom/facebook/marianatrench/integrationtests/Origin;.source:()Ljava/lang/Object;",
+                  "port" : "Return"
+                }
+              ],
+              "preserves_type_context" : true
+            }
+          ],
+          "local_positions" : 
+          [
+            {
+              "end" : 32,
+              "line" : 60,
+              "start" : 17
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "method" : "Lcom/facebook/marianatrench/integrationtests/Flow;.no_issue_field_set_empty:()V",
+  "position" : 
+  {
+    "line" : 59,
+    "path" : "Flow.java"
+  }
+}
 {
   "method" : "Lcom/facebook/marianatrench/integrationtests/Flow;.no_issue_generation:()V",
   "position" : 
