Skip to content

Commit

Permalink
Error out on more invalid model syntax
Browse files Browse the repository at this point in the history
Summary: I found out a few other cases where we silently parse an invalid taint annotation. Let's fix it.

Reviewed By: dkgi

Differential Revision: D48202458

fbshipit-source-id: 5567842ae3a446348153b8c166a2685b1197bcb2
  • Loading branch information
arthaud authored and facebook-github-bot committed Aug 10, 2023
1 parent 2d9bdb5 commit 4667433
Show file tree
Hide file tree
Showing 2 changed files with 22 additions and 4 deletions.
9 changes: 5 additions & 4 deletions source/interprocedural_analyses/taint/modelParser.ml
Original file line number Diff line number Diff line change
Expand Up @@ -287,14 +287,16 @@ let rec parse_annotations
}
when is_base_name callee "WithTag" ->
Ok (Some value)
| Expression.Call _ ->
| Expression.Name (Name.Identifier _) when not is_object_target ->
(* This should be the parameter name. *)
Ok None
| Tuple expressions -> List.map expressions ~f:extract_via_tag |> all >>| List.find_map ~f:ident
| _ ->
Error
(annotation_error
(Format.sprintf
"Invalid expression in ViaValueOf or ViaTypeOf declaration: %s"
(Expression.show expression)))
| Tuple expressions -> List.map expressions ~f:extract_via_tag |> all >>| List.find_map ~f:ident
| _ -> Ok None
in
let rec extract_names expression =
match expression.Node.value with
Expand Down Expand Up @@ -334,7 +336,6 @@ let rec parse_annotations
| "Collapse" -> Ok (TaintKindsWithFeatures.from_collapse_depth CollapseDepth.Collapse)
| "NoCollapse" -> Ok (TaintKindsWithFeatures.from_collapse_depth CollapseDepth.NoCollapse)
| taint_kind -> Ok (TaintKindsWithFeatures.from_kind (Kind.from_name taint_kind)))
| Name (Name.Attribute { base; _ }) -> extract_kinds_with_features base
| Call { callee; arguments = [{ Call.Argument.value = argument; _ }] } -> (
match base_name callee with
| Some "Via" -> extract_breadcrumbs argument >>| TaintKindsWithFeatures.from_breadcrumbs
Expand Down
17 changes: 17 additions & 0 deletions source/interprocedural_analyses/taint/test/modelTest.ml
Original file line number Diff line number Diff line change
Expand Up @@ -2643,6 +2643,23 @@ let test_invalid_models context =
"`TaintSource[WithSubkind[A][B]]` is an invalid taint annotation: Invalid expression for \
taint kind: WithSubkind[A][B]"
();
assert_invalid_model
~source:"def f(x: int): ..."
~model_source:"def test.f(x) -> TaintSource[Test.attribute]: ..."
~expect:
"`TaintSource[Test.attribute]` is an invalid taint annotation: Invalid expression for taint \
kind: Test.attribute"
();
assert_invalid_model
~source:{|
class C:
x: int = 0
|}
~model_source:"test.C.x: ViaTypeOf[a.b] = ..."
~expect:
"`ViaTypeOf[a.b]` is an invalid taint annotation: Invalid expression in ViaValueOf or \
ViaTypeOf declaration: a.b"
();
();

(* Test invalid model queries. *)
Expand Down

0 comments on commit 4667433

Please sign in to comment.