hphp/test/taint/members/members.php

   1 <?hh
   2
   3 function __source(): int { return 1; }
   4 function __sink(int $input): void {}
   5
   6 class MyClass {
   7   public int $attribute;
   8   public static int $static;
   9 }
  10
  11 function source_through_attribute_into_sink(): void {
  12   $object = new MyClass();
  13   $object->attribute = __source();
  14   __sink($object->attribute);
  15 }
  16
  17 function into_sink(MyClass $object): void {
  18   __sink($object->attribute);
  19 }
  20
  21 function source_through_attribute_dereferenced_in_callee(): void {
  22   $object = new MyClass();
  23   $object->attribute = __source();
  24   into_sink($object);
  25 }
  26
  27 function __sink_with_shape(shape('data' => int) $input): void {}
  28
  29 function source_through_shape_into_sink(): void {
  30   $shape = shape('data' => __source());
  31   __sink_with_shape($shape);
  32 }
  33
  34 function objects_of_same_class_are_not_mixed_up(): void {
  35   $foo = new MyClass();
  36   $foo->attribute = __source();
  37   $bar = new MyClass();
  38   $bar->attribute = 1;
  39   // This should be flagged
  40   __sink($foo->attribute);
  41   // This should not
  42   __sink($bar->attribute);
  43   $bar->attribute = $foo->attribute;
  44   $foo->attribute = 1;
  45   // This should be flagged
  46   __sink($bar->attribute);
  47   // This should not
  48   __sink($foo->attribute);
  49 }
  50
  51 function object_reassignment_propagates_taint(): void {
  52   $foo = new MyClass();
  53   $foo->attribute = __source();
  54   $bar = new MyClass();
  55   $bar->attribute = 1;
  56   $bar = $foo;
  57   // This should be flagged
  58   __sink($bar->attribute);
  59 }
  60
  61 function objects_are_properly_tracked_as_shallow_copies(): void {
  62   $foo = new MyClass();
  63   $foo->attribute = 1;
  64   $bar = $foo;
  65   // Neither should be flagged
  66   __sink($foo->attribute);
  67   __sink($bar->attribute);
  68   $foo->attribute = __source();
  69   // Both should be flagged
  70   __sink($foo->attribute);
  71   __sink($bar->attribute);
  72 }
  73
  74 function source_through_static_into_sink(): void {
  75   MyClass::$static = __source();
  76   // This is a valid flow
  77   __sink(MyClass::$static);
  78   MyClass::$static = 1;
  79   // This is not
  80   __sink(MyClass::$static);
  81   MyClass::$static += __source();
  82   // This is
  83   __sink(MyClass::$static);
  84 }
  85
  86 <<__EntryPoint>> function main(): void {
  87   source_through_attribute_into_sink();
  88   source_through_attribute_dereferenced_in_callee();
  89   source_through_shape_into_sink();
  90   objects_of_same_class_are_not_mixed_up();
  91   object_reassignment_propagates_taint();
  92   objects_are_properly_tracked_as_shallow_copies();
  93   source_through_static_into_sink();
  94 }