From ffb8dba8e0ee44aefa567011ef2fec2795344b59 Mon Sep 17 00:00:00 2001 From: Mistral Orhan Jean-Pierre Contrastin Date: Wed, 29 Jul 2020 05:45:02 -0700 Subject: [PATCH] Improvements around parsing/logging security lattice Summary: - Make sure the input is upcased before parsing purpose - Log the security lattice when running verbosely Reviewed By: zilberstein Differential Revision: D22791093 fbshipit-source-id: cd532b2934699ed20a3171c049652d5a01462acb --- hphp/hack/src/ifc/ifc.ml | 4 ++++ hphp/hack/src/ifc/ifc_pretty.ml | 5 +++++ hphp/hack/src/ifc/ifc_security_lattice.ml | 5 +++-- hphp/hack/test/ifc/analysis/basics.php.exp | 3 +++ hphp/hack/test/ifc/analysis/calls_basics.php.exp | 3 +++ hphp/hack/test/ifc/analysis/catch.php.exp | 3 +++ hphp/hack/test/ifc/analysis/early_return.php.exp | 3 +++ hphp/hack/test/ifc/analysis/exceptions.php.exp | 3 +++ hphp/hack/test/ifc/analysis/generic.php.exp | 3 +++ hphp/hack/test/ifc/analysis/generic_inheritance.php.exp | 3 +++ hphp/hack/test/ifc/analysis/inheritance.php.exp | 3 +++ hphp/hack/test/ifc/analysis/inheritance2.php.exp | 3 +++ hphp/hack/test/ifc/analysis/new.php.exp | 3 +++ hphp/hack/test/ifc/analysis/property.php.exp | 3 +++ hphp/hack/test/ifc/analysis/purpose.php.exp | 3 +++ hphp/hack/test/ifc/analysis/recursive_class.php.exp | 3 +++ hphp/hack/test/ifc/analysis/unpolicied_fields.php.exp | 3 +++ hphp/hack/test/ifc/analysis/vec.php.exp | 3 +++ 18 files changed, 57 insertions(+), 2 deletions(-) diff --git a/hphp/hack/src/ifc/ifc.ml b/hphp/hack/src/ifc/ifc.ml index 26030c0cf8c..c5c3099ab11 100644 --- a/hphp/hack/src/ifc/ifc.ml +++ b/hphp/hack/src/ifc/ifc.ml @@ -872,6 +872,10 @@ let do_ opts files_info ctx = fail "lattice parsing error: lattice specification should be `;` basic flux constraints, e.g., `A < B`" in + + if opts.verbosity >= 3 then + Format.printf "@[Lattice:@. %a@]\n\n" Pp.security_lattice lattice; + let log_checking name (_, simple) = let violations = try Ifc_security_lattice.check_exn lattice simple diff --git a/hphp/hack/src/ifc/ifc_pretty.ml b/hphp/hack/src/ifc/ifc_pretty.ml index 77deca794ae..663286bf71e 100644 --- a/hphp/hack/src/ifc/ifc_pretty.ml +++ b/hphp/hack/src/ifc/ifc_pretty.ml @@ -200,3 +200,8 @@ let decl_env fmt de = let violation fmt (l, r) = fprintf fmt "Data with policy %a appears in context %a." policy l policy r + +let security_lattice fmt lattice = + let flow fmt (l, r) = fprintf fmt "%a < %a" policy l policy r in + let flows = FlowSet.elements lattice in + fprintf fmt "{%a}" (list comma_sep flow) flows diff --git a/hphp/hack/src/ifc/ifc_security_lattice.ml b/hphp/hack/src/ifc/ifc_security_lattice.ml index b0fac82910d..2fe223bd580 100644 --- a/hphp/hack/src/ifc/ifc_security_lattice.ml +++ b/hphp/hack/src/ifc/ifc_security_lattice.ml @@ -18,10 +18,11 @@ exception Invalid_security_lattice exception Checking_error -let parse_policy = function +let parse_policy purpose_str = + match String.uppercase purpose_str with | "PUBLIC" -> Pbot | "PRIVATE" -> Ptop - | pur -> Ppurpose (String.uppercase pur) + | purpose -> Ppurpose purpose (* Parses a Hasse diagram written in a ';' separated format, * e.g., "A < B; B < C; A < D" diff --git a/hphp/hack/test/ifc/analysis/basics.php.exp b/hphp/hack/test/ifc/analysis/basics.php.exp index 0bd9d04519d..c859fdf8bd8 100644 --- a/hphp/hack/test/ifc/analysis/basics.php.exp +++ b/hphp/hack/test/ifc/analysis/basics.php.exp @@ -85,3 +85,6 @@ Flow constraints for \condition: [$a0 < $x, $a2 < $x, $a1 < $x'1, $a2 < $x'1, $x < $x'2, $x'1 < $x'2, $x'2 < ret] +Lattice: + {PUBLIC < PRIVATE} + diff --git a/hphp/hack/test/ifc/analysis/calls_basics.php.exp b/hphp/hack/test/ifc/analysis/calls_basics.php.exp index 6633d81ef3a..a30d18e2e7b 100644 --- a/hphp/hack/test/ifc/analysis/calls_basics.php.exp +++ b/hphp/hack/test/ifc/analysis/calls_basics.php.exp @@ -201,6 +201,9 @@ Flow constraints for \indirect_flow_a_to_b_bis: [d < B, a < B, b < B, .b < a, pcjoin < b, B < B, B < B, A < A, A < A, lump'2 = c, \C'1 < d, e < \C#setb_ret]] +Lattice: + {PUBLIC < PRIVATE} + There are privacy policy errors in \flow_a_to_b: Data with policy A appears in context B. diff --git a/hphp/hack/test/ifc/analysis/catch.php.exp b/hphp/hack/test/ifc/analysis/catch.php.exp index 0f8e25bdac5..7a83b11a8fc 100644 --- a/hphp/hack/test/ifc/analysis/catch.php.exp +++ b/hphp/hack/test/ifc/analysis/catch.php.exp @@ -118,6 +118,9 @@ Flow constraints for \throw_in_catch: lump'2 = lump, \Exception'1 < \Exception, \X < B, PUBLIC < B, .a < B, pc < B] +Lattice: + {PUBLIC < PRIVATE} + There are privacy policy errors in \do_not_leak_pc_after_catch: Data with policy PUBLIC appears in context B. diff --git a/hphp/hack/test/ifc/analysis/early_return.php.exp b/hphp/hack/test/ifc/analysis/early_return.php.exp index 0b91ba17cb4..aa9a59156b6 100644 --- a/hphp/hack/test/ifc/analysis/early_return.php.exp +++ b/hphp/hack/test/ifc/analysis/early_return.php.exp @@ -72,6 +72,9 @@ Flow constraints for \earlyReturn: [SECRET < .data, \PoliciedData < .data, \PublicData = PUBLIC, PUBLIC = PUBLIC, .data = PUBLIC, pc = PUBLIC] +Lattice: + {PUBLIC < PRIVATE} + There are privacy policy errors in \earlyReturn: Data with policy SECRET appears in context PUBLIC. diff --git a/hphp/hack/test/ifc/analysis/exceptions.php.exp b/hphp/hack/test/ifc/analysis/exceptions.php.exp index f53e423a73d..afec0e9a07d 100644 --- a/hphp/hack/test/ifc/analysis/exceptions.php.exp +++ b/hphp/hack/test/ifc/analysis/exceptions.php.exp @@ -74,6 +74,9 @@ Flow constraints for \f: [.valuex = PRIVATE, \X < .valuex, lump'3 = lump, \Exception'1 < \Exception, \Y = PUBLIC, PUBLIC = PUBLIC, .valuex = PUBLIC, pc = PUBLIC] +Lattice: + {PUBLIC < PRIVATE} + There are privacy policy errors in \f: Data with policy PRIVATE appears in context PUBLIC. diff --git a/hphp/hack/test/ifc/analysis/generic.php.exp b/hphp/hack/test/ifc/analysis/generic.php.exp index cdfdfffe3d5..8e3da3eb754 100644 --- a/hphp/hack/test/ifc/analysis/generic.php.exp +++ b/hphp/hack/test/ifc/analysis/generic.php.exp @@ -46,3 +46,6 @@ Flow constraints for \testVariance: [tp'2 < tp'5, tp'5 < tp'2, tp'1 < tp'4, tp'3 < tp, lump'2 = lump'1, \G'1 < \G] +Lattice: + {PUBLIC < PRIVATE} + diff --git a/hphp/hack/test/ifc/analysis/generic_inheritance.php.exp b/hphp/hack/test/ifc/analysis/generic_inheritance.php.exp index eb126ba2f13..dd94ebc30de 100644 --- a/hphp/hack/test/ifc/analysis/generic_inheritance.php.exp +++ b/hphp/hack/test/ifc/analysis/generic_inheritance.php.exp @@ -164,3 +164,6 @@ Flow constraints for \trait_: Simplified: True Raw: [tp'1 < tp, lump'2 = lump'1, \L'1 < \L] +Lattice: + {PUBLIC < PRIVATE} + diff --git a/hphp/hack/test/ifc/analysis/inheritance.php.exp b/hphp/hack/test/ifc/analysis/inheritance.php.exp index 5fc99e7b56e..04998812502 100644 --- a/hphp/hack/test/ifc/analysis/inheritance.php.exp +++ b/hphp/hack/test/ifc/analysis/inheritance.php.exp @@ -10,3 +10,6 @@ Decls: class \Z: { policied_props = [replicaPP, replicaPU, replicaUP] } class \ZTrait: { policied_props = [replicaPP, replicaPU] } +Lattice: + {PUBLIC < PRIVATE} + diff --git a/hphp/hack/test/ifc/analysis/inheritance2.php.exp b/hphp/hack/test/ifc/analysis/inheritance2.php.exp index e80bef64bc7..b34bf2469c1 100644 --- a/hphp/hack/test/ifc/analysis/inheritance2.php.exp +++ b/hphp/hack/test/ifc/analysis/inheritance2.php.exp @@ -28,6 +28,9 @@ Flow constraints for \test: [P3 < .k, \B < .k, \B < P1, .k < P1, pc < P1, P3 < .k'1, \B < .k'1, \B < P2, .k'1 < P2, pc < P2] +Lattice: + {PUBLIC < PRIVATE} + There are privacy policy errors in \test: Data with policy P3 appears in context P2. Data with policy P3 appears in context P1. diff --git a/hphp/hack/test/ifc/analysis/new.php.exp b/hphp/hack/test/ifc/analysis/new.php.exp index 9e4b5f85297..9a1122580f2 100644 --- a/hphp/hack/test/ifc/analysis/new.php.exp +++ b/hphp/hack/test/ifc/analysis/new.php.exp @@ -80,6 +80,9 @@ Flow constraints for \f: e < \Y#__construct_ret], PUBLIC = PUBLIC, PUBLIC = PUBLIC, lump'5 = lump'6, \Y'1 < \Y'2, .valuex < \Y'2] +Lattice: + {PUBLIC < PRIVATE} + There are privacy policy errors in \f: Data with policy PRIVATE appears in context PUBLIC. diff --git a/hphp/hack/test/ifc/analysis/property.php.exp b/hphp/hack/test/ifc/analysis/property.php.exp index dd1bcf52770..0c035d5cdff 100644 --- a/hphp/hack/test/ifc/analysis/property.php.exp +++ b/hphp/hack/test/ifc/analysis/property.php.exp @@ -209,3 +209,6 @@ Flow constraints for \tlSetOtherBool: [\Other < .other, \My < .other, .other < .oBool, $bool < .oBool, pc < .oBool] +Lattice: + {PUBLIC < PRIVATE} + diff --git a/hphp/hack/test/ifc/analysis/purpose.php.exp b/hphp/hack/test/ifc/analysis/purpose.php.exp index f1c1737bb84..0a942cbb559 100644 --- a/hphp/hack/test/ifc/analysis/purpose.php.exp +++ b/hphp/hack/test/ifc/analysis/purpose.php.exp @@ -128,6 +128,9 @@ Flow constraints for \D#__construct: Simplified: True Raw: [\D < lump'1, $di < lump'1, pc < lump'1] +Lattice: + {PUBLIC < PRIVATE} + There are privacy policy errors in \C#writeDeep: Data with policy PUBLIC appears in context SECRET. diff --git a/hphp/hack/test/ifc/analysis/recursive_class.php.exp b/hphp/hack/test/ifc/analysis/recursive_class.php.exp index d0e60bd7f98..4dc64b5b145 100644 --- a/hphp/hack/test/ifc/analysis/recursive_class.php.exp +++ b/hphp/hack/test/ifc/analysis/recursive_class.php.exp @@ -72,3 +72,6 @@ Flow constraints for \R#recursiveWrite: [lump'1 < .r, \R < .r, lump'1 < .r'1, .r < .r'1, lump'1 < .r'2, .r'1 < .r'2, .r'2 < lump'1, PUBLIC < lump'1, pc < lump'1] +Lattice: + {PUBLIC < PRIVATE} + diff --git a/hphp/hack/test/ifc/analysis/unpolicied_fields.php.exp b/hphp/hack/test/ifc/analysis/unpolicied_fields.php.exp index 09d8778dc7c..77fec59d58a 100644 --- a/hphp/hack/test/ifc/analysis/unpolicied_fields.php.exp +++ b/hphp/hack/test/ifc/analysis/unpolicied_fields.php.exp @@ -111,3 +111,6 @@ Flow constraints for \D#__construct: Simplified: True Raw: [\D < lump'1, $di < lump'1, pc < lump'1] +Lattice: + {PUBLIC < PRIVATE} + diff --git a/hphp/hack/test/ifc/analysis/vec.php.exp b/hphp/hack/test/ifc/analysis/vec.php.exp index 7e49def710c..f91f1320d97 100644 --- a/hphp/hack/test/ifc/analysis/vec.php.exp +++ b/hphp/hack/test/ifc/analysis/vec.php.exp @@ -575,6 +575,9 @@ Flow constraints for \testCollection: tp'27 < tp'7, tp'28 < tp'8, tp'29 < tp'9, lump'3 = lump'1, \HH\vec'2 < \HH\vec] +Lattice: + {PUBLIC < PRIVATE} + There are privacy policy errors in \C#mutation: Data with policy INT appears in context VEC. -- 2.11.4.GIT