Add two reduced testcases

t1mlange · t1mlange · commit 1a58260a2e5b · 2022-12-12T16:03:17.000+01:00
diff --git a/soot-infoflow/test/soot/jimple/infoflow/test/HeapTestCode.java b/soot-infoflow/test/soot/jimple/infoflow/test/HeapTestCode.java
@@ -1543,4 +1543,32 @@ public void aliasWithOverwriteTest4() {
 		cm.publish(j.f.str);
 	}
 
+	class Inner {
+		String secret;
+	}
+
+	Inner field = new Inner();
+	public void innerFieldReductionTestNegative() {
+		// Inner class constructor has this has an implicit parameter. Backward, here this.field.secret is tainted and
+		// propagated into the inner constructor. Then, inside the constructor at the following line
+		//      this(HeapTestCode$Inner).<soot.jimple.infoflow.test.HeapTestCode$Inner: soot.jimple.infoflow.test.HeapTestCode this$0> = this$0;
+		// the access path this$0.<HeapTestCode: Inner field>.<Inner: String secret> is first extended to
+		//      this(HeapTestCode$Inner).<HeapTestCode$Inner: HeapTestCode this$0>.<HeapTestCode: HeapTestCode$Inner field>.<HeapTestCode$Inner: String secret>
+		// and then reduced due to recursive types to
+		//      this(HeapTestCode$Inner).<HeapTestCode$Inner: String secret>
+		// but that case is definitely not a recursive data structure and wrong.
+		Inner local = new Inner();
+		local.secret = TelephonyManager.getDeviceId();
+		ConnectionManager cm = new ConnectionManager();
+		cm.publish(field.secret);
+	}
+
+	public void innerFieldReductionTestNegative2() {
+		// Same bug as in innerFieldReductionTestNegative but this structured
+		// such that the bug is triggered in the forward analysis.
+		field.secret = TelephonyManager.getDeviceId();
+		Inner local = new Inner();
+		ConnectionManager cm = new ConnectionManager();
+		cm.publish(local.secret);
+	}
 }
diff --git a/soot-infoflow/test/soot/jimple/infoflow/test/junit/HeapTests.java b/soot-infoflow/test/soot/jimple/infoflow/test/junit/HeapTests.java
@@ -37,6 +37,7 @@
 import soot.jimple.infoflow.data.AccessPath;
 import soot.jimple.infoflow.data.SootMethodAndClass;
 import soot.jimple.infoflow.entryPointCreators.DefaultEntryPointCreator;
+import soot.jimple.infoflow.entryPointCreators.SequentialEntryPointCreator;
 import soot.jimple.infoflow.results.InfoflowResults;
 import soot.jimple.infoflow.sourcesSinks.definitions.MethodSourceSinkDefinition;
 import soot.jimple.infoflow.sourcesSinks.manager.ISourceSinkManager;
@@ -1229,4 +1230,21 @@ public void aliasWithOverwriteTest4() {
 		checkInfoflow(infoflow, 1);
 	}
 
+	@Test(timeout = 300000)
+	public void innerFieldReductionTestNegative() {
+		IInfoflow infoflow = initInfoflow();
+		List<String> epoints = new ArrayList<String>();
+		epoints.add("<soot.jimple.infoflow.test.HeapTestCode: void innerFieldReductionTestNegative()>");
+		infoflow.computeInfoflow(appPath, libPath, new SequentialEntryPointCreator(epoints), sources, sinks);
+		negativeCheckInfoflow(infoflow);
+	}
+
+	@Test(timeout = 300000)
+	public void innerFieldReductionTestNegative2() {
+		IInfoflow infoflow = initInfoflow();
+		List<String> epoints = new ArrayList<String>();
+		epoints.add("<soot.jimple.infoflow.test.HeapTestCode: void innerFieldReductionTestNegative2()>");
+		infoflow.computeInfoflow(appPath, libPath, new SequentialEntryPointCreator(epoints), sources, sinks);
+		negativeCheckInfoflow(infoflow);
+	}
 }
