facebook
diff --git a/‎source/interprocedural_analyses/taint/backwardAnalysis.ml‎
Lines changed: 4 additions & 6 deletions b/‎source/interprocedural_analyses/taint/backwardAnalysis.ml‎
Lines changed: 4 additions & 6 deletions
diff --git a/‎source/interprocedural_analyses/taint/domains.ml‎
Lines changed: 156 additions & 0 deletions b/‎source/interprocedural_analyses/taint/domains.ml‎
Lines changed: 156 additions & 0 deletions
diff --git a/‎source/interprocedural_analyses/taint/forwardAnalysis.ml‎
Lines changed: 4 additions & 6 deletions b/‎source/interprocedural_analyses/taint/forwardAnalysis.ml‎
Lines changed: 4 additions & 6 deletions
diff --git a/‎source/interprocedural_analyses/taint/model.ml‎
Lines changed: 3 additions & 3 deletions b/‎source/interprocedural_analyses/taint/model.ml‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎source/interprocedural_analyses/taint/model.mli‎
Lines changed: 1 addition & 1 deletion b/‎source/interprocedural_analyses/taint/model.mli‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎source/interprocedural_analyses/taint/modelParser.ml‎
Lines changed: 16 additions & 12 deletions b/‎source/interprocedural_analyses/taint/modelParser.ml‎
Lines changed: 16 additions & 12 deletions
diff --git a/‎source/interprocedural_analyses/taint/sinks.ml‎
Lines changed: 24 additions & 16 deletions b/‎source/interprocedural_analyses/taint/sinks.ml‎
Lines changed: 24 additions & 16 deletions
diff --git a/‎source/interprocedural_analyses/taint/sinks.mli‎
Lines changed: 7 additions & 3 deletions b/‎source/interprocedural_analyses/taint/sinks.mli‎
Lines changed: 7 additions & 3 deletions
@@ -309,9 +309,7 @@ module AnalysisInstance (FunctionContext : FUNCTION_CONTEXT) = struct
                   BackwardTaint.leaf
                   ByFilter
                   ~f:(fun sink ->
-                    Option.some_if
-                      (not (List.mem ~equal:Sinks.equal sanitized_tito_sinks sink))
-                      sink)
+                    Option.some_if (not (Sinks.Set.mem sink sanitized_tito_sinks)) sink)
                   taint_in_taint_out
                 |> Core.Map.Poly.fold
                      ~init:BackwardState.Tree.bottom
@@ -1143,13 +1141,13 @@ module AnalysisInstance (FunctionContext : FUNCTION_CONTEXT) = struct
 
               let apply_attribute_sanitizers taint =
                 match Model.GlobalModel.get_sanitize global_model with
-                | { TaintResult.Sanitize.sinks = Some AllSinks; _ } -> BackwardState.Tree.empty
-                | { TaintResult.Sanitize.sinks = Some (SpecificSinks sanitized_sinks); _ } ->
+                | { Sanitize.sinks = Some AllSinks; _ } -> BackwardState.Tree.empty
+                | { Sanitize.sinks = Some (SpecificSinks sanitized_sinks); _ } ->
                     BackwardState.Tree.partition
                       BackwardTaint.leaf
                       ByFilter
                       ~f:(fun sink ->
-                        Option.some_if (not (List.mem ~equal:Sinks.equal sanitized_sinks sink)) sink)
+                        Option.some_if (not (Sinks.Set.mem sink sanitized_sinks)) sink)
                       taint
                     |> Core.Map.Poly.fold
                          ~init:BackwardState.Tree.bottom
 
@@ -739,3 +739,159 @@ let local_return_taint =
       Part (Features.ReturnAccessPathSet.Element, []);
       Part (Features.SimpleSet.Self, Features.SimpleSet.empty);
     ]
+
+
+module Sanitize = struct
+  type sanitize_sources =
+    | AllSources
+    | SpecificSources of Sources.Set.t
+  [@@deriving show, eq]
+
+  type sanitize_sinks =
+    | AllSinks
+    | SpecificSinks of Sinks.Set.t
+  [@@deriving show, eq]
+
+  type sanitize_tito =
+    | AllTito
+    | SpecificTito of {
+        sanitized_tito_sources: Sources.Set.t;
+        sanitized_tito_sinks: Sinks.Set.t;
+      }
+  [@@deriving show, eq]
+
+  type sanitize = {
+    sources: sanitize_sources option;
+    sinks: sanitize_sinks option;
+    tito: sanitize_tito option;
+  }
+  [@@deriving show, eq]
+
+  include Abstract.SimpleDomain.Make (struct
+    type t = sanitize
+
+    let name = "sanitize"
+
+    let bottom = { sources = None; sinks = None; tito = None }
+
+    let less_or_equal ~left ~right =
+      if phys_equal left right then
+        true
+      else
+        (match left.sources, right.sources with
+        | None, _ -> true
+        | Some _, None -> false
+        | Some AllSources, Some AllSources -> true
+        | Some AllSources, Some (SpecificSources _) -> false
+        | Some (SpecificSources _), Some AllSources -> true
+        | Some (SpecificSources left), Some (SpecificSources right) -> Sources.Set.subset left right)
+        && (match left.sinks, right.sinks with
+           | None, _ -> true
+           | Some _, None -> false
+           | Some AllSinks, Some AllSinks -> true
+           | Some AllSinks, Some (SpecificSinks _) -> false
+           | Some (SpecificSinks _), Some AllSinks -> true
+           | Some (SpecificSinks left), Some (SpecificSinks right) -> Sinks.Set.subset left right)
+        &&
+        match left.tito, right.tito with
+        | None, _ -> true
+        | Some _, None -> false
+        | Some AllTito, Some AllTito -> true
+        | Some AllTito, Some (SpecificTito _) -> false
+        | Some (SpecificTito _), Some AllTito -> true
+        | Some (SpecificTito left), Some (SpecificTito right) ->
+            Sources.Set.subset left.sanitized_tito_sources right.sanitized_tito_sources
+            && Sinks.Set.subset left.sanitized_tito_sinks right.sanitized_tito_sinks
+
+
+    let join left right =
+      if phys_equal left right then
+        left
+      else
+        let sources =
+          match left.sources, right.sources with
+          | None, Some _ -> right.sources
+          | Some _, None -> left.sources
+          | Some AllSources, _
+          | _, Some AllSources ->
+              Some AllSources
+          | Some (SpecificSources left_sources), Some (SpecificSources right_sources) ->
+              Some (SpecificSources (Sources.Set.union left_sources right_sources))
+          | None, None -> None
+        in
+        let sinks =
+          match left.sinks, right.sinks with
+          | None, Some _ -> right.sinks
+          | Some _, None -> left.sinks
+          | Some AllSinks, _
+          | _, Some AllSinks ->
+              Some AllSinks
+          | Some (SpecificSinks left_sinks), Some (SpecificSinks right_sinks) ->
+              Some (SpecificSinks (Sinks.Set.union left_sinks right_sinks))
+          | None, None -> None
+        in
+        let tito =
+          match left.tito, right.tito with
+          | None, Some tito
+          | Some tito, None ->
+              Some tito
+          | Some AllTito, _
+          | _, Some AllTito ->
+              Some AllTito
+          | Some (SpecificTito left), Some (SpecificTito right) ->
+              Some
+                (SpecificTito
+                   {
+                     sanitized_tito_sources =
+                       Sources.Set.union left.sanitized_tito_sources right.sanitized_tito_sources;
+                     sanitized_tito_sinks =
+                       Sinks.Set.union left.sanitized_tito_sinks right.sanitized_tito_sinks;
+                   })
+          | None, None -> None
+        in
+        { sources; sinks; tito }
+
+
+    let meet a b = if less_or_equal ~left:b ~right:a then b else a
+
+    let show = show_sanitize
+  end)
+
+  let empty = bottom
+
+  let is_empty = is_bottom
+
+  let equal = equal_sanitize
+
+  let to_json { sources; sinks; tito } =
+    let to_string name = `String name in
+    let sources_to_json sources =
+      `List (sources |> Sources.Set.elements |> List.map ~f:Sources.show |> List.map ~f:to_string)
+    in
+    let sinks_to_json sinks =
+      `List (sinks |> Sinks.Set.elements |> List.map ~f:Sinks.show |> List.map ~f:to_string)
+    in
+    let sources_json =
+      match sources with
+      | Some AllSources -> ["sources", `String "All"]
+      | Some (SpecificSources sources) -> ["sources", sources_to_json sources]
+      | None -> []
+    in
+    let sinks_json =
+      match sinks with
+      | Some AllSinks -> ["sinks", `String "All"]
+      | Some (SpecificSinks sinks) -> ["sinks", sinks_to_json sinks]
+      | None -> []
+    in
+    let tito_json =
+      match tito with
+      | Some AllTito -> ["tito", `String "All"]
+      | Some (SpecificTito { sanitized_tito_sources; sanitized_tito_sinks }) ->
+          [
+            "tito_sources", sources_to_json sanitized_tito_sources;
+            "tito_sinks", sinks_to_json sanitized_tito_sinks;
+          ]
+      | None -> []
+    in
+    `Assoc (sources_json @ sinks_json @ tito_json)
+end
@@ -184,9 +184,7 @@ module AnalysisInstance (FunctionContext : FUNCTION_CONTEXT) = struct
                   ForwardTaint.leaf
                   ByFilter
                   ~f:(fun source ->
-                    Option.some_if
-                      (not (List.mem ~equal:Sources.equal sanitized_tito_sources source))
-                      source)
+                    Option.some_if (not (Sources.Set.mem source sanitized_tito_sources)) source)
                   argument_taint
                 |> Core.Map.Poly.fold
                      ~init:ForwardState.Tree.bottom
@@ -1113,13 +1111,13 @@ module AnalysisInstance (FunctionContext : FUNCTION_CONTEXT) = struct
       in
       let apply_attribute_sanitizers taint =
         match Model.GlobalModel.get_sanitize global_model with
-        | { TaintResult.Sanitize.sources = Some AllSources; _ } -> ForwardState.Tree.empty
-        | { TaintResult.Sanitize.sources = Some (SpecificSources sanitized_sources); _ } ->
+        | { Sanitize.sources = Some AllSources; _ } -> ForwardState.Tree.empty
+        | { Sanitize.sources = Some (SpecificSources sanitized_sources); _ } ->
             ForwardState.Tree.partition
               ForwardTaint.leaf
               ByFilter
               ~f:(fun source ->
-                Option.some_if (not (List.mem ~equal:Sources.equal sanitized_sources source)) source)
+                Option.some_if (not (Sources.Set.mem source sanitized_sources)) source)
               taint
             |> Core.Map.Poly.fold
                  ~init:ForwardState.Tree.bottom
 
@@ -327,9 +327,9 @@ module GlobalModel = struct
     let is_sanitized_model { model = { TaintResult.sanitize; _ }; _ } =
       match sanitize with
       | {
-       sources = Some TaintResult.Sanitize.AllSources;
-       sinks = Some TaintResult.Sanitize.AllSinks;
-       tito = Some TaintResult.Sanitize.AllTito;
+       sources = Some Sanitize.AllSources;
+       sinks = Some Sanitize.AllSinks;
+       tito = Some Sanitize.AllTito;
       } ->
           true
       | _ -> false
 
@@ -33,7 +33,7 @@ module GlobalModel : sig
 
   val get_tito : t -> Domains.BackwardState.Tree.t
 
-  val get_sanitize : t -> TaintResult.Sanitize.t
+  val get_sanitize : t -> Domains.Sanitize.t
 
   val get_modes : t -> TaintResult.ModeSet.t
 
 
@@ -735,7 +735,7 @@ let introduce_sink_taint
   let should_keep_taint =
     match sinks_to_keep with
     | None -> true
-    | Some sinks_to_keep -> Core.Set.mem sinks_to_keep taint_sink_kind
+    | Some sinks_to_keep -> Sinks.Set.mem taint_sink_kind sinks_to_keep
   in
   if should_keep_taint then
     let backward =
@@ -830,7 +830,7 @@ let introduce_source_taint
   let should_keep_taint =
     match sources_to_keep with
     | None -> true
-    | Some sources_to_keep -> Core.Set.mem sources_to_keep taint_source_kind
+    | Some sources_to_keep -> Sources.Set.mem taint_source_kind sources_to_keep
   in
   if Sources.equal taint_source_kind Sources.Attach && List.is_empty breadcrumbs then
     Error "`Attach` must be accompanied by a list of features to attach."
@@ -1884,8 +1884,12 @@ let adjust_sanitize_and_modes_and_skipped_override
                           ~callable_parameter_names_to_positions:None
                           value
                         >>= List.fold_result ~init:([], []) ~f:add_tito_annotation
-                        >>| fun (sanitized_tito_sources, sanitized_tito_sinks) ->
-                        Sanitize.SpecificTito { sanitized_tito_sources; sanitized_tito_sinks }
+                        >>| fun (sources, sinks) ->
+                        Sanitize.SpecificTito
+                          {
+                            sanitized_tito_sources = Sources.Set.of_list sources;
+                            sanitized_tito_sinks = Sinks.Set.of_list sinks;
+                          }
                       in
                       sanitize_tito
                       >>= fun sanitize_tito ->
@@ -1906,9 +1910,10 @@ let adjust_sanitize_and_modes_and_skipped_override
                             } ->
                             let sources =
                               match sources with
-                              | None -> Some (Sanitize.SpecificSources [source])
+                              | None ->
+                                  Some (Sanitize.SpecificSources (Sources.Set.singleton source))
                               | Some (Sanitize.SpecificSources sources) ->
-                                  Some (Sanitize.SpecificSources (source :: sources))
+                                  Some (Sanitize.SpecificSources (Sources.Set.add source sources))
                               | Some Sanitize.AllSources -> Some Sanitize.AllSources
                             in
                             Ok { Sanitize.sources; sinks; tito }
@@ -1922,9 +1927,9 @@ let adjust_sanitize_and_modes_and_skipped_override
                             } ->
                             let sinks =
                               match sinks with
-                              | None -> Some (Sanitize.SpecificSinks [sink])
+                              | None -> Some (Sanitize.SpecificSinks (Sinks.Set.singleton sink))
                               | Some (Sanitize.SpecificSinks sinks) ->
-                                  Some (Sanitize.SpecificSinks (sink :: sinks))
+                                  Some (Sanitize.SpecificSinks (Sinks.Set.add sink sinks))
                               | Some Sanitize.AllSinks -> Some Sanitize.AllSinks
                             in
                             Ok { Sanitize.sources; sinks; tito }
@@ -1954,8 +1959,7 @@ let adjust_sanitize_and_modes_and_skipped_override
                 List.fold arguments ~f:to_sanitize_kind ~init:(Ok Sanitize.empty)
           in
           sanitize_kind
-          >>| fun sanitize_kind ->
-          TaintResult.Sanitize.join sanitize sanitize_kind, modes, skipped_override
+          >>| fun sanitize_kind -> Sanitize.join sanitize sanitize_kind, modes, skipped_override
       | "SkipAnalysis" -> Ok (sanitize, ModeSet.add SkipAnalysis modes, skipped_override)
       | "SkipDecoratorWhenInlining" ->
           Ok (sanitize, ModeSet.add SkipDecoratorWhenInlining modes, skipped_override)
@@ -1996,8 +2000,8 @@ let compute_sources_and_sinks_to_keep ~configuration ~rule_filter =
             ( Sources.Set.singleton Sources.Attach,
               Sinks.Set.of_list [Sinks.AddFeatureToArgument; Sinks.Attach] )
           ~f:(fun (sources, sinks) (rule_sources, rule_sinks) ->
-            ( Core.Set.union sources (Sources.Set.of_list rule_sources),
-              Core.Set.union sinks (Sinks.Set.of_list rule_sinks) ))
+            ( Sources.Set.union sources (Sources.Set.of_list rule_sources),
+              Sinks.Set.union sinks (Sinks.Set.of_list rule_sinks) ))
       in
       Some sources_to_keep, Some sinks_to_keep
 
 
@@ -28,31 +28,39 @@ module T = struct
     | AddFeatureToArgument
   (* Special marker to designate modifying the state the parameter passed in. *)
   [@@deriving compare, eq, sexp, hash]
-end
 
-include T
+  let pp formatter = function
+    | Attach -> Format.fprintf formatter "Attach"
+    | PartialSink { kind; label } -> Format.fprintf formatter "PartialSink[%s[%s]]" kind label
+    | TriggeredPartialSink { kind; label } ->
+        Format.fprintf formatter "TriggeredPartialSink[%s[%s]]" kind label
+    | LocalReturn -> Format.fprintf formatter "LocalReturn"
+    | NamedSink name -> Format.fprintf formatter "%s" name
+    | ParametricSink { sink_name; subkind } -> Format.fprintf formatter "%s[%s]" sink_name subkind
+    | ParameterUpdate index -> Format.fprintf formatter "ParameterUpdate%d" index
+    | AddFeatureToArgument -> Format.fprintf formatter "AddFeatureToArgument"
 
-let pp formatter = function
-  | Attach -> Format.fprintf formatter "Attach"
-  | PartialSink { kind; label } -> Format.fprintf formatter "PartialSink[%s[%s]]" kind label
-  | TriggeredPartialSink { kind; label } ->
-      Format.fprintf formatter "TriggeredPartialSink[%s[%s]]" kind label
-  | LocalReturn -> Format.fprintf formatter "LocalReturn"
-  | NamedSink name -> Format.fprintf formatter "%s" name
-  | ParametricSink { sink_name; subkind } -> Format.fprintf formatter "%s[%s]" sink_name subkind
-  | ParameterUpdate index -> Format.fprintf formatter "ParameterUpdate%d" index
-  | AddFeatureToArgument -> Format.fprintf formatter "AddFeatureToArgument"
 
+  let show = Format.asprintf "%a" pp
+end
 
-let show = Format.asprintf "%a" pp
+include T
 
 let ignore_leaf_at_call = function
   | Attach -> true
   | _ -> false
 
 
-module Set = Set.Make (struct
-  include T
-end)
+module Set = struct
+  include Stdlib.Set.Make (struct
+    include T
+  end)
+
+  let show set =
+    set |> elements |> List.map ~f:T.show |> String.concat ~sep:", " |> Format.asprintf "[%s]"
+
+
+  let pp format set = Format.fprintf format "%s" (show set)
+end
 
 let name = "sink"
@@ -5,8 +5,6 @@
  * LICENSE file in the root directory of this source tree.
  *)
 
-open Core
-
 type partial_sink = {
   kind: string;
   label: string;
@@ -31,4 +29,10 @@ val name : string
 
 val ignore_leaf_at_call : t -> bool
 
-module Set : Set.S with type Elt.t = t
+module Set : sig
+  include Stdlib.Set.S with type elt = t
+
+  val pp : Format.formatter -> t -> unit
+
+  val show : t -> string
+end