From a7d262d69b01a2676b0dba536ada3b815a091089 Mon Sep 17 00:00:00 2001
From: Yuh Shin Ong <yuhshin@meta.com>
Date: Tue, 1 Aug 2023 15:40:15 -0700
Subject: [PATCH] Life-cycle test: Add clarifying comments

Summary:
Just documenting a false negative pattern in our life-cycle due to a limitation of which methods the life-cycle wrapper can call to.

The hope is that with class intervals, life-cycle wrappers can call these methods without worrying about false positives due to flows from unrelated classes.

Reviewed By: anwesht

Differential Revision: D47726809

fbshipit-source-id: 8cf5ca84840743db04e14489e0415743fc8869bd
---
 .../code/fragment_lifecycle/ChildFragment.java           | 9 +++++++++
 .../code/fragment_lifecycle/expected_output.json         | 4 ++--
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/source/tests/integration/end-to-end/code/fragment_lifecycle/ChildFragment.java b/source/tests/integration/end-to-end/code/fragment_lifecycle/ChildFragment.java
index e2a16280..1017c53a 100644
--- a/source/tests/integration/end-to-end/code/fragment_lifecycle/ChildFragment.java
+++ b/source/tests/integration/end-to-end/code/fragment_lifecycle/ChildFragment.java
@@ -24,6 +24,15 @@ protected void onAfterActivityCreate() {
 
   @Override
   protected void onStart() {
+    // False negative:
+    // mTainted2 is tainted in onAfterActivityCreate() called from onCreate()
+    // but because this class does not override onCreate(), the call to
+    // onCreate() does not make it into the life-cycle wrapper and the analysis
+    // misses the flow.
+    // Suggested fix: Call base class methods when override does not exist.
+    // Needs class intervals to avoid false positives because the base class
+    // could have tainted fields from other derived classes unrelated to this
+    // one.
     super.onStart();
     Origin.sink(mTainted2);
   }
diff --git a/source/tests/integration/end-to-end/code/fragment_lifecycle/expected_output.json b/source/tests/integration/end-to-end/code/fragment_lifecycle/expected_output.json
index 72e7c379..af1fcc54 100644
--- a/source/tests/integration/end-to-end/code/fragment_lifecycle/expected_output.json
+++ b/source/tests/integration/end-to-end/code/fragment_lifecycle/expected_output.json
@@ -1310,7 +1310,7 @@
   "method" : "Lcom/facebook/marianatrench/integrationtests/ChildFragment;.onStart:()V",
   "position" : 
   {
-    "line" : 26,
+    "line" : 35,
     "path" : "ChildFragment.java"
   },
   "sinks" : 
@@ -1336,7 +1336,7 @@
             "method" : "Lcom/facebook/marianatrench/integrationtests/Origin;.sink:(Ljava/lang/Object;)V",
             "position" : 
             {
-              "line" : 28,
+              "line" : 37,
               "path" : "ChildFragment.java"
             }
           }