Added confidential checker

checker-qual/src/main/java/org/checkerframework/checker/confidential/qual/BottomConfidential.java

@@ -0,0 +1,27 @@
+package org.checkerframework.checker.confidential.qual;
+
+import java.lang.annotation.Documented;
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+import org.checkerframework.framework.qual.DefaultFor;
+import org.checkerframework.framework.qual.InvisibleQualifier;
+import org.checkerframework.framework.qual.SubtypeOf;
+import org.checkerframework.framework.qual.TargetLocations;
+import org.checkerframework.framework.qual.TypeUseLocation;
+
+/**
+ * The bottom type in the Confidential type system. Programmers should rarely write this type.
+ *
+ * @checker_framework.manual #confidential-checker Confidential Checker
+ * @checker_framework.manual #bottom-type the bottom type
+ */
+@Documented
+@Retention(RetentionPolicy.RUNTIME)
+@Target({ElementType.TYPE_USE, ElementType.TYPE_PARAMETER})
+@TargetLocations({TypeUseLocation.EXPLICIT_LOWER_BOUND, TypeUseLocation.EXPLICIT_UPPER_BOUND})
+@InvisibleQualifier
+@SubtypeOf({Confidential.class, NonConfidential.class})
+@DefaultFor(value = {TypeUseLocation.LOWER_BOUND})
+public @interface BottomConfidential {}

checker-qual/src/main/java/org/checkerframework/checker/confidential/qual/Confidential.java

@@ -0,0 +1,26 @@
+package org.checkerframework.checker.confidential.qual;
+
+import java.lang.annotation.Documented;
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+import org.checkerframework.framework.qual.SubtypeOf;
+
+/**
+ * Denotes a value that will not be exposed to end users or a sink that will not be able to be
+ * accessed by end users.
+ *
+ * <p>A Confidential value may contain sensitive, private, or otherwise privileged-access
+ * information. Examples include passwords, PII (personally identifiable information), and private
+ * keys.
+ *
+ * @see NonConfidential
+ * @see org.checkerframework.checker.confidential.ConfidentialChecker
+ * @checker_framework.manual #confidential-checker Confidential Checker
+ */
+@Documented
+@Retention(RetentionPolicy.RUNTIME)
+@Target({ElementType.TYPE_USE, ElementType.TYPE_PARAMETER})
+@SubtypeOf(UnknownConfidential.class)
+public @interface Confidential {}

checker-qual/src/main/java/org/checkerframework/checker/confidential/qual/NonConfidential.java

@@ -0,0 +1,29 @@
+package org.checkerframework.checker.confidential.qual;
+
+import java.lang.annotation.Documented;
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+import org.checkerframework.framework.qual.DefaultFor;
+import org.checkerframework.framework.qual.DefaultQualifierInHierarchy;
+import org.checkerframework.framework.qual.LiteralKind;
+import org.checkerframework.framework.qual.QualifierForLiterals;
+import org.checkerframework.framework.qual.SubtypeOf;
+import org.checkerframework.framework.qual.TypeUseLocation;
+
+/**
+ * Denotes a value that may be exposed to end users, or a location that may be accessed by end
+ * users. NonConfidential locations will never contain sensitive, private, or otherwise
+ * privileged-access information.
+ *
+ * @checker_framework.manual #confidential-checker Confidential Checker
+ */
+@Documented
+@Retention(RetentionPolicy.RUNTIME)
+@Target({ElementType.TYPE_USE, ElementType.TYPE_PARAMETER})
+@SubtypeOf(UnknownConfidential.class)
+@QualifierForLiterals({LiteralKind.STRING, LiteralKind.PRIMITIVE})
+@DefaultQualifierInHierarchy
+@DefaultFor(value = {TypeUseLocation.LOCAL_VARIABLE, TypeUseLocation.UPPER_BOUND})
+public @interface NonConfidential {}

checker-qual/src/main/java/org/checkerframework/checker/confidential/qual/PolyConfidential.java

@@ -0,0 +1,20 @@
+package org.checkerframework.checker.confidential.qual;
+
+import java.lang.annotation.Documented;
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+import org.checkerframework.framework.qual.PolymorphicQualifier;
+
+/**
+ * A polymorphic qualifier for the Confidential type system.
+ *
+ * @checker_framework.manual #confidential-checker Confidential Checker
+ * @checker_framework.manual #qualifier-polymorphism Qualifier polymorphism
+ */
+@Documented
+@Retention(RetentionPolicy.RUNTIME)
+@Target({ElementType.TYPE_USE, ElementType.TYPE_PARAMETER})
+@PolymorphicQualifier(UnknownConfidential.class)
+public @interface PolyConfidential {}

checker-qual/src/main/java/org/checkerframework/checker/confidential/qual/UnknownConfidential.java

@@ -0,0 +1,25 @@
+package org.checkerframework.checker.confidential.qual;
+
+import java.lang.annotation.Documented;
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+import org.checkerframework.framework.qual.InvisibleQualifier;
+import org.checkerframework.framework.qual.SubtypeOf;
+import org.checkerframework.framework.qual.TargetLocations;
+import org.checkerframework.framework.qual.TypeUseLocation;
+
+/**
+ * Represents a value that might or might not be confidential. This is the top of the Confidential
+ * qualifier hierarchy.
+ *
+ * @checker_framework.manual #confidential-checker Confidential Checker
+ */
+@Documented
+@Retention(RetentionPolicy.RUNTIME)
+@Target({ElementType.TYPE_USE, ElementType.TYPE_PARAMETER})
+@TargetLocations({TypeUseLocation.EXPLICIT_LOWER_BOUND, TypeUseLocation.EXPLICIT_UPPER_BOUND})
+@InvisibleQualifier
+@SubtypeOf({})
+public @interface UnknownConfidential {}

checker/src/main/java/org/checkerframework/checker/confidential/AbstractAuthenticationTargetUrlRequestHandler.astub

@@ -0,0 +1,27 @@
+package org.springframework.security.web.authentication;
+
+import java.io.IOException;
+
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import org.springframework.core.log.LogMessage;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.web.DefaultRedirectStrategy;
+import org.springframework.security.web.RedirectStrategy;
+import org.springframework.security.web.util.UrlUtils;
+import org.springframework.util.Assert;
+import org.springframework.util.StringUtils;
+
+import org.checkerframework.checker.confidential.qual.UnknownConfidential;
+
+public abstract class AbstractAuthenticationTargetUrlRequestHandler {
+
+	protected void handle(HttpServletRequest request, HttpServletResponse response, @UnknownConfidential Authentication authentication);
+
+	protected String determineTargetUrl(HttpServletRequest request, HttpServletResponse response,
+			@UnknownConfidential Authentication authentication);
+}

checker/src/main/java/org/checkerframework/checker/confidential/AlertDialog.astub

@@ -0,0 +1,131 @@
+package android.app;
+
+import android.annotation.ArrayRes;
+import android.annotation.AttrRes;
+import android.annotation.DrawableRes;
+import android.annotation.StringRes;
+import android.annotation.StyleRes;
+import android.compat.annotation.UnsupportedAppUsage;
+import android.content.Context;
+import android.content.DialogInterface;
+import android.content.res.ResourceId;
+import android.content.res.Resources;
+import android.database.Cursor;
+import android.graphics.drawable.Drawable;
+import android.os.Bundle;
+import android.os.Message;
+import android.text.Layout;
+import android.text.method.MovementMethod;
+import android.util.TypedValue;
+import android.view.ContextThemeWrapper;
+import android.view.KeyEvent;
+import android.view.View;
+import android.widget.AdapterView;
+import android.widget.Button;
+import android.widget.ListAdapter;
+import android.widget.ListView;
+import com.android.internal.R;
+import com.android.internal.app.AlertController;
+
+import org.checkerframework.checker.confidential.qual.*;
+
+public class AlertDialog extends Dialog implements DialogInterface {
+
+    protected AlertDialog(@UnknownConfidential Context context);
+
+    protected AlertDialog(@UnknownConfidential Context context, boolean cancelable,
+        @UnknownConfidential OnCancelListener cancelListener);
+
+    protected AlertDialog(@UnknownConfidential Context context, @StyleRes int themeResId);
+
+    AlertDialog(@UnknownConfidential Context context, @StyleRes int themeResId,
+        boolean createContextThemeWrapper);
+
+    static @StyleRes int resolveDialogTheme(@UnknownConfidential Context context,
+        @StyleRes int themeResId);
+
+    public static class Builder {
+        public @UnknownConfidential Builder(@UnknownConfidential Context context);
+
+        public @UnknownConfidential Builder(@UnknownConfidential Context context, int themeResId);
+
+        public @UnknownConfidential Context getContext();
+
+        public @UnknownConfidential Builder setTitle(@StringRes int titleId);
+
+        public @UnknownConfidential Builder setTitle(CharSequence title);
+
+        public @UnknownConfidential Builder setCustomTitle(View customTitleView);
+
+        public @UnknownConfidential Builder setMessage(@StringRes int messageId);
+
+        public @UnknownConfidential Builder setMessage(CharSequence message);
+
+        public @UnknownConfidential Builder setIcon(@DrawableRes int iconId);
+
+        public @UnknownConfidential Builder setIcon(Drawable icon);
+
+        public @UnknownConfidential Builder setIconAttribute(@AttrRes int attrId);
+
+        public @UnknownConfidential Builder setPositiveButton(@StringRes int textId, final @UnknownConfidential OnClickListener listener);
+
+        public @UnknownConfidential Builder setPositiveButton(CharSequence text, final @UnknownConfidential OnClickListener listener);
+
+        public @UnknownConfidential Builder setNegativeButton(@StringRes int textId, final @UnknownConfidential OnClickListener listener);
+
+        public @UnknownConfidential Builder setNegativeButton(CharSequence text, final @UnknownConfidential OnClickListener listener);
+
+        public @UnknownConfidential Builder setNeutralButton(@StringRes int textId, final @UnknownConfidential OnClickListener listener);
+
+        public @UnknownConfidential Builder setNeutralButton(CharSequence text, final @UnknownConfidential OnClickListener listener);
+
+        public @UnknownConfidential Builder setCancelable(boolean cancelable);
+
+        public @UnknownConfidential Builder setOnCancelListener(@UnknownConfidential OnCancelListener onCancelListener);
+
+        public @UnknownConfidential Builder setOnDismissListener(@UnknownConfidential OnDismissListener onDismissListener);
+
+        public @UnknownConfidential Builder setOnKeyListener(@UnknownConfidential OnKeyListener onKeyListener);
+
+        public @UnknownConfidential Builder setItems(@ArrayRes int itemsId, final @UnknownConfidential OnClickListener listener);
+
+        public @UnknownConfidential Builder setItems(CharSequence[] items, final @UnknownConfidential OnClickListener listener);
+
+        public @UnknownConfidential Builder setAdapter(final @UnknownConfidential ListAdapter adapter, final @UnknownConfidential OnClickListener listener);
+
+        public @UnknownConfidential Builder setCursor(final @UnknownConfidential Cursor cursor, final @UnknownConfidential OnClickListener listener,
+                String labelColumn);
+
+        public @UnknownConfidential Builder setMultiChoiceItems(@ArrayRes int itemsId, boolean[] checkedItems,
+                final @UnknownConfidential OnMultiChoiceClickListener listener);
+
+        public @UnknownConfidential Builder setMultiChoiceItems(CharSequence[] items, boolean[] checkedItems,
+                final @UnknownConfidential OnMultiChoiceClickListener listener);
+
+        public @UnknownConfidential Builder setMultiChoiceItems(@UnknownConfidential Cursor cursor, String isCheckedColumn, String labelColumn,
+                final @UnknownConfidential OnMultiChoiceClickListener listener);
+
+        public @UnknownConfidential Builder setSingleChoiceItems(@ArrayRes int itemsId, int checkedItem,
+                final @UnknownConfidential OnClickListener listener);
+
+        public @UnknownConfidential Builder setSingleChoiceItems(@UnknownConfidential Cursor cursor, int checkedItem, String labelColumn,
+                final @UnknownConfidential OnClickListener listener);
+
+        public @UnknownConfidential Builder setSingleChoiceItems(CharSequence[] items, int checkedItem, final @UnknownConfidential OnClickListener listener);
+
+        public @UnknownConfidential Builder setSingleChoiceItems(@UnknownConfidential ListAdapter adapter, int checkedItem, final @UnknownConfidential OnClickListener listener);
+
+        public @UnknownConfidential Builder setOnItemSelectedListener(final @UnknownConfidential AdapterView.OnItemSelectedListener listener);
+
+        public @UnknownConfidential Builder setView(int layoutResId);
+
+        public @UnknownConfidential Builder setView(View view);
+
+        @UnsupportedAppUsage
+        public @UnknownConfidential Builder setRecycleOnMeasureEnabled(boolean enabled);
+
+        public @UnknownConfidential AlertDialog create();
+
+        public @UnknownConfidential AlertDialog show();
+    }
+}

checker/src/main/java/org/checkerframework/checker/confidential/AndroidLog.astub

@@ -0,0 +1,50 @@
+package android.util;
+import android.annotation.IntDef;
+import android.annotation.NonNull;
+import android.annotation.Nullable;
+import android.annotation.SystemApi;
+import android.compat.annotation.UnsupportedAppUsage;
+import android.os.DeadSystemException;
+import com.android.internal.os.RuntimeInit;
+import com.android.internal.util.FastPrintWriter;
+import com.android.internal.util.LineBreakBufferedWriter;
+import dalvik.annotation.optimization.FastNative;
+import java.io.PrintWriter;
+import java.io.StringWriter;
+import java.io.Writer;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.net.UnknownHostException;
+
+import org.checkerframework.checker.confidential.qual.*;
+
+public final class Log {
+
+    public static int d(@Nullable String tag, @Nullable String msg, @Nullable @UnknownConfidential Throwable tr);
+
+    public static int w(@Nullable String tag, @Nullable String msg, @Nullable @UnknownConfidential Throwable tr);
+
+    public static int w(@Nullable String tag, @Nullable @UnknownConfidential Throwable tr);
+
+    public static int v(@Nullable String tag, @Nullable String msg, @Nullable @UnknownConfidential Throwable tr);
+
+    public static int i(@Nullable String tag, @Nullable String msg, @Nullable @UnknownConfidential Throwable tr);
+
+    public static int e(@Nullable String tag, @Nullable String msg, @Nullable @UnknownConfidential Throwable tr);
+
+    public static int wtf(@Nullable String tag, @NonNull @UnknownConfidential Throwable tr);
+
+    public static int wtf(@Nullable String tag, @Nullable String msg, @Nullable @UnknownConfidential Throwable tr);
+
+    static int wtf(int logId, @Nullable String tag, @Nullable String msg, @Nullable @UnknownConfidential Throwable tr,
+                boolean localStack, boolean system);
+
+    @NonNull
+    public static @UnknownConfidential TerribleFailureHandler setWtfHandler(@NonNull @UnknownConfidential TerribleFailureHandler handler);
+
+    @NonNull
+    public static String getStackTraceString(@Nullable @UnknownConfidential Throwable tr);
+
+    public static int printlns(int bufID, int priority, @Nullable String tag, @NonNull String msg,
+            @Nullable @UnknownConfidential Throwable tr);
+}

checker/src/main/java/org/checkerframework/checker/confidential/ApacheLog.astub

@@ -0,0 +1,18 @@
+package org.apache.commons.logging;
+
+import org.checkerframework.checker.confidential.qual.UnknownConfidential;
+
+public interface Log {
+
+    void debug(Object var1, @UnknownConfidential Throwable var2);
+
+    void error(Object var1, @UnknownConfidential Throwable var2);
+
+    void fatal(Object var1, @UnknownConfidential Throwable var2);
+
+    void info(Object var1, @UnknownConfidential Throwable var2);
+
+    void trace(Object var1, @UnknownConfidential Throwable var2);
+
+    void warn(Object var1, @UnknownConfidential Throwable var2);
+}

checker/src/main/java/org/checkerframework/checker/confidential/Authentication.astub

@@ -0,0 +1,21 @@
+package org.springframework.security.core;
+
+import java.io.Serializable;
+import java.security.Principal;
+import java.util.Collection;
+
+import org.checkerframework.checker.confidential.qual.Confidential;
+
+public interface Authentication extends Principal, Serializable {
+    Collection<? extends GrantedAuthority> getAuthorities();
+
+    @Confidential Object getCredentials();
+
+    Object getDetails();
+
+    Object getPrincipal();
+
+    boolean isAuthenticated();
+
+    void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentException;
+}