Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix OpcodeStack to handle propagation of taints properly in case of string concatenation in Java 11 and above #2195

Merged
merged 5 commits into from
Oct 11, 2022
Merged

Fix OpcodeStack to handle propagation of taints properly in case of string concatenation in Java 11 and above #2195

merged 5 commits into from
Oct 11, 2022

Commits on Sep 27, 2022

  1. Test for Issue 2184

    Ádám Balogh committed Sep 27, 2022
    Configuration menu
    Copy the full SHA
    8c5e193 View commit details
    Browse the repository at this point in the history

  2. Fix OpcodeStack to handle propagation of taints properly in case of s… 

    …tring concatenation in Java 9 and above

Instead of using StringBuffer or StringBuilder internally, Java 11 and above uses a dynamic call to makeConcatWithConstants() to append strings. Previously, `OpcodeStackDetector` did not handle the taint propagation properly in case of this dyanamic call which led to false negative such as the one described in issue [spotbugs#2184](spotbugs#2184). This PR fixes such issues by adding code to `OpcodeStackDetector` to handle this case as well.
    Ádám Balogh committed Sep 27, 2022
    Configuration menu
    Copy the full SHA
    6a6e870 View commit details
    Browse the repository at this point in the history

  3. Merge branch 'master' into Issue2184

    Balogh, Ádám committed Sep 27, 2022
    Configuration menu
    Copy the full SHA
    aeb21fd View commit details
    Browse the repository at this point in the history

Commits on Sep 28, 2022

  1. Refactored double negatives

    Ádám Balogh committed Sep 28, 2022
    Configuration menu
    Copy the full SHA
    8f6d692 View commit details
    Browse the repository at this point in the history

Commits on Oct 11, 2022

  1. Merge branch 'master' into Issue2184

    @KengoTODA
    KengoTODA committed Oct 11, 2022
    Configuration menu
    Copy the full SHA
    9c3d827 View commit details
    Browse the repository at this point in the history