Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Propagate taint through AbstractStringBuilder.reverse() #7500

Merged
merged 2 commits into from Jan 4, 2022
Merged

Propagate taint through AbstractStringBuilder.reverse() #7500

merged 2 commits into from Jan 4, 2022
+1 −0

Conversation

@zbazztian
Copy link
Contributor

@zbazztian zbazztian commented Jan 3, 2022

... and its overrides. Currently, we do not propagate taint through AbstractStringBuilder.reverse() calls, which leads us to miss out on results e.g. within this webgoat example.

Is there a motivation for this or was this just an oversight?
@zbazztian zbazztian requested a review from as a code owner Jan 3, 2022
@github-actions github-actions bot added the Java label Jan 3, 2022
@github-actions
Copy link
Contributor

@github-actions github-actions bot commented Jan 3, 2022

⚠️ The head of this PR and the base branch were compared for differences in the framework coverage reports. The generated reports are available in the artifacts of this workflow run. The differences will be picked up by the nightly job after the PR gets merged.

Click to show differences in coverage

java

Generated file changes for java

  • Changes to framework-coverage-java.rst:
-    Java Standard Library,``java.*``,3,524,30,13,,,7,,,10
+    Java Standard Library,``java.*``,3,526,30,13,,,7,,,10
-    Totals,,180,5623,431,13,6,10,107,33,1,66
+    Totals,,180,5625,431,13,6,10,107,33,1,66
  • Changes to framework-coverage-java.csv:
- java.lang,,,52,,,,,,,,,,,,,,,,,,,,,,42,10
+ java.lang,,,54,,,,,,,,,,,,,,,,,,,,,,43,11

@zbazztian
Copy link
Contributor Author

@zbazztian zbazztian commented Jan 3, 2022

Note, we might also want to do it for AbstractStringBuilder.substring() and AbstractStringBuilder.subSequence() as those appear to have been modeled for java.lang.String and java.lang.CharSequence as well.

@github-actions
Copy link
Contributor

@github-actions github-actions bot commented Jan 4, 2022

⚠️ The head of this PR and the base branch were compared for differences in the framework coverage reports. The generated reports are available in the artifacts of this workflow run. The differences will be picked up by the nightly job after the PR gets merged.

Click to show differences in coverage

java

Generated file changes for java

  • Changes to framework-coverage-java.rst:
-    Java Standard Library,``java.*``,3,524,30,13,,,7,,,10
+    Java Standard Library,``java.*``,3,525,30,13,,,7,,,10
-    Totals,,180,5623,431,13,6,10,107,33,1,66
+    Totals,,180,5624,431,13,6,10,107,33,1,66
  • Changes to framework-coverage-java.csv:
- java.lang,,,52,,,,,,,,,,,,,,,,,,,,,,42,10
+ java.lang,,,53,,,,,,,,,,,,,,,,,,,,,,42,11

@aschackmull aschackmull merged commit 6457f42 into github:main Jan 4, 2022
18 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aschackmull aschackmull

Assignees
No one assigned
Labels
Java
Projects
None yet
Milestone
No milestone
Linked issues

Successfully merging this pull request may close these issues.

None yet

2 participants
@zbazztian @aschackmull