Skip to content

Kotlin: Add taint step for String.valueOf(Editable) #9319

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Jun 22, 2022
Merged

Kotlin: Add taint step for String.valueOf(Editable) #9319

merged 4 commits into from
Jun 22, 2022

Conversation

atorralba
Copy link
Contributor

Kotlin inlines expr.toString() as String.valueOf(expr) when expr is nullable.

This PR extends #8872 by adding a taint step to handle the above when expr is an Editable.

@atorralba atorralba requested a review from a team May 25, 2022 08:27
@atorralba atorralba requested a review from a team as a code owner May 25, 2022 08:27
smowton
smowton previously approved these changes May 25, 2022
View reviewed changes
Copy link
Contributor

@smowton smowton left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changes look reasonable; curious to know why the result is still tagged MISSING

java/ql/test/library-tests/frameworks/android/widget/TestWidgetKt.kt
sink(t.toString()); // $ hasTaintFlow

val t2 : Any? = source()
sink(t2.toString()); // $ MISSING: hasTaintFlow
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why does it still fail?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

t2's type is Object because of the Any? declaration. So the taint step works for Editable? but not for Any?.

This is also causing other issues, e.g. toString's declaring type is Any in both cases, which interferes with our Method::override logic.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe that's consistent with the Java extractor -- if the receiver type doesn't supply an override then MethodAccess.getMethod() points to the inherited method.

atorralba added 3 commits June 20, 2022 12:07
@atorralba
Add taint step for String.valueOf(Editable)
2b2fa6e 
Kotlin inlines expr.toString() as String.valueOf(expr) when expr is nullable
@atorralba
Add change note
3b60a1c
@atorralba
Change test class name
78fcdd2
@atorralba atorralba force-pushed the atorralba/add-editable-valueof-step branch from 3d6cfcf to 78fcdd2 Compare June 20, 2022 10:07
@atorralba
Copy link
Contributor Author

Tests are now green after #9405.

@atorralba atorralba merged commit cc354ca into github:main Jun 22, 2022
@atorralba atorralba deleted the atorralba/add-editable-valueof-step branch June 22, 2022 11:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@smowton smowton smowton approved these changes

Assignees
No one assigned
Labels
documentation Java
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@atorralba @smowton