Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Java: sanitize values which are checked against an allowlist using java.util.List.contains or java.util.Set.contains #17051

Open
wants to merge 14 commits into
base: main
Choose a base branch
from
Open

Java: sanitize values which are checked against an allowlist using java.util.List.contains or java.util.Set.contains #17051

wants to merge 14 commits into from

Commits on Oct 15, 2024

  1. Create DefaultTaintSanitizer

    @owen-mc
    owen-mc committed Oct 15, 2024
    Configuration menu
    Copy the full SHA
    5f85878 View commit details
    Browse the repository at this point in the history

  2. Add list of constants sanitizer for java.util.List

    @owen-mc
    owen-mc committed Oct 15, 2024
    Configuration menu
    Copy the full SHA
    a495727 View commit details
    Browse the repository at this point in the history

  3. Add tests for java.util.Set

    @owen-mc
    owen-mc committed Oct 15, 2024
    Configuration menu
    Copy the full SHA
    af741dc View commit details
    Browse the repository at this point in the history

  4. Add list of constants sanitizer for java.util.Set

    @owen-mc
    owen-mc committed Oct 15, 2024
    Configuration menu
    Copy the full SHA
    bebf594 View commit details
    Browse the repository at this point in the history

  5. Improve local flow logic

    @owen-mc
    owen-mc committed Oct 15, 2024
    Configuration menu
    Copy the full SHA
    cbab9a7 View commit details
    Browse the repository at this point in the history

  6. Add change note

    @owen-mc
    owen-mc committed Oct 15, 2024
    Configuration menu
    Copy the full SHA
    8b0dafd View commit details
    Browse the repository at this point in the history

  7. Refactor

    @owen-mc
    owen-mc committed Oct 15, 2024
    Configuration menu
    Copy the full SHA
    e410f02 View commit details
    Browse the repository at this point in the history

  8. Specify type parameter in test

    @owen-mc
    owen-mc committed Oct 15, 2024
    Configuration menu
    Copy the full SHA
    1f1a58c View commit details
    Browse the repository at this point in the history

  9. Accept consistency check result

    @owen-mc
    owen-mc committed Oct 15, 2024
    Configuration menu
    Copy the full SHA
    5848af2 View commit details
    Browse the repository at this point in the history

  10. Refactor for fear of bad optimization

    @owen-mc
    owen-mc committed Oct 15, 2024
    Configuration menu
    Copy the full SHA
    63b122d View commit details
    Browse the repository at this point in the history

  11. Add (failing) test for lambda

    @owen-mc
    owen-mc committed Oct 15, 2024
    Configuration menu
    Copy the full SHA
    50d97ff View commit details
    Browse the repository at this point in the history

  12. Fix list of constants sanitizer for captured variables 

    If a mutable allowlist flows to a captured variable in a lambda, we
can't be sure that it won't have a non-constant element added, so we
exclude it as a list of constants sanitizer.
    @owen-mc
    owen-mc committed Oct 15, 2024
    Configuration menu
    Copy the full SHA
    f37077d View commit details
    Browse the repository at this point in the history

  13. Add (failing) tests for toUpperCase and toLowerCase

    @owen-mc
    owen-mc committed Oct 15, 2024
    Configuration menu
    Copy the full SHA
    6e084d4 View commit details
    Browse the repository at this point in the history

  14. Fix list of constants sanitize for toUpperCase and toLowerCase

    @owen-mc
    owen-mc committed Oct 15, 2024
    Configuration menu
    Copy the full SHA
    08443e8 View commit details
    Browse the repository at this point in the history