-
Notifications
You must be signed in to change notification settings - Fork 303
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update Intent summary #523
base: develop
Are you sure you want to change the base?
Conversation
This fixes issue secure-software-engineering#520
Hi @flankerhqd , thanks for your fix. But I guess the summary xml file needs a big refactor if #520 can be fixed in this way. Because not only |
Yep correct, you can just go ahead and replace all of them :) |
This fix doesn't solve the underlying problem. In the example, the incorrect propagation happens to fail the type check, so enforcing type checks avoids the problem in this case. In general, it might even cause problems. We have a different attribute on summaries. Excerpt from the XSD:
The attribute defaults to |
Interesting, I'll take a look |
Hi Steven: Currently the implementation of SummaryTaintWrapper
/**
* Checks whether the following fields shall be deleted when applying the given
* flow specification
*
* @param flow The flow specification to check
* @return true if the following fields shall be deleted, false otherwise
*/
protected boolean isCutSubFields(MethodFlow flow) {
Boolean cut = flow.getCutSubFields();
Boolean typeChecking = flow.getTypeChecking();
if (cut == null) {
if (typeChecking != null)
return !typeChecking.booleanValue();
return false;
}
return cut.booleanValue();
} The So the fix here might be by default assign all getCutSubFields to false instead of null, or ignore the Which do you prefer? |
@StevenArzt @flankerhqd I think commit1 and commit2 caused this problem. So if flankerhqd's proposed fix is adopted, commit1 is basically reverted. Does it have any side effects? |
Yes, I observed serious performance regression after applying the aforementioned patch, which should not be possible. |
Strange. The commits you mention just allowed us to not configure the setting and use the default value. Instead of pushing the default to the summary reader, I decided to just keep the variable Concerning the logic behind the current code: You can explicitly instruct FlowDroid to cut subfields or not (non-null value for
Assume that after the first line, |
This fixes issue #520