Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Invalid configuration for java/io/File#createTempFile in java-net.txt #328

Closed
topolik opened this issue Aug 16, 2017 · 0 comments
Closed

Invalid configuration for java/io/File#createTempFile in java-net.txt #328

topolik opened this issue Aug 16, 2017 · 0 comments

Comments

@topolik
Copy link
Member

topolik commented Aug 16, 2017
edited
Loading

The methods are static so there is no "this" object on the stack to be mutated.

java/io/File.createTempFile(Ljava/lang/String;Ljava/lang/String;)Ljava/io/File;:0,1#2,3
java/io/File.createTempFile(Ljava/lang/String;Ljava/lang/String;Ljava/io/File;)Ljava/io/File;:0,1,2#3,4

Throws:

Out of bounds mutables in com.liferay.portal.kernel.process.ProcessExecutor$SubprocessReactor.call()Lcom/liferay/portal/kernel/process/ProcessCallable
java.lang.AssertionError: Out of bounds mutables in com.liferay.portal.kernel.process.ProcessExecutor$SubprocessReactor.call()Lcom/liferay/portal/kernel/process/ProcessCallable;
	at com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor.transferTaintToMutables(TaintFrameModelingVisitor.java:589)
	at com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor.visitInvoke(TaintFrameModelingVisitor.java:407)
	at com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor.visitINVOKESTATIC(TaintFrameModelingVisitor.java:296)
topolik added a commit to topolik/find-sec-bugs that referenced this issue Aug 16, 2017
@topolik
Fix definitions of File.createTempFile find-sec-bugs#328
f0a7839
topolik added a commit to topolik/find-sec-bugs that referenced this issue Aug 16, 2017
@topolik
Include the failing method config in assert find-sec-bugs#328
ae25f91 
Also show full configuration line with method and type signature so that it's easier to find and fix in defintion files
@topolik topolik mentioned this issue Aug 16, 2017
Closed
topolik added a commit to topolik/find-sec-bugs that referenced this issue Aug 16, 2017
@topolik
Fix definitions of File.createTempFile find-sec-bugs#328
afd9f72 
Copy & Paste issue probably, stack doesn't contain "this" object (and "new" copy as in <init>)
topolik added a commit to topolik/find-sec-bugs that referenced this issue Aug 16, 2017
@topolik
Include the failing method config in assert find-sec-bugs#328
7461999 
Also show full configuration line with method and type signature so that it's easier to find and fix in defintion files
@topolik topolik mentioned this issue Aug 16, 2017
Merged
h3xstream added a commit that referenced this issue Aug 17, 2017
@h3xstream
Merge pull request #330 from topolik/328
2e669c6 
Fix java/io/File#createTempFile #328
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@topolik @h3xstream