Added confidential checker #6981

iywang2016 · 2025-03-03T09:48:58Z

Associated with JDK pull request #224

…ed references in code as necessary

…caped SQL values as SqlSanitized.

SQL tainting qualifiers and basic tests

…and SqlSanitizedUser

…bined SqlQuoteless and SqlEvenQuotes; revised documentations

… iywang

mernst

I have just a couple last comments.

mernst · 2025-06-06T01:46:43Z

checker/src/main/java/org/checkerframework/checker/confidential/ConfidentialTransfer.java

+   * Enforces Confidential String concatenation rules:
+   *
+   * <ul>
+   *   <li>(Confidential + NonConfidential) returns Confidential (commutatively);


This is the same comment text as in the TreeAnnotator. Can you please document the relationship between the two? What does each one do, and why are both necessary?

mernst · 2025-06-06T01:49:29Z

checker/src/main/java/org/checkerframework/checker/confidential/ConfidentialTransfer.java

+   * @param leftOperand the left operand to be concatenated
+   * @param rightOperand the right operand to be concatenated
+   * @param p the input abstract values
+   * @return the resulting AnnotationMirror of the string concatenation operation


This method may also return null. Please document the conditions under which that happens.

gitfundo and others added 30 commits June 18, 2024 14:42

Basic duplication of TaintChecker for SQLi

13f846b

Added basic SQL tainting test

9950b17

Added basic test

2707a54

Added sql tainting test file under junit directory

7d905a5

Renamed SqlSafe -> SqlSanitized, SqlDangerous -> SqlQueryValue; renam…

a4ab6f4

…ed references in code as necessary

Revised @QualifierForLiterals annotation to automatically annotate es…

4861495

…caped SQL values as SqlSanitized.

Added tests for @QualifierForLiterals regex

9c1cda5

Renamed files

119d74c

Merge branch 'typetools:master' into master

48bc502

Merge branch 'typetools:master' into sqltainting

da010c1

Merge branch 'master' into sqltainting

2059202

Merge pull request #1 from iywang2016/sqltainting

3ab729a

SQL tainting qualifiers and basic tests

Revised qualifiers

972ba01

Revised qualifiers

de5dbe0

Revised documentation for type checker

baa3be7

Stub file for base64 encoding

c122359

Stub file to require sanitized query string in executeQuery

7421857

Merge branch 'sqltainting'

73f247a

Created sqlquerytainting directory

00819a9

Renamed sqlquerytainting files

61eb2b3

Added qualifiers SqlQueryComplete, SqlQuerySnippet, SqlQueryUnknown, …

07b7690

…and SqlSanitizedUser

Merge branch 'master' into sqlquerytainting

1f45a44

Revised qualifiers to SqlEvenQuotes, SqlOddQuotes, SqlQuoteless

c606a18

Revised qualifiers to SqlOddQuotes, SqlEvenQuotes, SqlQuoteless

4acc56d

Merge remote-tracking branch 'upstream/master'

c662a5c

Merge branch 'sqlquerytainting'

77f040e

Revised documentation and implementation of SQL query qualifiers: com…

2843a30

…bined SqlQuoteless and SqlEvenQuotes; revised documentations

Added type concatenation rules for SQL query qualifiers

1f6dd09

Debugged SQL query type factory

e7cf540

Added SQL query bottom type

08ddda9

iywang2016 and others added 29 commits April 8, 2025 10:53

Changed addComputedTypeAnnotations to visitMethodInvocation

e29832c

8000

Revised type factory to deal with NonConfidential toString

bc796d0

Fixed formatting issues

b516dfc

Trivial changes for pipeline rerun

9caaf90

Merge ../checker-framework-branch-master into iywang

8558c68

Merge ../checker-framework-branch-master into iywang

39b3581

Merge branch 'master' into iywang

845739a

Undo a change

61c4557

Merge branch 'iywang' of github.com:iywang2016/checker-framework into…

5073151

… iywang

Moved string concatenation rules to ConfidentialTransfer

b82a945

Merge remote-tracking branch 'origin/iywang' into iywang

f0bc003

Moved string concatenation rules to ConfidentialTransfer

599a40b

Fixed spotlessApply issues

ec3f8bc

Added comments

4015c6b

Added documentation for createAnnotationForStringConcatenation

da3612e

Ran spotlessApply

73a9345

Documented getValueAnnotation

db9fa0f

Confidential checker qualifier and transfer changes

a49c656

Confidential checker all-systems warning suppression

8322118

Merge ../checker-framework-branch-master into iywang

76391f5

Separate the explanations for two different warnings

b9a94a7

Merge ../checker-framework-branch-master into iywang

249fc77

Merge ../checker-framework-branch-master into iywang

ef46593

Warning justifications

02492b0

Code review changes

fd7ee4d

Fix Javadoc style

38148c3

Merge ../checker-framework-fork-mernst-branch-javadoc-style into iywang

741d4d9

Fix Javadoc style

0ceb6a7

Documentation improvements

166868a

mernst requested changes Jun 6, 2025

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Added confidential checker #6981

Added confidential checker #6981

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Added confidential checker #6981

Are you sure you want to change the base?

Added confidential checker #6981

Uh oh!

Conversation

Uh oh!

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!