-
Notifications
You must be signed in to change notification settings - Fork 469
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adding workaround for JDK > 8 invokedynamic tainting #690
Adding workaround for JDK > 8 invokedynamic tainting #690
Conversation
@h3xstream - is there any update on this? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I didn't investigate deeply this PR but it should fix the missing method for StringConcatFactory / makeConcatWithConstants from Java 9.
String signature = methodId.substring(methodId.indexOf("("), methodId.length()); | ||
SignatureParser p = new SignatureParser(signature); | ||
return p.getNumParameters(); | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
SignatureParser might not handle long and double parameters (which are double at runtime) but for makeConcatWithConstants
it should be fine.
Might fix #701 |
It seems to help greatly for JDK11 bytecodes with the new option turned on. One thing that does not get fixed is taint propagation for
|
I have some changes building on this pull request to make |
Hi,
We @oxeye created a possible workaround for this previously discussed issue:
#575
We are not 100% sure that this is the optimal solution for this issue, so we would love to get your feedback on this so we can address your observations.
We also noticed that you have set the target version for fixing this issue for the next version (1.13 scheduled for December), is it still the due date?
Thanks