Skip to content

Taint is stuck in exception variable declaration of a catch clause: catch(Exception e) #3710

New issue
New issue
Open
Open
Taint is stuck in exception variable declaration of a catch clause: catch(Exception e)#3710
Labels
JavaquestionFurther information is requested
@intrigus-lgtm

Description

@intrigus-lgtm
intrigus-lgtm
opened on Jun 13, 2020

Description of the issue
Taint can not flow out of the caught exceptions in catch clauses.
E.g.

try {
} catch(Exception e) {
System.out.println(e.getMessage());
}

Here taint will not flow to e.getMessage().

import java
import semmle.code.java.dataflow.TaintTracking

class T extends TaintTracking::Configuration {
  T() { this = "T" }

  override predicate isSource(DataFlow::Node source) {
    exists(CatchClause c | c.getVariable() = source.asExpr())
  }

  override predicate isSink(DataFlow::Node sink) { any() }
}

from DataFlow::Node source, DataFlow::Node sink, T t
where t.hasFlow(source, sink)
select source, sink

Link to query:
https://lgtm.com/query/3909102737996232443/

Metadata

Metadata

Assignees

No one assigned

    Labels

    JavaquestionFurther information is requested

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions