Semmle - String to byte array conversion without encoding

Johan Stuyts

Newbie

Posts: 5

String to byte array conversion without encoding

« on: October 02, 2007, 01:46:55 pm »

I have seen a lot of encoding problems. Some of these are caused by assuming the conversion from String to a byte array, and vice versa, will work the same on all hosts. This is not the case, the platform default encoding of the host is used.

The two scripts below find conversions without an explicitly specified encoding. First, the one to find the uses of 'String.getBytes()':
from Callable m
where m.fromSource()
and exists(Method g |
g.hasName("getBytes")
and g.getNumberOfParameters() = 0
and exists(Class s |
s.hasQualifiedName("java.lang", "String")
and g.getDeclaringType() = s)
and m.calls(g))
select m.getDeclaringType(), m, m.getAParamType()

And then the constructor of 'String':
from Callable m
where m.fromSource()
and exists(Constructor c |
c.hasName("String")
and c.getNumberOfParameters() = 1
and exists(Array a |
exists(PrimitiveType b |
b.hasName("byte") and a.getElementType() = b)
and c.getAParameter().getType() = a)
and exists(Class s |
s.hasQualifiedName("java.lang", "String")
and c.getDeclaringType() = s)
and m.calls(c))
select m.getDeclaringType(), m, m.getAParamType()

Johan Stuyts


	Logged

elnar

Administrator
Newbie

Posts: 17

Re: String to byte array conversion without encoding

« Reply #1 on: October 03, 2007, 03:54:13 pm »

Dear Johan,

thanks a lot for your cool queries. I really like them and we should probably add them to our library of prepackaged queries or perhaps you will create one of your own and share your XML bundle of queries here.

I would just like to suggest the same two queries, but in a style that utilizes more the object-oriented nature of the language. Which style you prefer more is of course up to you:

I first define a new .QL class StringClass for java type java.lang.String. Note that we are also looking for subtypes of type String:

Code:

class StringClass extends Class {
StringClass() { this.getASupertype*().hasQualifiedName("java.lang","String") }

Constructor getArrayByteConstructor() {
result.getDeclaringType() = this and
result.getNumberOfParameters() = 0 and
exists(PrimitiveType b | b.hasName("byte") and
((Array)result.getAParameter().
getType()) = b)
}

Method getBytesMethod() {
result.getDeclaringType() = this and
result.hasName("getBytes") and
result.getNumberOfParameters() = 0
}
}

and then use that class in both of your queries.

Query 1:

Code:

from Callable m
where m.fromSource() and
exists(StringClass sc | m.calls(sc.getBytesMethod()))
select m,
"warning: string to byte array conversion without encoding in:" +
m.toString()

Query 2:

Code:

from Callable m
where m.fromSource() and
exists(StringClass sc | m.calls(sc.getArrayByteConstructor()))
select m,
"warning: string to byte array conversion without encoding in:" +
m.toString()

These queries can then be executed to be shown in Eclipse Error view as warnings.

Please do let us know what you think.


« Last Edit: October 03, 2007, 04:06:37 pm by elnar »	Logged

Johan Stuyts

Newbie

Posts: 5

Re: String to byte array conversion without encoding

« Reply #2 on: October 08, 2007, 02:53:23 pm »

Hi Elnar,

I am glad you like my queries. You can use them any way you like them. Consider them to be in the public domain.

Unfortunately I have not had the time to get to know Semmle better so I was not able to use classes and bundles. Your improvements using classes make everything a lot more readable so I will certainly change the code on my end. The tip about being able to make it a warning is also great. I will definitely use that.

I currently store my queries in text files, but because the bundle editor has improved in Semmle 0.3.0 I will try to get my queries (with your improvements) in a bundle.

Johan


	Logged

Pages: [1]

« previous next »