docs/tutorial/webpages/security-error-cmd.html - typetools/checker-framework - Git at Google

 <!DOCTYPE html>
 <html>
 <head>
   <meta name="generator" content=
   "HTML Tidy for Linux (vers 25 March 2009), see www.w3.org">

   <title>Checker Framework Tutorial - Security Error - Command
   Line</title>
   <link href="bootstrap/css/bootstrap.css" rel="stylesheet" type=
   "text/css">
   <script type="text/javascript" src="bootstrap/js/bootstrap.min.js">
 </script>
   <link href="css/main.css" rel="stylesheet" type="text/css">
   <link rel="icon" type="image/png" href=
   "https://checkerframework.org/favicon-checkerframework.png">
   </head>

 <body>
   <div class="top_liner"></div>

   <div class="navbar navbar-inverse navbar-fixed-top" style=
   "border-bottom: 1px solid #66d;">
     <div class="navbar-inner">
       <div class="contained">
         <ul class="nav">
           <li class="heading">Checker Framework:</li>

           <li><a href="https://checkerframework.org/">Main Site</a></li>

           <li><a href=
           "https://checkerframework.org/manual/">
           Manual</a></li>

           <li><a href=
           "https://groups.google.com/forum/#!forum/checker-framework-discuss">
           Discussion List</a></li>

           <li><a href=
           "https://github.com/typetools/checker-framework/issues">Issue
           Tracker</a></li>

           <li><a href=
           "https://github.com/typetools/checker-framework">Source
           Code</a></li>

           <li class="active"><a href=
           "https://checkerframework.org/tutorial/">Tutorial</a></li>
         </ul>
       </div>
     </div>
   </div><img src="https://checkerframework.org/CFLogo.png" alt="Checker Framework logo">

   <div class="page-header short" style=
   "border-bottom: 1px solid #EEE; border-top: none;">
     <h1>Checker Framework Tutorial</h1>

     <h2><small>Previous <a href="user-input-cmd.html">Validating User
     Input</a></small></h2>
   </div>

   <div id="introduction">
     <div class="page-header short" style="border-top: none;">
       <h2>Finding a Security Error</h2>
     </div>

     <p>This example uses the Tainting Checker to verify that user input
     does not contain SQL statements, thus preventing SQL injection. (If
     you have not already done so, download <a href=
     "../sourcefiles.zip">the tutorial sourcefiles</a>.)</p>

     <div class="well">
       <h5>Outline</h5>

       <ol>
         <li><a href="#run1">Run the Tainting Checker &mdash; 1 error
         found</a></li>

         <li><a href="#error1">Correct the error</a></li>

         <li><a href="#run2">Re-run the Tainting Checker &mdash; a new error is
         found</a></li>

         <li><a href="#error2">Correct the new error</a></li>

         <li><a href="#run3">Re-run the Tainting Checker &mdash; no errors</a></li>
       </ol>
     </div>

     <div id="run1">
       <h4>1. Run the Tainting Checker &mdash; 1 error found</h4>

       <p>Run the buildfile:
       <br/> (The Ant buildfile
       makes use of the <a href=
       "https://checkerframework.org/manual/#ant-task">
       Checker Framework support for Ant</a>.)</p>
       <pre>
 $ <b>cd personalblog-demo</b>
 $ <b>ant</b>
 Buildfile: .../personalblog-demo/build.xml

 clean:

 check-tainting:
     [mkdir] Created dir: .../personalblog-demo/bin
 [cf.javac] Compiling 2 source files to .../personalblog-demo/bin
 [cf.javac] javac 1.8.0-jsr308-3.12.0
 [cf.javac] .../personalblog-demo/src/net/eyde/personalblog/service/PersonalBlogService.java:175: error: incompatible types in argument.
 [cf.javac]                     "where post.category like '%", category,
 [cf.javac]                                                    ^
 [cf.javac]   found   : @Tainted String
 [cf.javac]   required: @Untainted String
 [cf.javac] 1 error

 BUILD FAILED
 .../personalblog-demo/build.xml:35: Compile failed; see the compiler error output for details.

 Total time: 2 seconds

 </pre>

       <p>The checker issues an error for <code>getPostsByCategory()</code>
       because the possibly-tainted string <code>category</code> is used in
       the query construction. This string could contain SQL statements
       that could taint the database. The programmer must ensure that
       <code>category</code> does not contain malicious SQL code.</p>
     </div>

     <div id="error1">
       <h4>2. Correct the Error</h4>

       <p>To correct this error, <b>add <code>@Untainted</code></b> to the
       type of the <code>category</code> parameter.</p>
       <pre>
      public List&lt;?&gt; getPostsByCategory(<b>@Untainted</b> String category) throws ServiceException {
 </pre>This forces clients to pass an <code>@Untainted</code> value, which
 was the intention of the designer of the <code>getPostsByCategory</code>
 method.
     </div>

     <div id="run2">
       <h4>3. Re-run the Tainting Checker &mdash; a new error is found</h4>

       <p>Run the Tainting Checker again.</p>

       <pre>
 $ <strong>ant</strong>
 Buildfile: .../personalblog-demo/build.xml

 clean:
    [delete] Deleting directory .../personalblog-demo/bin

 check-tainting:
     [mkdir] Created dir: .../personalblog-demo/bin
 [cf.javac] Compiling 2 source files to .../personalblog-demo/bin
 [cf.javac] javac 1.8.0-jsr308-3.12.0
 [cf.javac] .../personalblog-demo/src/net/eyde/personalblog/struts/action/ReadAction.java:58: error: incompatible types in argument.
 [cf.javac]                          pblog.getPostsByCategory(reqCategory));
 [cf.javac]                                                   ^
 [cf.javac]   found   : @Tainted String
 [cf.javac]   required: @Untainted String
 [cf.javac] 1 error

 BUILD FAILED
 .../personalblog-demo/build.xml:35: Compile failed; see the compiler error output for details.

 Total time: 2 seconds

 </pre>

       <p>There is an error in <code>ReadAction.executeSub()</code>, which
       is a client of <code>getPostsByCategory</code>. The
       <code>reqCategory</code> is accepted from the user (from request
       object) without validation.</p>
     </div>

     <div id="error2">
       <h4>4. Correct the New Error</h4>To correct, <b>use the
       <code>validate</code> method</b> as shown below.
       <pre>
     String reqCategory = <b>validate(</b>cleanNull(request.getParameter("cat"))<b>)</b>;
 </pre>
     </div>

     <div id="run3">
       <h4>5. Re-run the Tainting Checker &mdash; no errors</h4>

       <p>There should be no errors.</p>
       <pre>
 $ <strong>ant</strong>
 Buildfile: .../personalblog-demo/build.xml

 clean:
    [delete] Deleting directory .../personalblog-demo/bin

 check-tainting:
     [mkdir] Created dir: .../personalblog-demo/bin
 [cf.javac] Compiling 2 source files to .../personalblog-demo/bin
 [cf.javac] javac 1.8.0-jsr308-3.12.0

 BUILD SUCCESSFUL
 Total time: 2 seconds
 </pre>

       <p>You are done with the personalblog-demo project,
       so return to the parent directory</p>

       <pre>
 $ <strong>cd ..</strong>
 </pre>

       <p>For a complete discussion of how to use the Tainting Checker,
       please read the <a href=
       "https://checkerframework.org/manual/#tainting-checker">
       Tainting Checker chapter</a> in the Checker Framework manual.</p>
     </div>
   </div>

   <div id="installation">
     <div class="page-header short">
       <h2><small>Next, try <a href="encryption-checker-cmd.html">Writing
       an Encryption Checker</a> or return to the <a href=
       "../index.html">main page</a> of the Tutorial.</small></h2>
     </div>
   </div><!--
 <div class="bottom_liner well">
     <a href="#">Top</a>
 </div>
 -->
   <!--  LocalWords:  Plugin plugin VM SDK plugins quals classpath
  -->
   <!--  LocalWords:  NullnessChecker plugin's hg
  -->
 </body>
 </html>
	<!DOCTYPE html>
	<html>
	<head>
	<meta name="generator" content=
	"HTML Tidy for Linux (vers 25 March 2009), see www.w3.org">

	<title>Checker Framework Tutorial - Security Error - Command
	Line</title>
	<link href="bootstrap/css/bootstrap.css" rel="stylesheet" type=
	"text/css">
	<script type="text/javascript" src="bootstrap/js/bootstrap.min.js">
	</script>
	<link href="css/main.css" rel="stylesheet" type="text/css">
	<link rel="icon" type="image/png" href=
	"https://checkerframework.org/favicon-checkerframework.png">
	</head>

	<body>
	<div class="top_liner"></div>

	<div class="navbar navbar-inverse navbar-fixed-top" style=
	"border-bottom: 1px solid #66d;">
	<div class="navbar-inner">
	<div class="contained">
	<ul class="nav">
	<li class="heading">Checker Framework:</li>

	<li><a href="https://checkerframework.org/">Main Site</a></li>

	<li><a href=
	"https://checkerframework.org/manual/">
	Manual</a></li>

	<li><a href=
	"https://groups.google.com/forum/#!forum/checker-framework-discuss">
	Discussion List</a></li>

	<li><a href=
	"https://github.com/typetools/checker-framework/issues">Issue
	Tracker</a></li>

	<li><a href=
	"https://github.com/typetools/checker-framework">Source
	Code</a></li>

	<li class="active"><a href=
	"https://checkerframework.org/tutorial/">Tutorial</a></li>
	</ul>
	</div>
	</div>
	</div><img src="https://checkerframework.org/CFLogo.png" alt="Checker Framework logo">

	<div class="page-header short" style=
	"border-bottom: 1px solid #EEE; border-top: none;">
	<h1>Checker Framework Tutorial</h1>

	<h2><small>Previous <a href="user-input-cmd.html">Validating User
	Input</a></small></h2>
	</div>

	<div id="introduction">
	<div class="page-header short" style="border-top: none;">
	<h2>Finding a Security Error</h2>
	</div>

	<p>This example uses the Tainting Checker to verify that user input
	does not contain SQL statements, thus preventing SQL injection. (If
	you have not already done so, download <a href=
	"../sourcefiles.zip">the tutorial sourcefiles</a>.)</p>

	<div class="well">
	<h5>Outline</h5>

	<ol>
	<li><a href="#run1">Run the Tainting Checker — 1 error
	found</a></li>

	<li><a href="#error1">Correct the error</a></li>

	<li><a href="#run2">Re-run the Tainting Checker — a new error is
	found</a></li>

	<li><a href="#error2">Correct the new error</a></li>

	<li><a href="#run3">Re-run the Tainting Checker — no errors</a></li>
	</ol>
	</div>

	<div id="run1">
	<h4>1. Run the Tainting Checker — 1 error found</h4>

	<p>Run the buildfile:
	<br/> (The Ant buildfile
	makes use of the <a href=
	"https://checkerframework.org/manual/#ant-task">
	Checker Framework support for Ant</a>.)</p>
	<pre>
	$ <b>cd personalblog-demo</b>
	$ <b>ant</b>
	Buildfile: .../personalblog-demo/build.xml

	clean:

	check-tainting:
	[mkdir] Created dir: .../personalblog-demo/bin
	[cf.javac] Compiling 2 source files to .../personalblog-demo/bin
	[cf.javac] javac 1.8.0-jsr308-3.12.0
	[cf.javac] .../personalblog-demo/src/net/eyde/personalblog/service/PersonalBlogService.java:175: error: incompatible types in argument.
	[cf.javac] "where post.category like '%", category,
	[cf.javac] ^
	[cf.javac] found : @Tainted String
	[cf.javac] required: @Untainted String
	[cf.javac] 1 error

	BUILD FAILED
	.../personalblog-demo/build.xml:35: Compile failed; see the compiler error output for details.

	Total time: 2 seconds

	</pre>

	<p>The checker issues an error for <code>getPostsByCategory()</code>
	because the possibly-tainted string <code>category</code> is used in
	the query construction. This string could contain SQL statements
	that could taint the database. The programmer must ensure that
	<code>category</code> does not contain malicious SQL code.</p>
	</div>

	<div id="error1">
	<h4>2. Correct the Error</h4>

	<p>To correct this error, <b>add <code>@Untainted</code></b> to the
	type of the <code>category</code> parameter.</p>
	<pre>
	public List<?> getPostsByCategory(<b>@Untainted</b> String category) throws ServiceException {
	</pre>This forces clients to pass an <code>@Untainted</code> value, which
	was the intention of the designer of the <code>getPostsByCategory</code>
	method.
	</div>

	<div id="run2">
	<h4>3. Re-run the Tainting Checker — a new error is found</h4>

	<p>Run the Tainting Checker again.</p>

	<pre>
	$ <strong>ant</strong>
	Buildfile: .../personalblog-demo/build.xml

	clean:
	[delete] Deleting directory .../personalblog-demo/bin

	check-tainting:
	[mkdir] Created dir: .../personalblog-demo/bin
	[cf.javac] Compiling 2 source files to .../personalblog-demo/bin
	[cf.javac] javac 1.8.0-jsr308-3.12.0
	[cf.javac] .../personalblog-demo/src/net/eyde/personalblog/struts/action/ReadAction.java:58: error: incompatible types in argument.
	[cf.javac] pblog.getPostsByCategory(reqCategory));
	[cf.javac] ^
	[cf.javac] found : @Tainted String
	[cf.javac] required: @Untainted String
	[cf.javac] 1 error

	BUILD FAILED
	.../personalblog-demo/build.xml:35: Compile failed; see the compiler error output for details.

	Total time: 2 seconds

	</pre>

	<p>There is an error in <code>ReadAction.executeSub()</code>, which
	is a client of <code>getPostsByCategory</code>. The
	<code>reqCategory</code> is accepted from the user (from request
	object) without validation.</p>
	</div>

	<div id="error2">
	<h4>4. Correct the New Error</h4>To correct, <b>use the
	<code>validate</code> method</b> as shown below.
	<pre>
	String reqCategory = <b>validate(</b>cleanNull(request.getParameter("cat"))<b>)</b>;
	</pre>
	</div>

	<div id="run3">
	<h4>5. Re-run the Tainting Checker — no errors</h4>

	<p>There should be no errors.</p>
	<pre>
	$ <strong>ant</strong>
	Buildfile: .../personalblog-demo/build.xml

	clean:
	[delete] Deleting directory .../personalblog-demo/bin

	check-tainting:
	[mkdir] Created dir: .../personalblog-demo/bin
	[cf.javac] Compiling 2 source files to .../personalblog-demo/bin
	[cf.javac] javac 1.8.0-jsr308-3.12.0

	BUILD SUCCESSFUL
	Total time: 2 seconds
	</pre>

	<p>You are done with the personalblog-demo project,
	so return to the parent directory</p>

	<pre>
	$ <strong>cd ..</strong>
	</pre>

	<p>For a complete discussion of how to use the Tainting Checker,
	please read the <a href=
	"https://checkerframework.org/manual/#tainting-checker">
	Tainting Checker chapter</a> in the Checker Framework manual.</p>
	</div>
	</div>

	<div id="installation">
	<div class="page-header short">
	<h2><small>Next, try <a href="encryption-checker-cmd.html">Writing
	an Encryption Checker</a> or return to the <a href=
	"../index.html">main page</a> of the Tutorial.</small></h2>
	</div>
	</div><!--
	<div class="bottom_liner well">
	<a href="#">Top</a>
	</div>
	-->
	<!-- LocalWords: Plugin plugin VM SDK plugins quals classpath
	-->
	<!-- LocalWords: NullnessChecker plugin's hg
	-->
	</body>
	</html>