| <!DOCTYPE html> |
| <html> |
| <head> |
| <meta name="generator" content= |
| "HTML Tidy for Linux (vers 25 March 2009), see www.w3.org"> |
| |
| <title>Checker Framework Tutorial - Security Error - Command |
| Line</title> |
| <link href="bootstrap/css/bootstrap.css" rel="stylesheet" type= |
| "text/css"> |
| <script type="text/javascript" src="bootstrap/js/bootstrap.min.js"> |
| </script> |
| <link href="css/main.css" rel="stylesheet" type="text/css"> |
| <link rel="icon" type="image/png" href= |
| "https://checkerframework.org/favicon-checkerframework.png"> |
| </head> |
| |
| <body> |
| <div class="top_liner"></div> |
| |
| <div class="navbar navbar-inverse navbar-fixed-top" style= |
| "border-bottom: 1px solid #66d;"> |
| <div class="navbar-inner"> |
| <div class="contained"> |
| <ul class="nav"> |
| <li class="heading">Checker Framework:</li> |
| |
| <li><a href="https://checkerframework.org/">Main Site</a></li> |
| |
| <li><a href= |
| "https://checkerframework.org/manual/"> |
| Manual</a></li> |
| |
| <li><a href= |
| "https://groups.google.com/forum/#!forum/checker-framework-discuss"> |
| Discussion List</a></li> |
| |
| <li><a href= |
| "https://github.com/typetools/checker-framework/issues">Issue |
| Tracker</a></li> |
| |
| <li><a href= |
| "https://github.com/typetools/checker-framework">Source |
| Code</a></li> |
| |
| <li class="active"><a href= |
| "https://checkerframework.org/tutorial/">Tutorial</a></li> |
| </ul> |
| </div> |
| </div> |
| </div><img src="https://checkerframework.org/CFLogo.png" alt="Checker Framework logo"> |
| |
| <div class="page-header short" style= |
| "border-bottom: 1px solid #EEE; border-top: none;"> |
| <h1>Checker Framework Tutorial</h1> |
| |
| <h2><small>Previous <a href="user-input-cmd.html">Validating User |
| Input</a></small></h2> |
| </div> |
| |
| <div id="introduction"> |
| <div class="page-header short" style="border-top: none;"> |
| <h2>Finding a Security Error</h2> |
| </div> |
| |
| <p>This example uses the Tainting Checker to verify that user input |
| does not contain SQL statements, thus preventing SQL injection. (If |
| you have not already done so, download <a href= |
| "../sourcefiles.zip">the tutorial sourcefiles</a>.)</p> |
| |
| <div class="well"> |
| <h5>Outline</h5> |
| |
| <ol> |
| <li><a href="#run1">Run the Tainting Checker — 1 error |
| found</a></li> |
| |
| <li><a href="#error1">Correct the error</a></li> |
| |
| <li><a href="#run2">Re-run the Tainting Checker — a new error is |
| found</a></li> |
| |
| <li><a href="#error2">Correct the new error</a></li> |
| |
| <li><a href="#run3">Re-run the Tainting Checker — no errors</a></li> |
| </ol> |
| </div> |
| |
| <div id="run1"> |
| <h4>1. Run the Tainting Checker — 1 error found</h4> |
| |
| <p>Run the buildfile: |
| <br/> (The Ant buildfile |
| makes use of the <a href= |
| "https://checkerframework.org/manual/#ant-task"> |
| Checker Framework support for Ant</a>.)</p> |
| <pre> |
| $ <b>cd personalblog-demo</b> |
| $ <b>ant</b> |
| Buildfile: .../personalblog-demo/build.xml |
| |
| clean: |
| |
| check-tainting: |
| [mkdir] Created dir: .../personalblog-demo/bin |
| [cf.javac] Compiling 2 source files to .../personalblog-demo/bin |
| [cf.javac] javac 1.8.0-jsr308-3.12.0 |
| [cf.javac] .../personalblog-demo/src/net/eyde/personalblog/service/PersonalBlogService.java:175: error: incompatible types in argument. |
| [cf.javac] "where post.category like '%", category, |
| [cf.javac] ^ |
| [cf.javac] found : @Tainted String |
| [cf.javac] required: @Untainted String |
| [cf.javac] 1 error |
| |
| BUILD FAILED |
| .../personalblog-demo/build.xml:35: Compile failed; see the compiler error output for details. |
| |
| Total time: 2 seconds |
| |
| </pre> |
| |
| <p>The checker issues an error for <code>getPostsByCategory()</code> |
| because the possibly-tainted string <code>category</code> is used in |
| the query construction. This string could contain SQL statements |
| that could taint the database. The programmer must ensure that |
| <code>category</code> does not contain malicious SQL code.</p> |
| </div> |
| |
| <div id="error1"> |
| <h4>2. Correct the Error</h4> |
| |
| <p>To correct this error, <b>add <code>@Untainted</code></b> to the |
| type of the <code>category</code> parameter.</p> |
| <pre> |
| public List<?> getPostsByCategory(<b>@Untainted</b> String category) throws ServiceException { |
| </pre>This forces clients to pass an <code>@Untainted</code> value, which |
| was the intention of the designer of the <code>getPostsByCategory</code> |
| method. |
| </div> |
| |
| <div id="run2"> |
| <h4>3. Re-run the Tainting Checker — a new error is found</h4> |
| |
| <p>Run the Tainting Checker again.</p> |
| |
| <pre> |
| $ <strong>ant</strong> |
| Buildfile: .../personalblog-demo/build.xml |
| |
| clean: |
| [delete] Deleting directory .../personalblog-demo/bin |
| |
| check-tainting: |
| [mkdir] Created dir: .../personalblog-demo/bin |
| [cf.javac] Compiling 2 source files to .../personalblog-demo/bin |
| [cf.javac] javac 1.8.0-jsr308-3.12.0 |
| [cf.javac] .../personalblog-demo/src/net/eyde/personalblog/struts/action/ReadAction.java:58: error: incompatible types in argument. |
| [cf.javac] pblog.getPostsByCategory(reqCategory)); |
| [cf.javac] ^ |
| [cf.javac] found : @Tainted String |
| [cf.javac] required: @Untainted String |
| [cf.javac] 1 error |
| |
| BUILD FAILED |
| .../personalblog-demo/build.xml:35: Compile failed; see the compiler error output for details. |
| |
| Total time: 2 seconds |
| |
| </pre> |
| |
| <p>There is an error in <code>ReadAction.executeSub()</code>, which |
| is a client of <code>getPostsByCategory</code>. The |
| <code>reqCategory</code> is accepted from the user (from request |
| object) without validation.</p> |
| </div> |
| |
| <div id="error2"> |
| <h4>4. Correct the New Error</h4>To correct, <b>use the |
| <code>validate</code> method</b> as shown below. |
| <pre> |
| String reqCategory = <b>validate(</b>cleanNull(request.getParameter("cat"))<b>)</b>; |
| </pre> |
| </div> |
| |
| <div id="run3"> |
| <h4>5. Re-run the Tainting Checker — no errors</h4> |
| |
| <p>There should be no errors.</p> |
| <pre> |
| $ <strong>ant</strong> |
| Buildfile: .../personalblog-demo/build.xml |
| |
| clean: |
| [delete] Deleting directory .../personalblog-demo/bin |
| |
| check-tainting: |
| [mkdir] Created dir: .../personalblog-demo/bin |
| [cf.javac] Compiling 2 source files to .../personalblog-demo/bin |
| [cf.javac] javac 1.8.0-jsr308-3.12.0 |
| |
| BUILD SUCCESSFUL |
| Total time: 2 seconds |
| </pre> |
| |
| <p>You are done with the personalblog-demo project, |
| so return to the parent directory</p> |
| |
| <pre> |
| $ <strong>cd ..</strong> |
| </pre> |
| |
| <p>For a complete discussion of how to use the Tainting Checker, |
| please read the <a href= |
| "https://checkerframework.org/manual/#tainting-checker"> |
| Tainting Checker chapter</a> in the Checker Framework manual.</p> |
| </div> |
| </div> |
| |
| <div id="installation"> |
| <div class="page-header short"> |
| <h2><small>Next, try <a href="encryption-checker-cmd.html">Writing |
| an Encryption Checker</a> or return to the <a href= |
| "../index.html">main page</a> of the Tutorial.</small></h2> |
| </div> |
| </div><!-- |
| <div class="bottom_liner well"> |
| <a href="#">Top</a> |
| </div> |
| --> |
| <!-- LocalWords: Plugin plugin VM SDK plugins quals classpath |
| --> |
| <!-- LocalWords: NullnessChecker plugin's hg |
| --> |
| </body> |
| </html> |