Issue created by jeff-aion (on Wednesday Nov 28, 2018 at 15:11 GMT)
This is expected to be used as the bootstrap method for invokedynamic calls when used to implement a lambda function. We don't have any verifications of the parameters, merely calling directly into the underlying factory in the JDK.
I suspect that this is made safe by the instrumentation pass operating on the callsite but the lack of verification in this part of the implementation makes me worry that we might not notice bugs on security oversights on the caller side, if there is anything missing or changed, in the future.
We should assert the method names and class names are their post-transformation forms and document any exceptions to these rules (if there are any), inline.
Issue created by jeff-aion (on Wednesday Nov 28, 2018 at 15:11 GMT)
This is expected to be used as the bootstrap method for
invokedynamiccalls when used to implement a lambda function. We don't have any verifications of the parameters, merely calling directly into the underlying factory in the JDK.I suspect that this is made safe by the instrumentation pass operating on the callsite but the lack of verification in this part of the implementation makes me worry that we might not notice bugs on security oversights on the caller side, if there is anything missing or changed, in the future.
We should assert the method names and class names are their post-transformation forms and document any exceptions to these rules (if there are any), inline.