[taint] add a Java example of taint propagation with lambdas

facebook / infer

A static analyzer for Java, C, C++, and Objective-C

http://fbinfer.com/

MIT License

14.83k stars 2k forks source link

[taint] add a Java example of taint propagation with lambdas #1742

Closed jeremydubreil closed 1 year ago

jeremydubreil commented 1 year ago

I have seen this pattern using lambdas leading to false negatives on real code. Pulse should report a taint error where invokeFunction(function) is called. I think there are different ways this could be addressed. Adding the false negative example for now.

facebook-github-bot commented 1 year ago

@skcho has imported this pull request. If you are a Meta employee, you can view this diff on Phabricator.

facebook-github-bot commented 1 year ago

@skcho merged this pull request in facebook/infer@7ae68b515a6e647e8c6809f8f5c4a7231c246a56.