Support Nesting of Exception Handlers

microsoft / infersharp

Infer# is an interprocedural and scalable static code analyzer for C#. Via the capabilities of Facebook's Infer, this tool detects null dereferences, resource leaks, and thread-safety violations. It also performs taint flow tracking to detect critical security vulnerabilities like SQL injections.

MIT License

727 stars 28 forks source link

Support Nesting of Exception Handlers #199

Closed matjin closed 1 year ago

matjin commented 1 year ago

Provides support for the translation of methods with nested exception handlers (i.e. using block nested within another using block, or using nested within the catch handler of a try-catch). Removed limitations on exceptional translation, including finally handlers ending with throw.

Tested:

Validated that SQL injection taint flow within nested exception handlers is detected
Validated that exception thrown within nested using blocks does not yield any resource leaks.

TODO:

In future PR, move examples to test framework.

xi-liu-ds commented 1 year ago

Overall I think this PR is good. I am wondering should we try it on a big repo, e.g., vsplatform, so we can confirm that the performance is ok and there is no risks of infinite loops.

matjin commented 1 year ago

Overall I think this PR is good. I am wondering should we try it on a big repo, e.g., vsplatform, so we can confirm that the performance is ok and there is no risks of infinite loops.

Thank you for that. Still working on these evals