public class Demo {
String[] arr = new String[1];
String a = new String("a");
String b = "b";
void test() {
String[] arr = new String[1];
String a = new String("a");
String b = "b";
}
Demo(){
String[] arr = new String[1];
String a = new String("a");
String b = "b";
}
}
After run ./run-security.sh Demo.java use the debug solver, the output is
import checkers.inference.qual.VarAnnot;
@VarAnnot(15)
public class Demo {
@VarAnnot(5)
String @VarAnnot(4) [] arr = new @VarAnnot(8) String @VarAnnot(7) [((@VarAnnot(6) int) (1))];
@VarAnnot(9)
String a = new @VarAnnot(11) String(((@VarAnnot(10) String) ("a")));
@VarAnnot(12)
String b = ((@VarAnnot(13) String) ("b"));
void test(@VarAnnot(43) Demo this) {
@VarAnnot(20)
String[] arr = new @VarAnnot(18) String @VarAnnot(17) [((@VarAnnot(16) int) (1))];
String a = new @VarAnnot(23) String(((@VarAnnot(22) String) ("a")));
String b = ((@VarAnnot(26) String) ("b"));
}
@VarAnnot(29)
Demo(){
@VarAnnot(34)
String[] arr = new @VarAnnot(32) String @VarAnnot(31) [((@VarAnnot(30) int) (1))];
String a = new @VarAnnot(37) String(((@VarAnnot(36) String) ("a")));
String b = ((@VarAnnot(40) String) ("b"));
}
}
There is no arraytype and Object on the lhs for variable declaration inside method. Since the security demo did not override any method from CFI, this should be improved in framework level.
Conside the code for security-demo,
After run ./run-security.sh Demo.java use the debug solver, the output is
There is no arraytype and Object on the lhs for variable declaration inside method. Since the security demo did not override any method from CFI, this should be improved in framework level.