Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Solve SpotBugs issue CT_CONSTRUCTOR_THROW in generated code #553

Closed
mikir opened this issue Dec 6, 2023 · 1 comment
Closed

Solve SpotBugs issue CT_CONSTRUCTOR_THROW in generated code #553

mikir opened this issue Dec 6, 2023 · 1 comment
Assignees
@Mi-La
Labels
enhancement New feature or request java Java language generator
Milestone
2.13

Comments

@mikir
Copy link
Contributor

mikir commented Dec 6, 2023
edited
Loading

SpotBugs issue CT_CONSTRUCTOR_THROW (Be wary of letting constructors throw exceptions) in generated code has been filtered out. It would be better to fix generated code instead.

Example from language/choice_types tests:

CT 	Exception thrown in class choice_types.bitmask_param_choice.BitmaskParamChoice at new choice_types.bitmask_param_choice.BitmaskParamChoice(PackingContext, BitStreamReader, Selector)
        will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.

Bug type CT_CONSTRUCTOR_THROW
In class choice_types.bitmask_param_choice.BitmaskParamChoice
In method new choice_types.bitmask_param_choice.BitmaskParamChoice(PackingContext, BitStreamReader, Selector)
At BitmaskParamChoice.java:[line 60]
At BitmaskParamChoice.java:[line 60]

Classes that throw exceptions in their constructors are vulnerable to Finalizer attacks. A finalizer attack can be prevented, by declaring the class final, using an empty finalizer declared as final, or by a clever use of a private constructor. See SEI CERT Rule OBJ-11 for more information.
@mikir mikir added enhancement New feature or request java Java language generator labels Dec 6, 2023
@mikir mikir added this to the 2.13 milestone Dec 6, 2023
@Mi-La Mi-La self-assigned this Dec 11, 2023
Mi-La added a commit that referenced this issue Dec 12, 2023
@Mi-La
[#553] Fix CT_CONSTRUCTOR_THROW spotbugs warning, make generated clas…
f49dbf3 
…ses final
@Mi-La Mi-La closed this as completed Dec 12, 2023
@Mi-La
Copy link
Contributor

Mi-La commented Dec 12, 2023

All generated classes are now declared as final since they were never intended to be further extended by applications. This solution solves CT_CONSTRUCTOR_THROW SpotBugs warning.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Mi-La Mi-La

Labels
enhancement New feature or request java Java language generator
Projects
None yet
Milestone
2.13
Development

No branches or pull requests
2 participants
@Mi-La @mikir