Checker Framework Tutorial

Previous Validating User Input

Finding a Security Error

This example uses the personalblog-demo project and uses the Tainting Checker to verify that user input does not contain SQL statements to avoid SQL injection. (If you have not already done so, download the tutorial sourcefiles.)

Outline
  1. Run the Tainting Checker using the Ant buildfile
  2. Correct the error
  3. Run the Tainting Checker--a new error is found
  4. Correct the new error
  5. Run the Tainting Checker--no errors

1. Build with provided Ant buildfile.

Please see the manual for a complete discussion of using the Checker Framework and the Ant build tool. Below is the output of the buildfile 

$ ant
Buildfile: .../personalblog-demo/build.xml

clean:

check-tainting:
    [mkdir] Created dir: .../personalblog-demo/bin
[jsr308.javac] Compiling 2 source files to .../personalblog-demo/bin
[jsr308.javac] javac 1.7.0-jsr308-1.5.0
[jsr308.javac] .../personalblog-demo/src/net/eyde/personalblog/service/PersonalBlogService.java:175: error: incompatible types in argument.
[jsr308.javac]                     "where post.category like '%", category,
[jsr308.javac]                                                    ^
[jsr308.javac]   found   : @Tainted String
[jsr308.javac]   required: @Untainted String
[jsr308.javac] 1 error

BUILD FAILED
.../personalblog-demo/build.xml:35: Compile failed; see the compiler error output for details.

Total time: 2 seconds

The checker issues an error for .getPostsByCategory() because a possibly tainted string category is used in the query construction.

2. Correct the Error

To correct this, add @Untainted to category parameter declaration. 

     public List<?> getPostsByCategory(@Untainted String category) throws ServiceException {
This forces clients to pass an @Untainted value, which was the intention of the designer of the getPostsByCategory method.

3. Rebuild with Ant

$ ant
Buildfile: .../personalblog-demo/build.xml

clean:
   [delete] Deleting directory .../personalblog-demo/bin

check-tainting:
    [mkdir] Created dir: .../personalblog-demo/bin
[jsr308.javac] Compiling 2 source files to .../personalblog-demo/bin
[jsr308.javac] javac 1.7.0-jsr308-1.5.0
[jsr308.javac] .../personalblog-demo/src/net/eyde/personalblog/struts/action/ReadAction.java:58: error: incompatible types in argument.
[jsr308.javac]                   	pblog.getPostsByCategory(reqCategory));
[jsr308.javac]                   	                         ^
[jsr308.javac]   found   : @Tainted String
[jsr308.javac]   required: @Untainted String
[jsr308.javac] 1 error

BUILD FAILED
.../personalblog-demo/build.xml:35: Compile failed; see the compiler error output for details.

Total time: 2 seconds

There is an error in ReadAction.executeSub() , which is a client of getPostsByCategory . The reqCategory is accepted from t he user (from request object) without validation.

3. Correct the Error

To correct, use the validate method as shown below. 

    String reqCategory = validate(cleanNull(request.getParameter("cat")));

4. Rebuild with Ant

There should be no errors. 
$ ant
Buildfile: .../personalblog-demo/build.xml

clean:
   [delete] Deleting directory .../personalblog-demo/bin

check-tainting:
    [mkdir] Created dir: .../personalblog-demo/bin
[jsr308.javac] Compiling 2 source files to .../personalblog-demo/bin
[jsr308.javac] javac 1.7.0-jsr308-1.5.0

BUILD SUCCESSFUL
Total time: 2 seconds

Next, try Writing an Encryption Checker or return to the main page of the Tutorial.