Non-safe string is passed to safe method

Reports cases when a non-safe object is passed to a method with a parameter marked with @Untainted annotations, returned from annotated methods or assigned to annotated fields, parameters, or local variables. Kotlin set and get methods for fields are not supported as entry points.

A safe object (in the same class) is:

a string literal, interface instance, or enum object
a result of a call of a method that is marked as @Untainted
a private field, which is assigned only with a string literal and has a safe initializer
a final field, which has a safe initializer
local variable or parameter that are marked as @Untainted and are not assigned from non-safe objects.

This field, local variable, or parameter must not be passed as arguments to methods or used as a qualifier or must be a primitive, its wrapper or immutable.

Also, static final fields are considered as safe.

The analysis is performed only inside one file. To process dependencies from other classes, use options. The analysis extends to private or static methods and has a limit of depth propagation.

Example:

  void doSmth(boolean b) {
    String s = safe();
    String s1 = "other";
    if (b) s1 = s;
    sink(s);
  }

  String sink(@Untainted String s) {}

Here we do not have non-safe string assignments to s so a warning is not produced. On the other hand:

  void doSmth(boolean b) {
    String s = safe();
    String s1 = "other";
    s1 = foo();
    if (b) s = s1;
    sink(s);        // warning here
  }

  String foo();

  String sink(@Untainted String s) {}

Here we have a warning since s1 has an unknown state after foo call result assignment.

Locating this inspection

By ID

Can be used to locate inspection in e.g. Qodana configuration files, where you can quickly enable or disable it, or adjust its settings.

SourceToSinkFlow

Via Settings dialog

Path to the inspection settings via IntelliJ Platform IDE Settings dialog, when you need to adjust inspection settings directly from your IDE.

Settings or Preferences | Editor | Inspections | JVM languages

New in 2021.2

Inspection options

Here you can find the description of settings available for the Non-safe string is passed to safe method inspection, and the reference of their default values.

Tainted annotations: [javax.annotation.Tainted, org.checkerframework.checker.tainting.qual.Tainted]
Untainted annotations: [javax.annotation.Untainted, org.checkerframework.checker.tainting.qual.Untainted]
Tainted parameters: None
Untainted parameters: None
Untainted parameters: None
Consider external methods untainted if receivers and arguments are untainted: Default: Selected
Tainted methods: None
Untainted methods: None
Safe classes: [java.lang.Boolean, boolean, kotlin.Boolean, java.lang.Class, kotlin.reflect.KClass]
Untainted fields: None
Consider parameters of private methods as safe: Not selected
Report if the case is too complex to check: Not selected
Checked types: [java.lang.String]
Methods to clean qualifiers: None
Analysis Depth inside the method: 5
Report unknown object: Default: Selected
Report unsafe object: Default: Selected

Availability

By default bundled with: IntelliJ IDEA 2024.1, Qodana for JVM 2024.1,
Can be installed with plugin: Java, 241.18072

Last modified: 18 June 2024