Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Assert in TaintedDataAnalysis.TaintedDataSymbolMap<>.GetInfosForType #2708

Closed
mavasani opened this issue Jul 26, 2019 · 6 comments
Closed

Assert in TaintedDataAnalysis.TaintedDataSymbolMap<>.GetInfosForType #2708

mavasani opened this issue Jul 26, 2019 · 6 comments
Assignees
@dotpaul @LLLXXXCCC
Labels
Area-Microsoft.CodeAnalysis.NetAnalyzers Bug The product is not behaving according to its current intended design Category-Security

Comments

@mavasani
Copy link
Contributor

  1. Attempt to build the roslyn-analyzers repo with the latest analyzer debug bits built from master

Got:
Assert fires:

roslyn-analyzers/src/Utilities/FlowAnalysis/FlowAnalysis/Analysis/TaintedDataAnalysis/TaintedDataSymbolMap.cs

Line 86 in c844bfb

Debug.Assert(namedTypeSymbol != null); 

>	Microsoft.NetCore.Analyzers.dll!Analyzer.Utilities.FlowAnalysis.Analysis.TaintedDataAnalysis.TaintedDataSymbolMap<Analyzer.Utilities.FlowAnalysis.Analysis.TaintedDataAnalysis.SourceInfo>.GetInfosForType(Microsoft.CodeAnalysis.INamedTypeSymbol namedTypeSymbol) Line 86	C#
 	Microsoft.NetCore.Analyzers.dll!Analyzer.Utilities.FlowAnalysis.Analysis.TaintedDataAnalysis.TaintedDataSymbolMapExtensions.IsSourceConstantArrayOfType(Analyzer.Utilities.FlowAnalysis.Analysis.TaintedDataAnalysis.TaintedDataSymbolMap<Analyzer.Utilities.FlowAnalysis.Analysis.TaintedDataAnalysis.SourceInfo> sourceSymbolMap, Microsoft.CodeAnalysis.IArrayTypeSymbol arrayTypeSymbol) Line 85	C#
 	Microsoft.NetCore.Analyzers.dll!Microsoft.NetCore.Analyzers.Security.SourceTriggeredTaintedDataAnalyzerBase.Initialize.AnonymousMethod__4(Microsoft.CodeAnalysis.Diagnostics.OperationAnalysisContext operationAnalysisContext) Line 190	C#

Assert seems benign as we do handle the null value in the very next statement.
@mavasani mavasani added Bug The product is not behaving according to its current intended design Area-Microsoft.CodeAnalysis.NetAnalyzers Category-Security labels Jul 26, 2019
@mavasani mavasani added this to the vNext milestone Jul 26, 2019
@dotpaul
Copy link
Contributor

dotpaul commented Jul 27, 2019

@LLLXXXCCC can you look at this one as well? Also seems related to the TaintedDataAnalysis changes for constant arrays.

@LLLXXXCCC LLLXXXCCC mentioned this issue Jul 29, 2019
Merged
@mavasani
Copy link
Contributor Author

@LLLXXXCCC This should be fixed now?

@mavasani mavasani reopened this Jul 29, 2019
@LLLXXXCCC
Copy link
Contributor

It is supposed to be caused by the same reason with #2707 . This problem was solved. But I'll extend it to handle hard code in jagged array. @dotpaul

@dotpaul
Copy link
Contributor

dotpaul commented Jul 30, 2019

I doubt this issue has same root cause as #2707, because I don't remember the assert firing when running #2707's test case. I vaguely remember the assert coming from a different place.

@LLLXXXCCC were you able to repro? It'd be good to understand exactly what code made the assert fired. Maybe the fix will end up being the same, or maybe we'll find there's another code pattern we need to handle.

In any case, we should have at least one unit test containing code that would have fired the assert.

@LLLXXXCCC LLLXXXCCC mentioned this issue Jul 31, 2019
Merged
@mavasani
Copy link
Contributor Author

@dotpaul @LLLXXXCCC This should now be fixed, correct?

@dotpaul
Copy link
Contributor

dotpaul commented Aug 27, 2019

@dotpaul @LLLXXXCCC This should now be fixed, correct?

I believe so.

@dotpaul dotpaul closed this as completed Aug 27, 2019
@jmarolf jmarolf modified the milestones: vNext, .NET 5 Preview 8 Aug 12, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dotpaul dotpaul

@LLLXXXCCC LLLXXXCCC

Labels
Area-Microsoft.CodeAnalysis.NetAnalyzers Bug The product is not behaving according to its current intended design Category-Security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@jmarolf @mavasani @dotpaul @LLLXXXCCC