javax.annotation.Tainted Java Examples

public Position toPosition(@Tainted final int index)
{
    if (index < 0)
        throw new IllegalStateException();

    final Range<Integer> range;

    // Edge case: unfortunately, we can get an illegal index
    if (index >= len) {
        range = lines.get(nrLines - 1);
        return new Position(nrLines, len - range.lowerEndpoint() + 1);
    }

    final int lineNr = binarySearch(index);

    range = lines.get(lineNr);
    return new Position(lineNr + 1, index - range.lowerEndpoint() + 1);
}
 

/**
 * Check that {@code cert} is signed by the {@code ca} and not revoked.
 *
 * <p>Support for certificate chains has not been implemented.
 *
 * @throws GeneralSecurityException for unsupported protocols, certs not signed by the TMCH,
 *         parsing errors, encoding errors, if the CRL is expired, or if the CRL is older than the
 *         one currently in memory.
 */
public static void verifyCertificate(
    X509Certificate rootCert, X509CRL crl, @Tainted X509Certificate cert, Date now)
        throws GeneralSecurityException {
  cert.checkValidity(checkNotNull(now, "now"));
  cert.verify(rootCert.getPublicKey());
  if (crl.isRevoked(cert)) {
    X509CRLEntry entry = crl.getRevokedCertificate(cert);
    throw new CertificateRevokedException(
        checkNotNull(entry.getRevocationDate(), "revocationDate"),
        Optional.ofNullable(entry.getRevocationReason()).orElse(CRLReason.UNSPECIFIED),
        firstNonNull(entry.getCertificateIssuer(), crl.getIssuerX500Principal()),
        ImmutableMap.of());
  }
}
 

/**
 * Checks if an X.509 CRL you downloaded can safely replace your current CRL.
 *
 * <p>This routine makes sure {@code newCrl} is signed by {@code rootCert} and that its timestamps
 * are correct with respect to {@code now}.
 *
 * @throws GeneralSecurityException for unsupported protocols, certs not signed by the TMCH,
 *         incorrect keys, and for invalid, old, not-yet-valid or revoked certificates.
 */
public static void verifyCrl(
    X509Certificate rootCert, X509CRL oldCrl, @Tainted X509CRL newCrl, Date now)
    throws GeneralSecurityException {
  if (newCrl.getThisUpdate().before(oldCrl.getThisUpdate())) {
    throw new CRLException(String.format(
        "New CRL is more out of date than our current CRL. %s < %s\n%s",
        newCrl.getThisUpdate(), oldCrl.getThisUpdate(), newCrl));
  }
  if (newCrl.getNextUpdate().before(now)) {
    throw new CRLException("CRL has expired.\n" + newCrl);
  }
  newCrl.verify(rootCert.getPublicKey());
}
 

/**
 * Extracts a {@link PGPSignature} object from a blob of {@code .sig} data.
 *
 * @throws SignatureException if a signature object couldn't be extracted for any reason.
 */
private static PGPSignature pgpExtractSignature(@Tainted byte[] signature)
    throws SignatureException {
  try {
    ByteArrayInputStream input = new ByteArrayInputStream(signature);
    PGPObjectFactory decoder = new BcPGPObjectFactory(PGPUtil.getDecoderStream(input));
    Object object = decoder.nextObject();
    if (object == null) {
      throw new SignatureException(String.format(
          "No OpenPGP packets found in signature.\n%s",
          dumpHex(signature)));
    }
    if (!(object instanceof PGPSignatureList)) {
      throw new SignatureException(String.format(
          "Expected PGPSignatureList packet but got %s\n%s",
          object.getClass().getSimpleName(),
          dumpHex(signature)));
    }
    PGPSignatureList sigs = (PGPSignatureList) object;
    if (sigs.isEmpty()) {
      throw new SignatureException(String.format(
          "PGPSignatureList doesn't have a PGPSignature.\n%s",
          dumpHex(signature)));
    }
    return sigs.get(0);
  } catch (IOException e) {
    throw new SignatureException(String.format(
        "Failed to extract PGPSignature object from .sig blob.\n%s",
        dumpHex(signature)), e);
  }
}
 

/**
 * Convert and validate a raw user-supplied value.
 *
 * @throws FormFieldException if value does not meet expected contracts.
 */
@Detainted
public Optional<O> convert(@Tainted @Nullable I value) {
  try {
    return Optional.ofNullable(converter.apply(value));
  } catch (FormFieldException e) {
    throw e.propagate(name);
  }
}
 

/**
 * Convert and validate a raw user-supplied value from an untyped JSON map.
 *
 * @throws FormFieldException if value is wrong type or does not meet expected contracts.
 */
@Detainted
public Optional<O> extractUntyped(@Tainted Map<String, ?> jsonMap) {
  Object value = jsonMap.get(name);
  I castedValue;
  try {
    castedValue = typeIn.cast(value);
  } catch (ClassCastException e) {
    throw new FormFieldException(String.format("Type error: got: %s, expected: %s",
        value.getClass().getSimpleName(),
        typeIn.getSimpleName())).propagate(name);
  }
  return convert(castedValue);
}
 

@ExpectWarning("TQ")
public void needsUntaintedParam(@Tainted Object tainted, InterfaceWithDefaultUntaintedParams obj) {
    // Should see a warning here
    obj.requiresUntaintedParam(tainted);
}
 

public @Tainted
Object f() {
    return new Object();
}
 

@NoWarning("TQ")
void correctDoNotReport(@Tainted Object b) {
    Object x = sanitize(b);
    requiresUntainted(x);
}
 

@ExpectWarning("TQ")
void violationReport(@Tainted Object a) {
    Object y = a;
    requiresUntainted(y);
}
 

public Range<Integer> getLineRange(@Tainted final int lineNr)
{
    // Edge case: unfortunately, we can get an illegal line number
    return lines.get(Math.min(lineNr, nrLines) - 1);
}
 

/**
 * Convert and validate a raw user-supplied value from a map.
 *
 * <p>This is the same as saying: {@code field.convert(valueMap.get(field.name())}
 *
 * @throws FormFieldException if value does not meet expected contracts.
 */
@Detainted
public Optional<O> extract(@Tainted Map<String, I> valueMap) {
  return convert(valueMap.get(name));
}