Bug in special handling of Map structures like hashmap, request

[GoogleCodeExporter]

In parameter-httpsplitting configuration, there is a type error 

EQU-271653: JDBCDatabaseExport.java:133(340012):VAR_out{@Poly}  == 
JDBCDatabaseExport.java:139(340043):EXP_out{@Secret}

in snipsnap. 

It was due to the constant "name" used in both JDBCDatabaseExport.java:56:DBSER 
and SnipCopyServlet.java:104:request. It transmitted unnecessary flow. 

Original issue reported on code.google.com by [email protected] on 4 Sep 2013 at 1:25

[GoogleCodeExporter]

Temporary fix in r13. We used only the constant as the key before, but now we 
use type+constant instead. E.g the constraint was 
#CONSTANT#"key" == value
in hashmap.set("key", value). Now it becomes
#CONSTANT#java.util.Map_"key" == value

Therefore we can distinguish the "key" in java.util.Map from that in 
javax.servlet.ServletRequest. 

But this still cannot distinguish two mappings of the same HashMap type. A 
better solution would be treating all constant keys as fields of the map 
structure. Be fixed in the future. 

Original comment by [email protected] on 5 Sep 2013 at 12:45

• Changed state: Started

[GoogleCodeExporter]

About five leaks in blojsom cannot be detected after this fix. These are true 
flows, but they were detected because we handled the mapping structures 
"incorrectly". After this temporary fix, we couldn't detect them. 

Original comment by [email protected] on 7 Sep 2013 at 8:56