-
Notifications
You must be signed in to change notification settings - Fork 134
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Throwable.getMessage is unsafe by default #2151
Conversation
Generate changelog in
|
@@ -137,6 +137,11 @@ | |||
private static final Matcher<ExpressionTree> TO_STRING = | |||
MethodMatchers.instanceMethod().anyClass().named("toString").withNoParameters(); | |||
|
|||
private static final Matcher<ExpressionTree> THROWABLE_GET_MESSAGE = MethodMatchers.instanceMethod() | |||
.onDescendantOf(Throwable.class.getName()) | |||
.named("getMessage") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we should also treat Throwable#getLocalizedMessage()
as unsafe as well
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great idea, updated! Let me know if you think of other types/methods which are always unsafe.
Throwable.toString()
is unsafe as well, but I'd like to handle that differently later on in a way that captures string covnersion e.g. "exception: " + myException;
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good! Can follow up if we think of more types/methods that are always unsafe.
Released 4.85.0 |
###### _excavator_ is a bot for automating changes across repositories. Changes produced by the roomba/latest-baseline-oss check. # Release Notes ## 4.85.0 | Type | Description | Link | | ---- | ----------- | ---- | | Improvement | Throwable.getMessage is unsafe by default | palantir/gradle-baseline#2151 | ## 4.86.0 | Type | Description | Link | | ---- | ----------- | ---- | | Improvement | Ban java deserialization | palantir/gradle-baseline#2152 | ## 4.87.0 | Type | Description | Link | | ---- | ----------- | ---- | | Improvement | Array assignment merges safety rather than replacing it | palantir/gradle-baseline#2154 | To enable or disable this check, please contact the maintainers of Excavator.
==COMMIT_MSG==
Throwable.getMessage is unsafe by default
==COMMIT_MSG==