Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Handle safety analysis for this and super references #3041

Merged
merged 5 commits into from
Feb 19, 2025
Merged

Handle safety analysis for this and super references #3041

merged 5 commits into from
Feb 19, 2025
+141 −9

Conversation

carterkozak
Copy link
Contributor

@carterkozak carterkozak commented Feb 18, 2025
edited
Loading

Before this PR

Previously we failed to handle safety metadata for this and super references similarly to other variable references. See the new tests for examples. Most notably, this meant one could implement a SafeLoggable exception thusly without a warning:

@Override
public String getLogMessage() {
    return getMessage(); // oh no! This is dangerous!
}

The danger is subtler than one might realize -- if such an exception is created with a known, safe message, it may be fine, however if it's constructed with a ctor that delegates to public Throwable(Throwable cause), then cause.toString() will be used as the exception message, which is almost certainly unsafe, even (or especially!) if the cause implements SafeLoggable due to the following:

public Throwable(Throwable cause) {
    fillInStackTrace();
    detailMessage = (cause==null ? null : cause.toString());
    this.cause = cause;
}

After this PR

==COMMIT_MSG==
Handle safety analysis for this and super references
==COMMIT_MSG==

@changelog-app
Copy link

changelog-app bot commented Feb 18, 2025
edited by carterkozak
Loading

Generate changelog in changelog/@unreleased

What do the change types mean?
  • feature: A new feature of the service.
  • improvement: An incremental improvement in the functionality or operation of the service.
  • fix: Remedies the incorrect behaviour of a component of the service in a backwards-compatible way.
  • break: Has the potential to break consumers of this service's API, inclusive of both Palantir services
    and external consumers of the service's API (e.g. customer-written software or integrations).
  • deprecation: Advertises the intention to remove service functionality without any change to the
    operation of the service itself.
  • manualTask: Requires the possibility of manual intervention (running a script, eyeballing configuration,
    performing database surgery, ...) at the time of upgrade for it to succeed.
  • migration: A fully automatic upgrade migration task with no engineer input required.

Note: only one type should be chosen.

How are new versions calculated?
  • ❗The break and manual task changelog types will result in a major release!
  • 🐛 The fix changelog type will result in a minor release in most cases, and a patch release version for patch branches. This behaviour is configurable in autorelease.
  • ✨ All others will result in a minor version release.

Type

  • Feature
  • Improvement
  • Fix
  • Break
  • Deprecation
  • Manual task
  • Migration

Description

Handle safety analysis for this and super references

Check the box to generate changelog(s)

  • Generate changelog entry

Sorry, something went wrong.

svc-changelog and others added 3 commits February 18, 2025 21:14
@svc-changelog
Add generated changelog entries

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode
Loading
Loading status checks…
6026b55
@carterkozak
update test

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode
Loading
Loading status checks…
61654cf
@carterkozak
exotic this safety test
Loading
Loading status checks…
f5f0908
@carterkozak
private helper method
Loading
Loading status checks…
f5cb596
@bulldozer-bot bulldozer-bot bot merged commit b0865fd into develop Feb 19, 2025
5 checks passed
@bulldozer-bot bulldozer-bot bot deleted the ckozak/this_and_super_safety branch February 19, 2025 16:09
@autorelease3
Copy link

autorelease3 bot commented Feb 19, 2025

Released 6.14.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bjlaub bjlaub

@parker89 parker89

@mpritham mpritham

@kunalrkak kunalrkak

Assignees
No one assigned
Labels
autorelease merge when ready
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@carterkozak @bjlaub @svc-changelog