<i18n dev> RFR: JDK-8285932 Implementation of JEP-430 String Templates (Preview) [v7]
Stuart Marks
smarks at openjdk.org
Mon Oct 31 21:25:41 UTC 2022
On Mon, 31 Oct 2022 20:11:34 GMT, Jim Laskey <jlaskey at openjdk.org> wrote:
>> Enhance the Java programming language with string templates, which are similar to string literals but contain embedded expressions. A string template is interpreted at run time by replacing each expression with the result of evaluating that expression, possibly after further validation and transformation. This is a [preview language feature and API](http://openjdk.java.net/jeps/12).
>
> Jim Laskey has updated the pull request incrementally with one additional commit since the last revision:
>
> Add @SafeVarargs declarations
src/java.base/share/classes/java/lang/template/TemplateRuntime.java line 99:
> 97: private static <E> List<E> toList(E... elements) {
> 98: return JUCA.listFromTrustedArrayNullsAllowed(elements);
> 99: }
I'm ok with using JUCA to create an unmodifiable list that can contain nulls.
However, it "trusts" the argument array, meaning that the array is assumed to be referenced exclusively and so the array reference is used directly in the resulting List object. That implies that one needs to be very careful about the array that gets passed in, otherwise, the resulting List might not actually be unmodifiable.
In particular, the call site in StringTemplate.of()
https://github.com/openjdk/jdk/pull/10889/files#diff-d4e02e5ead5ad4f2cfe509c58d1145f599285cd6736bbf37e4116045b2fd50bcR309
passes the array obtained from a List parameter that comes directly from a public call, meaning that malicious code could keep a reference to the array returned by `toArray` and modify it later. You could clone the array, or just revert back to the slow path.
-------------
PR: https://git.openjdk.org/jdk/pull/10889
More information about the i18n-dev
mailing list