Array assignment merges safety rather than replacing it (#2154)

Array assignment merges safety rather than replacing it
palantir · Mar 31, 2022 · 9f7b4a5 · 9f7b4a5
1 parent 0fed88d
commit 9f7b4a5
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 1 deletion.
diff --git a/...rone/src/main/java/com/palantir/baseline/errorprone/safety/SafetyPropagationTransfer.java b/...rone/src/main/java/com/palantir/baseline/errorprone/safety/SafetyPropagationTransfer.java
@@ -530,7 +530,9 @@ public TransferResult<Safety, AccessPathStore<Safety>> visitAssignment(
         if (target instanceof LocalVariableNode) {
             updates.trySet(target, safety);
         } else if (target instanceof ArrayAccessNode) {
-            updates.trySet(((ArrayAccessNode) target).getArray(), safety);
+            Node arrayNode = ((ArrayAccessNode) target).getArray();
+            Safety arrayCombinedSafety = input.getValueOfSubNode(arrayNode).leastUpperBound(safety);
+            updates.trySet(arrayNode, arrayCombinedSafety);
         } else if (target instanceof FieldAccessNode) {
             FieldAccessNode fieldAccess = (FieldAccessNode) target;
             updates.set(fieldAccess, safety);

diff --git a/...-prone/src/test/java/com/palantir/baseline/errorprone/IllegalSafeLoggingArgumentTest.java b/...-prone/src/test/java/com/palantir/baseline/errorprone/IllegalSafeLoggingArgumentTest.java
@@ -710,6 +710,10 @@ public void testArraySafety() {
                         "    // BUG: Diagnostic contains: Dangerous argument value: arg is 'DO_NOT_LOG' "
                                 + "but the parameter requires 'SAFE'.",
                         "    fun(one);",
+                        "    one[2] = safeParam;",
+                        "    // BUG: Diagnostic contains: Dangerous argument value: arg is 'DO_NOT_LOG' "
+                                + "but the parameter requires 'SAFE'.",
+                        "    fun(one);",
                         "    // BUG: Diagnostic contains: Dangerous argument value: arg is 'DO_NOT_LOG' "
                                 + "but the parameter requires 'SAFE'.",
                         "    fun(new Object[] {safeParam, unsafeParam, dnlParam});",

diff --git a/changelog/@unreleased/pr-2154.v2.yml b/changelog/@unreleased/pr-2154.v2.yml
@@ -0,0 +1,5 @@
+type: improvement
+improvement:
+  description: Array assignment merges safety rather than replacing it
+  links:
+  - https://github.com/palantir/gradle-baseline/pull/2154