Annotations for passwords

I’m not a big user of annotations, historically, and I only recently discovered “Pluggable Type Systems” in Java, so possibly this is a dumb question, but are there any annotation libraries where you can declare a variable or field something like “sensitive” and method parameters “insecure” so that the compiler can enforce good security control? Like, I envision declaring a variable “@sensitive val password = getPasswordFromSomewhere()” or a method like

def getPasswordFromSomewhere(): @sensitive String = { … }

(not sure about the syntax there; I’d like to declare that the result is @sensitive, not that the method does something sensitive, but maybe that’s not right) and a method like:

class MyLogger {
def debug(@insecure message: String, @insecure variable: Any) { … }

(I don’t know if this is a thing that annotations can do, but it would be nice if the compiler could infer that “val password: String” is @sensitive if getPasswordFromSomewhere is @sensitive, like how the compiler can trace a variable’s provenance and know that it may not be initialized)

and the compiler enforcing that you can’t write passwords to log files. I’ve taken a quick look at The Checker Framework, but didn’t see anything, though I intend to look more.

Thank you for reading and thank you for your patience if there’s an obvious answer I’ve overlooked.

1 Like

The usual Scala approach to this wouldn’t be with annotations, but with types. That is, don’t use String for this at all – instead, return a strong Password type from getPasswordFromSomewhere(). At that point, it is way easier to enforce proper behavior downstream – not a silver bullet, but a much more tractable problem.

In general, raw Strings, Ints, Longs and things like that are hard to use correctly. Using more-precise types reduces the scope for mistakes enormously, and it’s not unusual in Scala to use stronger types more or less exclusively.


IntelliJ IDEA already tracks the flow of variables marked with the javax.annotation.Tainted annotation, but that currently seems to work in Java only.


1 Like

Seconded. Annotations are easy to forget. Just use a simple wrapper (and override toString, btw!).

1 Like