Here are the examples of the java api org.apache.bcel.generic.ConstantPoolGen taken from open source projects. By voting up you can indicate which examples are most useful and appropriate.
170 Examples
19
Source : StreamResourceTracker.java
with GNU Lesser General Public License v2.1
from spotbugs
with GNU Lesser General Public License v2.1
from spotbugs
public boolean isResourceOpen(BasicBlock basicBlock, InstructionHandle handle, ConstantPoolGen cpg, Stream resource, ResourceValueFrame frame) {
return resource.isStreamOpen(basicBlock, handle, cpg, frame);
}
19
Source : StreamResourceTracker.java
with GNU Lesser General Public License v2.1
from spotbugs
with GNU Lesser General Public License v2.1
from spotbugs
@Override
public ResourceValueFrameModelingVisitor createVisitor(Stream resource, ConstantPoolGen cpg) {
return new StreamFrameModelingVisitor(cpg, this, resource);
}
19
Source : StreamResourceTracker.java
with GNU Lesser General Public License v2.1
from spotbugs
with GNU Lesser General Public License v2.1
from spotbugs
@Override
public Stream isResourceCreation(BasicBlock basicBlock, InstructionHandle handle, ConstantPoolGen cpg) {
// Use precomputed map of Locations to Stream creations,
// if present. Note that we don't care about preexisting
// resources here.
if (resourceCollection != null) {
return resourceCollection.getCreatedResource(new Location(handle, basicBlock));
}
Instruction ins = handle.getInstruction();
if (!(ins instanceof TypedInstruction)) {
return null;
}
Type type = ((TypedInstruction) ins).getType(cpg);
if (!(type instanceof ObjectType)) {
return null;
}
Location location = new Location(handle, basicBlock);
// All StreamFactories are given an opportunity to
// look at the location and possibly identify a created stream.
for (StreamFactory aStreamFactoryList : streamFactoryList) {
Stream stream = aStreamFactoryList.createStream(location, (ObjectType) type, cpg, lookupFailureCallback);
if (stream != null) {
return stream;
}
}
return null;
}
19
Source : StreamResourceTracker.java
with GNU Lesser General Public License v2.1
from spotbugs
with GNU Lesser General Public License v2.1
from spotbugs
@Override
public boolean mightCloseResource(BasicBlock basicBlock, InstructionHandle handle, ConstantPoolGen cpg) throws DataflowreplacedysisException {
return Stream.mightCloseStream(basicBlock, handle, cpg);
}
19
Source : StreamResourceTracker.java
with GNU Lesser General Public License v2.1
from spotbugs
with GNU Lesser General Public License v2.1
from spotbugs
@Override
public boolean isResourceClose(BasicBlock basicBlock, InstructionHandle handle, ConstantPoolGen cpg, Stream resource, ResourceValueFrame frame) {
return resource.isStreamClose(basicBlock, handle, cpg, frame, lookupFailureCallback);
}
19
Source : StaticFieldLoadStreamFactory.java
with GNU Lesser General Public License v2.1
from spotbugs
with GNU Lesser General Public License v2.1
from spotbugs
@Override
public Stream createStream(Location location, ObjectType type, ConstantPoolGen cpg, RepositoryLookupFailureCallback lookupFailureCallback) {
Instruction ins = location.getHandle().getInstruction();
if (ins.getOpcode() != Const.GETSTATIC) {
return null;
}
GETSTATIC getstatic = (GETSTATIC) ins;
if (!clreplacedName.equals(getstatic.getClreplacedName(cpg)) || !fieldName.equals(getstatic.getName(cpg)) || !fieldSig.equals(getstatic.getSignature(cpg))) {
return null;
}
return new Stream(location, type.getClreplacedName(), streamBaseClreplaced).setIgnoreImplicitExceptions(true).setIsOpenOnCreation(true);
}
19
Source : IOStreamFactory.java
with GNU Lesser General Public License v2.1
from spotbugs
with GNU Lesser General Public License v2.1
from spotbugs
@Override
public Stream createStream(Location location, ObjectType type, ConstantPoolGen cpg, RepositoryLookupFailureCallback lookupFailureCallback) {
try {
Instruction ins = location.getHandle().getInstruction();
if (ins.getOpcode() != Const.NEW) {
return null;
}
if (Hierarchy.isSubtype(type, baseClreplacedType)) {
boolean isUninteresting = false;
for (ObjectType aUninterestingSubclreplacedTypeList : uninterestingSubclreplacedTypeList) {
if (Hierarchy.isSubtype(type, aUninterestingSubclreplacedTypeList)) {
isUninteresting = true;
break;
}
}
Stream result = new Stream(location, type.getClreplacedName(), baseClreplacedType.getClreplacedName()).setIgnoreImplicitExceptions(true);
if (!isUninteresting) {
result.setInteresting(bugType);
}
return result;
}
} catch (ClreplacedNotFoundException e) {
lookupFailureCallback.reportMissingClreplaced(e);
}
return null;
}
19
Source : InstanceFieldLoadStreamFactory.java
with GNU Lesser General Public License v2.1
from spotbugs
with GNU Lesser General Public License v2.1
from spotbugs
@Override
public Stream createStream(Location location, ObjectType type, ConstantPoolGen cpg, RepositoryLookupFailureCallback lookupFailureCallback) {
Instruction ins = location.getHandle().getInstruction();
if (ins.getOpcode() != Const.GETFIELD) {
return null;
}
String fieldClreplaced = type.getClreplacedName();
try {
if (fieldClreplaced.startsWith("[")) {
return null;
}
if (!Hierarchy.isSubtype(fieldClreplaced, streamBaseClreplaced)) {
return null;
}
Stream stream = new Stream(location, fieldClreplaced, streamBaseClreplaced);
stream.setIsOpenOnCreation(true);
stream.setOpenLocation(location);
if (bugPatternType != null) {
stream.setInteresting(bugPatternType);
}
// System.out.println("Instance field stream at " + location);
return stream;
} catch (ClreplacedNotFoundException e) {
lookupFailureCallback.reportMissingClreplaced(e);
return null;
}
}
19
Source : FindSqlInjection.java
with GNU Lesser General Public License v2.1
from spotbugs
with GNU Lesser General Public License v2.1
from spotbugs
private boolean isStringAppend(Instruction ins, ConstantPoolGen cpg) {
if (ins instanceof INVOKEVIRTUAL) {
INVOKEVIRTUAL invoke = (INVOKEVIRTUAL) ins;
if ("append".equals(invoke.getMethodName(cpg)) && invoke.getClreplacedName(cpg).startsWith("java.lang.StringB")) {
String sig = invoke.getSignature(cpg);
char firstChar = sig.charAt(1);
return firstChar == '[' || firstChar == 'L';
}
}
return false;
}
19
Source : FindSqlInjection.java
with GNU Lesser General Public License v2.1
from spotbugs
with GNU Lesser General Public License v2.1
from spotbugs
private StringAppendState updateStringAppendState(Location location, ConstantPoolGen cpg, StringAppendState stringAppendState) {
InstructionHandle handle = location.getHandle();
Instruction ins = handle.getInstruction();
if (!isConstantStringLoad(location, cpg)) {
throw new IllegalArgumentException("instruction must be LDC");
}
LDC load = (LDC) ins;
Object value = load.getValue(cpg);
String stringValue = ((String) value).trim();
if (stringValue.startsWith(",") || stringValue.endsWith(",")) {
stringAppendState.setSawComma(handle);
}
if (isCloseQuote(stringValue) && stringAppendState.getSawOpenQuote(handle)) {
stringAppendState.setSawCloseQuote(handle);
}
if (isOpenQuote(stringValue)) {
stringAppendState.setSawOpenQuote(handle);
}
return stringAppendState;
}
19
Source : FindSqlInjection.java
with GNU Lesser General Public License v2.1
from spotbugs
with GNU Lesser General Public License v2.1
from spotbugs
private boolean isConstantStringLoad(Location location, ConstantPoolGen cpg) {
Instruction ins = location.getHandle().getInstruction();
if (ins instanceof LDC) {
LDC load = (LDC) ins;
Object value = load.getValue(cpg);
if (value instanceof String) {
return true;
}
}
return false;
}
19
Source : AnyMethodReturnValueStreamFactory.java
with GNU Lesser General Public License v2.1
from spotbugs
with GNU Lesser General Public License v2.1
from spotbugs
@Override
public Stream createStream(Location location, ObjectType type, ConstantPoolGen cpg, RepositoryLookupFailureCallback lookupFailureCallback) {
Instruction ins = location.getHandle().getInstruction();
try {
if (ins instanceof InvokeInstruction) {
if (!Hierarchy.isSubtype(type, baseClreplacedType)) {
return null;
}
Stream stream = new Stream(location, type.getClreplacedName(), baseClreplacedType.getClreplacedName()).setIsOpenOnCreation(true).setIgnoreImplicitExceptions(true);
if (bugType != null) {
stream.setInteresting(bugType);
}
return stream;
}
} catch (ClreplacedNotFoundException e) {
lookupFailureCallback.reportMissingClreplaced(e);
}
return null;
}
19
Source : NullnessConversationInstruction.java
with GNU Lesser General Public License v2.1
from spotbugs
with GNU Lesser General Public License v2.1
from spotbugs
@Override
public Type getType(ConstantPoolGen cp) {
return Type.BOOLEAN;
}
19
Source : NullnessConversationInstruction.java
with GNU Lesser General Public License v2.1
from spotbugs
with GNU Lesser General Public License v2.1
from spotbugs
@Override
public int consumeStack(ConstantPoolGen cpg) {
return 1;
}
19
Source : NullnessConversationInstruction.java
with GNU Lesser General Public License v2.1
from spotbugs
with GNU Lesser General Public License v2.1
from spotbugs
@Override
public int produceStack(ConstantPoolGen cpg) {
return 1;
}
19
Source : ValueNumberFrameModelingVisitor.java
with GNU Lesser General Public License v2.1
from spotbugs
with GNU Lesser General Public License v2.1
from spotbugs
@Override
public void visitGETSTATIC(GETSTATIC obj) {
ConstantPoolGen cpg = getCPG();
String fieldName = obj.getName(cpg);
String fieldSig = obj.getSignature(cpg);
ValueNumberFrame frame = getFrame();
if (RLE_DEBUG) {
System.out.println("GETSTATIC of " + fieldName + " : " + fieldSig);
}
// Is this an access of a Clreplaced object?
if (fieldName.startsWith("clreplaced$") && "Ljava/lang/Clreplaced;".equals(fieldSig)) {
String clreplacedName = fieldName.substring("clreplaced$".length()).replace('$', '.');
if (RLE_DEBUG) {
System.out.println("[found load of clreplaced object " + clreplacedName + "]");
}
ValueNumber value = factory.getClreplacedObjectValue(clreplacedName);
frame.pushValue(value);
return;
}
XField xfield = Hierarchy.findXField(obj, getCPG());
if (xfield != null) {
if (xfield.isVolatile()) {
getFrame().killAllLoads();
}
if (doRedundantLoadElimination()) {
loadStaticField(xfield, obj);
return;
}
}
handleNormalInstruction(obj);
}
19
Source : TargetEnumeratingVisitor.java
with GNU Lesser General Public License v2.1
from spotbugs
with GNU Lesser General Public License v2.1
from spotbugs
/**
* Visitor to find all of the targets of an instruction whose InstructionHandle
* is given. Note that we don't consider exception edges.
*
* @author David Hovemeyer
* @author Chadd Williams
*/
public clreplaced TargetEnumeratingVisitor extends org.apache.bcel.generic.EmptyVisitor implements EdgeTypes {
private final InstructionHandle handle;
private final ConstantPoolGen constPoolGen;
private final LinkedList<Target> targetList;
private boolean isBranch, isReturn, isThrow, isExit;
/**
* Constructor.
*
* @param handle
* the handle of the instruction whose targets should be
* enumerated
* @param constPoolGen
* the ConstantPoolGen object for the clreplaced
*/
public TargetEnumeratingVisitor(InstructionHandle handle, ConstantPoolGen constPoolGen) {
this.handle = handle;
this.constPoolGen = constPoolGen;
targetList = new LinkedList<>();
isBranch = isReturn = isThrow = isExit = false;
handle.getInstruction().accept(this);
}
/**
* Is the instruction the end of a basic block?
*/
public boolean isEndOfBasicBlock() {
return isBranch || isReturn || isThrow || isExit;
}
/**
* Is the replacedyzed instruction a method return?
*/
public boolean instructionIsReturn() {
return isReturn;
}
/**
* Is the replacedyzed instruction an explicit throw?
*/
public boolean instructionIsThrow() {
return isThrow;
}
/**
* Is the replacedyzed instruction an exit (call to System.exit())?
*/
public boolean instructionIsExit() {
return isExit;
}
/**
* Iterate over Target objects representing control flow targets and their
* edge types.
*/
public Iterator<Target> targereplacederator() {
return targetList.iterator();
}
@Override
public void visitGotoInstruction(GotoInstruction ins) {
isBranch = true;
InstructionHandle target = ins.getTarget();
if (target == null) {
throw new IllegalStateException();
}
targetList.add(new Target(target, GOTO_EDGE));
}
@Override
public void visitIfInstruction(IfInstruction ins) {
isBranch = true;
InstructionHandle target = ins.getTarget();
if (target == null) {
throw new IllegalStateException();
}
targetList.add(new Target(target, IFCMP_EDGE));
InstructionHandle fallThrough = handle.getNext();
targetList.add(new Target(fallThrough, FALL_THROUGH_EDGE));
}
@Override
public void visitSelect(Select ins) {
isBranch = true;
// Add non-default switch edges.
InstructionHandle[] targets = ins.getTargets();
for (InstructionHandle target : targets) {
targetList.add(new Target(target, SWITCH_EDGE));
}
// Add default switch edge.
InstructionHandle defaultTarget = ins.getTarget();
if (defaultTarget == null) {
throw new IllegalStateException();
}
targetList.add(new Target(defaultTarget, SWITCH_DEFAULT_EDGE));
}
@Override
public void visitReturnInstruction(ReturnInstruction ins) {
isReturn = true;
}
@Override
public void visitATHROW(ATHROW ins) {
isThrow = true;
}
@Override
public void visitINVOKESTATIC(INVOKESTATIC ins) {
// Find calls to System.exit(), since this effectively terminates the
// basic block.
String clreplacedName = ins.getClreplacedName(constPoolGen);
String methodName = ins.getName(constPoolGen);
String methodSig = ins.getSignature(constPoolGen);
if ("java.lang.System".equals(clreplacedName) && "exit".equals(methodName) && "(I)V".equals(methodSig)) {
isExit = true;
}
}
}
19
Source : StackDepthAnalysis.java
with GNU Lesser General Public License v2.1
from spotbugs
with GNU Lesser General Public License v2.1
from spotbugs
/**
* A really simple forward dataflow replacedysis to find the depth of the Java
* operand stack. This is more of a proof of concept for the dataflow replacedysis
* framework than anything useful.
*
* @see Dataflow
* @see Dataflowreplacedysis
*/
public clreplaced StackDepthreplacedysis extends ForwardDataflowreplacedysis<StackDepth> {
public static final int TOP = -1;
public static final int BOTTOM = -2;
private final ConstantPoolGen cpg;
/**
* Constructor.
*
* @param cpg
* the ConstantPoolGen of the method whose CFG we're performing
* the replacedysis on
* @param dfs
* DepthFirstSearch of the method's CFG
*/
public StackDepthreplacedysis(ConstantPoolGen cpg, DepthFirstSearch dfs) {
super(dfs);
this.cpg = cpg;
}
@Override
public StackDepth createFact() {
return new StackDepth(TOP);
}
@Override
public void makeFactTop(StackDepth fact) {
fact.setDepth(TOP);
}
@Override
public boolean isTop(StackDepth fact) {
return fact.getDepth() == TOP;
}
@Override
public boolean isFactValid(StackDepth fact) {
int depth = fact.getDepth();
return depth != TOP && depth != BOTTOM;
}
@Override
public void copy(StackDepth source, StackDepth dest) {
dest.setDepth(source.getDepth());
}
@Override
public void initEntryFact(StackDepth entryFact) {
// stack depth == 0 at entry to CFG
entryFact.setDepth(0);
}
@Override
public boolean same(StackDepth fact1, StackDepth fact2) {
return fact1.getDepth() == fact2.getDepth();
}
@Override
public void transferInstruction(InstructionHandle handle, BasicBlock basicBlock, StackDepth fact) throws DataflowreplacedysisException {
Instruction ins = handle.getInstruction();
int produced = ins.produceStack(cpg);
int consumed = ins.consumeStack(cpg);
if (produced == Const.UNPREDICTABLE || consumed == Const.UNPREDICTABLE) {
throw new IllegalStateException("Unpredictable stack delta for instruction: " + handle);
}
int depth = fact.getDepth();
depth += (produced - consumed);
if (depth < 0) {
fact.setDepth(BOTTOM);
} else {
fact.setDepth(depth);
}
}
@Override
public void meetInto(StackDepth fact, Edge edge, StackDepth result) {
int a = fact.getDepth();
int b = result.getDepth();
int combined;
if (a == TOP) {
combined = b;
} else if (b == TOP) {
combined = a;
} else if (a == BOTTOM || b == BOTTOM || a != b) {
combined = BOTTOM;
} else {
combined = a;
}
result.setDepth(combined);
}
// /**
// * Command line driver, for testing.
// */
// public static void main(String[] argv) throws Exception {
// if (argv.length != 1) {
// System.out.println("Usage: " + StackDepthreplacedysis.clreplaced.getName() +
// " <clreplaced file>");
// System.exit(1);
// }
//
// DataflowTestDriver<StackDepth, StackDepthreplacedysis> driver = new
// DataflowTestDriver<StackDepth, StackDepthreplacedysis>() {
// @Override
// public Dataflow<StackDepth, StackDepthreplacedysis>
// createDataflow(ClreplacedContext clreplacedContext, Method method)
// throws CFGBuilderException, DataflowreplacedysisException {
//
// DepthFirstSearch dfs = clreplacedContext.getDepthFirstSearch(method);
// CFG cfg = clreplacedContext.getCFG(method);
//
// StackDepthreplacedysis replacedysis = new
// StackDepthreplacedysis(clreplacedContext.getConstantPoolGen(), dfs);
// Dataflow<StackDepth, StackDepthreplacedysis> dataflow = new
// Dataflow<StackDepth, StackDepthreplacedysis>(cfg, replacedysis);
// dataflow.execute();
//
// return dataflow;
// }
// };
//
// driver.execute(argv[0]);
// }
}
19
Source : SignatureParser.java
with GNU Lesser General Public License v2.1
from spotbugs
with GNU Lesser General Public License v2.1
from spotbugs
/**
* Get the number of parameters preplaceded to method invocation.
*
* @param inv
* @param cpg
* @return int number of parameters
*/
public static int getNumParametersForInvocation(InvokeInstruction inv, ConstantPoolGen cpg) {
SignatureParser sigParser = new SignatureParser(inv.getSignature(cpg));
return sigParser.getNumParameters();
}
19
Source : InstructionActionCache.java
with GNU Lesser General Public License v2.1
from spotbugs
with GNU Lesser General Public License v2.1
from spotbugs
/**
* A cache for looking up the collection of ObligationPolicyDatabaseActions
* replacedociated with a given InstructionHandle. Avoids the need for repeated
* (slow) lookups.
*
* @author David Hovemeyer
*/
public clreplaced InstructionActionCache {
private static final boolean DEBUG_LOOKUP = SystemProperties.getBoolean("oa.debug.lookup");
private final ObligationPolicyDatabase database;
private final Map<InstructionHandle, Collection<ObligationPolicyDatabaseAction>> actionCache;
private final XMethod xmethod;
private final TypeDataflow typeDataflow;
private final ConstantPoolGen cpg;
public InstructionActionCache(ObligationPolicyDatabase database, XMethod xmethod, ConstantPoolGen cpg, TypeDataflow typeDataflow) {
this.database = database;
this.actionCache = new HashMap<>();
this.xmethod = xmethod;
this.cpg = cpg;
this.typeDataflow = typeDataflow;
}
static final ClreplacedDescriptor WILL_CLOSE = DescriptorFactory.createClreplacedDescriptor(WillClose.clreplaced);
public Collection<ObligationPolicyDatabaseAction> getActions(BasicBlock block, InstructionHandle handle) {
Collection<ObligationPolicyDatabaseAction> actionList = actionCache.get(handle);
if (actionList == null) {
Instruction ins = handle.getInstruction();
actionList = Collections.emptyList();
if (ins instanceof InvokeInstruction) {
if (ins instanceof INVOKEDYNAMIC) {
return actionList;
}
InvokeInstruction inv = (InvokeInstruction) ins;
XMethod invokedMethod = XFactory.createXMethod(inv, cpg);
String signature = invokedMethod.getSignature();
String methodName = invokedMethod.getName();
if (DEBUG_LOOKUP) {
System.out.println("Looking up actions for call to " + invokedMethod);
}
if (invokedMethod.getAnnotationDescriptors().contains(WILL_CLOSE) && methodName.startsWith("close") && signature.endsWith(")V")) {
actionList = Collections.singletonList(ObligationPolicyDatabaseAction.CLEAR);
} else if (signature.indexOf(';') >= -1) {
ReferenceType receiverType = inv.getReferenceType(cpg);
boolean isStatic = inv.getOpcode() == Const.INVOKESTATIC;
actionList = new LinkedList<>();
database.getActions(receiverType, methodName, signature, isStatic, actionList);
if (actionList.isEmpty()) {
try {
TypeFrame factAtLocation = null;
SignatureParser sigParser = new SignatureParser(signature);
// int startIndex = 0;
// if (!xmethod.isStatic())
// startIndex = 1;
Iterator<String> signatureIterator = sigParser.parameterSignatureIterator();
int parameters = sigParser.getNumParameters();
for (int i = 0; i < parameters; i++) {
String sig = signatureIterator.next();
Collection<ClreplacedDescriptor> annotations = invokedMethod.getParameterAnnotationDescriptors(i);
if (annotations.contains(WILL_CLOSE) || "Ljava/io/Closeable;".equals(sig) || methodName.startsWith("close")) {
// closing this value
if (factAtLocation == null) {
factAtLocation = typeDataflow.getFactAtLocation(new Location(handle, block));
}
Type argumentType = factAtLocation.getArgument(inv, cpg, i, sigParser);
if (argumentType instanceof ObjectType) {
Obligation obligation = database.getFactory().getObligationByType((ObjectType) argumentType);
if (obligation != null) {
actionList.add(new ObligationPolicyDatabaseAction(ObligationPolicyDatabaseActionType.DEL, obligation));
}
}
}
}
} catch (CheckedreplacedysisException e) {
replacedysisContext.logError("Error checking " + invokedMethod, e);
} catch (ClreplacedNotFoundException e) {
replacedysisContext.reportMissingClreplaced(e);
} finally {
}
}
if (DEBUG_LOOKUP && !actionList.isEmpty()) {
System.out.println(" At " + handle + ": " + actionList);
}
}
} else if (ins instanceof PUTFIELD || ins instanceof PUTSTATIC || ins instanceof ARETURN) {
Location loc = new Location(handle, block);
try {
TypeFrame typeFrame = typeDataflow.getFactAtLocation(loc);
if (typeFrame.isValid()) {
Type tosType = typeFrame.getTopValue();
if (tosType instanceof ObjectType) {
ObligationFactory factory = database.getFactory();
Obligation obligation = factory.getObligationByType((ObjectType) tosType);
if (obligation != null) {
if ("java.sql.ResultSet".equals(obligation.getClreplacedName())) {
ObjectType sType = ObjectTypeFactory.getInstance(java.sql.Statement.clreplaced);
Obligation sObligation = factory.getObligationByType(sType);
actionList = Arrays.asList(new ObligationPolicyDatabaseAction(ObligationPolicyDatabaseActionType.DEL, obligation), new ObligationPolicyDatabaseAction(ObligationPolicyDatabaseActionType.DEL, sObligation));
} else {
actionList = Collections.singleton(new ObligationPolicyDatabaseAction(ObligationPolicyDatabaseActionType.DEL, obligation));
}
}
}
}
} catch (ClreplacedNotFoundException e) {
replacedysisContext.reportMissingClreplaced(e);
} catch (Exception e) {
replacedysisContext.logError("Error in checking obligation replacedysis for " + xmethod, e);
}
}
actionCache.put(handle, actionList);
}
return actionList;
}
public boolean addsObligation(BasicBlock block, InstructionHandle handle, Obligation obligation) {
return hasAction(block, handle, obligation, ObligationPolicyDatabaseActionType.ADD);
}
public boolean deletesObligation(BasicBlock block, InstructionHandle handle, Obligation obligation) {
return hasAction(block, handle, obligation, ObligationPolicyDatabaseActionType.DEL);
}
private boolean hasAction(BasicBlock block, InstructionHandle handle, Obligation obligation, ObligationPolicyDatabaseActionType actionType) {
Collection<ObligationPolicyDatabaseAction> actionList = getActions(block, handle);
for (ObligationPolicyDatabaseAction action : actionList) {
if (action.getActionType() == actionType && action.getObligation().equals(obligation)) {
return true;
}
}
return false;
}
}
19
Source : FieldSetAnalysis.java
with GNU Lesser General Public License v2.1
from spotbugs
with GNU Lesser General Public License v2.1
from spotbugs
/**
* @author David Hovemeyer
*/
public abstract clreplaced FieldSetreplacedysis extends ForwardDataflowreplacedysis<FieldSet> {
private final ConstantPoolGen cpg;
private final Map<InstructionHandle, XField> instructionToFieldMap;
public FieldSetreplacedysis(DepthFirstSearch dfs, ConstantPoolGen cpg) {
super(dfs);
this.cpg = cpg;
this.instructionToFieldMap = new HashMap<>();
}
public ConstantPoolGen getCPG() {
return cpg;
}
@Override
public void makeFactTop(FieldSet fact) {
fact.setTop();
}
@Override
public boolean isTop(FieldSet fact) {
return fact.isTop();
}
@Override
public void initEntryFact(FieldSet result) throws DataflowreplacedysisException {
result.clear();
}
// public void initResultFact(FieldSet result) {
// makeFactTop(result);
// }
@Override
public void meetInto(FieldSet fact, Edge edge, FieldSet result) throws DataflowreplacedysisException {
result.mergeWith(fact);
}
@Override
public boolean same(FieldSet fact1, FieldSet fact2) {
return fact1.sameAs(fact2);
}
@Override
public FieldSet createFact() {
return new FieldSet();
}
@Override
public boolean isFactValid(FieldSet fact) {
return fact.isValid();
}
@Override
public void copy(FieldSet source, FieldSet dest) {
dest.copyFrom(source);
}
@Override
public void transferInstruction(InstructionHandle handle, BasicBlock basicBlock, FieldSet fact) throws DataflowreplacedysisException {
if (!isFactValid(fact)) {
return;
}
handleInstruction(handle, basicBlock, fact);
}
private void handleInstruction(InstructionHandle handle, BasicBlock basicBlock, FieldSet fact) {
Instruction ins = handle.getInstruction();
short opcode = ins.getOpcode();
XField field;
switch(opcode) {
case Const.GETFIELD:
case Const.GETSTATIC:
field = lookupField(handle, (FieldInstruction) ins);
if (field != null) {
sawLoad(fact, field);
}
break;
case Const.PUTFIELD:
case Const.PUTSTATIC:
field = lookupField(handle, (FieldInstruction) ins);
if (field != null) {
sawStore(fact, field);
}
break;
case Const.INVOKEINTERFACE:
case Const.INVOKESPECIAL:
case Const.INVOKESTATIC:
case Const.INVOKEVIRTUAL:
// replacedume that the called method replacedigns loads and stores all
// possible fields
fact.setBottom();
break;
default:
break;
}
}
@CheckForNull
private XField lookupField(InstructionHandle handle, FieldInstruction fins) {
XField field = instructionToFieldMap.get(handle);
if (field == null) {
field = Hierarchy.findXField(fins, getCPG());
instructionToFieldMap.put(handle, field);
}
return field;
}
protected abstract void sawLoad(FieldSet fact, XField field);
protected abstract void sawStore(FieldSet fact, XField field);
}
19
Source : Frame.java
with GNU Lesser General Public License v2.1
from spotbugs
with GNU Lesser General Public License v2.1
from spotbugs
/**
* Get the slot the object instance referred to by given instruction is
* located in.
*
* @param ins
* the Instruction
* @param cpg
* the ConstantPoolGen for the method
* @return stack slot the object instance is in
* @throws DataflowreplacedysisException
*/
public int getInstanceSlot(Instruction ins, ConstantPoolGen cpg) throws DataflowreplacedysisException {
if (!isValid()) {
throw new DataflowreplacedysisException("Accessing invalid frame at " + ins);
}
int numConsumed = ins.consumeStack(cpg);
if (numConsumed == Const.UNPREDICTABLE) {
throw new DataflowreplacedysisException("Unpredictable stack consumption in " + ins);
}
if (numConsumed > getStackDepth()) {
throw new DataflowreplacedysisException("Stack underflow " + ins);
}
return getNumSlots() - numConsumed;
}
19
Source : Frame.java
with GNU Lesser General Public License v2.1
from spotbugs
with GNU Lesser General Public License v2.1
from spotbugs
/**
* Get the stack location (counting down from top of stack, starting at 0)
* containing the object instance referred to by given instruction. This
* relies on the observation that in instructions which use an object
* instance (such as getfield, invokevirtual, etc.), the object instance is
* the first operand used by the instruction.
*
* <p>
* The value returned may be preplaceded to getStackValue(int).
* </p>
*
* @param ins
* the Instruction
* @param cpg
* the ConstantPoolGen for the method
* @return stack location (counting down from top of stack, starting at 0)
* containing the object instance
* @throws DataflowreplacedysisException
*/
public int getInstanceStackLocation(Instruction ins, ConstantPoolGen cpg) throws DataflowreplacedysisException {
int numConsumed = ins.consumeStack(cpg);
if (numConsumed == Const.UNPREDICTABLE) {
throw new DataflowreplacedysisException("Unpredictable stack consumption in " + ins);
}
return numConsumed - 1;
}
19
Source : Frame.java
with GNU Lesser General Public License v2.1
from spotbugs
with GNU Lesser General Public License v2.1
from spotbugs
/**
* Get the value corresponding to the object instance used in the given
* instruction. This relies on the observation that in instructions which
* use an object instance (such as getfield, invokevirtual, etc.), the
* object instance is the first operand used by the instruction.
*
* @param ins
* the instruction
* @param cpg
* the ConstantPoolGen for the method
*/
public ValueType getInstance(Instruction ins, ConstantPoolGen cpg) throws DataflowreplacedysisException {
return getStackValue(getInstanceStackLocation(ins, cpg));
}
19
Source : UnconditionalValueDerefAnalysis.java
with GNU Lesser General Public License v2.1
from spotbugs
with GNU Lesser General Public License v2.1
from spotbugs
public static boolean isNullCheck(InstructionHandle h, ConstantPoolGen cpg) {
if (!(h.getInstruction() instanceof IFNONNULL)) {
return false;
}
h = h.getNext();
final Instruction newInstruction = h.getInstruction();
if (!(newInstruction instanceof NEW)) {
return false;
}
final ObjectType loadClreplacedType = ((NEW) newInstruction).getLoadClreplacedType(cpg);
if (!"java.lang.NullPointerException".equals(loadClreplacedType.getClreplacedName())) {
return false;
}
h = h.getNext();
return check(h, NULLCHECK1) || check(h, NULLCHECK2);
}
19
Source : Wild.java
with GNU Lesser General Public License v2.1
from spotbugs
with GNU Lesser General Public License v2.1
from spotbugs
@Override
public MatchResult match(InstructionHandle handle, ConstantPoolGen cpg, ValueNumberFrame before, ValueNumberFrame after, BindingSet bindingSet) throws DataflowreplacedysisException {
return new MatchResult(this, bindingSet);
}
19
Source : Opcode.java
with GNU Lesser General Public License v2.1
from spotbugs
with GNU Lesser General Public License v2.1
from spotbugs
@Override
public MatchResult match(InstructionHandle handle, ConstantPoolGen cpg, ValueNumberFrame before, ValueNumberFrame after, BindingSet bindingSet) throws DataflowreplacedysisException {
if (handle.getInstruction().getOpcode() == opcode) {
return new MatchResult(this, bindingSet);
} else {
return null;
}
}
19
Source : New.java
with GNU Lesser General Public License v2.1
from spotbugs
with GNU Lesser General Public License v2.1
from spotbugs
@Override
public MatchResult match(InstructionHandle handle, ConstantPoolGen cpg, ValueNumberFrame before, ValueNumberFrame after, BindingSet bindingSet) throws DataflowreplacedysisException {
Instruction ins = handle.getInstruction();
if (!(ins instanceof NEW)) {
return null;
}
LocalVariable result = new LocalVariable(after.getTopValue());
return addOrCheckDefinition(result, bindingSet);
}
19
Source : Monitorenter.java
with GNU Lesser General Public License v2.1
from spotbugs
with GNU Lesser General Public License v2.1
from spotbugs
@Override
public MatchResult match(InstructionHandle handle, ConstantPoolGen cpg, ValueNumberFrame before, ValueNumberFrame after, BindingSet bindingSet) throws DataflowreplacedysisException {
// Instruction must be MONITORENTER.
Instruction ins = handle.getInstruction();
if (!(ins instanceof MONITORENTER)) {
return null;
}
// Ensure the object being locked matches any previous
// instructions which bound our variable name to a value.
Variable lock = new LocalVariable(before.getTopValue());
return addOrCheckDefinition(lock, bindingSet);
}
19
Source : MatchAny.java
with GNU Lesser General Public License v2.1
from spotbugs
with GNU Lesser General Public License v2.1
from spotbugs
@Override
public MatchResult match(InstructionHandle handle, ConstantPoolGen cpg, ValueNumberFrame before, ValueNumberFrame after, BindingSet bindingSet) throws DataflowreplacedysisException {
for (PatternElement child : childList) {
MatchResult matchResult = child.match(handle, cpg, before, after, bindingSet);
if (matchResult != null) {
return matchResult;
}
}
return null;
}
19
Source : Invoke.java
with GNU Lesser General Public License v2.1
from spotbugs
with GNU Lesser General Public License v2.1
from spotbugs
@Override
public MatchResult match(InstructionHandle handle, ConstantPoolGen cpg, ValueNumberFrame before, ValueNumberFrame after, BindingSet bindingSet) throws DataflowreplacedysisException {
// See if the instruction is an InvokeInstruction
Instruction ins = handle.getInstruction();
if (!(ins instanceof InvokeInstruction)) {
return null;
}
InvokeInstruction inv = (InvokeInstruction) ins;
String methodName = inv.getMethodName(cpg);
boolean isStatic = inv.getOpcode() == Const.INVOKESTATIC;
boolean isCtor = Const.CONSTRUCTOR_NAME.equals(methodName);
int actualMode = 0;
if (isStatic) {
actualMode |= STATIC;
}
if (isCtor) {
actualMode |= CONSTRUCTOR;
}
if (!isStatic && !isCtor) {
actualMode |= INSTANCE;
}
// Intersection of actual and desired modes must be nonempty.
if ((actualMode & mode) == 0) {
return null;
}
// Check clreplaced name, method name, and method signature.
if (!methodNameMatcher.match(methodName) || !methodSigMatcher.match(inv.getSignature(cpg)) || !clreplacedNameMatcher.match(inv.getClreplacedName(cpg))) {
return null;
}
// It's a match!
return new MatchResult(this, bindingSet);
}
19
Source : IfNull.java
with GNU Lesser General Public License v2.1
from spotbugs
with GNU Lesser General Public License v2.1
from spotbugs
@Override
public MatchResult match(InstructionHandle handle, ConstantPoolGen cpg, ValueNumberFrame before, ValueNumberFrame after, BindingSet bindingSet) throws DataflowreplacedysisException {
// Instruction must be IFNULL or IFNONNULL.
Instruction ins = handle.getInstruction();
if (!(ins instanceof IFNULL || ins instanceof IFNONNULL)) {
return null;
}
// Ensure reference used is consistent with previous uses of
// same variable.
LocalVariable ref = new LocalVariable(before.getTopValue());
return addOrCheckDefinition(ref, bindingSet);
}
19
Source : VisitorImpl.java
with GNU General Public License v3.0
from michaelmilleryoder
with GNU General Public License v3.0
from michaelmilleryoder
clreplaced VisitorImpl extends EmptyVisitor {
private ConstantPool pool;
private Log log;
private Design design;
private ConstantPoolGen poolGen;
private InstructionVisitor visitor;
private Location location;
public VisitorImpl(ConstantPool pool, Log log, Design d, Location loc) {
this.pool = pool;
this.log = log;
this.design = d;
this.location = loc;
this.poolGen = new ConstantPoolGen(pool);
visitor = new InstructionVisitor(poolGen, log, d);
}
private void log(String s, int level) {
log.log(s, level);
}
public void visitJavaClreplaced(JavaClreplaced c) {
log(" super=" + c.getSuperclreplacedName(), Project.MSG_VERBOSE);
String[] names = c.getInterfaceNames();
String superClreplaced = c.getSuperclreplacedName();
design.checkClreplaced(superClreplaced);
for (int i = 0; i < names.length; i++) {
log(" interfaces=" + names[i], Project.MSG_VERBOSE);
design.checkClreplaced(names[i]);
}
}
/**
* @see org.apache.bcel.clreplacedfile.Visitor#visitField(org.apache.bcel.clreplacedfile.Field)
*/
public void visitField(Field f) {
String type = Utility.methodSignatureReturnType(f.getSignature());
log(" field type=" + type, Project.MSG_VERBOSE);
design.checkClreplaced(type);
}
/**
* @see org.apache.bcel.clreplacedfile.Visitor#visitLocalVariable(org.apache.bcel.clreplacedfile.LocalVariable)
*/
public void visitLocalVariable(LocalVariable v) {
String type = Utility.methodSignatureReturnType(v.getSignature());
log(" localVar type=" + type, Project.MSG_VERBOSE);
design.checkClreplaced(type);
}
/**
* @see org.apache.bcel.clreplacedfile.Visitor#visitMethod(org.apache.bcel.clreplacedfile.Method)
*/
public void visitMethod(Method m) {
log(" method=" + m.getName(), Project.MSG_VERBOSE);
String retType = Utility.methodSignatureReturnType(m.getSignature());
log(" method ret type=" + retType, Project.MSG_VERBOSE);
if (!"void".equals(retType))
design.checkClreplaced(retType);
String[] types = Utility.methodSignatureArgumentTypes(m.getSignature());
for (int i = 0; i < types.length; i++) {
log(" method param[" + i + "]=" + types[i], Project.MSG_VERBOSE);
design.checkClreplaced(types[i]);
}
ExceptionTable excs = m.getExceptionTable();
if (excs != null) {
types = excs.getExceptionNames();
for (int i = 0; i < types.length; i++) {
log(" exc=" + types[i], Project.MSG_VERBOSE);
design.checkClreplaced(types[i]);
}
}
processInstructions(m);
}
private void processInstructions(Method m) {
MethodGen mg = new MethodGen(m, design.getCurrentClreplaced(), poolGen);
if (!mg.isAbstract() && !mg.isNative()) {
InstructionHandle ih = mg.getInstructionList().getStart();
for (; ih != null; ih = ih.getNext()) {
Instruction i = ih.getInstruction();
log(" instr=" + i, Project.MSG_DEBUG);
// if (i instanceof BranchInstruction) {
// branch_map.put(i, ih); // memorize container
// }
// if (ih.hasTargeters()) {
// if (i instanceof BranchInstruction) {
// _out.println(" InstructionHandle ih_"
// + ih.getPosition() + ";");
// } else {
// _out.print(" InstructionHandle ih_"
// + ih.getPosition() + " = ");
// }
// } else {
// _out.print(" ");
// }
// if (!visitInstruction(i))
i.accept(visitor);
}
// CodeExceptionGen[] handlers = mg.getExceptionHandlers();
//
// log("handlers len="+handlers.length, Project.MSG_DEBUG);
// for (int i = 0; i < handlers.length; i++) {
// CodeExceptionGen h = handlers[i];
// ObjectType t = h.getCatchType();
// log("type="+t, Project.MSG_DEBUG);
// if(t != null) {
// log("type="+t.getClreplacedName(), Project.MSG_DEBUG);
// }
// }
// updateExceptionHandlers();
}
}
public void visitCodeException(CodeException c) {
String s = c.toString(pool, false);
int catch_type = c.getCatchType();
if (catch_type == 0)
return;
String temp = pool.getConstantString(catch_type, Constants.CONSTANT_Clreplaced);
String str = Utility.compactClreplacedName(temp, false);
log(" catch=" + str, Project.MSG_DEBUG);
design.checkClreplaced(str);
}
//
public void visitCode(Code c) {
LineNumberTable table = c.getLineNumberTable();
// LocalVariableTable table = c.getLocalVariableTable();
if (table == null)
throw new BuildException(getNoDebugMsg(design.getCurrentClreplaced()), location);
}
public static String getNoDebugMsg(String clreplacedName) {
String s = "Clreplaced=" + clreplacedName + " was not compiled with the debug option(-g) and\n" + "therefore verifydesign cannot be used on this jar. Please compile your code\n" + "with -g option in javac or debug=\"true\" in the ant build.xml file";
return s;
}
/**
* @param jarName
* @return
*/
public static String getNoFileMsg(File jarName) {
String s = "File you specified in your path(or jar attribute)='" + jarName.getAbsolutePath() + "' does not exist";
return s;
}
}
19
Source : InstructionVisitor.java
with GNU General Public License v3.0
from michaelmilleryoder
with GNU General Public License v3.0
from michaelmilleryoder
public clreplaced InstructionVisitor extends EmptyVisitor {
private ConstantPoolGen poolGen;
private Log log;
private Design design;
/**
* @param poolGen
* @param v
*/
public InstructionVisitor(ConstantPoolGen poolGen, Log log, Design d) {
this.poolGen = poolGen;
this.log = log;
this.design = d;
}
public void visitCHECKCAST(CHECKCAST c) {
Type t = c.getType(poolGen);
log.log(" instr(checkcast)=" + t, Project.MSG_DEBUG);
String type = t.toString();
design.checkClreplaced(type);
}
public void visitLoadInstruction(LoadInstruction l) {
// log.log(" visit load", Project.MSG_DEBUG);
Type t = l.getType(poolGen);
log.log(" instr(loadinstr)=" + t, Project.MSG_DEBUG);
String type = t.toString();
design.checkClreplaced(type);
}
public void visitNEW(NEW n) {
Type t = n.getType(poolGen);
log.log(" instr(new)=" + t, Project.MSG_DEBUG);
String type = t.toString();
design.checkClreplaced(type);
}
public void visitANEWARRAY(ANEWARRAY n) {
Type t = n.getType(poolGen);
log.log(" instr(anewarray)=" + t, Project.MSG_DEBUG);
String type = t.toString();
design.checkClreplaced(type);
}
public void visitINSTANCEOF(INSTANCEOF i) {
Type t = i.getType(poolGen);
log.log(" instr(instanceof)=" + t, Project.MSG_DEBUG);
String type = t.toString();
design.checkClreplaced(type);
}
public void visitINVOKESTATIC(INVOKESTATIC s) {
String t = s.getClreplacedName(poolGen);
log.log(" instr(invokestatic)=" + t, Project.MSG_DEBUG);
design.checkClreplaced(t);
}
public void visitPUTSTATIC(PUTSTATIC s) {
String one = s.getClreplacedName(poolGen);
String two = s.getFieldName(poolGen);
String three = s.getName(poolGen);
String four = s.getSignature(poolGen);
String five = s.getClreplacedType(poolGen) + "";
String six = s.getFieldType(poolGen) + "";
log.log(" instr(putstatic)a=" + one, Project.MSG_DEBUG);
log.log(" instr(putstatic)b=" + two, Project.MSG_DEBUG);
log.log(" instr(putstatic)c=" + three, Project.MSG_DEBUG);
log.log(" instr(putstatic)d=" + four, Project.MSG_DEBUG);
log.log(" instr(putstatic)e=" + five, Project.MSG_DEBUG);
log.log(" instr(putstatic)f=" + six, Project.MSG_DEBUG);
String clreplacedName = s.getFieldName(poolGen);
if ("staticField".equals(clreplacedName))
return;
if (clreplacedName.startsWith("clreplaced$") || clreplacedName.startsWith("array$"))
;
else
return;
log.log(" instr(putstatic)1=" + clreplacedName, Project.MSG_DEBUG);
clreplacedName = clreplacedName.substring(6, clreplacedName.length());
log.log(" instr(putstatic)2=" + clreplacedName, Project.MSG_DEBUG);
clreplacedName = clreplacedName.replace('$', '.');
log.log(" instr(putstatic)3=" + clreplacedName, Project.MSG_DEBUG);
design.checkClreplaced(clreplacedName);
}
}
19
Source : TestHttpMethodVisitor.java
with GNU General Public License v3.0
from jpmorganchase
with GNU General Public License v3.0
from jpmorganchase
// duck-typing style heuristics to define test method as 'http client'
// 1. mentions http
// 2. link a method starting with http verb
// 4. references url-like constant string
// only one (first) link is detected
public clreplaced TestHttpMethodVisitor extends TestMethodVisitor {
private static final Pattern HTTP_CLIENTS = Pattern.compile("(?i).*(http|mvc).*");
private String httpReference = null;
private String verbReference = null;
private String verb = null;
private String urlReference = null;
private ConstantPoolGen cp;
TestHttpMethodVisitor(Method m, JavaClreplaced jc, Context c) {
super(m, jc, c);
cp = new ConstantPoolGen(jc.getConstantPool());
}
private static boolean guessVerbMatchByMethodName(String verb, String methodName) {
return "POST".equals(verb) && methodName.contains("Upload") || methodName.toUpperCase().startsWith(verb);
}
@Override
public void start() {
if (method.isAbstract() || method.isNative() || !testMethod) {
return;
}
visitInstructions(method);
if (httpReference != null && verbReference != null && urlReference != null) {
context.addLink(LinkFactory.createInstance(context.getApplicationId(), new Vertex.Builder(javaClreplaced.getClreplacedName(), formatMethod(method)).build(), new Vertex.Builder(verb + " " + HttpConsts.HTTP_LOCALHOST, urlReference, context.getCurrentLocation()).markSpecial().build(), LinkType.HTTP_REQUEST));
}
}
@Override
public void visitInvokeInstruction(InvokeInstruction invokeInstruction) {
String referencedType = invokeInstruction.getReferenceType(cp).toString();
if (httpReference == null && HTTP_CLIENTS.matcher(referencedType).matches()) {
String referencedMethod = HttpConsts.getHttpVerb().stream().filter(v -> guessVerbMatchByMethodName(v, invokeInstruction.getMethodName(cp))).findFirst().orElse(null);
if (referencedMethod != null) {
httpReference = referencedType;
verbReference = invokeInstruction.getMethodName(cp);
verb = referencedMethod;
}
}
}
@Override
public void visitCPInstruction(CPInstruction i) {
Constant constant = cp.getConstant(i.getIndex());
if (constant.getTag() == CONSTANT_String) {
String path = ((ConstantString) constant).getBytes(cp.getConstantPool());
if (httpReference == null && verbReference == null && HttpConsts.RELATIVE_URL.matcher(path).matches()) {
urlReference = path;
}
}
}
}
19
Source : SpringMockMvcMethodVisitor.java
with GNU General Public License v3.0
from jpmorganchase
with GNU General Public License v3.0
from jpmorganchase
public clreplaced SpringMockMvcMethodVisitor extends TestMethodVisitor {
private final ConstantPoolGen cp;
private String value;
private static final String MOCK_HTTP_REQUEST_BUILDER = "MockHttpServletRequestBuilder";
SpringMockMvcMethodVisitor(Method m, JavaClreplaced jc, Context c) {
super(m, jc, c);
cp = new ConstantPoolGen(javaClreplaced.getConstantPool());
}
@Override
public void start() {
if (method.isAbstract() || method.isNative() || !testMethod) {
return;
}
visitInstructions(method);
}
@Override
public void visitLDC(LDC obj) {
if (obj.getValue(cp) instanceof String) {
String tmpValue = (String) obj.getValue(cp);
if (tmpValue.contains("/")) {
this.value = tmpValue;
}
}
}
@Override
public void visitINVOKESTATIC(INVOKESTATIC obj) {
if (obj.getType(cp).getSignature().contains(MOCK_HTTP_REQUEST_BUILDER)) {
context.addLink(LinkFactory.createInstance(context.getApplicationId(), new Vertex.Builder(javaClreplaced.getClreplacedName(), formatMethod(method)).build(), new Vertex.Builder(obj.getMethodName(cp).toUpperCase() + " " + HttpConsts.HTTP_LOCALHOST, value, context.getCurrentLocation()).markSpecial().build(), LinkType.HTTP_REQUEST));
}
}
}
19
Source : RedirectVisitor.java
with GNU General Public License v3.0
from jpmorganchase
with GNU General Public License v3.0
from jpmorganchase
public clreplaced RedirectVisitor extends MethodVisitorBase {
private final ConstantPoolGen cp;
private boolean controllerSide;
public RedirectVisitor(Method m, JavaClreplaced jc, Context c, boolean controllerSide) {
super(m, jc, c);
cp = new ConstantPoolGen(javaClreplaced.getConstantPool());
this.controllerSide = controllerSide;
}
public void start() {
if (method.isAbstract() || method.isNative()) {
return;
}
visitInstructions(method);
}
@Override
public void visitLDC(LDC obj) {
if (obj.getValue(cp) instanceof String) {
String url = (String) obj.getValue(cp);
if (url.contains("/")) {
addHttpLinks(HttpConsts.GET_METHOD, context, url, javaClreplaced.getClreplacedName(), formatMethod(method), controllerSide);
}
}
}
}
19
Source : MethodUtils.java
with GNU General Public License v3.0
from jpmorganchase
with GNU General Public License v3.0
from jpmorganchase
public static String getMethodNameAndType(ConstantPoolGen cp, ConstantNameAndType methodNameType) {
return getMethodNameAndType(cp.getConstantPool(), methodNameType);
}
19
Source : HardcodePasswordInMapDetector.java
with GNU Lesser General Public License v3.0
from blackarbiter
with GNU Lesser General Public License v3.0
from blackarbiter
@Override
protected InjectionPoint getInjectionPoint(InvokeInstruction invoke, ConstantPoolGen cpg, InstructionHandle handle) {
replacedert invoke != null && cpg != null;
if (HASHTABLE_PUT_METHOD.matches(invoke, cpg) || HASHTABLE_SET_PROPERTY.matches(invoke, cpg)) {
// Only the value is
return new InjectionPoint(new int[] { 0 }, HARD_CODE_PreplacedWORD_TYPE);
}
return InjectionPoint.NONE;
}
19
Source : LegacyInjectionDetector.java
with GNU Lesser General Public License v3.0
from blackarbiter
with GNU Lesser General Public License v3.0
from blackarbiter
@Override
protected InjectionPoint getInjectionPoint(InvokeInstruction invoke, ConstantPoolGen cpg, InstructionHandle handle) {
InjectionPoint injectionPoint = null;
for (InjectionSource source : getInjectionSource()) {
injectionPoint = source.getInjectableParameters(invoke, cpg, handle);
if (injectionPoint != InjectionPoint.NONE) {
break;
}
}
if (injectionPoint == null || injectionPoint == InjectionPoint.NONE) {
injectionPoint = super.getInjectionPoint(invoke, cpg, handle);
}
return injectionPoint;
}
19
Source : CookieFlagsDetector.java
with GNU Lesser General Public License v3.0
from blackarbiter
with GNU Lesser General Public License v3.0
from blackarbiter
private Location getSetSecureLocation(ConstantPoolGen cpg, Location startLocation, int stackLocation) {
return getCookieInstructionLocation(cpg, startLocation, stackLocation, "javax.servlet.http.Cookie.setSecure");
}
19
Source : CookieFlagsDetector.java
with GNU Lesser General Public License v3.0
from blackarbiter
with GNU Lesser General Public License v3.0
from blackarbiter
private Location getSetHttpOnlyLocation(ConstantPoolGen cpg, Location startLocation, int stackLocation) {
return getCookieInstructionLocation(cpg, startLocation, stackLocation, "javax.servlet.http.Cookie.setHttpOnly");
}
19
Source : InvokeMatcherBuilder.java
with GNU Lesser General Public License v3.0
from blackarbiter
with GNU Lesser General Public License v3.0
from blackarbiter
public boolean matches(Instruction instruction, ConstantPoolGen cpg) {
if (instruction != null && instruction instanceof InvokeInstruction) {
InvokeInstruction invokeInstruction = (InvokeInstruction) instruction;
if (clreplacedesNames.size() != 0 && !clreplacedesNames.contains(invokeInstruction.getClreplacedName(cpg))) {
return false;
} else if (methodNames.size() != 0 && !methodNames.contains(invokeInstruction.getMethodName(cpg))) {
return false;
} else if (argSignatures.size() != 0 && !argSignatures.contains(invokeInstruction.getSignature(cpg))) {
return false;
}
return true;
}
return false;
}
19
Source : WebViewLoadDataDetector.java
with GNU Lesser General Public License v3.0
from blackarbiter
with GNU Lesser General Public License v3.0
from blackarbiter
@Override
protected InjectionPoint getInjectionPoint(InvokeInstruction invoke, ConstantPoolGen cpg, InstructionHandle handle) {
replacedert invoke != null && cpg != null;
String method = invoke.getMethodName(cpg);
String sig = invoke.getSignature(cpg);
// System.out.println(invoke.getClreplacedName(cpg));
if (sig.contains("Ljava/lang/String;")) {
if ("loadUrl".equals(method)) {
if (sig.contains("Ljava/util/Map;")) {
return new InjectionPoint(new int[] { 1 }, WEBVIEW_LOAD_DATA_URL_TYPE);
} else {
return new InjectionPoint(new int[] { 0 }, WEBVIEW_LOAD_DATA_URL_TYPE);
}
} else if ("loadData".equals(method)) {
return new InjectionPoint(new int[] { 2 }, WEBVIEW_LOAD_DATA_URL_TYPE);
} else if ("loadDataWithBaseURL".equals(method)) {
// BUG
return new InjectionPoint(new int[] { 4 }, WEBVIEW_LOAD_DATA_URL_TYPE);
}
}
return InjectionPoint.NONE;
}
19
Source : BroadcastDetector.java
with GNU Lesser General Public License v3.0
from blackarbiter
with GNU Lesser General Public License v3.0
from blackarbiter
@Override
protected InjectionPoint getInjectionPoint(InvokeInstruction invoke, ConstantPoolGen cpg, InstructionHandle handle) {
replacedert invoke != null && cpg != null;
String method = invoke.getMethodName(cpg);
String sig = invoke.getSignature(cpg);
// System.out.println(sig);
if (sig.contains("Ljava/lang/String;")) {
if (method.contains("send") && method.contains("Broadcast") && !method.contains("Sticky")) {
// System.out.println(method);
if ("sendOrderedBroadcastAsUser".equals(method)) {
return new InjectionPoint(new int[] { 5 }, ANDROID_BROADCAST_TYPE);
}
if ("sendOrderedBroadcast".equals(method) && sig.contains("Landroid/content/BroadcastReceiver;")) {
return new InjectionPoint(new int[] { 5 }, ANDROID_BROADCAST_TYPE);
}
return new InjectionPoint(new int[] { 0 }, ANDROID_BROADCAST_TYPE);
}
}
return InjectionPoint.NONE;
}
18
Source : FieldAnnotation.java
with GNU Lesser General Public License v2.1
from spotbugs
with GNU Lesser General Public License v2.1
from spotbugs
/**
* Is the instruction a write of a field?
*
* @param ins
* the Instruction to check
* @param cpg
* ConstantPoolGen of the method containing the instruction
* @return the Field if instruction is a write of a field, null otherwise
*/
public static FieldAnnotation isWrite(Instruction ins, ConstantPoolGen cpg) {
if (ins instanceof PUTFIELD || ins instanceof PUTSTATIC) {
FieldInstruction fins = (FieldInstruction) ins;
String clreplacedName = fins.getClreplacedName(cpg);
return new FieldAnnotation(clreplacedName, fins.getName(cpg), fins.getSignature(cpg), fins instanceof PUTSTATIC);
} else {
return null;
}
}
18
Source : FieldAnnotation.java
with GNU Lesser General Public License v2.1
from spotbugs
with GNU Lesser General Public License v2.1
from spotbugs
/**
* Is the given instruction a read of a field?
*
* @param ins
* the Instruction to check
* @param cpg
* ConstantPoolGen of the method containing the instruction
* @return the Field if the instruction is a read of a field, null otherwise
*/
public static FieldAnnotation isRead(Instruction ins, ConstantPoolGen cpg) {
if (ins instanceof GETFIELD || ins instanceof GETSTATIC) {
FieldInstruction fins = (FieldInstruction) ins;
String clreplacedName = fins.getClreplacedName(cpg);
return new FieldAnnotation(clreplacedName, fins.getName(cpg), fins.getSignature(cpg), fins instanceof GETSTATIC);
} else {
return null;
}
}
18
Source : StreamResourceTracker.java
with GNU Lesser General Public License v2.1
from spotbugs
with GNU Lesser General Public License v2.1
from spotbugs
@Override
public boolean ignoreExceptionEdge(Edge edge, Stream resource, ConstantPoolGen cpg) {
return false;
}
18
Source : Stream.java
with GNU Lesser General Public License v2.1
from spotbugs
with GNU Lesser General Public License v2.1
from spotbugs
private boolean matchMethod(InvokeInstruction inv, ConstantPoolGen cpg, String clreplacedName, String methodName) {
return inv.getClreplacedName(cpg).equals(clreplacedName) && inv.getName(cpg).equals(methodName);
}
18
Source : FindSqlInjection.java
with GNU Lesser General Public License v2.1
from spotbugs
with GNU Lesser General Public License v2.1
from spotbugs
private boolean isSafeValue(Location location, ConstantPoolGen cpg) throws CFGBuilderException {
Instruction prevIns = location.getHandle().getInstruction();
if (prevIns instanceof LDC || prevIns instanceof GETSTATIC) {
return true;
}
if (prevIns instanceof InvokeInstruction) {
String methodName = ((InvokeInstruction) prevIns).getMethodName(cpg);
if (methodName.startsWith("to") && methodName.endsWith("String") && methodName.length() > 8) {
return true;
}
}
if (prevIns instanceof AALOAD) {
CFG cfg = clreplacedContext.getCFG(method);
Location prev = getPreviousLocation(cfg, location, true);
if (prev != null) {
Location prev2 = getPreviousLocation(cfg, prev, true);
if (prev2 != null && prev2.getHandle().getInstruction() instanceof GETSTATIC) {
GETSTATIC getStatic = (GETSTATIC) prev2.getHandle().getInstruction();
if ("[Ljava/lang/String;".equals(getStatic.getSignature(cpg))) {
return true;
}
}
}
}
return false;
}
See More Examples