public JarAnalyzer getJarAnalyzerByPath(String _jar_path){ if(!this.jarAnalyzerCache.containsKey(_jar_path)){ try { final JarAnalyzer ja = new JarAnalyzer(); ja.analyze(Paths.get(_jar_path).toFile()); this.jarAnalyzerCache.put(_jar_path, ja); } catch(FileAnalysisException e) { TouchPointCollector.getLog().error("Error while reading JAR file from URL [" + _jar_path + "]: " + e.getMessage()); } } return this.jarAnalyzerCache.get(_jar_path); }
private synchronized String getShaFromCachedJarAnalyzer(URL _jar_url) { // Build the JarAnalyzer (if possible) and put it into the cache if(!this.jarAnalyzersCache.containsKey(_jar_url)) { JarAnalyzer ja = null; try { final URI uri = _jar_url.toURI(); final File file = Paths.get(uri).toFile(); ja = new JarAnalyzer(); ja.analyze(file); } catch (InvalidPathException ex) { log.error("Invalid path [" + _jar_url + "]: " + ex.getMessage(), ex); } catch (FileAnalysisException ex) { log.error("Error analyzing the JAR at [" + _jar_url + "]: " + ex.getMessage(), ex); } catch(java.nio.file.FileSystemNotFoundException fsnfe) { log.error("File system not found for [" + _jar_url + "]: " + fsnfe.getMessage(), fsnfe); } catch (URISyntaxException e) { log.error("URI syntax exception for [" + _jar_url + "]: " + e.getMessage(), e); } this.jarAnalyzersCache.put(_jar_url, ja); // ja can be null } // Return the digest or null (if the JarAnalyzer could not be built) final JarAnalyzer ja = this.jarAnalyzersCache.get(_jar_url); if(ja!=null) return ja.getSHA1(); else return null; } }
/** * This method is called by {@link JarAnalysisManager}. */ public void run() { try { this.getSHA1(); this.getConstructIds(); this.getChilds(true); if(this.instrument) { try { this.createInstrumentedArchive(); } catch(JarAnalysisException jae) { JarAnalyzer.log.error(this.toString() + ": " + jae.getMessage()); } } } catch(Exception e) { JarAnalyzer.log.error(this.toString() + ": Error during analysis: " + e.getMessage()); // for(StackTraceElement el: e.getStackTrace()) // JarAnalyzer.log.error(" " + el.toString()); } }
public Set<JarAnalyzer> getAnalyzers() { final HashSet<JarAnalyzer> analyzers = new HashSet<JarAnalyzer>(); for(JarAnalyzer ja : this.analyzers.values()) { analyzers.add(ja); if(ja.hasChilds()) { final Set<FileAnalyzer> fas = ja.getChilds(true); for(FileAnalyzer fa: fas) if(fa instanceof JarAnalyzer) analyzers.add((JarAnalyzer)fa); } } return analyzers; }
JarAnalyzer.setAppContext(this.ctx); JarAnalyzer.insertClasspath(p.toString()); } catch (Exception e) { for(Path p: libs) { try { JarAnalyzer.insertClasspath(p.toString()); } catch (Exception e) { JarAnalyzer ja = null; if(p.toString().endsWith("jar")) { ja = new JarAnalyzer(); ja.analyze(p.toFile()); ja.setInstrument(this.instrument); ja.analyze(p.toFile()); ja.setInstrument(this.instrument); ((WarAnalyzer)ja).setIncludeDir(this.inclDir); ja.analyze(p.toFile()); ja.setInstrument(this.instrument); ja.setParent(parent); ja.setRename(this.rename); ja.setWorkDir(this.workDir); ja.setLibraryId(this.getMavenDependency(p).getLib().getLibraryId());
class_name = je.getName(); final String fqn = JarAnalyzer.getFqClassname(class_name); if(fqn!=null) { this.classNames.add(fqn); JarAnalyzer.insertClasspath(this.url); } catch (NotFoundException e) { JarAnalyzer.log.error("Error while adding JAR [" + this.url + "] to class path"); ctclass = JarAnalyzer.getClassPool().get(cn); cv.setOriginalArchiveDigest(this.getSHA1()); cv.setAppContext(JarAnalyzer.getAppContext()); if(cv.isInstrumented()) this.instrControl.updateInstrumentationStatistics(cv.getJavaId(), null); JarAnalyzer.log.error(this.toString() + ": NotFoundException while analyzing class [" + cn + "]: " + nfe.getMessage()); continue; } catch (RuntimeException re) { JarAnalyzer.log.error(this.toString() + ": RuntimeException while analyzing class [" + ctclass.getName() + "]: " + re.getMessage()); continue; JarAnalyzer.log.info(this.toString() + ": classes comprised/already-instr/instr/not-instr [" + this.classCount + "/" + this.instrControl.countClassesInstrumentedAlready() + "/" + this.instrControl.countClassesInstrumentedSuccess() + "/" + this.instrControl.countClassesInstrumentedFailure() + "], constructs comprised [" + constructs.size() + "], enums [" + enumCount + "], interfaces (ignored) [" + interfaceCount + "]"); else JarAnalyzer.log.info(this.toString() + ": constructs comprised [" + constructs.size() + "], classes [" + this.classCount + "], enums [" + enumCount + "], interfaces (ignored) [" + interfaceCount + "]");
public ArchiveFixContainmentCheck(String _b, Path _p) throws IOException, IllegalArgumentException { if(_p==null) throw new IllegalArgumentException("Filesystem path to JAR is required"); try { this.ja = new JarAnalyzer(); this.ja.analyze(_p.toFile()); ArchiveFixContainmentCheck.cp.appendClassPath(this.ja.getPath().toString()); } catch (NotFoundException e) { throw new IllegalArgumentException("JAR cannot be added to classpath: " + e.getMessage()); } catch (FileAnalysisException e) { throw new IllegalArgumentException("JAR cannot be added to classpath: " + e.getMessage()); } this.bugId = _b; } /*
/** * Returns a {@link Library} representing the analyzed Java archive. * @return * @throws FileAnalysisException */ public Library getLibrary() throws FileAnalysisException { final Library lib = new Library(this.getSHA1()); lib.setDigestAlgorithm(DigestAlgorithm.SHA1); lib.setConstructs(this.getSharedConstructs()); lib.setLibraryId(this.libraryId); final Set<Property> p = new HashSet<Property>(); if(this.jarWriter.getOriginalManifest()!=null) { for(Object key: this.jarWriter.getOriginalManifest().getMainAttributes().keySet()) { p.add(new Property(PropertySource.JAVA_MANIFEST, key.toString(), this.jarWriter.getOriginalManifest().getMainAttributes().get(key).toString())); } } lib.setProperties(p); return lib; }
@Override public void analyze(final File _file) throws FileAnalysisException { try { super.analyze(_file); JarAnalyzer.insertClasspath(Paths.get(this.tmpDir.toString(), "WEB-INF", "classes").toString()); } catch (Exception e) {
if(ja.getSHA1()!=null) { usage.setArchiveFileName(this.jarFiles.get(jar_path).getFileName()); usage.setArchiveDigest(this.jarFiles.get(jar_path).getSHA1());
@Override public FileAnalyzer fetch(Artifact _key) throws CacheException { // The artifact whose JAR is to be downloaded _key.setClassifier(null); RepositoryDispatcher r = new RepositoryDispatcher(); Path file = null; try { file = r.downloadArtifact(_key); } catch (IllegalArgumentException ie) { throw new CacheException("Artifact [" + _key + "] not ready for download",ie); } catch (Exception e) { throw new CacheException("Cannot download ["+ _key + "]",e); } FileAnalyzer fa = new JarAnalyzer(); try{ if (fa.canAnalyze(file.toFile())) { fa.analyze(file.toFile()); } else { fa = new PythonArchiveAnalyzer(); fa.analyze(file.toFile()); fa.getConstructs(); } }catch (FileAnalysisException fe){ throw new CacheException("Cannot Analyze file ["+ file.toString() + "]",fe); } return fa; }
ja = mgr.getAnalyzerForSubpath(p); if(ja!=null) { final File f = ja.getInstrumentedArchive(); is = new FileInputStream(f); } else { try { final PropertiesConfiguration cfg = new PropertiesConfiguration("vulas-core.properties"); cfg.setProperty(CoreConfiguration.APP_CTX_GROUP, JarAnalyzer.getAppContext().getMvnGroup()); cfg.setProperty(CoreConfiguration.APP_CTX_ARTIF, JarAnalyzer.getAppContext().getArtifact()); cfg.setProperty(CoreConfiguration.APP_CTX_VERSI, JarAnalyzer.getAppContext().getVersion()); tmp_file = Files.createTempFile("vulas-core-", ".properties"); cfg.save(tmp_file.toFile());
constructs = ((JarAnalyzer)fa).getSharedConstructs();
public String toString() { final StringBuilder b = new StringBuilder(); final String classname = this.getClass().getName().substring(1 + this.getClass().getName().lastIndexOf(".")); b.append(classname + "[jar/war=").append(this.jarWriter.getOriginalJarFileName()); b.append(", libId=").append( (this.libraryId==null?"false":this.libraryId.toString())); b.append(", instr=").append(this.instrument); b.append(", instrCtx=").append( (JarAnalyzer.getAppContext()==null?"false":JarAnalyzer.getAppContext().toString(false)) ).append("]"); return b.toString(); }
ctclass = JarAnalyzer.getClassPool().get(cn);
@Override public int hashCode(){ return this.getSHA1().hashCode(); }
@Override public Set<FileAnalyzer> getChilds(boolean _recursive) { if(this.mgr==null) { this.mgr = new JarAnalysisManager(4, this.instrument, JarAnalyzer.getAppContext());
/** * Called during the construction in order to have some classes frozen. * @return */ private final void freezeClasses() { try { final JavaMethodId jmi = JavaId.parseMethodQName("com.sap.Test.test()"); final ConstructUsage cu = new ConstructUsage(jmi, null, -1); final Loader l = new Loader(this.getClass().getClassLoader()); final Configuration cfg = VulasConfiguration.getGlobal().getConfiguration(); ConstructIdUtil.getInstance(); final JarWriter jw = new JarWriter(Paths.get(DynamicTransformer.class.getClassLoader().getResource(DynamicTransformer.class.getName().replace('.', '/') + ".class").toString())); final JarAnalyzer ja = new JarAnalyzer(); ja.analyze(Paths.get(DynamicTransformer.class.getClassLoader().getResource(DynamicTransformer.class.getName().replace('.', '/') + ".class").toString()).toFile()); } // Getting an exception does not matter in the context of freezing some classes catch(Exception e) {;} }