Item first = stack.getStackItem(0); boolean isPutOfDefaultValue = first.isNull(); // huh?? || if (!isPutOfDefaultValue && first.getConstant() != null && !first.isArray()) { Object constant = first.getConstant(); if (constant instanceof Number && ((Number) constant).intValue() == 0 || constant.equals(Boolean.FALSE)) { isPutOfDefaultValue = true; try { JavaClass classStored = first.getJavaClass(); if (classStored == null) { return;
return i1; if (i1.equals(i2)) { return i1; Item m = new Item(); if (i1.getSpecialKind() == TYPE_ONLY && i2.getSpecialKind() != TYPE_ONLY) { return i2; } else if (i2.getSpecialKind() == TYPE_ONLY && i1.getSpecialKind() != TYPE_ONLY) { return i1; m.setCouldBeZero(i1.isCouldBeZero() || i2.isCouldBeZero()); if (i1.pc == i2.pc) { m.pc = i1.pc; } else if (i1.isNull()) { m.signature = i2.signature; } else if (i2.isNull()) { m.signature = i1.signature;
private void pushByLocalLoad(String signature, int register) { Item oldItem = new Item(getLVValue(register)); Item newItem = oldItem; if ("Ljava/lang/Object;".equals(newItem.signature) && !"Ljava/lang/Object;".equals(signature)) { newItem = new Item(oldItem); newItem.signature = signature; } if (newItem.getRegisterNumber() < 0) { if (newItem == oldItem) { newItem = new Item(oldItem); } newItem.registerNumber = register; } push(newItem); }
@Override public void sawOpcode(int seen) { if (seen == INVOKEINTERFACE) { String methodName = getNameConstantOperand(); String clsConstant = getClassConstantOperand(); if (("java/sql/ResultSet".equals(clsConstant) && ((methodName.startsWith("get") && dbFieldTypesSet .contains(methodName.substring(3))) || (methodName.startsWith("update") && dbFieldTypesSet .contains(methodName.substring(6))))) || (("java/sql/PreparedStatement".equals(clsConstant) && ((methodName.startsWith("set") && dbFieldTypesSet .contains(methodName.substring(3))))))) { String signature = getSigConstantOperand(); int numParms = PreorderVisitor.getNumberArguments(signature); if (stack.getStackDepth() >= numParms) { OpcodeStack.Item item = stack.getStackItem(numParms - 1); if ("I".equals(item.getSignature()) && item.couldBeZero()) { bugReporter.reportBug(new BugInstance(this, "java/sql/PreparedStatement".equals(clsConstant) ? "SQL_BAD_PREPARED_STATEMENT_ACCESS" : "SQL_BAD_RESULTSET_ACCESS", item.mustBeZero() ? HIGH_PRIORITY : NORMAL_PRIORITY) .addClassAndMethod(this).addSourceLine(this)); } } } } } }
/** * looks for calls to setSize on components, rather than letting the layout manager set them * * @param methodName * the method that was called on a component * * @throws ClassNotFoundException * if the gui class wasn't found */ private void processSetSizeOps(String methodName) throws ClassNotFoundException { if ("setSize".equals(methodName)) { int argCount = SignatureUtils.getNumParameters(getSigConstantOperand()); if ((windowClass != null) && (stack.getStackDepth() > argCount)) { OpcodeStack.Item item = stack.getStackItem(argCount); JavaClass cls = item.getJavaClass(); if ((cls != null) && cls.instanceOf(windowClass)) { bugReporter.reportBug( new BugInstance(this, BugType.S508C_NO_SETSIZE.name(), NORMAL_PRIORITY).addClass(this).addMethod(this).addSourceLine(this)); } } } } }
private void defaultToStringSilliness() throws ClassNotFoundException { if (stack.getStackDepth() >= 1) { OpcodeStack.Item item = stack.getStackItem(0); JavaClass toStringClass = item.getJavaClass(); if (toStringClass != null) { String toStringClassName = toStringClass.getClassName(); if (!toStringClass.isInterface() && !toStringClass.isAbstract() && !Values.DOTTED_JAVA_LANG_OBJECT.equals(toStringClassName) && !Values.DOTTED_JAVA_LANG_STRING.equals(toStringClassName) && toStringClasses.add(toStringClassName)) { try { JavaClass cls = Repository.lookupClass(toStringClassName); if (!hasToString(cls)) { bugReporter.reportBug( new BugInstance(this, BugType.SPP_NON_USEFUL_TOSTRING.name(), toStringClass.isFinal() ? NORMAL_PRIORITY : LOW_PRIORITY) .addClass(this).addMethod(this).addSourceLine(this)); } } catch (ClassNotFoundException cnfe) { bugReporter.reportMissingClass(cnfe); } } } } }
private void defaultToStringSilliness() throws ClassNotFoundException { if (stack.getStackDepth() >= 1) { OpcodeStack.Item item = stack.getStackItem(0); JavaClass toStringClass = item.getJavaClass(); if (toStringClass != null) { String toStringClassName = toStringClass.getClassName(); if (!toStringClass.isInterface() && !toStringClass.isAbstract() && !Values.DOTTED_JAVA_LANG_OBJECT.equals(toStringClassName) && !Values.DOTTED_JAVA_LANG_STRING.equals(toStringClassName) && toStringClasses.add(toStringClassName)) { try { JavaClass cls = Repository.lookupClass(toStringClassName); if (!hasToString(cls)) { bugReporter.reportBug( new BugInstance(this, BugType.SPP_NON_USEFUL_TOSTRING.name(), toStringClass.isFinal() ? NORMAL_PRIORITY : LOW_PRIORITY) .addClass(this).addMethod(this).addSourceLine(this)); } } catch (ClassNotFoundException cnfe) { bugReporter.reportMissingClass(cnfe); } } } } }
/** * given an register or field, look to see if this thing is associated with an already discovered loop * * @param itm * the item containing the register or field * @return the group element */ private static Comparable<?> getGroupElement(OpcodeStack.Item itm) { Comparable<?> groupElement = null; int reg = itm.getRegisterNumber(); if (reg >= 0) { groupElement = Integer.valueOf(reg); } else { XField field = itm.getXField(); if (field != null) { int regLoad = itm.getFieldLoadedFromRegister(); if (regLoad >= 0) { groupElement = field.getName() + ":{" + regLoad + '}'; } } } return groupElement; }
/** * implements the visitor to find return values where the types of objects returned from the method are related only by object. * * @param seen * the opcode of the currently parsed instruction */ @Override public void sawOpcode(int seen) { try { stack.precomputation(this); if ((seen == Const.ARETURN) && (stack.getStackDepth() > 0)) { OpcodeStack.Item itm = stack.getStackItem(0); if (!itm.isNull()) { returnTypes.put(itm.getJavaClass(), Integer.valueOf(getPC())); } } } catch (ClassNotFoundException cnfe) { bugReporter.reportMissingClass(cnfe); } finally { stack.sawOpcode(this, seen); } }
/** * given an register or field, look to see if this thing is associated with an already discovered loop * * @param itm * the item containing the register or field * @return the group element */ private static Comparable<?> getGroupElement(OpcodeStack.Item itm) { Comparable<?> groupElement = null; int reg = itm.getRegisterNumber(); if (reg >= 0) { groupElement = Integer.valueOf(reg); } else { XField field = itm.getXField(); if (field != null) { int regLoad = itm.getFieldLoadedFromRegister(); if (regLoad >= 0) { groupElement = field.getName() + ":{" + regLoad + '}'; } } } return groupElement; }
/** * implements the visitor to find return values where the types of objects returned from the method are related only by object. * * @param seen * the opcode of the currently parsed instruction */ @Override public void sawOpcode(int seen) { try { stack.precomputation(this); if ((seen == ARETURN) && (stack.getStackDepth() > 0)) { OpcodeStack.Item itm = stack.getStackItem(0); if (!itm.isNull()) { returnTypes.put(itm.getJavaClass(), Integer.valueOf(getPC())); } } } catch (ClassNotFoundException cnfe) { bugReporter.reportMissingClass(cnfe); } finally { stack.sawOpcode(this, seen); } }
private void sawAStore(int seen) { int depth = stack.getStackDepth(); if (depth > 0) { OpcodeStack.Item item = stack.getStackItem(0); Object uo = item.getUserValue(); if (uo != null) { if (uo instanceof Boolean) { int reg = RegisterUtils.getAStoreReg(this, seen); localSpecialObjects.put(Integer.valueOf(reg), Integer.valueOf(getPC())); if (getPrevOpcode(1) == DUP) { item = stack.getStackItem(1); item.setUserValue(Integer.valueOf(reg)); } } else { clearUserValue(item); } } } }
/** * determines whether this operation is storing the result of a trim() call, where the trimmed string was duplicated on the stack. If it was, it clears any * trim uservalue that was left behind in the dupped stack object */ private void checkTrimDupStore() { if ((stack.getStackDepth() >= 2) && (getPrevOpcode(1) == Const.DUP)) { OpcodeStack.Item item = stack.getStackItem(0); SPPUserValue uv = (SPPUserValue) item.getUserValue(); if ((uv == null) || (uv.getMethod() != SPPMethod.TRIM)) { return; } item = stack.getStackItem(1); uv = (SPPUserValue) item.getUserValue(); if ((uv == null) || (uv.getMethod() != SPPMethod.TRIM)) { return; } item.setUserValue(null); } }
private MethodCall getMethodCall(MethodDescriptor methodDescriptorOperand) { Item objItem = getStack().getStackItem(getNumberArguments(methodDescriptorOperand.getSignature())); if (isNew(objItem)) { return new MethodCall(methodDescriptorOperand, TARGET_NEW); } if (objItem.getRegisterNumber() == 0 && !getMethod().isStatic()) { return new MethodCall(methodDescriptorOperand, constructor ? TARGET_NEW : TARGET_THIS); } XField xField = objItem.getXField(); if (xField != null) { if (classInit && xField.isStatic() && xField.getClassDescriptor().getClassName().equals(getClassName())) { return new MethodCall(methodDescriptorOperand, TARGET_NEW); } if (!getMethodDescriptor().isStatic() && objItem.getFieldLoadedFromRegister() == 0 && allowedFields.contains(xField.getFieldDescriptor())) { fieldsModifyingMethods.add(getMethodDescriptor()); return new MethodCall(methodDescriptorOperand, xField.getFieldDescriptor()); } } return new MethodCall(methodDescriptorOperand, TARGET_OTHER); }
/** @return true if given Item is throwable */ public boolean checkThrowable(Item stackItem) { try { JavaClass typeOfStack = stackItem.getJavaClass(); if (typeOfStack == null) { // means primitive or array return false; } return typeOfStack.instanceOf(THROWABLE); } catch (ClassNotFoundException e) { AnalysisContext.reportMissingClass(e); return false; } } }
private void checkForWEM() throws ClassNotFoundException { if (stack.getStackDepth() == 0) { return; } OpcodeStack.Item item = stack.getStackItem(0); if (item.getUserValue() == null) { return; } JavaClass exClass = item.getJavaClass(); if ((exClass == null) || !ignorableExceptionTypes.contains(exClass.getClassName())) { bugReporter.reportBug( new BugInstance(this, BugType.WEM_WEAK_EXCEPTION_MESSAGING.name(), LOW_PRIORITY).addClass(this).addMethod(this).addSourceLine(this)); } } }
private void checkForWEM() throws ClassNotFoundException { if (stack.getStackDepth() == 0) { return; } OpcodeStack.Item item = stack.getStackItem(0); if (item.getUserValue() == null) { return; } JavaClass exClass = item.getJavaClass(); if ((exClass == null) || !ignorableExceptionTypes.contains(exClass.getClassName())) { bugReporter.reportBug( new BugInstance(this, BugType.WEM_WEAK_EXCEPTION_MESSAGING.name(), LOW_PRIORITY).addClass(this).addMethod(this).addSourceLine(this)); } } }
private void setHardCodedItem(OpcodeStack.Item stackItem) { stackItem.setUserValue(Boolean.TRUE); }
private void memorizeResultOfGetClassMethod(int code) { Item caller = getStack().getStackItem(0); JavaType classOfCaller; try { classOfCaller = JavaType.from(caller.getJavaClass()); } catch (ClassNotFoundException e) { throw new AssertionError(e); } finally { super.afterOpcode(code); } Item returnedClass = getStack().getStackItem(0); returnedClass.setUserValue(classOfCaller); }
@Override @OverridingMethodsMustInvokeSuper public void afterOpcode(int seen) { OpcodeStack stack = getStack(); ArrayData newUserValueToSet = arrayDataHandler.afterOpcode(stack, seen, getClassName(), getPC()); super.afterOpcode(seen); if (newUserValueToSet != null) { Item createdArray = stack.getStackItem(0); createdArray.setUserValue(newUserValueToSet); } }