/** * Generates code that loads the array that will contain the character * data represented by this Text node, followed by the offset of the * data from the start of the array, and then the length of the data. * * The pre-condition to calling this method is that * canLoadAsArrayOffsetLength() returns true. * @see #canLoadArrayOffsetLength() */ public void loadAsArrayOffsetLength(ClassGenerator classGen, MethodGenerator methodGen) { final ConstantPoolGen cpg = classGen.getConstantPool(); final InstructionList il = methodGen.getInstructionList(); final XSLTC xsltc = classGen.getParser().getXSLTC(); // The XSLTC object keeps track of character data // that is to be stored in char arrays. final int offset = xsltc.addCharacterData(_text); final int length = _text.length(); String charDataFieldName = STATIC_CHAR_DATA_FIELD + (xsltc.getCharacterDataCount()-1); il.append(new GETSTATIC(cpg.addFieldref(xsltc.getClassName(), charDataFieldName, STATIC_CHAR_DATA_FIELD_SIG))); il.append(new PUSH(cpg, offset)); il.append(new PUSH(cpg, _text.length())); } }
if(next instanceof IFNE) { GETSTATIC getStatic = (GETSTATIC)ih.getInstruction(); if ("$assertionsDisabled".equals(getStatic.getFieldName(methodGen.getConstantPool())) && "Z".equals(getStatic.getSignature(methodGen.getConstantPool()))) { int end = ((IFNE)next).getTarget().getPosition(); assertionBlocks.set(ih.getNext().getPosition(), end);
@Override public Stream createStream(Location location, ObjectType type, ConstantPoolGen cpg, RepositoryLookupFailureCallback lookupFailureCallback) { Instruction ins = location.getHandle().getInstruction(); if (ins.getOpcode() != Const.GETSTATIC) { return null; } GETSTATIC getstatic = (GETSTATIC) ins; if (!className.equals(getstatic.getClassName(cpg)) || !fieldName.equals(getstatic.getName(cpg)) || !fieldSig.equals(getstatic.getSignature(cpg))) { return null; } return new Stream(location, type.getClassName(), streamBaseClass).setIgnoreImplicitExceptions(true).setIsOpenOnCreation( true); } }
/** * Does the given instruction refer to a likely assertion method? * * @param ins * the instruction * @return true if the instruction likely refers to an assertion, false if * not */ public boolean isAssertionInstruction(Instruction ins, ConstantPoolGen cpg) { if (ins instanceof InvokeInstruction) { return isAssertionCall((InvokeInstruction) ins); } if (ins instanceof GETSTATIC) { GETSTATIC getStatic = (GETSTATIC) ins; String className = getStatic.getClassName(cpg); String fieldName = getStatic.getFieldName(cpg); if ("java.util.logging.Level".equals(className) && "SEVERE".equals(fieldName)) { return true; } if ("org.apache.log4j.Level".equals(className) && ("ERROR".equals(fieldName) || "FATAL".equals(fieldName))) { return true; } return false; } return false; }
ConstantPoolGen cpg = getCPG(); String fieldName = obj.getName(cpg); String fieldSig = obj.getSignature(cpg); ValueNumberFrame frame = getFrame();
InstructionHandle[] match = matches.next(); GETSTATIC gstatCtrlField = (GETSTATIC) match[0].getInstruction(); controlClass = gstatCtrlField.getName(cg.getConstantPool()); String fieldName = gstatCtrlField.getFieldName(cg.getConstantPool()); ClassGen ctrlClazz = cgs.get(controlClass); controlField = ctrlClazz.containsField(fieldName); + " found " + iStore.getIndex(); GETSTATIC gstatCtrlField = (GETSTATIC) iStoreHandle.getPrev().getInstruction(); String className = gstatCtrlField.getName(cg.getConstantPool()); String fieldName = gstatCtrlField.getFieldName(cg.getConstantPool()); ctrlClazz = cgs.get(className); flowObstructor = ctrlClazz.containsField(fieldName);
/** Checks if the constraints of operands of the said instruction(s) are satisfied. */ public void visitGETSTATIC(GETSTATIC o){ String field_name = o.getFieldName(cpg); JavaClass jc = Repository.lookupClass(o.getClassType(cpg).getClassName()); Field[] fields = jc.getFields(); Field f = null; for (int i=0; i<fields.length; i++){ if (fields[i].getName().equals(field_name)){ f = fields[i]; break; } } if (f == null){ throw new AssertionViolatedException("Field not found?!?"); } if (! (f.isStatic())){ constraintViolated(o, "Referenced field '"+f+"' is not static which it should be."); } }
@Override public void visitGETSTATIC(GETSTATIC obj) { // Scala uses some classes to represent null instances of objects // If we find one of them, we will handle it as a Java Null if (obj.getLoadClassType(getCPG()).getSignature().equals("Lscala/collection/immutable/Nil$;")) { if (FindSecBugsGlobalConfig.getInstance().isDebugTaintState()) { getFrame().pushValue(new Taint(Taint.State.NULL).setDebugInfo("NULL")); } else { getFrame().pushValue(new Taint(Taint.State.NULL)); } } else { //super.visitGETSTATIC(obj); String fieldSig = obj.getClassName(cpg).replaceAll("\\.","/")+"."+obj.getName(cpg); Taint.State state = taintConfig.getClassTaintState(fieldSig, Taint.State.UNKNOWN); Taint taint = new Taint(state); if (!state.equals(Taint.State.SAFE)){ taint.addLocation(getTaintLocation(), false); } taint.addSource(new UnknownSource(UnknownSourceType.FIELD,state).setSignatureField(fieldSig)); int numConsumed = getNumWordsConsumed(obj); int numProduced = getNumWordsProduced(obj); modelInstruction(obj, numConsumed, numProduced, taint); notifyAdditionalVisitorField(obj, methodGen, getFrame(), taint, numProduced); } }
/** Checks if the constraints of operands of the said instruction(s) are satisfied. */ @Override public void visitGETSTATIC(final GETSTATIC o) { try { final String field_name = o.getFieldName(cpg); final JavaClass jc = Repository.lookupClass(getObjectType(o).getClassName()); final Field[] fields = jc.getFields(); Field f = null; for (final Field field : fields) { if (field.getName().equals(field_name)) { f = field; break; } } if (f == null) { throw new AssertionViolatedException("Field '" + field_name + "' not found in " + jc.getClassName()); } if (! (f.isStatic())) { constraintViolated(o, "Referenced field '"+f+"' is not static which it should be."); } } catch (final ClassNotFoundException e) { // FIXME: maybe not the best way to handle this throw new AssertionViolatedException("Missing class: " + e, e); } }
private void allow_All_Hostname_Verify(ClassContext classContext, JavaClass javaClass, Method m){ ConstantPoolGen cpg = classContext.getConstantPoolGen(); CFG cfg = null; try { cfg = classContext.getCFG(m); } catch (CFGBuilderException e) { e.printStackTrace(); } for (Iterator<Location> i = cfg.locationIterator(); i.hasNext(); ) { Location loc = i.next(); //ByteCode.printOpCode(loc.getHandle().getInstruction(), cpg); Instruction inst = loc.getHandle().getInstruction(); if (inst instanceof GETSTATIC) { GETSTATIC invoke = (GETSTATIC) inst; // System.out.println(invoke.getClassName(cpg)); // System.out.println(invoke.getName(cpg)); // System.out.println(invoke.getSignature(cpg)); // if("org.apache.http.conn.ssl.SSLSocketFactory".equals(invoke.getClassName(cpg)) && // "Lorg/apache/http/conn/ssl/X509HostnameVerifier;".equals(invoke.getSignature(cpg)) && // "ALLOW_ALL_HOSTNAME_VERIFIER".equals(invoke.getName(cpg))){ if("ALLOW_ALL_HOSTNAME_VERIFIER".equals(invoke.getName(cpg))){ bugReporter.reportBug(new BugInstance(this, WEAK_HOSTNAME_VERIFIER_TYPE, Priorities.NORMAL_PRIORITY) .addClassAndMethod(javaClass, m)); } } } }
@Override public int produceStack( final ConstantPoolGen cpg ) { return getFieldSize(cpg); }
if (ih.getInstruction() instanceof GETSTATIC) { GETSTATIC gstat = (GETSTATIC) ih.getInstruction(); return flowObstructors.contains(cgs.get(gstat.getName(cpg)) .containsField(gstat.getFieldName(cpg))); } else { ILOAD iLoad = (ILOAD) ih.getInstruction(); return flowObstructors.contains(cgs.get(gstat.getName(cpg)) .containsField(gstat.getFieldName(cpg))); ClassGen cp = cgs.get(gstat.getName(cpg)); Field fz = cp.containsField(gstat.getFieldName(cpg)); return cp != null && fz != null && controlField != null && controlField.equals(fz);
if (getstatic.getClassType(cpg).getClassName().equals("java.lang.Boolean") && getstatic.getFieldName(cpg).equals("FALSE")) { return;
/** * Does the given instruction refer to a likely assertion method? * * @param ins * the instruction * @return true if the instruction likely refers to an assertion, false if * not */ public boolean isAssertionInstruction(Instruction ins, ConstantPoolGen cpg) { if (ins instanceof InvokeInstruction) { return isAssertionCall((InvokeInstruction) ins); } if (ins instanceof GETSTATIC) { GETSTATIC getStatic = (GETSTATIC) ins; String className = getStatic.getClassName(cpg); String fieldName = getStatic.getFieldName(cpg); if ("java.util.logging.Level".equals(className) && "SEVERE".equals(fieldName)) { return true; } if ("org.apache.log4j.Level".equals(className) && ("ERROR".equals(fieldName) || "FATAL".equals(fieldName))) { return true; } return false; } return false; }
ConstantPoolGen cpg = getCPG(); String fieldName = obj.getName(cpg); String fieldSig = obj.getSignature(cpg); ValueNumberFrame frame = getFrame();
public int produceStack(ConstantPoolGen cpg) { return getFieldSize(cpg); }
il.append(new GETSTATIC(cpg.addFieldref(LOCALE_CLASS, "US", LOCALE_SIG))); il.append(new INVOKESPECIAL(init));
GETSTATIC getStatic = (GETSTATIC) prevInstruction; if ("$assertionsDisabled".equals(getStatic.getFieldName(methodGen.getConstantPool())) && "Z".equals(getStatic.getSignature(methodGen.getConstantPool()))) { edgesToRemove.add(e);
if (getstatic.getClassType(cpg).getClassName().equals("java.lang.Boolean") && getstatic.getFieldName(cpg).equals("FALSE")) { return;
@Override public Stream createStream(Location location, ObjectType type, ConstantPoolGen cpg, RepositoryLookupFailureCallback lookupFailureCallback) { Instruction ins = location.getHandle().getInstruction(); if (ins.getOpcode() != Constants.GETSTATIC) { return null; } GETSTATIC getstatic = (GETSTATIC) ins; if (!className.equals(getstatic.getClassName(cpg)) || !fieldName.equals(getstatic.getName(cpg)) || !fieldSig.equals(getstatic.getSignature(cpg))) { return null; } return new Stream(location, type.getClassName(), streamBaseClass).setIgnoreImplicitExceptions(true).setIsOpenOnCreation( true); } }