@Override public void visit(Code obj) { stage = synchronizedMethod ? 1 : 0; super.visit(obj); if (synchronizedMethod && stage == 4) { bugReporter.reportBug(new BugInstance(this, "NN_NAKED_NOTIFY", NORMAL_PRIORITY).addClassAndMethod(this) .addSourceLine(this, notifyPC)); } }
@Override public FieldVisitor visitField(int access, String name, String desc, String signature, Object value) { if ((access & Opcodes.ACC_STATIC) != 0 && (access & Opcodes.ACC_FINAL) != 0 && (access & Opcodes.ACC_PUBLIC) != 0 && !name.equals(name.toUpperCase())) { bugReporter.reportBug(new BugInstance(this, "NM_FIELD_NAMING_CONVENTION", Priorities.LOW_PRIORITY).addClass(this) .addField(this.name, name, desc, access)); } return null; }
public BugInstance makeWarning(String bugPattern, Object descriptor, int priority, ClassDescriptor cd) { BugInstance bug = new BugInstance(this, bugPattern, priority).addClass(cd); if (descriptor instanceof FieldDescriptor) { bug.addField((FieldDescriptor)descriptor); } else if (descriptor instanceof MethodDescriptor) { bug.addMethod((MethodDescriptor)descriptor); } else if (descriptor instanceof ClassDescriptor) { bug.addClass((ClassDescriptor)descriptor); } if (DEBUG) { System.out.println("Reporting " + bug); } return bug; }
@Override public void visit(Method obj) { if (DEBUG) { System.out.println("FFI: visiting " + getFullyQualifiedMethodName()); } if ("finalize".equals(getMethodName()) && "()V".equals(getMethodSig()) && (obj.getAccessFlags() & (Const.ACC_PUBLIC)) != 0) { bugReporter .reportBug(new BugInstance(this, "FI_PUBLIC_SHOULD_BE_PROTECTED", NORMAL_PRIORITY).addClassAndMethod(this)); } }
pendingUnreachableBranch = new BugInstance(this, "TESTING", NORMAL_PRIORITY) .addClassAndMethod(this).addString("Unreachable loop body").addSourceLineRange(this, becameTop, getPC()); bugReporter.reportBug(new BugInstance(this, "DMI_ENTRY_SETS_MAY_REUSE_ENTRY_OBJECTS", priority) .addClassAndMethod(this).addCalledMethod(returnValueOf).addCalledMethod(this).addValueSource(top, this).addSourceLine(this)); OpcodeStack.Item item0 = stack.getStackItem(0); if (item0.getSignature().charAt(0) == '[') { bugReporter.reportBug(new BugInstance(this, "DMI_INVOKING_HASHCODE_ON_ARRAY", NORMAL_PRIORITY) .addClassAndMethod(this).addValueSource(item0, this).addSourceLine(this)); bugReporter.reportBug(new BugInstance(this, "DLS_DEAD_LOCAL_STORE_IN_RETURN", priority).addClassAndMethod(this) .addSourceLine(this)); best_priority_for_ICAST_INTEGER_MULTIPLY_CAST_TO_LONG = priority; bugAccumulator.accumulateBug( new BugInstance(this, "ICAST_INTEGER_MULTIPLY_CAST_TO_LONG", priority).addClassAndMethod(this), this); bugAccumulator.accumulateBug(new BugInstance(this, "IC_SUPERCLASS_USES_SUBCLASS_DURING_INITIALIZATION", priority).addClassAndMethod(this).addClass(getClassConstantOperand()), this); new BugInstance(this, "IM_AVERAGE_COMPUTATION_COULD_OVERFLOW", NORMAL_PRIORITY).addClassAndMethod(this), where); && (getPrevOpcode(2) == Const.SIPUSH || getPrevOpcode(2) == Const.BIPUSH) && getPrevOpcode(3) == Const.IREM) { bugAccumulator.accumulateBug( new BugInstance(this, "IM_MULTIPLYING_RESULT_OF_IREM", LOW_PRIORITY).addClassAndMethod(this), this); && (!constantArgumentToShift || valueOfConstantArgumentToShift % 8 != 0)) {
} else { prio = NORMAL_PRIORITY; Object constantValue = stack.getStackItem(0).getConstant(); if (constantValue instanceof Number) { long value = ((Number) constantValue).longValue(); BugInstance bug = new BugInstance(this, type, prio).addClass(this).addMethod(this).addCalledMethod(this) .addMethod(shouldCall).describe("SHOULD_CALL"); bugAccumulator.accumulateBug(bug, this);
XField xField = getXFieldOperand(); if (xField != null && xField.getClassDescriptor().equals(getClassDescriptor())) { Item first = stack.getStackItem(0); fieldWarningList.add(new BugInstance(this, "SE_BAD_FIELD_STORE", priority) .addClass(getThisClass().getClassName()).addField(f).addType(genSig) .describe("TYPE_FOUND").addSourceLine(this));
@Override public void visit(Method obj) { if (isAdapter) { String methodName = obj.getName(); String signature = methodMap.get(methodName); if (!Const.CONSTRUCTOR_NAME.equals(methodName) && signature != null) { if (!signature.equals(obj.getSignature())) { if (!badOverrideMap.keySet().contains(methodName)) { badOverrideMap.put(methodName, new BugInstance(this, "BOA_BADLY_OVERRIDDEN_ADAPTER", NORMAL_PRIORITY) .addClassAndMethod(this).addSourceLine(this)); } } else { badOverrideMap.put(methodName, null); } } } } }
@Override public void report() { // Find the set of properties for which we have both // unsynchronized get and synchronized set methods Set<String> commonProperties = new HashSet<>(getMethods.keySet()); commonProperties.retainAll(setMethods.keySet()); // Report method pairs for (String propName : commonProperties) { MethodAnnotation getMethod = getMethods.get(propName); MethodAnnotation setMethod = setMethods.get(propName); bugReporter.reportBug(new BugInstance(this, "UG_SYNC_SET_UNSYNC_GET", NORMAL_PRIORITY).addClass(prevClassName) .addMethod(getMethod).addMethod(setMethod)); } getMethods.clear(); setMethods.clear(); }
private void reportBugSource(Collection<String> fields, int priority) { if (fields.isEmpty()) { return; } String bugType = HARD_CODE_KEY_TYPE; for (String field : fields) { if (field.endsWith("[C")) { bugType = HARD_CODE_PASSWORD_TYPE; break; } } BugInstance bug = new BugInstance(this, bugType, priority).addClass(this); for (String field : fields) { bug.addString("is hard coded in field " + field + " with suspicious name"); } bugReporter.reportBug(bug); }
@Override public void visit(Method obj) { if (isReservedName(obj.getName())) { BugInstance bug = new BugInstance(this, "NM_FUTURE_KEYWORD_USED_AS_MEMBER_IDENTIFIER", isVisible(obj) ? HIGH_PRIORITY : NORMAL_PRIORITY).addClassAndMethod(this); bugReporter.reportBug(bug); } }
@Override public void visitMethodInsn(int opcode, String owner, String invokedName, String invokedDesc, boolean itf) { if (prevPC + 1 == getPC() && prevOpcode == I2D && opcode == INVOKESTATIC && "java/lang/Math".equals(owner) && "ceil".equals(invokedName) && "(D)D".equals(invokedDesc)) { BugInstance bug0 = new BugInstance(TestASM.this, "ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL", NORMAL_PRIORITY); MethodAnnotation methodAnnotation = MethodAnnotation.fromForeignMethod(TestASM.this.name, name, desc, access); bug0.addClass(TestASM.this).addMethod(methodAnnotation); bugReporter.reportBug(bug0); } } };
@Override public void visitClassContext(ClassContext classContext) { JavaClass javaClass = classContext.getJavaClass(); String superClassName = javaClass.getSuperclassName(); if ("org.apache.wicket.markup.html.WebPage".equals(superClassName)) { bugReporter.reportBug(new BugInstance(this, WICKET_ENDPOINT_TYPE, Priorities.LOW_PRIORITY) // .addClass(javaClass)); return; } }
@Override public void visit(Method obj) { if (getMethodName().equals("suite") && !obj.isStatic()) { bugReporter.reportBug(new BugInstance(this, "IJU_SUITE_NOT_STATIC", NORMAL_PRIORITY).addClassAndMethod(this)); } if (getMethodName().equals("suite") && obj.getSignature().startsWith("()") && obj.isStatic()) { if ((!obj.getSignature().equals("()Ljunit/framework/Test;") && !obj.getSignature().equals( "()Ljunit/framework/TestSuite;")) || !obj.isPublic()) { bugReporter.reportBug(new BugInstance(this, "IJU_BAD_SUITE_METHOD", NORMAL_PRIORITY).addClassAndMethod(this)); } } }
@Override public void visit(Code obj) { sawWait = false; sawAwait = false; waitHasTimeout = false; sawNotify = false; earliestJump = 9999999; super.visit(obj); if ((sawWait || sawAwait) && waitAt < earliestJump) { String bugType = sawWait ? "WA_NOT_IN_LOOP" : "WA_AWAIT_NOT_IN_LOOP"; bugReporter.reportBug(new BugInstance(this, bugType, waitHasTimeout ? LOW_PRIORITY : NORMAL_PRIORITY) .addClassAndMethod(this).addSourceLine(this, waitAt)); } if (sawNotify) { bugReporter.reportBug(new BugInstance(this, "NO_NOTIFY_NOT_NOTIFYALL", LOW_PRIORITY).addClassAndMethod(this) .addSourceLine(this, notifyPC)); } }
@Override public void visitClassContext(ClassContext classContext) { JavaClass javaClass = classContext.getJavaClass(); if ("java.security.MessageDigest".equals(javaClass.getSuperclassName())) { bugReporter.reportBug(new BugInstance(this, CUSTOM_MESSAGE_DIGEST_TYPE, Priorities.NORMAL_PRIORITY) // .addClass(javaClass)); } }
@Override public void visitClassContext(ClassContext classContext) { JavaClass javaClass = classContext.getJavaClass(); for (Method method : javaClass.getMethods()) { if (isVulnerable(method)) { bugReporter.reportBug(new BugInstance(this, SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING_TYPE, Priorities.HIGH_PRIORITY) // .addClassAndMethod(javaClass, method)); } } }
@Override public MethodVisitor visitMethod(final int access, final String name, final String desc, final String signature, final String[] exceptions) { if (Character.isUpperCase(name.charAt(0))) { BugInstance bug0 = new BugInstance(this, "NM_METHOD_NAMING_CONVENTION", NORMAL_PRIORITY).addClass(this).addMethod( this.name, name, desc, access); bugReporter.reportBug(bug0); } return new AbstractFBMethodVisitor() { int prevOpcode; int prevPC; @Override public void visitInsn(int opcode) { prevOpcode = opcode; prevPC = getPC(); } @Override public void visitMethodInsn(int opcode, String owner, String invokedName, String invokedDesc, boolean itf) { if (prevPC + 1 == getPC() && prevOpcode == I2D && opcode == INVOKESTATIC && "java/lang/Math".equals(owner) && "ceil".equals(invokedName) && "(D)D".equals(invokedDesc)) { BugInstance bug0 = new BugInstance(TestASM.this, "ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL", NORMAL_PRIORITY); MethodAnnotation methodAnnotation = MethodAnnotation.fromForeignMethod(TestASM.this.name, name, desc, access); bug0.addClass(TestASM.this).addMethod(methodAnnotation); bugReporter.reportBug(bug0); } } }; }
@Override public void visitClassContext(ClassContext classContext) { JavaClass javaClass = classContext.getJavaClass(); if ("org.apache.struts.action.Action".equals(javaClass.getSuperclassName())) { bugReporter.reportBug(new BugInstance(this, STRUTS1_ENDPOINT_TYPE, Priorities.LOW_PRIORITY) // .addClass(javaClass)); } }
@Override public void visitMethod(Method obj) { if ((interfaceMethods != null) && ((obj.getAccessFlags() & Const.ACC_ABSTRACT) != 0)) { String curDetail = obj.getName() + obj.getSignature(); for (String infMethodDetail : interfaceMethods) { if (curDetail.equals(infMethodDetail)) { bugReporter.reportBug(new BugInstance(this, "USM_USELESS_ABSTRACT_METHOD", LOW_PRIORITY).addClassAndMethod( getClassContext().getJavaClass(), obj)); } } } super.visitMethod(obj); }