@Override public void visit(Code obj) { stage = synchronizedMethod ? 1 : 0; super.visit(obj); if (synchronizedMethod && stage == 4) { bugReporter.reportBug(new BugInstance(this, "NN_NAKED_NOTIFY", NORMAL_PRIORITY).addClassAndMethod(this) .addSourceLine(this, notifyPC)); } }
@Override public FieldVisitor visitField(int access, String name, String desc, String signature, Object value) { if ((access & Opcodes.ACC_STATIC) != 0 && (access & Opcodes.ACC_FINAL) != 0 && (access & Opcodes.ACC_PUBLIC) != 0 && !name.equals(name.toUpperCase())) { bugReporter.reportBug(new BugInstance(this, "NM_FIELD_NAMING_CONVENTION", Priorities.LOW_PRIORITY).addClass(this) .addField(this.name, name, desc, access)); } return null; }
@Override public void visit(Code obj) { state = 0; sawAnythingElse = false; sawFieldNulling = false; if (inFinalize) { super.visit(obj); bugAccumulator.reportAccumulatedBugs(); if (!sawAnythingElse && sawFieldNulling) { BugInstance bug = new BugInstance(this, "FI_FINALIZER_ONLY_NULLS_FIELDS", HIGH_PRIORITY).addClassAndMethod(this); bugReporter.reportBug(bug); } } }
bugReporter.reportBug(pendingUnreachableBranch); pendingUnreachableBranch = null; priority = Priorities.HIGH_PRIORITY; bugReporter.reportBug(new BugInstance(this, "DMI_ENTRY_SETS_MAY_REUSE_ENTRY_OBJECTS", priority) .addClassAndMethod(this).addCalledMethod(returnValueOf).addCalledMethod(this).addValueSource(top, this).addSourceLine(this)); OpcodeStack.Item item0 = stack.getStackItem(0); if (item0.getSignature().charAt(0) == '[') { bugReporter.reportBug(new BugInstance(this, "DMI_INVOKING_HASHCODE_ON_ARRAY", NORMAL_PRIORITY) .addClassAndMethod(this).addValueSource(item0, this).addSourceLine(this)); bugReporter.reportBug(new BugInstance(this, "DLS_DEAD_LOCAL_STORE_IN_RETURN", priority).addClassAndMethod(this) .addSourceLine(this)); int v = (Integer) o; if (v < 0 || v > 11) { bugReporter.reportBug(new BugInstance(this, "DMI_BAD_MONTH", HIGH_PRIORITY).addClassAndMethod(this).addInt(v) int v = (Integer) o; if (v < 0 || v > 11) { bugReporter.reportBug(new BugInstance(this, "DMI_BAD_MONTH", NORMAL_PRIORITY).addClassAndMethod(this) ternaryConversionState = 0; if (seen == Const.GOTO) { bugReporter.reportBug(new BugInstance(this, "BX_UNBOXED_AND_COERCED_FOR_TERNARY_OPERATOR", NORMAL_PRIORITY)
pendingBug.addClass(superclassName).describe(role); try { XClass from = Global.getAnalysisCache().getClassAnalysis(XClass.class, pendingBug.addMethod(potentialMatch) .describe(MethodAnnotation.METHOD_DID_YOU_MEAN_TO_OVERRIDE); pendingBug.addMethod(potentialSuperCall).describe(MethodAnnotation.METHOD_DID_YOU_MEAN_TO_OVERRIDE); bugReporter.reportBug(pendingBug); pendingBug = null; potentialSuperCall = null;
public void reportBug(BugInstance bug, Data d) { bug.setPriority(d.priority); bug.addSourceLine(d.primarySource); HashSet<Integer> lines = new HashSet<>(); lines.add(d.primarySource.getStartLine()); d.allSource.remove(d.primarySource); for (SourceLineAnnotation source : d.allSource) { if (lines.add(source.getStartLine())) { bug.addSourceLine(source); bug.describe(SourceLineAnnotation.ROLE_ANOTHER_INSTANCE); } /* else if (false && SystemProperties.ASSERTIONS_ENABLED) { AnalysisContext.logError("Skipping duplicated source warning for " + bug.getInstanceHash() + " " + bug.getMessage()); }*/ } reporter.reportBug(bug); }
@Override public void report() { // Find the set of properties for which we have both // unsynchronized get and synchronized set methods Set<String> commonProperties = new HashSet<>(getMethods.keySet()); commonProperties.retainAll(setMethods.keySet()); // Report method pairs for (String propName : commonProperties) { MethodAnnotation getMethod = getMethods.get(propName); MethodAnnotation setMethod = setMethods.get(propName); bugReporter.reportBug(new BugInstance(this, "UG_SYNC_SET_UNSYNC_GET", NORMAL_PRIORITY).addClass(prevClassName) .addMethod(getMethod).addMethod(setMethod)); } getMethods.clear(); setMethods.clear(); }
@Override public void visitClassContext(ClassContext classContext) { JavaClass javaClass = classContext.getJavaClass(); String superClassName = javaClass.getSuperclassName(); if ("org.apache.wicket.markup.html.WebPage".equals(superClassName)) { bugReporter.reportBug(new BugInstance(this, WICKET_ENDPOINT_TYPE, Priorities.LOW_PRIORITY) // .addClass(javaClass)); return; } }
@Override public void visit(Method obj) { if (DEBUG) { System.out.println("FFI: visiting " + getFullyQualifiedMethodName()); } if ("finalize".equals(getMethodName()) && "()V".equals(getMethodSig()) && (obj.getAccessFlags() & (Const.ACC_PUBLIC)) != 0) { bugReporter .reportBug(new BugInstance(this, "FI_PUBLIC_SHOULD_BE_PROTECTED", NORMAL_PRIORITY).addClassAndMethod(this)); } }
@Override public void visitMethodInsn(int opcode, String owner, String invokedName, String invokedDesc, boolean itf) { if (prevPC + 1 == getPC() && prevOpcode == I2D && opcode == INVOKESTATIC && "java/lang/Math".equals(owner) && "ceil".equals(invokedName) && "(D)D".equals(invokedDesc)) { BugInstance bug0 = new BugInstance(TestASM.this, "ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL", NORMAL_PRIORITY); MethodAnnotation methodAnnotation = MethodAnnotation.fromForeignMethod(TestASM.this.name, name, desc, access); bug0.addClass(TestASM.this).addMethod(methodAnnotation); bugReporter.reportBug(bug0); } } };
private void reportBugSource(Collection<String> fields, int priority) { if (fields.isEmpty()) { return; } String bugType = HARD_CODE_KEY_TYPE; for (String field : fields) { if (field.endsWith("[C")) { bugType = HARD_CODE_PASSWORD_TYPE; break; } } BugInstance bug = new BugInstance(this, bugType, priority).addClass(this); for (String field : fields) { bug.addString("is hard coded in field " + field + " with suspicious name"); } bugReporter.reportBug(bug); }
@Override public void visit(Method obj) { if (isReservedName(obj.getName())) { BugInstance bug = new BugInstance(this, "NM_FUTURE_KEYWORD_USED_AS_MEMBER_IDENTIFIER", isVisible(obj) ? HIGH_PRIORITY : NORMAL_PRIORITY).addClassAndMethod(this); bugReporter.reportBug(bug); } }
@Override public void visit(Code obj) { sawWait = false; sawAwait = false; waitHasTimeout = false; sawNotify = false; earliestJump = 9999999; super.visit(obj); if ((sawWait || sawAwait) && waitAt < earliestJump) { String bugType = sawWait ? "WA_NOT_IN_LOOP" : "WA_AWAIT_NOT_IN_LOOP"; bugReporter.reportBug(new BugInstance(this, bugType, waitHasTimeout ? LOW_PRIORITY : NORMAL_PRIORITY) .addClassAndMethod(this).addSourceLine(this, waitAt)); } if (sawNotify) { bugReporter.reportBug(new BugInstance(this, "NO_NOTIFY_NOT_NOTIFYALL", LOW_PRIORITY).addClassAndMethod(this) .addSourceLine(this, notifyPC)); } }
@Override public void visitClassContext(ClassContext classContext) { JavaClass javaClass = classContext.getJavaClass(); if ("java.security.MessageDigest".equals(javaClass.getSuperclassName())) { bugReporter.reportBug(new BugInstance(this, CUSTOM_MESSAGE_DIGEST_TYPE, Priorities.NORMAL_PRIORITY) // .addClass(javaClass)); } }
@Override public void visit(Method obj) { if (getMethodName().equals("suite") && !obj.isStatic()) { bugReporter.reportBug(new BugInstance(this, "IJU_SUITE_NOT_STATIC", NORMAL_PRIORITY).addClassAndMethod(this)); } if (getMethodName().equals("suite") && obj.getSignature().startsWith("()") && obj.isStatic()) { if ((!obj.getSignature().equals("()Ljunit/framework/Test;") && !obj.getSignature().equals( "()Ljunit/framework/TestSuite;")) || !obj.isPublic()) { bugReporter.reportBug(new BugInstance(this, "IJU_BAD_SUITE_METHOD", NORMAL_PRIORITY).addClassAndMethod(this)); } } }
@Override public MethodVisitor visitMethod(final int access, final String name, final String desc, final String signature, final String[] exceptions) { if (Character.isUpperCase(name.charAt(0))) { BugInstance bug0 = new BugInstance(this, "NM_METHOD_NAMING_CONVENTION", NORMAL_PRIORITY).addClass(this).addMethod( this.name, name, desc, access); bugReporter.reportBug(bug0); } return new AbstractFBMethodVisitor() { int prevOpcode; int prevPC; @Override public void visitInsn(int opcode) { prevOpcode = opcode; prevPC = getPC(); } @Override public void visitMethodInsn(int opcode, String owner, String invokedName, String invokedDesc, boolean itf) { if (prevPC + 1 == getPC() && prevOpcode == I2D && opcode == INVOKESTATIC && "java/lang/Math".equals(owner) && "ceil".equals(invokedName) && "(D)D".equals(invokedDesc)) { BugInstance bug0 = new BugInstance(TestASM.this, "ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL", NORMAL_PRIORITY); MethodAnnotation methodAnnotation = MethodAnnotation.fromForeignMethod(TestASM.this.name, name, desc, access); bug0.addClass(TestASM.this).addMethod(methodAnnotation); bugReporter.reportBug(bug0); } } }; }
@Override public void visitClassContext(ClassContext classContext) { JavaClass javaClass = classContext.getJavaClass(); if ("org.apache.struts.action.Action".equals(javaClass.getSuperclassName())) { bugReporter.reportBug(new BugInstance(this, STRUTS1_ENDPOINT_TYPE, Priorities.LOW_PRIORITY) // .addClass(javaClass)); } }
@Override public void visitClassContext(ClassContext classContext) { JavaClass javaClass = classContext.getJavaClass(); for (Method method : javaClass.getMethods()) { if (isVulnerable(method)) { bugReporter.reportBug(new BugInstance(this, SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING_TYPE, Priorities.HIGH_PRIORITY) // .addClassAndMethod(javaClass, method)); } } }
@Override public void sawOpcode(int seen) { //printOpCode(seen); if(seen == INVOKESPECIAL) { String methodName = getNameConstantOperand(); String className = getClassConstantOperand(); if (methodName.equals("<init>") && className.toLowerCase().endsWith("spelview")) { //Constructor named SpelView() bugReporter.reportBug(new BugInstance(this, "SPEL_INJECTION", Priorities.NORMAL_PRIORITY) // .addClass(this).addMethod(this).addSourceLine(this).addString("SpelView()")); } } } }
@Override public void visitClassContext(ClassContext classContext) { JavaClass javaClass = classContext.getJavaClass(); for (Method m : javaClass.getMethods()) { if ("execute".equals(m.getName()) && "()Ljava/lang/String;".equals(m.getSignature())) { bugReporter.reportBug(new BugInstance(this, STRUTS2_ENDPOINT_TYPE, Priorities.LOW_PRIORITY) // .addClass(javaClass)); } } }