private Map<String, List<Location>> get_line_location(Method m, ClassContext classContext){ HashMap<String, List<Location>> all_line_location = new HashMap<>(); ConstantPoolGen cpg = classContext.getConstantPoolGen(); CFG cfg = null; try { cfg = classContext.getCFG(m); } catch (CFGBuilderException e) { e.printStackTrace(); return all_line_location; } for (Iterator<Location> i = cfg.locationIterator(); i.hasNext(); ) { Location loc = i.next(); Instruction inst = loc.getHandle().getInstruction(); if(inst instanceof INVOKEVIRTUAL) { INVOKEVIRTUAL invoke = (INVOKEVIRTUAL) inst; // if (classname.equals(invoke.getClassName(cpg)) && // methodName.equals(invoke.getMethodName(cpg))) { if(all_line_location.containsKey(invoke.getMethodName(cpg))){ all_line_location.get(invoke.getMethodName(cpg)).add(loc); }else { LinkedList<Location> loc_list = new LinkedList<>(); loc_list.add(loc); all_line_location.put(invoke.getMethodName(cpg), loc_list); } // } } } return all_line_location; }
private void allow_All_Hostname_Verify(ClassContext classContext, JavaClass javaClass, Method m){ ConstantPoolGen cpg = classContext.getConstantPoolGen(); CFG cfg = null; try { cfg = classContext.getCFG(m); } catch (CFGBuilderException e) { e.printStackTrace(); } for (Iterator<Location> i = cfg.locationIterator(); i.hasNext(); ) { Location loc = i.next(); //ByteCode.printOpCode(loc.getHandle().getInstruction(), cpg); Instruction inst = loc.getHandle().getInstruction(); if (inst instanceof GETSTATIC) { GETSTATIC invoke = (GETSTATIC) inst; // System.out.println(invoke.getClassName(cpg)); // System.out.println(invoke.getName(cpg)); // System.out.println(invoke.getSignature(cpg)); // if("org.apache.http.conn.ssl.SSLSocketFactory".equals(invoke.getClassName(cpg)) && // "Lorg/apache/http/conn/ssl/X509HostnameVerifier;".equals(invoke.getSignature(cpg)) && // "ALLOW_ALL_HOSTNAME_VERIFIER".equals(invoke.getName(cpg))){ if("ALLOW_ALL_HOSTNAME_VERIFIER".equals(invoke.getName(cpg))){ bugReporter.reportBug(new BugInstance(this, WEAK_HOSTNAME_VERIFIER_TYPE, Priorities.NORMAL_PRIORITY) .addClassAndMethod(javaClass, m)); } } } }