private static ElementValuePair findMethodAnnotationAttribute(AnnotationEntry requestMappingAnnotation) { for (ElementValuePair elementValuePair : requestMappingAnnotation.getElementValuePairs()) { if (METHOD_ANNOTATION_ATTRIBUTE_KEY.equals(elementValuePair.getNameString())) { return elementValuePair; } } return null; }
private CheckReturnValueAnnotation createSpotBugsAnnotation(AnnotationEntry entry) { for (ElementValuePair pair : entry.getElementValuePairs()) { if (!pair.getNameString().equals("confidence")) { continue; } return CheckReturnValueAnnotation.parse(pair.getValue().stringifyValue()); } // use default value return CheckReturnValueAnnotation.parse(Confidence.MEDIUM.name()); } }
private CheckReturnValueAnnotation createJSR305Annotation(AnnotationEntry entry) { for (ElementValuePair pair : entry.getElementValuePairs()) { if (!pair.getNameString().equals("when")) { continue; } return CheckReturnValueAnnotation.createFor(When.valueOf(pair.getValue().stringifyValue())); } // use default value return CheckReturnValueAnnotation.createFor(When.ALWAYS); }
@Override public void visitAnnotation(Annotations arg0) { for (AnnotationEntry ae : arg0.getAnnotationEntries()) { boolean runtimeVisible = ae.isRuntimeVisible(); String name = ClassName.fromFieldSignature(ae.getAnnotationType()); if (name == null) { continue; } name = ClassName.toDottedClassName(name); Map<String, ElementValue> map = new HashMap<>(); for (ElementValuePair ev : ae.getElementValuePairs()) { map.put(ev.getNameString(), ev.getValue()); } visitAnnotation(name, map, runtimeVisible); } } }
@Override public void visitParameterAnnotation(ParameterAnnotations arg0) { ParameterAnnotationEntry[] parameterAnnotationEntries = arg0.getParameterAnnotationEntries(); int numParametersToMethod = getNumberMethodArguments(); int offset = 0; if (numParametersToMethod > parameterAnnotationEntries.length) { offset = 1; } for (int i = 0; i < parameterAnnotationEntries.length; i++) { ParameterAnnotationEntry e = parameterAnnotationEntries[i]; for (AnnotationEntry ae : e.getAnnotationEntries()) { boolean runtimeVisible = ae.isRuntimeVisible(); String name = ClassName.fromFieldSignature(ae.getAnnotationType()); if (name == null) { continue; } name = ClassName.toDottedClassName(name); Map<String, ElementValue> map = new HashMap<>(); for (ElementValuePair ev : ae.getElementValuePairs()) { map.put(ev.getNameString(), ev.getValue()); } visitParameterAnnotation(offset + i, name, map, runtimeVisible); } } }
private void analyzeField(Field field, JavaClass javaClass) { for (AnnotationEntry annotation : field.getAnnotationEntries()) { if (ANNOTATION_TYPES.contains(annotation.getAnnotationType()) || annotation.getAnnotationType().contains("JsonTypeInfo")) { for (ElementValuePair elementValuePair : annotation.getElementValuePairs()) { if ("use".equals((elementValuePair.getNameString())) && VULNERABLE_USE_NAMES.contains(elementValuePair.getValue().stringifyValue())) { bugReporter.reportBug(new BugInstance(this, DESERIALIZATION_TYPE, HIGH_PRIORITY) .addClass(javaClass) .addString(javaClass.getClassName() + " on field " + field.getName() + " of type " + field.getType() + " annotated with " + annotation.toShortString()) .addField(FieldAnnotation.fromBCELField(javaClass, field)) .addString("") ); } } } } }
private static ElementValuePair findMethodAnnotationAttribute(AnnotationEntry requestMappingAnnotation) { for (ElementValuePair elementValuePair : requestMappingAnnotation.getElementValuePairs()) { if (METHOD_ANNOTATION_ATTRIBUTE_KEY.equals(elementValuePair.getNameString())) { return elementValuePair; } } return null; }
public String toShortString() { final StringBuilder result = new StringBuilder(); result.append("@"); result.append(getAnnotationType()); final ElementValuePair[] evPairs = getElementValuePairs(); if (evPairs.length > 0) { result.append("("); for (final ElementValuePair element : evPairs) { result.append(element.toShortString()); } result.append(")"); } return result.toString(); }
public ParameterInfo(int argumentIndex, AnnotationEntry []entries) { methodArgumentIndex = argumentIndex; final int numberOfAnnotations = entries.length; annotations = new ArrayList<AnnotationInfo>(numberOfAnnotations); for (AnnotationEntry ae : entries) { annotations.add(new AnnotationInfo(argumentIndex, ae.getAnnotationTypeIndex(), ae.getElementValuePairs())); } }
private void putEntries(String prefix, Map<String, String> result, AnnotationEntry[] entries) { for (AnnotationEntry entry : entries) { Type type= Type.getType(entry.getAnnotationType()); addDefaults(type); String key= type + "#" + prefix; if (entry.getElementValuePairs().length == 0) result.put(key, " "); for (int i= 0; i < entry.getElementValuePairs().length; i++) { ElementValuePair elementValuePair= entry.getElementValuePairs()[i]; result.put(key + elementValuePair.getNameString(), elementValuePair.getValue().toString()); } } }
public RuntimeAnnotationsEntry(AnnotationEntry []entries, int _nameIndex, int _length) { super(_nameIndex, _length); for (AnnotationEntry ae : entries) { getPool().add(new AnnotationInfo(ae.getElementValuePairs(), ae.getAnnotationTypeIndex())); } }
@Nullable private String getDefaultAnnotationValue(AnnotationEntry entry) { int numPairs = entry.getNumElementValuePairs(); if (numPairs > 0) { ElementValuePair[] pairs = entry.getElementValuePairs(); for (ElementValuePair pair : pairs) { if ("value".equals(pair.getNameString())) { return pair.getValue().stringifyValue(); } } } return null; }
private boolean hasExpects() { AnnotationEntry[] annotations = getMethod().getAnnotationEntries(); if (annotations != null) { for (AnnotationEntry annotation : annotations) { String type = annotation.getAnnotationType(); if ("Lorg/junit/Test;".equals(type) || "Lorg/testng/annotations/Test;".equals(type)) { ElementValuePair[] evPairs = annotation.getElementValuePairs(); if (evPairs != null) { for (ElementValuePair evPair : evPairs) { String evName = evPair.getNameString(); if ("expected".equals(evName) || "expectedExceptions".equals(evName)) { return true; } } } } } } return false; }
@Nullable private String getDefaultAnnotationValue(AnnotationEntry entry) { int numPairs = entry.getNumElementValuePairs(); if (numPairs > 0) { ElementValuePair[] pairs = entry.getElementValuePairs(); for (ElementValuePair pair : pairs) { if ("value".equals(pair.getNameString())) { return pair.getValue().stringifyValue(); } } } return null; }
@Override public void visitAnnotation(Annotations arg0) { for (AnnotationEntry ae : arg0.getAnnotationEntries()) { boolean runtimeVisible = ae.isRuntimeVisible(); String name = ClassName.fromFieldSignature(ae.getAnnotationType()); if (name == null) { continue; } name = ClassName.toDottedClassName(name); Map<String, ElementValue> map = new HashMap<String, ElementValue>(); for (ElementValuePair ev : ae.getElementValuePairs()) { map.put(ev.getNameString(), ev.getValue()); } visitAnnotation(name, map, runtimeVisible); } } }
private void analyzeField(Field field, JavaClass javaClass) { for (AnnotationEntry annotation : field.getAnnotationEntries()) { if (ANNOTATION_TYPES.contains(annotation.getAnnotationType()) || annotation.getAnnotationType().contains("JsonTypeInfo")) { for (ElementValuePair elementValuePair : annotation.getElementValuePairs()) { if ("use".equals((elementValuePair.getNameString())) && VULNERABLE_USE_NAMES.contains(elementValuePair.getValue().stringifyValue())) { bugReporter.reportBug(new BugInstance(this, DESERIALIZATION_TYPE, HIGH_PRIORITY) .addClass(javaClass) .addString(javaClass.getClassName() + " on field " + field.getName() + " of type " + field.getType() + " annotated with " + annotation.toShortString()) .addField(FieldAnnotation.fromBCELField(javaClass, field)) .addString("") ); } } } } }
public void checkValue(final AnnotationEntry a, final String name, final String tostring) { for (int i = 0; i < a.getElementValuePairs().length; i++) { final ElementValuePair element = a.getElementValuePairs()[i]; if (element.getNameString().equals(name)) { if (!element.getValue().stringifyValue().equals(tostring)) { fail("Expected element " + name + " to have value " + tostring + " but it had value " + element.getValue().stringifyValue()); } return; } } fail("Didnt find named element " + name); } }
private void checkAnnotationEntry(final AnnotationEntry a, final String name, final String elementname, final String elementvalue) { assertTrue("Expected AnnotationEntry to have name " + name + " but it had name " + a.getAnnotationType(), a.getAnnotationType() .equals(name)); assertTrue("Expected AnnotationEntry to have one element but it had " + a.getElementValuePairs().length, a.getElementValuePairs().length == 1); final ElementValuePair envp = a.getElementValuePairs()[0]; assertTrue("Expected element name " + elementname + " but was " + envp.getNameString(), elementname .equals(envp.getNameString())); assertTrue("Expected element value " + elementvalue + " but was " + envp.getValue().stringifyValue(), elementvalue.equals(envp .getValue().stringifyValue())); }
private void assertSimpleElementValue(final AnnotationEntry anno) { final ElementValuePair elementValuePair = anno.getElementValuePairs()[0]; assertEquals("id", elementValuePair.getNameString()); final SimpleElementValue ev = (SimpleElementValue)elementValuePair.getValue(); assertEquals(42, ev.getValueInt()); }
private void assertArrayElementValue(final int nExpectedArrayValues, final AnnotationEntry anno) { final ElementValuePair elementValuePair = anno.getElementValuePairs()[0]; assertEquals("value", elementValuePair.getNameString()); final ArrayElementValue ev = (ArrayElementValue) elementValuePair.getValue(); final ElementValue[] eva = ev.getElementValuesArray(); assertEquals(nExpectedArrayValues, eva.length); }