@Override public Stream createStream(Location location, ObjectType type, ConstantPoolGen cpg, RepositoryLookupFailureCallback lookupFailureCallback) { Instruction ins = location.getHandle().getInstruction(); if (ins.getOpcode() != Const.GETSTATIC) { return null; } GETSTATIC getstatic = (GETSTATIC) ins; if (!className.equals(getstatic.getClassName(cpg)) || !fieldName.equals(getstatic.getName(cpg)) || !fieldSig.equals(getstatic.getSignature(cpg))) { return null; } return new Stream(location, type.getClassName(), streamBaseClass).setIgnoreImplicitExceptions(true).setIsOpenOnCreation( true); } }
ConstantPoolGen cpg = getCPG(); String fieldName = obj.getName(cpg); String fieldSig = obj.getSignature(cpg); ValueNumberFrame frame = getFrame();
@Override public Stream createStream(Location location, ObjectType type, ConstantPoolGen cpg, RepositoryLookupFailureCallback lookupFailureCallback) { Instruction ins = location.getHandle().getInstruction(); if (ins.getOpcode() != Constants.GETSTATIC) { return null; } GETSTATIC getstatic = (GETSTATIC) ins; if (!className.equals(getstatic.getClassName(cpg)) || !fieldName.equals(getstatic.getName(cpg)) || !fieldSig.equals(getstatic.getSignature(cpg))) { return null; } return new Stream(location, type.getClassName(), streamBaseClass).setIgnoreImplicitExceptions(true).setIsOpenOnCreation( true); } }
ConstantPoolGen cpg = getCPG(); String fieldName = obj.getName(cpg); String fieldSig = obj.getSignature(cpg); ValueNumberFrame frame = getFrame();
private void allow_All_Hostname_Verify(ClassContext classContext, JavaClass javaClass, Method m){ ConstantPoolGen cpg = classContext.getConstantPoolGen(); CFG cfg = null; try { cfg = classContext.getCFG(m); } catch (CFGBuilderException e) { e.printStackTrace(); } for (Iterator<Location> i = cfg.locationIterator(); i.hasNext(); ) { Location loc = i.next(); //ByteCode.printOpCode(loc.getHandle().getInstruction(), cpg); Instruction inst = loc.getHandle().getInstruction(); if (inst instanceof GETSTATIC) { GETSTATIC invoke = (GETSTATIC) inst; // System.out.println(invoke.getClassName(cpg)); // System.out.println(invoke.getName(cpg)); // System.out.println(invoke.getSignature(cpg)); // if("org.apache.http.conn.ssl.SSLSocketFactory".equals(invoke.getClassName(cpg)) && // "Lorg/apache/http/conn/ssl/X509HostnameVerifier;".equals(invoke.getSignature(cpg)) && // "ALLOW_ALL_HOSTNAME_VERIFIER".equals(invoke.getName(cpg))){ if("ALLOW_ALL_HOSTNAME_VERIFIER".equals(invoke.getName(cpg))){ bugReporter.reportBug(new BugInstance(this, WEAK_HOSTNAME_VERIFIER_TYPE, Priorities.NORMAL_PRIORITY) .addClassAndMethod(javaClass, m)); } } } }
InstructionHandle[] match = matches.next(); GETSTATIC gstatCtrlField = (GETSTATIC) match[0].getInstruction(); controlClass = gstatCtrlField.getName(cg.getConstantPool()); String fieldName = gstatCtrlField.getFieldName(cg.getConstantPool()); ClassGen ctrlClazz = cgs.get(controlClass); + " found " + iStore.getIndex(); GETSTATIC gstatCtrlField = (GETSTATIC) iStoreHandle.getPrev().getInstruction(); String className = gstatCtrlField.getName(cg.getConstantPool()); String fieldName = gstatCtrlField.getFieldName(cg.getConstantPool()); ctrlClazz = cgs.get(className);
if (ih.getInstruction() instanceof GETSTATIC) { GETSTATIC gstat = (GETSTATIC) ih.getInstruction(); return flowObstructors.contains(cgs.get(gstat.getName(cpg)) .containsField(gstat.getFieldName(cpg))); } else { return flowObstructors.contains(cgs.get(gstat.getName(cpg)) .containsField(gstat.getFieldName(cpg))); ClassGen cp = cgs.get(gstat.getName(cpg)); Field fz = cp.containsField(gstat.getFieldName(cpg)); return cp != null && fz != null && controlField != null && controlField.equals(fz);
@Override public void visitGETSTATIC(GETSTATIC obj) { // Scala uses some classes to represent null instances of objects // If we find one of them, we will handle it as a Java Null if (obj.getLoadClassType(getCPG()).getSignature().equals("Lscala/collection/immutable/Nil$;")) { if (FindSecBugsGlobalConfig.getInstance().isDebugTaintState()) { getFrame().pushValue(new Taint(Taint.State.NULL).setDebugInfo("NULL")); } else { getFrame().pushValue(new Taint(Taint.State.NULL)); } } else { //super.visitGETSTATIC(obj); String fieldSig = obj.getClassName(cpg).replaceAll("\\.","/")+"."+obj.getName(cpg); Taint.State state = taintConfig.getClassTaintState(fieldSig, Taint.State.UNKNOWN); Taint taint = new Taint(state); if (!state.equals(Taint.State.SAFE)){ taint.addLocation(getTaintLocation(), false); } taint.addSource(new UnknownSource(UnknownSourceType.FIELD,state).setSignatureField(fieldSig)); int numConsumed = getNumWordsConsumed(obj); int numProduced = getNumWordsProduced(obj); modelInstruction(obj, numConsumed, numProduced, taint); notifyAdditionalVisitorField(obj, methodGen, getFrame(), taint, numProduced); } }