For IntelliJ IDEA,
Android Studio or Eclipse
Refine search
- Common ways to obtain InstructionHandle
private void myMethod () {InstructionHandle i =
InstructionList instructionList;instructionList.append(i)
- Smart code suggestions by Codota
}
private void registerLDCValueSource(Location location) throws DataflowAnalysisException { LDC instruction = (LDC) location.getHandle().getInstruction(); Object constantValue = instruction.getValue(cpg); registerConstantSource(location, constantValue); } private void registerLDC2ValueSource(Location location) throws DataflowAnalysisException {
private void registerFieldLoadSource(Location location) throws DataflowAnalysisException { XField loadedField = XFactory.createXField((FieldInstruction) location.getHandle().getInstruction(), cpg); if (loadedField.isResolved()) { TypeQualifierAnnotation tqa = TypeQualifierApplications.getEffectiveTypeQualifierAnnotation(loadedField, typeQualifierValue); When when = (tqa != null) ? tqa.when : When.UNKNOWN; registerTopOfStackSource(SourceSinkType.FIELD_LOAD, location, when, false, null); } }
/** * Is instruction at given location a store? * * @param location * the location * @return true if instruction at given location is a store, false if not */ private boolean isStore(Location location) { Instruction ins = location.getHandle().getInstruction(); return (ins instanceof StoreInstruction) || (ins instanceof IINC); }
private TaintLocation getTaintLocation() { Instruction inst = getLocation().getHandle().getInstruction(); if(inst instanceof InvokeInstruction) { InvokeInstruction invoke = (InvokeInstruction) inst; String sig = invoke.getClassName(cpg).replaceAll("\\.","/") + "." + invoke.getMethodName(cpg) + invoke.getSignature(cpg); return new TaintLocation(methodDescriptor, getLocation().getHandle().getPosition(), sig); } return new TaintLocation(methodDescriptor, getLocation().getHandle().getPosition(), "Oups!!"); }
public void testSearch() { final InstructionList il = new InstructionList(); il.append(new ILOAD(1)); il.append(new ILOAD(2)); il.append(new IADD()); il.append(new ISTORE(3)); final InstructionFinder finder = new InstructionFinder(il); final Iterator<?> it = finder.search("ILOAD IADD", il.getInstructionHandles()[0], null ); final InstructionHandle[] ihs = (InstructionHandle[])it.next(); assertEquals(2, ihs.length); assertEquals(ihs[0].getInstruction(), new ILOAD(2)); assertEquals(ihs[1].getInstruction(), new IADD()); } }
public Subroutine[] subSubs(){ HashSet h = new HashSet(); Iterator i = instructions.iterator(); while (i.hasNext()){ Instruction inst = ((InstructionHandle) i.next()).getInstruction(); if (inst instanceof JsrInstruction){ InstructionHandle targ = ((JsrInstruction) inst).getTarget(); h.add(getSubroutine(targ)); } } Subroutine[] ret = new Subroutine[h.size()]; return (Subroutine[]) h.toArray(ret); }
@Override public Stream createStream(Location location, ObjectType type, ConstantPoolGen cpg, RepositoryLookupFailureCallback lookupFailureCallback) { Instruction ins = location.getHandle().getInstruction(); if (ins.getOpcode() != Constants.GETSTATIC) { return null; } GETSTATIC getstatic = (GETSTATIC) ins; if (!className.equals(getstatic.getClassName(cpg)) || !fieldName.equals(getstatic.getName(cpg)) || !fieldSig.equals(getstatic.getSignature(cpg))) { return null; } return new Stream(location, type.getClassName(), streamBaseClass).setIgnoreImplicitExceptions(true).setIsOpenOnCreation( true); } }
private static Map<InstructionHandle, Call> buildCallMap(CFG cfg, ConstantPoolGen cpg) { Map<InstructionHandle, Call> callMap = new HashMap<>(); for (Iterator<Location> i = cfg.locationIterator(); i.hasNext();) { InstructionHandle handle = i.next().getHandle(); Instruction ins = handle.getInstruction(); if (ins instanceof InvokeInstruction) { InvokeInstruction inv = (InvokeInstruction) ins; Call call = new Call(inv.getClassName(cpg), inv.getName(cpg), inv.getSignature(cpg)); callMap.put(handle, call); } } return callMap; }
private Location getValueNumberCreationLocation(ValueNumberDataflow vnd, ValueNumber vn) { ConstantPoolGen cpg = vnd.getCFG().getMethodGen().getConstantPool(); for(Iterator<Location> it = vnd.getCFG().locationIterator(); it.hasNext(); ) { Location loc = it.next(); if(loc.getHandle().getInstruction().produceStack(cpg) != 1) { continue; } try { ValueNumberFrame vnf = vnd.getFactAfterLocation(loc); if(vnf.getTopValue().equals(vn)) { return loc; } } catch (DataflowAnalysisException e) { AnalysisContext.logError("While analyzing "+vnd.getCFG().getMethodGen()+" at "+loc, e); } } return null; }
protected void analyzeMethod(ClassContext classContext, Method method) throws CheckedAnalysisException { TaintDataflow dataflow = getTaintDataFlow(classContext, method); ConstantPoolGen cpg = classContext.getConstantPoolGen(); String currentMethod = getFullMethodName(classContext.getMethodGen(method)); for (Iterator<Location> i = getLocationIterator(classContext, method); i.hasNext();) { Location location = i.next(); InstructionHandle handle = location.getHandle(); Instruction instruction = handle.getInstruction(); if (!(instruction instanceof InvokeInstruction)) { continue; } InvokeInstruction invoke = (InvokeInstruction) instruction; TaintFrame fact = dataflow.getFactAtLocation(location); assert fact != null; if (!fact.isValid()) { continue; } analyzeLocation(classContext, method, handle, cpg, invoke, fact, currentMethod); } }
private void modelFieldStore(Location location) throws DataflowAnalysisException { // Model field stores XField writtenField = XFactory.createXField((FieldInstruction) location.getHandle().getInstruction(), cpg); TypeQualifierAnnotation tqa = TypeQualifierApplications.getEffectiveTypeQualifierAnnotation(writtenField, typeQualifierValue); When when = (tqa != null) ? tqa.when : When.UNKNOWN; // The ValueNumberFrame *before* the FieldInstruction should // have the ValueNumber of the stored value on the top of the stack. ValueNumberFrame vnaFrameAtStore = vnaDataflow.getFactAtLocation(location); if (vnaFrameAtStore.isValid()) { ValueNumber vn = vnaFrameAtStore.getTopValue(); SourceSinkInfo sink = new SourceSinkInfo(SourceSinkType.FIELD_STORE, location, vn, when); registerSourceSink(sink); } }
private void analyzeMethod(Method m, ClassContext classContext) throws CFGBuilderException, DataflowAnalysisException { MethodGen methodGen = classContext.getMethodGen(m); ConstantPoolGen cpg = classContext.getConstantPoolGen(); CFG cfg = classContext.getCFG(m); if (methodGen == null || methodGen.getInstructionList() == null) { return; //No instruction .. nothing to do } for (Iterator<Location> i = cfg.locationIterator(); i.hasNext(); ) { Location location = i.next(); Instruction inst = location.getHandle().getInstruction(); // if (inst instanceof InvokeInstruction) { InvokeInstruction invoke = (InvokeInstruction) inst; String className = invoke.getClassName(cpg); if ("java.io.ObjectInputStream".equals(className) || className.contains("InputStream") || InterfaceUtils.isSubtype(className, "java.io.ObjectInputStream")) { String methodName = invoke.getMethodName(cpg); if (OBJECT_INPUTSTREAM_READ_METHODS.contains(methodName)) { JavaClass clz = classContext.getJavaClass(); bugReporter.reportBug(new BugInstance(this, OBJECT_DESERIALIZATION_TYPE, HIGH_PRIORITY) // .addClass(clz).addMethod(clz, m).addSourceLine(classContext,m,location)); } } } } }
private void analyzeMethod(Method m, ClassContext classContext) throws CFGBuilderException{ JavaClass clazz = classContext.getJavaClass(); ConstantPoolGen cpg = classContext.getConstantPoolGen(); CFG cfg = classContext.getCFG(m); for (Iterator<Location> i = cfg.locationIterator(); i.hasNext(); ) { Location loc = i.next(); Instruction inst = loc.getHandle().getInstruction(); if (inst instanceof INVOKEVIRTUAL) { INVOKEVIRTUAL invoke = (INVOKEVIRTUAL)inst; if( "java.lang.StringBuilder".equals(invoke.getClassName(cpg)) && "append".equals(invoke.getMethodName(cpg))) { Instruction prev = loc.getHandle().getPrev().getInstruction(); if (prev instanceof LDC) { LDC ldc = (LDC)prev; Object value = ldc.getValue(cpg); if (value instanceof String) { String v = (String)value; if ("redirect:".equals(v)) { BugInstance bug = new BugInstance(this, SPRING_UNVALIDATED_REDIRECT_TYPE, Priorities.NORMAL_PRIORITY); bug.addClass(clazz).addMethod(clazz,m).addSourceLine(classContext,m,loc); reporter.reportBug(bug); } } } } } } }
/** * Currently the detection is pretty weak. * It will catch Dummy implementation that have empty method implementation * * @return If the implementation is "empty" (direct return or dummy code) */ private boolean isEmptyImplementation(MethodGen methodGen){ boolean invokeInst = false; boolean loadField = false; for (Iterator itIns = methodGen.getInstructionList().iterator();itIns.hasNext();) { Instruction inst = ((InstructionHandle) itIns.next()).getInstruction(); if (DEBUG) System.out.println(inst.toString(true)); if (inst instanceof InvokeInstruction) { invokeInst = true; } if (inst instanceof GETFIELD) { loadField = true; } } return !invokeInst && !loadField; }
private void analyzeMethod(Method m, ClassContext classContext) throws CFGBuilderException, DataflowAnalysisException { ConstantPoolGen cpg = classContext.getConstantPoolGen(); CFG cfg = classContext.getCFG(m); for (Iterator<Location> i = cfg.locationIterator(); i.hasNext(); ) { Location location = i.next(); Instruction inst = location.getHandle().getInstruction(); if (inst instanceof LDC) { LDC ldc = (LDC) inst; if (ldc != null) { if("java.naming.security.authentication".equals(ldc.getValue(cpg)) && "none".equals(ByteCode.getConstantLDC(location.getHandle().getNext(), cpg, String.class))){ JavaClass clz = classContext.getJavaClass(); bugReporter.reportBug(new BugInstance(this, LDAP_ANONYMOUS, Priorities.LOW_PRIORITY) // .addClass(clz) .addMethod(clz, m) .addSourceLine(classContext, m, location)); break; } } } } }
private void analyzeMethod(ClassContext classContext, Method method) throws CFGBuilderException, DataflowAnalysisException { // System.out.println("Checking " + method); CFG cfg = classContext.getCFG(method); LockDataflow lockDataflow = classContext.getLockDataflow(method); for (Iterator<Location> i = cfg.locationIterator(); i.hasNext();) { Location location = i.next(); Instruction ins = location.getHandle().getInstruction(); if (!(ins instanceof INVOKESTATIC)) { continue; } if (!isSleep((INVOKESTATIC) ins, classContext.getConstantPoolGen())) { continue; } // System.out.println("Found sleep at " + location.getHandle()); LockSet lockSet = lockDataflow.getFactAtLocation(location); if (lockSet.getNumLockedObjects() > 0) { bugAccumulator.accumulateBug( new BugInstance(this, "SWL_SLEEP_WITH_LOCK_HELD", NORMAL_PRIORITY).addClassAndMethod( classContext.getJavaClass(), method), classContext, method, location); } } bugAccumulator.reportAccumulatedBugs(); }
/** * Check if the readObject is doing multiple external call beyond the basic readByte, readBoolean, etc.. * @param m * @param classContext * @return * @throws CFGBuilderException * @throws DataflowAnalysisException */ private boolean hasCustomReadObject(Method m, ClassContext classContext,List<String> classesToIgnore) throws CFGBuilderException, DataflowAnalysisException { ConstantPoolGen cpg = classContext.getConstantPoolGen(); CFG cfg = classContext.getCFG(m); int count = 0; for (Iterator<Location> i = cfg.locationIterator(); i.hasNext(); ) { Location location = i.next(); Instruction inst = location.getHandle().getInstruction(); //ByteCode.printOpCode(inst,cpg); if(inst instanceof InvokeInstruction) { InvokeInstruction invoke = (InvokeInstruction) inst; if (!READ_DESERIALIZATION_METHODS.contains(invoke.getMethodName(cpg)) && !classesToIgnore.contains(invoke.getClassName(cpg))) { count +=1; } } } return count > 3; }
private boolean hasManyPreceedingNullTests(int pc) { int ifNullTests = 0; BitSet seen = new BitSet(); try { for (Iterator<Location> i = classContext.getCFG(method).locationIterator(); i.hasNext();) { Location loc = i.next(); int pc2 = loc.getHandle().getPosition(); if (pc2 >= pc || pc2 < pc - 30) { continue; } Instruction ins = loc.getHandle().getInstruction(); if ((ins instanceof IFNONNULL || ins instanceof IFNULL || ins instanceof NullnessConversationInstruction) && !seen.get(pc2)) { ifNullTests++; seen.set(pc2); } } boolean result = ifNullTests > 2; // System.out.println("Preceeding null tests " + ifNullTests + " " + // ifNonnullTests + " " + result); return result; } catch (CFGBuilderException e) { return false; } }
private boolean isConstantStringLoad(Location location, ConstantPoolGen cpg) { Instruction ins = location.getHandle().getInstruction(); if (ins instanceof LDC) { LDC load = (LDC) ins; Object value = load.getValue(cpg); if (value instanceof String) { return true; } } return false; }
private void registerInstructionSinks() throws DataflowAnalysisException { TypeQualifierAnnotation returnValueAnnotation = null; if (!xmethod.getSignature().endsWith(")V")) { returnValueAnnotation = TypeQualifierApplications.getEffectiveTypeQualifierAnnotation(xmethod, typeQualifierValue); } for (Iterator<Location> i = cfg.locationIterator(); i.hasNext();) { Location location = i.next(); Instruction ins = location.getHandle().getInstruction(); if (ins instanceof ReturnInstruction && !(ins instanceof RETURN)) { // Return instruction which returns a value modelReturn(returnValueAnnotation, location); } else { short opcode = ins.getOpcode(); if (opcode == Constants.PUTFIELD || opcode == Constants.PUTSTATIC) { modelFieldStore(location); } else if (location.getHandle().getInstruction() instanceof InvokeInstruction) { modelArguments(location); } } } }