@Override public InjectionPoint getInjectableParameters(InvokeInstruction ins, ConstantPoolGen cpg, InstructionHandle insHandle) { if (ins instanceof INVOKEINTERFACE) { String methodName = ins.getMethodName(cpg); String className = ins.getReferenceType(cpg).toString(); if (className.equals("javax.servlet.http.HttpServletResponse") || className.equals("javax.servlet.http.HttpServletResponseWrapper")) { if (methodName.equals("sendRedirect")) { InjectionPoint ip = new InjectionPoint(new int[]{0}, UNVALIDATED_REDIRECT_TYPE); //ip.setInjectableMethod(className.concat(".sendRedirect(...)")); ip.setInjectableMethod(ins.getSignature(cpg)); return ip; } else if (methodName.equals("addHeader") || methodName.equals("setHeader")) { LDC ldc = ByteCode.getPrevInstruction(insHandle, LDC.class); if (ldc != null) { Object value = ldc.getValue(cpg); if (value != null && "Location".equalsIgnoreCase((String) value)) { InjectionPoint ip = new InjectionPoint(new int[]{0}, UNVALIDATED_REDIRECT_TYPE); //ip.setInjectableMethod(className + "." + methodName + "(\"Location\", ...)"); ip.setInjectableMethod(ins.getSignature(cpg)); return ip; } } } } } return InjectionPoint.NONE; } }
Type producedType = Const.CONSTRUCTOR_NAME.equals(methodName) ? inv.getReferenceType(cpg) : inv.getReturnType(cpg);
ReferenceType classType = inv.getReferenceType(cpg); if (!Hierarchy.isSubtype(classType, baseClassType)) { return null;
actionList = Collections.singletonList(ObligationPolicyDatabaseAction.CLEAR); } else if (signature.indexOf(';') >= -1) { ReferenceType receiverType = inv.getReferenceType(cpg);
ReferenceType target = obj.getReferenceType(getCPG()); String signature = obj.getSignature(getCPG()); if ("([Ljava/lang/Object;)[Ljava/lang/Object;".equals(signature) && Subtypes2.isCollection(target)) {
+ invokeInstruction.getMethodName(cpg)); System.out.println(" on type:" + invokeInstruction.getReferenceType(cpg));
private String getFullMethodName(InvokeInstruction invoke, ConstantPoolGen cpg) { return ClassName.toSlashedClassName(invoke.getReferenceType(cpg).toString()) + "." + invoke.getMethodName(cpg) + invoke.getSignature(cpg); } }
private String getFullMethodName(InvokeInstruction invoke, ConstantPoolGen cpg) { return ClassName.toSlashedClassName(invoke.getReferenceType(cpg).toString()) + "." + invoke.getMethodName(cpg) + invoke.getSignature(cpg); }
@Override public InjectionPoint getInjectableParameters(InvokeInstruction ins, ConstantPoolGen cpg, InstructionHandle insHandle) { if (ins instanceof INVOKEINTERFACE) { String methodName = ins.getMethodName(cpg); String className = ins.getReferenceType(cpg).toString(); if (className.equals("javax.servlet.http.HttpServletResponse") || className.equals("javax.servlet.http.HttpServletResponseWrapper")) { if (methodName.equals("sendRedirect")) { InjectionPoint ip = new InjectionPoint(new int[]{0}, UNVALIDATED_REDIRECT_TYPE); //ip.setInjectableMethod(className.concat(".sendRedirect(...)")); ip.setInjectableMethod(ins.getSignature(cpg)); return ip; } else if (methodName.equals("addHeader") || methodName.equals("setHeader")) { LDC ldc = ByteCode.getPrevInstruction(insHandle, LDC.class); if (ldc != null) { Object value = ldc.getValue(cpg); if (value != null && "Location".equalsIgnoreCase((String) value)) { InjectionPoint ip = new InjectionPoint(new int[]{0}, UNVALIDATED_REDIRECT_TYPE); //ip.setInjectableMethod(className + "." + methodName + "(\"Location\", ...)"); ip.setInjectableMethod(ins.getSignature(cpg)); return ip; } } } } } return InjectionPoint.NONE; } }
final InvokeInstruction invoke = (InvokeInstruction) instructions[i]; try { field = T.getField(invoke.getReferenceType(constantPoolGen), invoke.getMethodName(constantPoolGen), invoke.getReturnType(constantPoolGen), invoke.getArgumentTypes(constantPoolGen)); } catch (ClassNotFoundException e) { throw new RuntimeReflectionException(e); final InvokeInstruction invoke = (InvokeInstruction) instructions[i]; if (!"valueOf".equals(invoke.getMethodName(constantPoolGen))) throw new Error(); final String name = invoke.getReferenceType(constantPoolGen).toString(); if (!Stream.of(JavaPrimitive.values()).filter(primitive -> primitive.getBoxed().getName().equals(name)).findAny().isPresent()) throw new Error(); field = null;
Type producedType = "<init>".equals(methodName) ? inv.getReferenceType(cpg) : inv.getReturnType(cpg);
ReferenceType referenceType = ii.getReferenceType(cpg); if (!(referenceType instanceof ObjectType))
ReferenceType classType = inv.getReferenceType(cpg); if (!Hierarchy.isSubtype(classType, baseClassType)) { return null;
private static String getInstanceClassName(ConstantPoolGen cpg, InvokeInstruction invoke, TaintFrame frame) { try { int instanceIndex = frame.getNumArgumentsIncludingObjectInstance(invoke, cpg) - 1; if (instanceIndex != -1) { assert instanceIndex < frame.getStackDepth(); Taint instanceTaint = frame.getStackValue(instanceIndex); String className = instanceTaint.getRealInstanceClassName(); if (className != null) { return className; } } } catch (DataflowAnalysisException ex) { assert false : ex.getMessage(); } String dottedClassName = invoke.getReferenceType(cpg).toString(); return ClassName.toSlashedClassName(dottedClassName); }
private static String getInstanceClassName(ConstantPoolGen cpg, InvokeInstruction invoke, TaintFrame frame) { try { int instanceIndex = frame.getNumArgumentsIncludingObjectInstance(invoke, cpg) - 1; if (instanceIndex != -1) { assert instanceIndex < frame.getStackDepth(); Taint instanceTaint = frame.getStackValue(instanceIndex); String className = instanceTaint.getRealInstanceClassName(); if (className != null) { return className; } } } catch (DataflowAnalysisException ex) { assert false : ex.getMessage(); } String dottedClassName = invoke.getReferenceType(cpg).toString(); return ClassName.toSlashedClassName(dottedClassName); }
private String getInstanceClassName(InvokeInstruction invoke) { try { int instanceIndex = getFrame().getNumArgumentsIncludingObjectInstance(invoke, cpg) - 1; if (instanceIndex != -1) { assert instanceIndex < getFrame().getStackDepth(); Taint instanceTaint = getFrame().getStackValue(instanceIndex); String className = instanceTaint.getRealInstanceClassName(); if (className != null) { return className; } } } catch (DataflowAnalysisException ex) { assert false : ex.getMessage(); } String dottedClassName = invoke.getReferenceType(cpg).toString(); return ClassName.toSlashedClassName(dottedClassName); }
ReferenceType target = obj.getReferenceType(getCPG()); String signature = obj.getSignature(getCPG()); if ("([Ljava/lang/Object;)[Ljava/lang/Object;".equals(signature) && Subtypes2.isCollection(target)) {
private String getInstanceClassName(InvokeInstruction invoke) { try { int instanceIndex = getFrame().getNumArgumentsIncludingObjectInstance(invoke, cpg) - 1; if (instanceIndex != -1) { assert instanceIndex < getFrame().getStackDepth(); Taint instanceTaint = getFrame().getStackValue(instanceIndex); String className = instanceTaint.getRealInstanceClassName(); if (className != null) { return className; } } } catch (DataflowAnalysisException ex) { assert false : ex.getMessage(); } String dottedClassName = invoke.getReferenceType(cpg).toString(); return ClassName.toSlashedClassName(dottedClassName); }
String className = ClassName.toSlashedClassName(obj.getReferenceType(cpg).toString()); String methodName = obj.getMethodName(cpg); String signature = obj.getSignature(cpg);
modelInstruction(obj, getNumWordsConsumed(obj), getNumWordsProduced(obj), taintCopy); } catch (Exception e) { String className = ClassName.toSlashedClassName(obj.getReferenceType(cpg).toString()); String methodName = obj.getMethodName(cpg); String signature = obj.getSignature(cpg);