public void dumpDataflowInformation(Method method) { try { dumpDataflowInformation(method, getCFG(method), getValueNumberDataflow(method), getIsNullValueDataflow(method), getUnconditionalValueDerefDataflow(method), getTypeDataflow(method)); } catch (DataflowAnalysisException e) { AnalysisContext.logError( "Could not dump data information for " + getJavaClass().getClassName() + "." + method.getName(), e); } catch (CFGBuilderException e) { AnalysisContext.logError( "Could not dump data information for " + getJavaClass().getClassName() + "." + method.getName(), e); } }
@Override public void visitClassContext(ClassContext classContext) { boolean comparator = Subtypes2.instanceOf(classContext.getClassDescriptor(), "java.util.Comparator"); boolean comparable = Subtypes2.instanceOf(classContext.getClassDescriptor(), "java.lang.Comparable"); isComparator = comparator; if (comparator || comparable) { super.visitClassContext(classContext); } }
/** * Constructor. * * @param pattern * the ByteCodePattern to look for examples of * @param classContext * ClassContext for the class to analyze * @param method * the Method to analyze */ public PatternMatcher(ByteCodePattern pattern, ClassContext classContext, Method method) throws CFGBuilderException, DataflowAnalysisException { this.pattern = pattern; this.cfg = classContext.getCFG(method); this.cpg = classContext.getConstantPoolGen(); this.dfs = classContext.getDepthFirstSearch(method); this.vnaDataflow = classContext.getValueNumberDataflow(method); this.domAnalysis = classContext.getNonExceptionDominatorsAnalysis(method); this.workList = new LinkedList<>(); this.visitedBlockMap = new IdentityHashMap<>(); this.resultList = new LinkedList<>(); }
@Override public LockResourceTracker getResourceTracker(ClassContext classContext, Method method) throws CFGBuilderException, DataflowAnalysisException { return new LockResourceTracker(bugReporter, classContext.getCFG(method), classContext.getValueNumberDataflow(method), classContext.getIsNullValueDataflow(method)); }
private void analyzeMethod(ClassContext classContext, Method method) throws CFGBuilderException, DataflowAnalysisException { MethodGen methodGen = classContext.getMethodGen(method); CFG cfg = classContext.getCFG(method); LockDataflow dataflow = classContext.getLockDataflow(method); for (Iterator<Location> j = cfg.locationIterator(); j.hasNext();) { Location location = j.next(); visitLocation(classContext, location, methodGen, dataflow); } }
private void analyzeMethod(ClassContext classContext, Method method) throws CFGBuilderException, DataflowAnalysisException { MethodGen methodGen = classContext.getMethodGen(method); if (methodGen == null) { return; BitSet bytecodeSet = classContext.getBytecodeSet(method); if (bytecodeSet == null) { return; return; CFG cfg = classContext.getCFG(method); TypeDataflow typeDataflow = classContext.getTypeDataflow(method); ConstantPoolGen cpg = classContext.getConstantPoolGen(); String sourceFile = classContext.getJavaClass().getSourceFileName(); if (DEBUG) { String methodName = methodGen.getClassName() + "." + methodGen.getName();
CFG cfg = classContext.getCFG(method); TypeDataflow typeDataflow = classContext.getTypeDataflow(method); IsNullValueDataflow isNullDataflow = classContext.getIsNullValueDataflow(method); Set<ValueNumber> paramValueNumberSet = null; ConstantPoolGen cpg = classContext.getConstantPoolGen(); MethodGen methodGen = classContext.getMethodGen(method); if (methodGen == null) { return; String sourceFile = classContext.getJavaClass().getSourceFileName(); if (DEBUG) { System.out.println("Checking " + methodName); BitSet linesMentionedMultipleTimes = classContext.linesMentionedMultipleTimes(method); LineNumberTable lineNumberTable = methodGen.getLineNumberTable(methodGen.getConstantPool()); Map<BugAnnotation, String> instanceOfChecks = new HashMap<>(); if (value instanceof ConstantClass) { ConstantClass cc = (ConstantClass) value; constantClass = cc.getBytes(classContext.getJavaClass().getConstantPool()); pcForConstantClass = pc; vnaDataflow = classContext.getValueNumberDataflow(method); && veryAbstractCollectionClasses.contains(refName); int position = location.getHandle().getPosition(); int catchSize = Util.getSizeOfSurroundingTryBlock(classContext.getJavaClass().getConstantPool(), method.getCode(), "java/lang/ClassCastException", position);
System.out.println(" Analyzing method " + classContext.getJavaClass().getClassName() + "." + method.getName()); JavaClass javaClass = classContext.getJavaClass(); BitSet linesMentionedMultipleTimes = classContext.linesMentionedMultipleTimes(method); BugAccumulator accumulator = new BugAccumulator(bugReporter); Dataflow<BitSet, LiveLocalStoreAnalysis> llsaDataflow = classContext.getLiveLocalStoreDataflow(method); int[] localLoadCount = new int[numLocals]; int[] localIncrementCount = new int[numLocals]; MethodGen methodGen = classContext.getMethodGen(method); CFG cfg = classContext.getCFG(method); if (cfg.isFlagSet(CFG.FOUND_INEXACT_UNCONDITIONAL_THROWERS)) { return; TypeDataflow typeDataflow = classContext.getTypeDataflow(method); FieldAnnotation.fromBCELField(classContext.getJavaClass(), shadowedField)).describe( FieldAnnotation.DID_YOU_MEAN_ROLE); foundDeadClassInitialization = true; } else { AnalysisContext.logError("LDC loaded " + value + "at " + location.getHandle().getPosition() + " in " + classContext.getFullyQualifiedMethodName(method)); if ("org.apache.axis.client.Stub".equals(classContext.getJavaClass().getSuperclassName())) { continue; bugInstance.addField(FieldAnnotation.fromBCELField(classContext.getJavaClass(), shadowedField)).describe( FieldAnnotation.DID_YOU_MEAN_ROLE);
private void analyzeMethod(ClassContext classContext, Method method) { ConstantPoolGen cpg = classContext.getConstantPoolGen(); CFG cfg; try { cfg = classContext.getCFG(method); } catch (CFGBuilderException e1) { AnalysisContext.logError("Coult not get CFG", e1); typeDataflow = classContext.getTypeDataflow(method); } catch (CheckedAnalysisException e1) { AnalysisContext.logError("Coult not get Type dataflow", e1); if (classDescriptor.equals(classContext.getClassDescriptor())) { continue; .addClassAndMethod(classContext.getJavaClass(), method).addCalledMethod(cpg, iv).addMethod(m) .describe(MethodAnnotation.METHOD_ALTERNATIVE_TARGET).addType(classDescriptor) .describe(TypeAnnotation.FOUND_ROLE).addSourceLine(classContext, method, location)); : NORMAL_PRIORITY).addClassAndMethod(classContext.getJavaClass(), method).addType(sig) .addSourceForTopStackValue(classContext, method, location).addSourceLine(classContext, method, location)); } else if (isUtilConcurrentSig) { .addClassAndMethod(classContext.getJavaClass(), method).addType(sig) .addSourceForTopStackValue(classContext, method, location).addSourceLine(classContext, method, location));
@Override public void visitClassContext(ClassContext classContext) { boolean fullAnalysis = AnalysisContext.currentAnalysisContext().getBoolProperty( FindBugsAnalysisFeatures.INTERPROCEDURAL_ANALYSIS_OF_REFERENCED_CLASSES); if (!fullAnalysis && !AnalysisContext.currentAnalysisContext().isApplicationClass(classContext.getJavaClass())) { return; } if (VERBOSE_DEBUG) { System.out.println("Visiting class " + classContext.getJavaClass().getClassName()); } for (Method m : classContext.getMethodsInCallOrder()) { considerMethod(classContext, m); } }
private void analyzeMethod(Method m, ClassContext classContext) throws CFGBuilderException, DataflowAnalysisException { ConstantPoolGen cpg = classContext.getConstantPoolGen(); CFG cfg = classContext.getCFG(m); for (Iterator<Location> i = cfg.locationIterator(); i.hasNext(); ) { Location location = i.next(); Instruction inst = location.getHandle().getInstruction(); if (inst instanceof LDC) { LDC ldc = (LDC) inst; if (ldc != null) { if("java.naming.security.authentication".equals(ldc.getValue(cpg)) && "none".equals(ByteCode.getConstantLDC(location.getHandle().getNext(), cpg, String.class))){ JavaClass clz = classContext.getJavaClass(); bugReporter.reportBug(new BugInstance(this, LDAP_ANONYMOUS, Priorities.LOW_PRIORITY) // .addClass(clz) .addMethod(clz, m) .addSourceLine(classContext, m, location)); break; } } } } }
public void dumpSimpleDataflowInformation(Method method) { try { dumpDataflowInformation(method, getCFG(method), getValueNumberDataflow(method), getIsNullValueDataflow(method), null, null); } catch (DataflowAnalysisException e) { AnalysisContext.logError( "Could not dump data information for " + getJavaClass().getClassName() + "." + method.getName(), e); } catch (CFGBuilderException e) { AnalysisContext.logError( "Could not dump data information for " + getJavaClass().getClassName() + "." + method.getName(), e); } }
private void analyzeMethod(Method m, ClassContext classContext) throws CFGBuilderException, DataflowAnalysisException { MethodGen methodGen = classContext.getMethodGen(m); ConstantPoolGen cpg = classContext.getConstantPoolGen(); CFG cfg = classContext.getCFG(m); if (methodGen == null || methodGen.getInstructionList() == null) { return; //No instruction .. nothing to do } for (Iterator<Location> i = cfg.locationIterator(); i.hasNext(); ) { Location location = i.next(); Instruction inst = location.getHandle().getInstruction(); if (inst instanceof InvokeInstruction) { InvokeInstruction invoke = (InvokeInstruction) inst; String methodName = invoke.getMethodName(cpg); if ("enableDefaultTyping".equals(methodName)) { JavaClass clz = classContext.getJavaClass(); bugReporter.reportBug(new BugInstance(this, DESERIALIZATION_TYPE, HIGH_PRIORITY) .addClass(clz) .addMethod(clz, m) .addCalledMethod(cpg, invoke) .addSourceLine(classContext, m, location) ); } } } }
private void analyzeMethod(ClassContext classContext, Method method) throws CFGBuilderException, DataflowAnalysisException { // System.out.println("Checking " + method); CFG cfg = classContext.getCFG(method); LockDataflow lockDataflow = classContext.getLockDataflow(method); for (Iterator<Location> i = cfg.locationIterator(); i.hasNext();) { Location location = i.next(); Instruction ins = location.getHandle().getInstruction(); if (!(ins instanceof INVOKESTATIC)) { continue; } if (!isSleep((INVOKESTATIC) ins, classContext.getConstantPoolGen())) { continue; } // System.out.println("Found sleep at " + location.getHandle()); LockSet lockSet = lockDataflow.getFactAtLocation(location); if (lockSet.getNumLockedObjects() > 0) { bugAccumulator.accumulateBug( new BugInstance(this, "SWL_SLEEP_WITH_LOCK_HELD", NORMAL_PRIORITY).addClassAndMethod( classContext.getJavaClass(), method), classContext, method, location); } } bugAccumulator.reportAccumulatedBugs(); }
@Override public void visitClassContext(ClassContext classContext) { JavaClass obj = classContext.getJavaClass(); if (!obj.isInterface()) { classContext.getJavaClass().accept(this); } }
@Override public void visitClassContext(ClassContext classContext) { JavaClass jclass = classContext.getJavaClass(); Method[] methodList = jclass.getMethods(); for (Method method : methodList) { MethodGen methodGen = classContext.getMethodGen(method); if (methodGen == null) { continue; } // Don't bother analyzing the method unless there is both locking // and a method call. BitSet bytecodeSet = classContext.getBytecodeSet(method); if (bytecodeSet == null) { continue; } if (!(bytecodeSet.get(Const.MONITORENTER) && bytecodeSet.get(Const.INVOKEVIRTUAL))) { continue; } try { analyzeMethod(classContext, method); } catch (DataflowAnalysisException e) { bugReporter.logError("FindMismatchedWaitOrNotify: caught exception", e); } catch (CFGBuilderException e) { bugReporter.logError("FindMismatchedWaitOrNotify: caught exception", e); } } }
public boolean isDuplicated(WarningPropertySet<WarningProperty> propertySet, int pc, boolean isConsistent) { boolean duplicated = false; if (!isConsistent) { if (propertySet.containsProperty(NullDerefProperty.DEREFS_ARE_CLONED)) { duplicated = true; } else { try { CFG cfg = classContext.getCFG(method); if (cfg.getLocationsContainingInstructionWithOffset(pc).size() > 1) { propertySet.addProperty(NullDerefProperty.DEREFS_ARE_INLINED_FINALLY_BLOCKS); duplicated = true; } } catch (CFGBuilderException e) { AnalysisContext.logError("Error while analyzing " + classContext.getFullyQualifiedMethodName(method), e); } } } return duplicated; }
@Override public void visitClassContext(ClassContext classContext) { JavaClass javaClass = classContext.getJavaClass(); if(!PreorderVisitor.hasInterestingMethod(javaClass.getConstantPool(), allMethods)) { return; } Method[] methodList = javaClass.getMethods(); for (Method method : methodList) { MethodGen methodGen = classContext.getMethodGen(method); if (methodGen == null) { continue; } try { analyzeMethod(classContext, method); } catch (DataflowAnalysisException e) { bugReporter.logError( "FindSqlInjection caught exception while analyzing " + classContext.getFullyQualifiedMethodName(method), e); } catch (CFGBuilderException e) { bugReporter.logError( "FindSqlInjection caught exception while analyzing " + classContext.getFullyQualifiedMethodName(method), e); } catch (RuntimeException e) { bugReporter.logError( "FindSqlInjection caught exception while analyzing " + classContext.getFullyQualifiedMethodName(method), e); } } }
profiler.start(CheckCallSitesAndReturnInstructions.class); try { ConstantPoolGen cpg = classContext.getConstantPoolGen(); TypeDataflow typeDataflow = classContext.getTypeDataflow(method); for (Iterator<Location> i = classContext.getCFG(method).locationIterator(); i.hasNext();) { Location location = i.next(); Instruction ins = location.getHandle().getInstruction(); try { ValueNumberFrame vnaFrame = classContext.getValueNumberDataflow(method).getFactAtLocation(location); if (!vnaFrame.isValid()) { continue;
private boolean mightCloseResource(ClassContext classContext, Method method, ResourceTrackerType resourceTracker) throws CFGBuilderException, DataflowAnalysisException { CFG cfg = classContext.getCFG(method); ConstantPoolGen cpg = classContext.getConstantPoolGen(); for (Iterator<Location> i = cfg.locationIterator(); i.hasNext();) { Location location = i.next(); if (resourceTracker.mightCloseResource(location.getBasicBlock(), location.getHandle(), cpg)) { return true; } } return false; }