@Override public void visitAnnotation(Annotations arg0) { for (AnnotationEntry ae : arg0.getAnnotationEntries()) { boolean runtimeVisible = ae.isRuntimeVisible(); String name = ClassName.fromFieldSignature(ae.getAnnotationType()); if (name == null) { continue; } name = ClassName.toDottedClassName(name); Map<String, ElementValue> map = new HashMap<>(); for (ElementValuePair ev : ae.getElementValuePairs()) { map.put(ev.getNameString(), ev.getValue()); } visitAnnotation(name, map, runtimeVisible); } } }
private void analyzeField(Field field, JavaClass javaClass) { for (AnnotationEntry annotation : field.getAnnotationEntries()) { if (ANNOTATION_TYPES.contains(annotation.getAnnotationType()) || annotation.getAnnotationType().contains("JsonTypeInfo")) { for (ElementValuePair elementValuePair : annotation.getElementValuePairs()) { if ("use".equals((elementValuePair.getNameString())) && VULNERABLE_USE_NAMES.contains(elementValuePair.getValue().stringifyValue())) { bugReporter.reportBug(new BugInstance(this, DESERIALIZATION_TYPE, HIGH_PRIORITY) .addClass(javaClass) .addString(javaClass.getClassName() + " on field " + field.getName() + " of type " + field.getType() + " annotated with " + annotation.toShortString()) .addField(FieldAnnotation.fromBCELField(javaClass, field)) .addString("") ); } } } } }
public String toShortString() { final StringBuilder result = new StringBuilder(); result.append("@"); result.append(getAnnotationType()); final ElementValuePair[] evPairs = getElementValuePairs(); if (evPairs.length > 0) { result.append("("); for (final ElementValuePair element : evPairs) { result.append(element.toShortString()); } result.append(")"); } return result.toString(); }
private static AnnotationEntry findRequestMappingAnnotation(Method method) { for (AnnotationEntry annotationEntry : method.getAnnotationEntries()) { if (REQUEST_MAPPING_ANNOTATION_TYPE.equals(annotationEntry.getAnnotationType())) { return annotationEntry; } } return null; }
/** * Here we are taking a fixed annotation of type Annotation and building a * modifiable AnnotationGen object. If the pool passed in is for a different * class file, then copyPoolEntries should have been passed as true as that * will force us to do a deep copy of the annotation and move the cpool * entries across. We need to copy the type and the element name value pairs * and the visibility. */ public AnnotationEntryGen(final AnnotationEntry a, final ConstantPoolGen cpool, final boolean copyPoolEntries) { this.cpool = cpool; if (copyPoolEntries) { typeIndex = cpool.addUtf8(a.getAnnotationType()); } else { typeIndex = a.getAnnotationTypeIndex(); } isRuntimeVisible = a.isRuntimeVisible(); evs = copyValues(a.getElementValuePairs(), cpool, copyPoolEntries); }
if ("Lorg/springframework/transaction/annotation/Transactional;".equals(annotation.getAnnotationType())) { if (annotation.getNumElementValuePairs() == 0) { return Collections.<JavaClass> emptySet(); for (ElementValuePair pair : annotation.getElementValuePairs()) { if ("rollbackFor".equals(pair.getNameString()) || "noRollbackFor".equals(pair.getNameString())) {
private static ElementValuePair findMethodAnnotationAttribute(AnnotationEntry requestMappingAnnotation) { for (ElementValuePair elementValuePair : requestMappingAnnotation.getElementValuePairs()) { if (METHOD_ANNOTATION_ATTRIBUTE_KEY.equals(elementValuePair.getNameString())) { return elementValuePair; } } return null; }
String annotationType = annotation.getAnnotationType(); if (annotation.isRuntimeVisible()) { if (TEST_ANNOTATION_SIGNATURE.equals(annotationType)) { frameworkType = TestFrameworkType.JUNIT;
public ParameterInfo(int argumentIndex, AnnotationEntry []entries) { methodArgumentIndex = argumentIndex; final int numberOfAnnotations = entries.length; annotations = new ArrayList<AnnotationInfo>(numberOfAnnotations); for (AnnotationEntry ae : entries) { annotations.add(new AnnotationInfo(argumentIndex, ae.getAnnotationTypeIndex(), ae.getElementValuePairs())); } }
@Nullable private String getDefaultAnnotationValue(AnnotationEntry entry) { int numPairs = entry.getNumElementValuePairs(); if (numPairs > 0) { ElementValuePair[] pairs = entry.getElementValuePairs(); for (ElementValuePair pair : pairs) { if ("value".equals(pair.getNameString())) { return pair.getValue().stringifyValue(); } } } return null; }
private boolean hasRuntimeAnnotations(Method obj) { AnnotationEntry[] annotations = obj.getAnnotationEntries(); if (annotations != null) { for (AnnotationEntry entry : annotations) { if (entry.isRuntimeVisible()) { return true; } } } return false; }
@Override public String toString() { return toShortString(); }
boolean hasExternalAnnotation = false; for (AnnotationEntry entry : f.getAnnotationEntries()) { ConstantUtf8 cutf = (ConstantUtf8) cp.getConstant(entry.getTypeIndex()); if (!cutf.getBytes().startsWith(Values.JAVA)) { hasExternalAnnotation = true;
private void putEntries(String prefix, Map<String, String> result, AnnotationEntry[] entries) { for (AnnotationEntry entry : entries) { Type type= Type.getType(entry.getAnnotationType()); addDefaults(type); String key= type + "#" + prefix; if (entry.getElementValuePairs().length == 0) result.put(key, " "); for (int i= 0; i < entry.getElementValuePairs().length; i++) { ElementValuePair elementValuePair= entry.getElementValuePairs()[i]; result.put(key + elementValuePair.getNameString(), elementValuePair.getValue().toString()); } } }
private boolean hasRequestMapping(JavaClass clazz) { Method[] methods = clazz.getMethods(); for (Method m: methods) { AnnotationEntry[] annotations = m.getAnnotationEntries(); for (AnnotationEntry ae: annotations) { if (REQUEST_MAPPING_ANNOTATION_TYPES.contains(ae.getAnnotationType())) { return true; } } } return false; }
if ("Lorg/springframework/transaction/annotation/Transactional;".equals(annotation.getAnnotationType())) { if (annotation.getNumElementValuePairs() == 0) { return Collections.<JavaClass> emptySet(); for (ElementValuePair pair : annotation.getElementValuePairs()) { if ("rollbackFor".equals(pair.getNameString()) || "noRollbackFor".equals(pair.getNameString())) {
private CheckReturnValueAnnotation createSpotBugsAnnotation(AnnotationEntry entry) { for (ElementValuePair pair : entry.getElementValuePairs()) { if (!pair.getNameString().equals("confidence")) { continue; } return CheckReturnValueAnnotation.parse(pair.getValue().stringifyValue()); } // use default value return CheckReturnValueAnnotation.parse(Confidence.MEDIUM.name()); } }
String annotationType = annotation.getAnnotationType(); if (annotation.isRuntimeVisible()) { if (TEST_ANNOTATION_SIGNATURE.equals(annotationType)) { frameworkType = TestFrameworkType.JUNIT;
public RuntimeAnnotationsEntry(AnnotationEntry []entries, int _nameIndex, int _length) { super(_nameIndex, _length); for (AnnotationEntry ae : entries) { getPool().add(new AnnotationInfo(ae.getElementValuePairs(), ae.getAnnotationTypeIndex())); } }
@Nullable private String getDefaultAnnotationValue(AnnotationEntry entry) { int numPairs = entry.getNumElementValuePairs(); if (numPairs > 0) { ElementValuePair[] pairs = entry.getElementValuePairs(); for (ElementValuePair pair : pairs) { if ("value".equals(pair.getNameString())) { return pair.getValue().stringifyValue(); } } } return null; }