@Override public void visitReferenceExpression(PsiReferenceExpression node) { if (mFoundInnerClass) { // Check to see if this reference is inside the same class as the original // onBind (e.g. is this a reference from an inner class, or a reference // to a variable assigned from there) PsiElement resolved = mContext.getEvaluator().resolve(node); //noinspection SuspiciousMethodCalls if (resolved != null && mVariables.contains(resolved)) { PsiClass outer = PsiTreeUtil.getParentOfType(node, PsiClass.class, true); if (!mBindClass.equals(outer)) { mEscapes = true; } } } super.visitReferenceExpression(node); }
@Override public void visitAssignmentExpression(PsiAssignmentExpression node) { PsiExpression rhs = node.getRExpression(); boolean clearLhs = true; if (rhs instanceof PsiReferenceExpression) { PsiElement resolved = ((PsiReferenceExpression)rhs).resolve(); //noinspection SuspiciousMethodCalls if (resolved != null && mVariables.contains(resolved)) { clearLhs = false; PsiElement resolvedLhs = mContext.getEvaluator().resolve(node.getLExpression()); if (resolvedLhs instanceof PsiLocalVariable) { PsiLocalVariable variable = (PsiLocalVariable) resolvedLhs; mVariables.add(variable); } else if (resolvedLhs instanceof PsiField) { mEscapes = true; } } } if (clearLhs) { // If we reassign one of the variables, clear it out PsiElement resolved = mContext.getEvaluator().resolve(node.getLExpression()); //noinspection SuspiciousMethodCalls if (resolved != null && mVariables.contains(resolved)) { //noinspection SuspiciousMethodCalls mVariables.remove(resolved); } } super.visitAssignmentExpression(node); }
PsiExpression[] args = node.getArgumentList().getExpressions(); if (args.length > 0) { PsiElement resolved = evaluator.resolve(args[0]); if (resolved instanceof PsiField && evaluator.isMemberInClass((PsiField) resolved, API_CLASS)) {
PsiExpression operand = call.getMethodExpression().getQualifierExpression(); if (operand != null) { PsiElement resolved = mContext.getEvaluator().resolve(operand);
@Override public void visitMethod(@NonNull JavaContext context, @Nullable JavaElementVisitor visitor, @NonNull PsiMethodCallExpression node, @NonNull PsiMethod method) { JavaEvaluator evaluator = context.getEvaluator(); if (evaluator.methodMatches(method, null, false, "javax.net.ssl.HostnameVerifier")) { PsiExpression argument = node.getArgumentList().getExpressions()[0]; PsiElement resolvedArgument = evaluator.resolve(argument); if (resolvedArgument instanceof PsiField) { PsiField field = (PsiField) resolvedArgument; if ("ALLOW_ALL_HOSTNAME_VERIFIER".equals(field.getName())) { Location location = context.getLocation(argument); String message = "Using the ALLOW_ALL_HOSTNAME_VERIFIER HostnameVerifier " + "is unsafe because it always returns true, which could cause " + "insecure network traffic due to trusting TLS/SSL server " + "certificates for wrong hostnames"; context.report(ISSUE, argument, location, message); } } } } }
return false; PsiElement resolved = context.getEvaluator().resolve(argument); if (resolved instanceof PsiField || resolved instanceof PsiLocalVariable || resolved instanceof PsiParameter) {
} else { PsiElement resolvedArgument = evaluator.resolve(seedArgument); if (resolvedArgument instanceof PsiMethod) { PsiMethod seedMethod = (PsiMethod) resolvedArgument;