private void analyzeField(Field field, JavaClass javaClass) { for (AnnotationEntry annotation : field.getAnnotationEntries()) { if (ANNOTATION_TYPES.contains(annotation.getAnnotationType()) || annotation.getAnnotationType().contains("JsonTypeInfo")) { for (ElementValuePair elementValuePair : annotation.getElementValuePairs()) { if ("use".equals((elementValuePair.getNameString())) && VULNERABLE_USE_NAMES.contains(elementValuePair.getValue().stringifyValue())) { bugReporter.reportBug(new BugInstance(this, DESERIALIZATION_TYPE, HIGH_PRIORITY) .addClass(javaClass) .addString(javaClass.getClassName() + " on field " + field.getName() + " of type " + field.getType() + " annotated with " + annotation.toShortString()) .addField(FieldAnnotation.fromBCELField(javaClass, field)) .addString("") ); } } } } }
FieldAnnotation fa = FieldAnnotation.fromBCELField(getDottedClassName(), f); if (true || var.getStartPC() > 0) { bugReporter.reportBug(new BugInstance(this, "MF_METHOD_MASKS_FIELD", LOW_PRIORITY)
FieldAnnotation.fromBCELField(classContext.getJavaClass(), shadowedField)).describe( FieldAnnotation.DID_YOU_MEAN_ROLE); bugInstance.addField(FieldAnnotation.fromBCELField(classContext.getJavaClass(), shadowedField)).describe( FieldAnnotation.DID_YOU_MEAN_ROLE);
private void parseFields(ClassContext classContext) { JavaClass cls = classContext.getJavaClass(); Field[] fields = cls.getFields(); for (Field f : fields) { String sig = f.getSignature(); if (f.isStatic()) { if (bloatableSigs.contains(sig)) { bloatableCandidates.put(XFactory.createXField(cls.getClassName(), f.getName(), f.getSignature(), f.isStatic()), FieldAnnotation.fromBCELField(cls, f)); } } else if ("Ljava/lang/ThreadLocal;".equals(sig)) { threadLocalNonStaticFields.add(FieldAnnotation.fromBCELField(cls, f)); } } }
private void parseFields(ClassContext classContext) { JavaClass cls = classContext.getJavaClass(); Field[] fields = cls.getFields(); for (Field f : fields) { String sig = f.getSignature(); if (f.isStatic()) { if (bloatableSigs.contains(sig)) { bloatableCandidates.put(XFactory.createXField(cls.getClassName(), f.getName(), f.getSignature(), f.isStatic()), FieldAnnotation.fromBCELField(cls, f)); } } else if ("Ljava/lang/ThreadLocal;".equals(sig)) { threadLocalNonStaticFields.add(FieldAnnotation.fromBCELField(cls, f)); } } }
private void parseFieldsForHangingCandidates(ClassContext classContext) { JavaClass cls = classContext.getJavaClass(); Field[] fields = cls.getFields(); for (Field f : fields) { String sig = f.getSignature(); if (hangableSig.contains(sig)) { hangingFieldCandidates.put(XFactory.createXField(cls.getClassName(), f.getName(), f.getSignature(), f.isStatic()), new AnnotationPriority(FieldAnnotation.fromBCELField(cls, f), NORMAL_PRIORITY)); } } }
private void parseFieldsForHangingCandidates(ClassContext classContext) { JavaClass cls = classContext.getJavaClass(); Field[] fields = cls.getFields(); for (Field f : fields) { String sig = f.getSignature(); if (hangableSig.contains(sig)) { hangingFieldCandidates.put(XFactory.createXField(cls.getClassName(), f.getName(), f.getSignature(), f.isStatic()), new AnnotationPriority(FieldAnnotation.fromBCELField(cls, f), NORMAL_PRIORITY)); } } }
private void analyzeField(Field field, JavaClass javaClass) { for (AnnotationEntry annotation : field.getAnnotationEntries()) { if (ANNOTATION_TYPES.contains(annotation.getAnnotationType()) || annotation.getAnnotationType().contains("JsonTypeInfo")) { for (ElementValuePair elementValuePair : annotation.getElementValuePairs()) { if ("use".equals((elementValuePair.getNameString())) && VULNERABLE_USE_NAMES.contains(elementValuePair.getValue().stringifyValue())) { bugReporter.reportBug(new BugInstance(this, DESERIALIZATION_TYPE, HIGH_PRIORITY) .addClass(javaClass) .addString(javaClass.getClassName() + " on field " + field.getName() + " of type " + field.getType() + " annotated with " + annotation.toShortString()) .addField(FieldAnnotation.fromBCELField(javaClass, field)) .addString("") ); } } } } }
FieldAnnotation existingAnnotation = wiredFields.get(wt); if (existingAnnotation == null) { wiredFields.put(wt, FieldAnnotation.fromBCELField(cls.getClassName(), field)); } else { bugReporter.reportBug(new BugInstance(this, BugType.WI_DUPLICATE_WIRED_TYPES.name(), NORMAL_PRIORITY).addClass(cls) .addField(FieldAnnotation.fromBCELField(cls, field)).addField(existingAnnotation)); wiredFields.remove(wt);
wiredFields.put(wt, FieldAnnotation.fromBCELField(cls.getClassName(), field));
FieldAnnotation existingAnnotation = wiredFields.get(wt); if (existingAnnotation == null) { wiredFields.put(wt, FieldAnnotation.fromBCELField(cls.getClassName(), field)); } else { bugReporter.reportBug(new BugInstance(this, BugType.WI_DUPLICATE_WIRED_TYPES.name(), NORMAL_PRIORITY).addClass(cls) .addField(FieldAnnotation.fromBCELField(cls, field)).addField(existingAnnotation)); wiredFields.remove(wt);
wiredFields.put(wt, FieldAnnotation.fromBCELField(cls.getClassName(), field));
FieldAnnotation fa = FieldAnnotation.fromBCELField(getDottedClassName(), f); if (true || var.getStartPC() > 0) { bugReporter.reportBug(new BugInstance(this, "MF_METHOD_MASKS_FIELD", LOW_PRIORITY)
FieldAnnotation.fromBCELField(classContext.getJavaClass(), shadowedField)).describe( FieldAnnotation.DID_YOU_MEAN_ROLE); bugInstance.addField(FieldAnnotation.fromBCELField(classContext.getJavaClass(), shadowedField)).describe( FieldAnnotation.DID_YOU_MEAN_ROLE);