buf.append(", IP"); if (isNull()) { buf.append(", isNull");
private void reportBadSink() { if (!sinkMethods.containsKey(calledMethod)) { return; } Collection<Integer> offsets = sinkMethods.get(calledMethod); Collection<Integer> offsetsToReport = new ArrayList<Integer>(); for (Integer offset : offsets) { if (hasHardCodedStackItem(offset) && !stack.getStackItem(offset).isNull()) { offsetsToReport.add(offset); String sourceField = getStackFieldName(offset); if (sourceField != null) { reportedFields.add(sourceField); } } } if (!offsetsToReport.isEmpty()) { reportBugSink(Priorities.HIGH_PRIORITY, offsets); } }
private void markHardCodedItemsFromFlow() { for (int i = 0; i < stack.getStackDepth(); i++) { OpcodeStack.Item stackItem = stack.getStackItem(i); if ((stackItem.getConstant() != null || stackItem.isNull()) && !stackItem.getSignature().startsWith("[")) { setHardCodedItem(stackItem); } if (hasHardCodedFieldSource(stackItem)) { setHardCodedItem(stackItem); } } }
private void saveArrayFieldIfHardCoded() { String fieldSignature = getSigConstantOperand(); if (isSupportedSignature(fieldSignature) && hasHardCodedStackItem(0) && !stack.getStackItem(0).isNull()) { String fieldName = getFullFieldName(); hardCodedFields.add(fieldName); } }
if (valuePut.isNull()) { priority++; } else { OpcodeStack.Item item1 = stack.getStackItem(1); XField field1 = item1.getXField(); if (item0.isNull() && field1 != null) { data.nullTested.add(field1); } else { XField field0 = item0.getXField(); if (item1.isNull() && field0 != null) { data.nullTested.add(field0); if (stack.getStackDepth() > 0) { item = stack.getStackItem(0); if (!item.isNull()) { data.nullTested.add(f);
priority++; boolean storeOfDefaultValue = putFieldValue.isNull() || putFieldValue.hasConstantValue(0); if (storeOfDefaultValue) { priority++;
if (rv.isNull()) { break;
if (allowedFields.contains(getFieldDescriptorOperand())) { Item valueItem = getStack().getStackItem(0); if (!isNew(valueItem) && !valueItem.isNull()) { allowedFields.remove(getFieldDescriptorOperand());
int pc = e.getKey(); OpcodeStack.Item value = e.getValue(); if (value.isNull() || value.hasConstantValue(0)) { priority++;
if ((isRegisterStore() && !isRegisterLoad()) || seen == Const.PUTFIELD || seen == Const.PUTSTATIC || seen == Const.ARETURN) { Item valueItem = getStack().getStackItem(0); if(!valueItem.isNull() && valueItem.isNewlyAllocated() && valueItem.getSignature().startsWith("[L") && !((Integer)0).equals(valueItem.getConstant())) { String valueClass = valueItem.getSignature().substring(2, valueItem.getSignature().length()-1); if(!valueItem.isNull()) { Item arrayItem = getStack().getStackItem(2); String arraySignature = arrayItem.getSignature();
OpcodeStack.Item value = stack.getStackItem(0); int priority = Priorities.HIGH_PRIORITY; if (value.isNull()) { priority = Priorities.NORMAL_PRIORITY;
Item first = stack.getStackItem(0); boolean isPutOfDefaultValue = first.isNull(); // huh?? ||
Item summary = fieldSummary.getSummary(xfield); if (summary != null) { if (xfield.isFinal() && summary.isNull()) { return TypeFrame.getNullType();
if (field.isFinal()) { Item summary = AnalysisContext.currentAnalysisContext().getFieldSummary().getSummary(field); if (summary.isNull()) { produce(IsNullValue.nullValue()); return;
@Override public void visitGETFIELD(GETFIELD obj) { Type type = obj.getType(getCPG()); if (STRING_SIGNATURE.equals(type.getSignature())) { handleLoad(obj); } else { XField xf = XFactory.createXField(obj, cpg); if (xf.isFinal()) { FieldSummary fieldSummary = AnalysisContext.currentAnalysisContext().getFieldSummary(); Item summary = fieldSummary.getSummary(xf); if (summary.isNull()) { consumeStack(obj); pushValue(TypeFrame.getNullType()); return; } String slashedClassName = ClassName.fromFieldSignature(type.getSignature()); if (slashedClassName != null) { String dottedClassName = ClassName.toDottedClassName(slashedClassName); if (DEFAULT_SUSPICIOUS_SET.contains(dottedClassName)) { type = new FinalConstant(dottedClassName, xf); consumeStack(obj); pushValue(type); return; } } } super.visitGETFIELD(obj); } }
@Override public void visitGETSTATIC(GETSTATIC obj) { Type type = obj.getType(getCPG()); XField xf = XFactory.createXField(obj, cpg); if (xf.isFinal()) { FieldSummary fieldSummary = AnalysisContext.currentAnalysisContext().getFieldSummary(); Item summary = fieldSummary.getSummary(xf); if (summary.isNull()) { pushValue(TypeFrame.getNullType()); return; } String slashedClassName = ClassName.fromFieldSignature(type.getSignature()); if (slashedClassName != null) { String dottedClassName = ClassName.toDottedClassName(slashedClassName); if (DEFAULT_SUSPICIOUS_SET.contains(dottedClassName)) { type = new FinalConstant(dottedClassName, xf); consumeStack(obj); pushValue(type); return; } } } if (STRING_SIGNATURE.equals(type.getSignature())) { handleLoad(obj); } else { super.visitGETSTATIC(obj); } }
private void saveArrayFieldIfHardCoded() { String fieldSignature = getSigConstantOperand(); if (isSupportedSignature(fieldSignature) && hasHardCodedStackItem(0) && !stack.getStackItem(0).isNull()) { String fieldName = getFullFieldName(); hardCodedFields.add(fieldName); } }
private void markHardCodedItemsFromFlow() { for (int i = 0; i < stack.getStackDepth(); i++) { OpcodeStack.Item stackItem = stack.getStackItem(i); if ((stackItem.getConstant() != null || stackItem.isNull()) && !stackItem.getSignature().startsWith("[")) { setHardCodedItem(stackItem); } if (hasHardCodedFieldSource(stackItem)) { setHardCodedItem(stackItem); } } }