private static Iterator<Location> getLocationIterator(ClassContext classContext, Method method) throws CheckedAnalysisException { try { return classContext.getCFG(method).locationIterator(); } catch (CFGBuilderException ex) { throw new CheckedAnalysisException("cannot get control flow graph", ex); } }
private void analyzeMethod(ClassContext classContext, Method method) throws CFGBuilderException, DataflowAnalysisException { MethodGen methodGen = classContext.getMethodGen(method); CFG cfg = classContext.getCFG(method); LockDataflow dataflow = classContext.getLockDataflow(method); for (Iterator<Location> j = cfg.locationIterator(); j.hasNext();) { Location location = j.next(); visitLocation(classContext, location, methodGen, dataflow); } }
@Override public LockResourceTracker getResourceTracker(ClassContext classContext, Method method) throws CFGBuilderException, DataflowAnalysisException { return new LockResourceTracker(bugReporter, classContext.getCFG(method), classContext.getValueNumberDataflow(method), classContext.getIsNullValueDataflow(method)); }
private boolean mightCloseResource(ClassContext classContext, Method method, ResourceTrackerType resourceTracker) throws CFGBuilderException, DataflowAnalysisException { CFG cfg = classContext.getCFG(method); ConstantPoolGen cpg = classContext.getConstantPoolGen(); for (Iterator<Location> i = cfg.locationIterator(); i.hasNext();) { Location location = i.next(); if (resourceTracker.mightCloseResource(location.getBasicBlock(), location.getHandle(), cpg)) { return true; } } return false; }
/** * Constructor. * * @param pattern * the ByteCodePattern to look for examples of * @param classContext * ClassContext for the class to analyze * @param method * the Method to analyze */ public PatternMatcher(ByteCodePattern pattern, ClassContext classContext, Method method) throws CFGBuilderException, DataflowAnalysisException { this.pattern = pattern; this.cfg = classContext.getCFG(method); this.cpg = classContext.getConstantPoolGen(); this.dfs = classContext.getDepthFirstSearch(method); this.vnaDataflow = classContext.getValueNumberDataflow(method); this.domAnalysis = classContext.getNonExceptionDominatorsAnalysis(method); this.workList = new LinkedList<>(); this.visitedBlockMap = new IdentityHashMap<>(); this.resultList = new LinkedList<>(); }
/** * Get a Location matching the given PC value. Because of JSR subroutines, * there may be multiple Locations referring to the given instruction. This * method simply returns one of them arbitrarily. * * @param classContext * the ClassContext containing the method * @param method * the method * @param pc * a PC value of an instruction in the method * @return a Location corresponding to the PC value, or null if no such * Location can be found * @throws CFGBuilderException */ private static Location pcToLocation(ClassContext classContext, Method method, int pc) throws CFGBuilderException { CFG cfg = classContext.getCFG(method); for (Iterator<Location> i = cfg.locationIterator(); i.hasNext();) { Location location = i.next(); if (location.getHandle().getPosition() == pc) { return location; } } return null; }
private boolean hasManyPreceedingNullTests(int pc) { int ifNullTests = 0; BitSet seen = new BitSet(); try { for (Iterator<Location> i = classContext.getCFG(method).locationIterator(); i.hasNext();) { Location loc = i.next(); int pc2 = loc.getHandle().getPosition(); if (pc2 >= pc || pc2 < pc - 30) { continue; } Instruction ins = loc.getHandle().getInstruction(); if ((ins instanceof IFNONNULL || ins instanceof IFNULL || ins instanceof NullnessConversationInstruction) && !seen.get(pc2)) { ifNullTests++; seen.set(pc2); } } boolean result = ifNullTests > 2; // System.out.println("Preceding null tests " + ifNullTests + " " + // ifNonnullTests + " " + result); return result; } catch (CFGBuilderException e) { return false; } }
private ResourceCollection<Resource> buildResourceCollection(ClassContext classContext, Method method, ResourceTrackerType resourceTracker) throws CFGBuilderException, DataflowAnalysisException { ResourceCollection<Resource> resourceCollection = new ResourceCollection<>(); CFG cfg = classContext.getCFG(method); ConstantPoolGen cpg = classContext.getConstantPoolGen(); for (Iterator<Location> i = cfg.locationIterator(); i.hasNext();) { Location location = i.next(); Resource resource = resourceTracker.isResourceCreation(location.getBasicBlock(), location.getHandle(), cpg); if (resource != null) { resourceCollection.addCreatedResource(location, resource); } } return resourceCollection; }
public boolean isDuplicated(WarningPropertySet<WarningProperty> propertySet, int pc, boolean isConsistent) { boolean duplicated = false; if (!isConsistent) { if (propertySet.containsProperty(NullDerefProperty.DEREFS_ARE_CLONED)) { duplicated = true; } else { try { CFG cfg = classContext.getCFG(method); if (cfg.getLocationsContainingInstructionWithOffset(pc).size() > 1) { propertySet.addProperty(NullDerefProperty.DEREFS_ARE_INLINED_FINALLY_BLOCKS); duplicated = true; } } catch (CFGBuilderException e) { AnalysisContext.logError("Error while analyzing " + classContext.getFullyQualifiedMethodName(method), e); } } } return duplicated; }
private boolean isSafeValue(Location location, ConstantPoolGen cpg) throws CFGBuilderException { Instruction prevIns = location.getHandle().getInstruction(); if (prevIns instanceof LDC || prevIns instanceof GETSTATIC) { return true; } if (prevIns instanceof InvokeInstruction) { String methodName = ((InvokeInstruction) prevIns).getMethodName(cpg); if (methodName.startsWith("to") && methodName.endsWith("String") && methodName.length() > 8) { return true; } } if (prevIns instanceof AALOAD) { CFG cfg = classContext.getCFG(method); Location prev = getPreviousLocation(cfg, location, true); if (prev != null) { Location prev2 = getPreviousLocation(cfg, prev, true); if (prev2 != null && prev2.getHandle().getInstruction() instanceof GETSTATIC) { GETSTATIC getStatic = (GETSTATIC) prev2.getHandle().getInstruction(); if ("[Ljava/lang/String;".equals(getStatic.getSignature(cpg))) { return true; } } } } return false; }
UselessValuesContext(ClassContext classContext, Method method) throws CheckedAnalysisException { this.classContext = classContext; this.method = method; cfg = classContext.getCFG(method); cpg = cfg.getMethodGen().getConstantPool(); ta = classContext.getTypeDataflow(method).getAnalysis(); vna = classContext.getValueNumberDataflow(method).getAnalysis(); }
private void analyzeMethod(ClassContext classContext, Method method) throws CFGBuilderException, ClassNotFoundException, DataflowAnalysisException { CFG cfg = classContext.getCFG(method); for (Iterator<Location> i = cfg.locationIterator(); i.hasNext();) { Location location = i.next(); Instruction ins = location.getHandle().getInstruction(); if (ins instanceof InvokeInstruction) { if (TARGET_METHOD != null && !((InvokeInstruction) ins).getMethodName(classContext.getConstantPoolGen()).equals(TARGET_METHOD)) { continue; } System.out.println("\n*******************************************************\n"); System.out.println("Method invocation: " + location.getHandle()); System.out.println("\tInvoking: " + SignatureConverter.convertMethodSignature((InvokeInstruction) ins, classContext.getConstantPoolGen())); JavaClassAndMethod proto = Hierarchy.findInvocationLeastUpperBound((InvokeInstruction) ins, classContext.getConstantPoolGen()); if (proto == null) { System.out.println("\tUnknown prototype method"); } else { System.out.println("\tPrototype method: class=" + proto.getJavaClass().getClassName() + ", method=" + proto.getMethod()); } Set<JavaClassAndMethod> calledMethodSet = Hierarchy.resolveMethodCallTargets((InvokeInstruction) ins, classContext.getTypeDataflow(method).getFactAtLocation(location), classContext.getConstantPoolGen()); System.out.println("\tTarget method set: " + calledMethodSet); } } }
@Override public void visitMethod(Method obj) { if (sawDateClass) { try { super.visitMethod(obj); currentMethod = obj; currentLockDataFlow = getClassContext().getLockDataflow(currentMethod); currentCFG = getClassContext().getCFG(currentMethod); } catch (CFGBuilderException e) { reporter.logError("Synchronization check in Static Calendar Detector caught an error.", e); } catch (DataflowAnalysisException e) { reporter.logError("Synchronization check in Static Calendar Detector caught an error.", e); } } }
private void analyzeMethod(Method m, ClassContext classContext) throws CFGBuilderException, DataflowAnalysisException { ConstantPoolGen cpg = classContext.getConstantPoolGen(); CFG cfg = classContext.getCFG(m); for (Iterator<Location> i = cfg.locationIterator(); i.hasNext(); ) { Location location = i.next(); Instruction inst = location.getHandle().getInstruction(); if (inst instanceof LDC) { LDC ldc = (LDC) inst; if (ldc != null) { if("java.naming.security.authentication".equals(ldc.getValue(cpg)) && "none".equals(ByteCode.getConstantLDC(location.getHandle().getNext(), cpg, String.class))){ JavaClass clz = classContext.getJavaClass(); bugReporter.reportBug(new BugInstance(this, LDAP_ANONYMOUS, Priorities.LOW_PRIORITY) // .addClass(clz) .addMethod(clz, m) .addSourceLine(classContext, m, location)); break; } } } } }
private void analyzeMethod(Method m, ClassContext classContext) throws CFGBuilderException{ JavaClass clazz = classContext.getJavaClass(); ConstantPoolGen cpg = classContext.getConstantPoolGen(); CFG cfg = classContext.getCFG(m); for (Iterator<Location> i = cfg.locationIterator(); i.hasNext(); ) { Location loc = i.next(); Instruction inst = loc.getHandle().getInstruction(); if (inst instanceof INVOKEVIRTUAL) { INVOKEVIRTUAL invoke = (INVOKEVIRTUAL)inst; if( "java.lang.StringBuilder".equals(invoke.getClassName(cpg)) && "append".equals(invoke.getMethodName(cpg))) { Instruction prev = loc.getHandle().getPrev().getInstruction(); if (prev instanceof LDC) { LDC ldc = (LDC)prev; Object value = ldc.getValue(cpg); if (value instanceof String) { String v = (String)value; if ("redirect:".equals(v)) { BugInstance bug = new BugInstance(this, SPRING_UNVALIDATED_REDIRECT_TYPE, Priorities.NORMAL_PRIORITY); bug.addClass(clazz).addMethod(clazz,m).addSourceLine(classContext,m,loc); reporter.reportBug(bug); } } } } } } }
CFG cfg = classContext.getCFG(method); DepthFirstSearch dfs = classContext.getDepthFirstSearch(method);
private void analyzeMethod(Method m, ClassContext classContext) throws CFGBuilderException, DataflowAnalysisException { MethodGen methodGen = classContext.getMethodGen(m); ConstantPoolGen cpg = classContext.getConstantPoolGen(); CFG cfg = classContext.getCFG(m); if (methodGen == null || methodGen.getInstructionList() == null) { return; //No instruction .. nothing to do } for (Iterator<Location> i = cfg.locationIterator(); i.hasNext(); ) { Location location = i.next(); Instruction inst = location.getHandle().getInstruction(); if (inst instanceof InvokeInstruction) { InvokeInstruction invoke = (InvokeInstruction) inst; String methodName = invoke.getMethodName(cpg); if ("enableDefaultTyping".equals(methodName)) { JavaClass clz = classContext.getJavaClass(); bugReporter.reportBug(new BugInstance(this, DESERIALIZATION_TYPE, HIGH_PRIORITY) .addClass(clz) .addMethod(clz, m) .addCalledMethod(cpg, invoke) .addSourceLine(classContext, m, location) ); } } } }
private void analyzeMethod(ClassContext classContext, Method method) throws CFGBuilderException, DataflowAnalysisException { // System.out.println("Checking " + method); CFG cfg = classContext.getCFG(method); LockDataflow lockDataflow = classContext.getLockDataflow(method); for (Iterator<Location> i = cfg.locationIterator(); i.hasNext();) { Location location = i.next(); Instruction ins = location.getHandle().getInstruction(); if (!(ins instanceof INVOKESTATIC)) { continue; } if (!isSleep((INVOKESTATIC) ins, classContext.getConstantPoolGen())) { continue; } // System.out.println("Found sleep at " + location.getHandle()); LockSet lockSet = lockDataflow.getFactAtLocation(location); if (lockSet.getNumLockedObjects() > 0) { bugAccumulator.accumulateBug( new BugInstance(this, "SWL_SLEEP_WITH_LOCK_HELD", NORMAL_PRIORITY).addClassAndMethod( classContext.getJavaClass(), method), classContext, method, location); } } bugAccumulator.reportAccumulatedBugs(); }
public void dumpSimpleDataflowInformation(Method method) { try { dumpDataflowInformation(method, getCFG(method), getValueNumberDataflow(method), getIsNullValueDataflow(method), null, null); } catch (DataflowAnalysisException e) { AnalysisContext.logError( "Could not dump data information for " + getJavaClass().getClassName() + "." + method.getName(), e); } catch (CFGBuilderException e) { AnalysisContext.logError( "Could not dump data information for " + getJavaClass().getClassName() + "." + method.getName(), e); } }
public void dumpDataflowInformation(Method method) { try { dumpDataflowInformation(method, getCFG(method), getValueNumberDataflow(method), getIsNullValueDataflow(method), getUnconditionalValueDerefDataflow(method), getTypeDataflow(method)); } catch (DataflowAnalysisException e) { AnalysisContext.logError( "Could not dump data information for " + getJavaClass().getClassName() + "." + method.getName(), e); } catch (CFGBuilderException e) { AnalysisContext.logError( "Could not dump data information for " + getJavaClass().getClassName() + "." + method.getName(), e); } }