private int taintPriority(OpcodeStack.Item writing) { if (writing == null) { return Priorities.NORMAL_PRIORITY; } XMethod method = writing.getReturnValueOf(); if (method != null && "getParameter".equals(method.getName()) && "javax.servlet.http.HttpServletRequest".equals(method.getClassName())) { return Priorities.HIGH_PRIORITY; } return Priorities.NORMAL_PRIORITY; }
@Nullable private CheckReturnValueAnnotation getResolvedAnnotationOnConstructor(XMethod m) { try { if (throwableClass != null && Repository.instanceOf(m.getClassName(), throwableClass)) { return CheckReturnValueAnnotation.CHECK_RETURN_VALUE_VERY_HIGH; } } catch (ClassNotFoundException e) { AnalysisContext.reportMissingClass(e); } if ("java.lang.Thread".equals(m.getClassName())) { return CheckReturnValueAnnotation.CHECK_RETURN_VALUE_VERY_HIGH; } try { if (threadClass != null && Repository.instanceOf(m.getClassName(), threadClass)) { return CheckReturnValueAnnotation.CHECK_RETURN_VALUE_LOW; } } catch (ClassNotFoundException e) { AnalysisContext.reportMissingClass(e); } return null; }
public boolean isServletWriter() { if (getSpecialKind() == Item.SERVLET_OUTPUT) { return true; } if ("Ljavax/servlet/ServletOutputStream;".equals(getSignature())) { return true; } XMethod writingToSource = getReturnValueOf(); return writingToSource != null && "javax.servlet.http.HttpServletResponse".equals(writingToSource.getClassName()) && ("getWriter".equals(writingToSource.getName()) || "getOutputStream".equals(writingToSource.getName())); }
/** * @param item stack item to check * @return true if this stack item is known to be newly created */ private static boolean isNew(OpcodeStack.Item item) { if(item.isNewlyAllocated()) { return true; } XMethod returnValueOf = item.getReturnValueOf(); if(returnValueOf == null) { return false; } if("iterator".equals(returnValueOf.getName()) && "()Ljava/util/Iterator;".equals(returnValueOf.getSignature()) && Subtypes2.instanceOf(returnValueOf.getClassName(), "java.lang.Iterable")) { return true; } if(returnValueOf.getClassName().startsWith("[") && returnValueOf.getName().equals("clone")) { return true; } if(NEW_OBJECT_RETURNING_METHODS.contains(returnValueOf.getMethodDescriptor())) { return true; } return false; }
/** * Convenience method for generating a method signature in human readable * form. * * @param xmethod * an XMethod * @return the formatted version of that signature */ public static String convertMethodSignature(XMethod xmethod) { @DottedClassName String className = xmethod.getClassName(); assert className.indexOf('/') == -1; return convertMethodSignature(className, xmethod.getName(), xmethod.getSignature()); }
@Override public CheckReturnValueAnnotation getResolvedAnnotation(Object o, boolean getMinimal) { if (!(o instanceof XMethod)) { return null; } XMethod m = (XMethod) o; if (m.getName().startsWith("access$")) { return null; } else if (Const.CONSTRUCTOR_NAME.equals(m.getName())) { CheckReturnValueAnnotation a = getResolvedAnnotationOnConstructor(m); if (a != null) { return a; } } else if ("equals".equals(m.getName()) && LJAVA_LANG_OBJECT_Z.equals(m.getSignature()) && !m.isStatic()) { return CheckReturnValueAnnotation.CHECK_RETURN_VALUE_MEDIUM; } else if (m.getSignature().endsWith(")Ljava/lang/String;") && ("java.lang.StringBuffer".equals(m.getClassName()) || "java.lang.StringBuilder".equals(m.getClassName()))) { return CheckReturnValueAnnotation.CHECK_RETURN_VALUE_MEDIUM; } CheckReturnValueAnnotation annotationOnMethod = super.getResolvedAnnotation(o, getMinimal); if (annotationOnMethod == null) { // https://github.com/spotbugs/spotbugs/issues/429 // BuildCheckReturnAnnotationDatabase does not visit non-application classes, // so we need to check package info dynamically return packageInfoCache.computeIfAbsent(m.getPackageName(), this::parsePackage); } return annotationOnMethod; }
public static boolean confusingMethodNamesWrongCapitalization(XMethod m1, XMethod m2) { if (m1.isStatic() != m2.isStatic()) { return false; } if (m1.getClassName().equals(m2.getClassName())) { return false; } if (m1.getName().equals(m2.getName())) { return false; } if (m1.getName().equalsIgnoreCase(m2.getName()) && removePackageNamesFromSignature(m1.getSignature()).equals(removePackageNamesFromSignature(m2.getSignature()))) { return true; } return false; }
protected void addMethodAnnotation(@DottedClassName String cName, String mName, String mSig, boolean isStatic, AnnotationEnum annotation) { if (addClassOnly) { return; } XMethod m = XFactory.createXMethod(cName, mName, mSig, isStatic); if (!m.getClassName().equals(cName)){ return; } /* if (false && !m.isResolved()) { System.out.println("Unable to add annotation " + annotation + " to " + m); ClassDescriptor c = DescriptorFactory.createClassDescriptorFromDottedClassName(cName); if (true) try { XClass xClass = Global.getAnalysisCache().getClassAnalysis(XClass.class, c); if (xClass != null) { System.out.println("class has methods: "); for (XMethod m2 : xClass.getXMethods()) System.out.println(" " + m2); } } catch (CheckedAnalysisException e) { e.printStackTrace(); } } */ addDirectAnnotation(m, annotation); }
static boolean isIdentifyFunctionForTypeQualifiers(XMethod m) { String className = m.getClassName(); if (!className.startsWith("java.lang")) { return false; } String methodName = m.getName(); if (m.isStatic()) { if (!"valueOf".equals(methodName)) { return false; } String signature = m.getSignature(); if (signature.charAt(2) != ')') { return false; } } else { String simpleClassName = ClassName.extractSimpleName(className); if (!methodName.equals(primitiveType(simpleClassName) + "Value")) { return false; } String signature = m.getSignature(); if (signature.charAt(1) != ')') { return false; } } return true; }
public static boolean confusingMethodNamesWrongPackage(XMethod m1, XMethod m2) { if (m1.isStatic() != m2.isStatic()) { return false; } if (m1.getClassName().equals(m2.getClassName())) { return false; } if (!m1.getName().equals(m2.getName())) { return false; } if (m1.getSignature().equals(m2.getSignature())) { return false; } if (removePackageNamesFromSignature(m1.getSignature()).equals(removePackageNamesFromSignature(m2.getSignature()))) { return true; } return false; }
/** * Create a MethodAnnotation from an XMethod. * * @param xmethod * the XMethod * @return the MethodAnnotation */ public static MethodAnnotation fromXMethod(XMethod xmethod) { return fromForeignMethod(xmethod.getClassName(), xmethod.getName(), xmethod.getSignature(), xmethod.isStatic()); }
InnerClassAccessMap icam = AnalysisContext.currentAnalysisContext().getInnerClassAccessMap(); try { InnerClassAccess ica = icam.getInnerClassAccess(m.getClassName(), m.getName()); if (ica != null && ica.isLoad()) { o = ica.getField();
/** * Constructor. * * @param method * an XMethod specifying a specific method in a specific class * @throws ClassNotFoundException */ public JavaClassAndMethod(XMethod method) throws ClassNotFoundException { this.javaClass = Repository.lookupClass(method.getClassName()); for (Method m : javaClass.getMethods()) { if (m.getName().equals(method.getName()) && m.getSignature().equals(method.getSignature()) && m.isStatic() == method.isStatic()) { this.method = m; return; } } throw new IllegalArgumentException("Can't find " + method); }
if ("compare".equals(name) && m.getClassName().startsWith("com.google.common.primitives.")) { return true;
private boolean checkNonSuper(XMethod m, Set<XMethod> others) { if (m.isStatic()) { return false; } if (m.getName().startsWith(Const.CONSTRUCTOR_NAME) || m.getName().startsWith(Const.STATIC_INITIALIZER_NAME)) { return false; } for (XMethod m2 : others) { if (confusingMethodNamesWrongCapitalization(m, m2)) { XMethod mm1; XMethod mm2; if (m.compareTo(m2) < 0) { mm1 = m; mm2 = m2; } else { mm1 = m2; mm2 = m; } bugReporter.reportBug(new BugInstance(this, "NM_CONFUSING", LOW_PRIORITY).addClass(mm1.getClassName()) .addMethod(mm1).addClass(mm2.getClassName()).addMethod(mm2)); return true; } } return false; }
@Override public void addMethodParameterAnnotation(@DottedClassName String cName, String mName, String sig, boolean isStatic, int param, NullnessAnnotation annotation) { if (DEBUG) { System.out.println("addMethodParameterAnnotation: annotate " + cName + "." + mName + " param " + param + " with " + annotation); } XMethod xmethod = getXMethod(cName, mName, sig, isStatic); if (xmethod == null) { return; } // Get JSR-305 nullness annotation type ClassDescriptor nullnessAnnotationType = getNullnessAnnotationClassDescriptor(annotation); // Create an AnnotationValue AnnotationValue annotationValue = new AnnotationValue(nullnessAnnotationType); if (!xmethod.getClassName().equals(cName)) { if (SystemProperties.ASSERTIONS_ENABLED) { AnalysisContext.logError("Could not fully resolve method " + cName + "." + mName + sig + " to apply annotation " + annotation); } return; } if (SystemProperties.ASSERTIONS_ENABLED) { SignatureParser parser = new SignatureParser(sig); int numParams = parser.getNumParameters(); assert param < numParams; } // Destructively add the annotation to the MethodInfo object xmethod.addParameterAnnotation(param, annotationValue); }
.getHandle().getPosition()); if (catchSizeNPE == Integer.MAX_VALUE && (!"java.lang.Integer".equals(called.getClassName()) || catchSizeNFE == Integer.MAX_VALUE)) {
private boolean safeCallToPrimateParseMethod(XMethod calledMethod, Location location) { int position = location.getHandle().getPosition(); if ("java.lang.Integer".equals(calledMethod.getClassName())) { ConstantPool constantPool = classContext.getJavaClass().getConstantPool(); Code code = method.getCode(); int catchSize; catchSize = Util.getSizeOfSurroundingTryBlock(constantPool, code, "java/lang/NumberFormatException", position); if (catchSize < Integer.MAX_VALUE) { return true; } catchSize = Util.getSizeOfSurroundingTryBlock(constantPool, code, "java/lang/IllegalArgumentException", position); if (catchSize < Integer.MAX_VALUE) { return true; } catchSize = Util.getSizeOfSurroundingTryBlock(constantPool, code, "java/lang/RuntimeException", position); if (catchSize < Integer.MAX_VALUE) { return true; } catchSize = Util.getSizeOfSurroundingTryBlock(constantPool, code, "java/lang/Exception", position); if (catchSize < Integer.MAX_VALUE) { return true; } } return false; }
Item item = getStack().getStackItem(0); XMethod returnValueOf = item.getReturnValueOf(); if(returnValueOf != null && returnValueOf.getClassName().startsWith("org.w3c.dom.") && returnValueOf.getName().startsWith("getElementsByTagName")) { matched.put(getPC(), new BugInstance(this, "IIL_ELEMENTS_GET_LENGTH_IN_LOOP", NORMAL_PRIORITY).addClassAndMethod(this)
InnerClassAccessMap icam = AnalysisContext.currentAnalysisContext().getInnerClassAccessMap(); try { InnerClassAccess ica = icam.getInnerClassAccess(m.getClassName(), m.getName()); if (ica != null && ica.isLoad()) { o = ica.getField();