@Override public boolean equals(Object obj) { if (obj == null) { return false; } if (!(obj instanceof TaintLocation)) { return false; } final TaintLocation other = (TaintLocation) obj; return methodDescriptor.equals(other.methodDescriptor) && position == other.position; }
@Override public boolean equals(Object obj) { if (this == obj) { return true; } if (obj == null) { return false; } if (getClass() != obj.getClass()) { return false; } MethodParameter other = (MethodParameter) obj; if (md == null) { if (other.md != null) { return false; } } else if (!md.equals(other.md)) { return false; } if (parameterNumber != other.parameterNumber) { return false; } return true; } }
@Override public boolean equals(Object obj) { if (this == obj) { return true; } if (obj == null) { return false; } if (getClass() != obj.getClass()) { return false; } MethodCall other = (MethodCall) obj; if (!method.equals(other.method)) { return false; } if (!target.equals(other.target)) { return false; } return true; } }
@Override public final void visitCode(Code obj) { if (!getMethodDescriptor().equals(descriptor)) { throw new IllegalStateException(); } if (DEBUG1) { System.out.println(descriptor); } stack.resetForMethodEntry0(this); super.visitCode(obj); if (DEBUG1) { System.out.println(); } }
/** * @param m method to check * @return array of argument numbers (0-based) which this method writes into or null if we don't know anything about this method */ private static int changedArg(MethodDescriptor m) { if(m.equals(ARRAY_COPY)) { return 2; } if(m.getName().equals("toArray") && m.getSignature().equals("([Ljava/lang/Object;)[Ljava/lang/Object;") && Subtypes2.instanceOf(m.getClassDescriptor(), "java.util.Collection")) { return 0; } if ((m.getName().equals("sort") || m.getName().equals("fill") || m.getName().equals("reverse") || m.getName().equals( "shuffle")) && (m.getSlashedClassName().equals("java/util/Arrays") || m.getSlashedClassName().equals("java/util/Collections"))) { return 0; } return -1; }
for(MethodCall call : entry.getValue()) { uselessVoidCandidate = false; if((call.getMethod().equals(method) && call.getTarget() == TARGET_THIS) || method.isStatic()) { uselessVoidCandidate = true; } else {
@Override public void sawOpcode(int seen) { if (seen == Const.INVOKEVIRTUAL || seen == Const.INVOKEINTERFACE) { check("Ljava/util/HashSet;", HASHSET_KEY_METHODS, 1, 0); check("Ljava/util/HashMap;", HASHMAP_KEY_METHODS, 1, 0); check("Ljava/util/HashMap;", HASHMAP_TWO_ARG_KEY_METHODS, 2, 1); } if (seen == Const.INVOKEVIRTUAL && (getMethodDescriptorOperand().equals(URL_EQUALS) || getMethodDescriptorOperand().equals(URL_HASHCODE))) { accumulator.accumulateBug( new BugInstance(this, "DMI_BLOCKING_METHODS_ON_URL", HIGH_PRIORITY).addClassAndMethod(this) .addCalledMethod(this), this); } } }
String returnType = new SignatureParser(m.getSignature()).getReturnTypeSignature(); if (!returnType.equals("V") || m.getName().equals(Const.CONSTRUCTOR_NAME)) { if(m.equals(GET_CLASS)) { if(m.equals(CLASS_GET_NAME) // used sometimes to trigger class loading || m.equals(HASH_CODE) // found intended hashCode call several times in different projects, need further research ) { noSideEffectMethods.add(m, MethodSideEffectStatus.NSE_EX);
matched.put(getPC(), new BugInstance(this, "IIL_PREPARE_STATEMENT_IN_LOOP", NORMAL_PRIORITY).addClassAndMethod(this) .addSourceLine(this, getPC()).addCalledMethod(this)); } else if (seen == Const.INVOKEINTERFACE && getMethodDescriptorOperand().equals(NODELIST_GET_LENGTH)) { Item item = getStack().getStackItem(0); XMethod returnValueOf = item.getReturnValueOf(); && (getMethodDescriptorOperand().equals(PATTERN_COMPILE) || getMethodDescriptorOperand() .equals(PATTERN_COMPILE_2)) && hasConstantArguments()) { String regex = getFirstArgument(); matched.put(getPC(), new BugInstance(this, "IIL_PATTERN_COMPILE_IN_LOOP", NORMAL_PRIORITY).addClassAndMethod(this)
@Override public Method analyze(IAnalysisCache analysisCache, MethodDescriptor descriptor) throws CheckedAnalysisException { JavaClass jclass = analysisCache.getClassAnalysis(JavaClass.class, descriptor.getClassDescriptor()); Method[] methodList = jclass.getMethods(); Method result = null; // As a side-effect, cache all of the Methods for this JavaClass for (Method method : methodList) { MethodDescriptor methodDescriptor = DescriptorFactory.instance().getMethodDescriptor( descriptor.getSlashedClassName(), method.getName(), method.getSignature(), method.isStatic()); // Put in cache eagerly analysisCache.eagerlyPutMethodAnalysis(Method.class, methodDescriptor, method); if (methodDescriptor.equals(descriptor)) { result = method; } } return result; }
if (md.equals(STRING_SUBSTRING)) {
&& (previousMethodCall.equals(rvo) || signature.equals(primitiveType)) && (getThisClass().getMajor() >= Const.MAJOR_1_7 || getThisClass().getMajor() >= Const.MAJOR_1_4 && (primitiveType.equals("D") || primitiveType.equals("F")))) {
@Override public boolean equals(Object obj) { if (obj == null) { return false; } if (!(obj instanceof TaintLocation)) { return false; } final TaintLocation other = (TaintLocation) obj; return methodDescriptor.equals(other.methodDescriptor) && position == other.position; }
@Override public boolean equals(Object obj) { if (obj == null) { return false; } if (!(obj instanceof TaintLocation)) { return false; } final TaintLocation other = (TaintLocation) obj; return methodDescriptor.equals(other.methodDescriptor) && position == other.position; }
@Override public boolean equals(Object obj) { if (this == obj) { return true; } if (obj == null) { return false; } if (getClass() != obj.getClass()) { return false; } MethodParameter other = (MethodParameter) obj; if (md == null) { if (other.md != null) { return false; } } else if (!md.equals(other.md)) { return false; } if (parameterNumber != other.parameterNumber) { return false; } return true; } }
@Override public boolean equals(Object obj) { if (this == obj) { return true; } if (obj == null) { return false; } if (getClass() != obj.getClass()) { return false; } MethodCall other = (MethodCall) obj; if (!method.equals(other.method)) { return false; } if (!target.equals(other.target)) { return false; } return true; } }
@Override public final void visitCode(Code obj) { if (!getMethodDescriptor().equals(descriptor)) { throw new IllegalStateException(); } if (DEBUG1) { System.out.println(descriptor); } stack.resetForMethodEntry0(this); super.visitCode(obj); if (DEBUG1) { System.out.println(); } }
/** * @param m method to check * @return array of argument numbers (0-based) which this method writes into or null if we don't know anything about this method */ private static int changedArg(MethodDescriptor m) { if(m.equals(ARRAY_COPY)) { return 2; } if(m.getName().equals("toArray") && m.getSignature().equals("([Ljava/lang/Object;)[Ljava/lang/Object;") && Subtypes2.instanceOf(m.getClassDescriptor(), "java.util.Collection")) { return 0; } if ((m.getName().equals("sort") || m.getName().equals("fill") || m.getName().equals("reverse") || m.getName().equals( "shuffle")) && (m.getSlashedClassName().equals("java/util/Arrays") || m.getSlashedClassName().equals("java/util/Collections"))) { return 0; } return -1; }
@Override public void sawOpcode(int seen) { if (seen == INVOKEVIRTUAL || seen == INVOKEINTERFACE) { check("Ljava/util/HashSet;", HASHSET_KEY_METHODS, 1, 0); check("Ljava/util/HashMap;", HASHMAP_KEY_METHODS, 1, 0); check("Ljava/util/HashMap;", HASHMAP_TWO_ARG_KEY_METHODS, 2, 1); } if (seen == INVOKEVIRTUAL && (getMethodDescriptorOperand().equals(URL_EQUALS) || getMethodDescriptorOperand().equals(URL_HASHCODE))) { accumulator.accumulateBug( new BugInstance(this, "DMI_BLOCKING_METHODS_ON_URL", HIGH_PRIORITY).addClassAndMethod(this) .addCalledMethod(this), this); } } }
@Override public Method analyze(IAnalysisCache analysisCache, MethodDescriptor descriptor) throws CheckedAnalysisException { JavaClass jclass = analysisCache.getClassAnalysis(JavaClass.class, descriptor.getClassDescriptor()); Method[] methodList = jclass.getMethods(); Method result = null; // As a side-effect, cache all of the Methods for this JavaClass for (Method method : methodList) { MethodDescriptor methodDescriptor = DescriptorFactory.instance().getMethodDescriptor( descriptor.getSlashedClassName(), method.getName(), method.getSignature(), method.isStatic()); // Put in cache eagerly analysisCache.eagerlyPutMethodAnalysis(Method.class, methodDescriptor, method); if (methodDescriptor.equals(descriptor)) { result = method; } } return result; }