/** * Returns methods which parameter is the file name * @return Map where keys are methods and values are parameter indexes which are used as file names */ public Map<MethodDescriptor, int[]> getFileNameStringMethods() { Set<MethodParameter> fileNameStringMethods = new HashSet<>(); for(MethodDescriptor md : FILENAME_STRING_METHODS) { fileNameStringMethods.add(new MethodParameter(md, 0)); } return findLinkedMethods(fileNameStringMethods); } }
public FindSqlInjection(BugReporter bugReporter) { this.bugReporter = bugReporter; this.bugAccumulator = new BugAccumulator(bugReporter); Set<MethodParameter> baseExecuteMethods = new HashSet<>(); for(MethodDescriptor executeMethod : EXECUTE_METHODS) { baseExecuteMethods.add(new MethodParameter(executeMethod, 0)); } executeMethods = Global.getAnalysisCache().getDatabase(StringPassthruDatabase.class).findLinkedMethods(baseExecuteMethods); Set<MethodParameter> basePrepareMethods = new HashSet<>(); for(String signature : PREPARE_STATEMENT_SIGNATURES) { basePrepareMethods.add(new MethodParameter(new MethodDescriptor("java/sql/Connection", "prepareStatement", signature), 0)); } preparedStatementMethods = Global.getAnalysisCache().getDatabase(StringPassthruDatabase.class).findLinkedMethods(basePrepareMethods); allMethods.addAll(executeMethods.keySet()); allMethods.addAll(preparedStatementMethods.keySet()); }
passedParameters[argNums[param]] = list = new ArrayList<>(); list.add(new MethodParameter(md, i));
passedParameters[param] = list = new ArrayList<>(); list.add(new MethodParameter(md, i));
public FindSqlInjection(BugReporter bugReporter) { this.bugReporter = bugReporter; this.bugAccumulator = new BugAccumulator(bugReporter); testingEnabled = SystemProperties.getBoolean("report_TESTING_pattern_in_standard_detectors"); Set<MethodParameter> baseExecuteMethods = new HashSet<>(); for(MethodDescriptor executeMethod : EXECUTE_METHODS) { baseExecuteMethods.add(new MethodParameter(executeMethod, 0)); } executeMethods = Global.getAnalysisCache().getDatabase(StringPassthruDatabase.class).findLinkedMethods(baseExecuteMethods); Set<MethodParameter> basePrepareMethods = new HashSet<>(); for(String signature : PREPARE_STATEMENT_SIGNATURES) { basePrepareMethods.add(new MethodParameter(new MethodDescriptor("java/sql/Connection", "prepareStatement", signature), 0)); } preparedStatementMethods = Global.getAnalysisCache().getDatabase(StringPassthruDatabase.class).findLinkedMethods(basePrepareMethods); allMethods.addAll(executeMethods.keySet()); allMethods.addAll(preparedStatementMethods.keySet()); }
public DumbMethodInvocations(BugReporter bugReporter) { this.bugReporter = bugReporter; this.bugAccumulator = new BugAccumulator(bugReporter); StringPassthruDatabase database = Global.getAnalysisCache().getDatabase(StringPassthruDatabase.class); allFileNameStringMethods = database.getFileNameStringMethods(); allDatabasePasswordMethods = database.findLinkedMethods(Collections.singleton(new MethodParameter(new MethodDescriptor( "java/sql/DriverManager", "getConnection", "(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;)Ljava/sql/Connection;", true), 2))); }
@Override public void visitAfter(Code obj) { super.visitAfter(obj); for (int i = 0; i < nArgs; i++) { List<MethodParameter> list = passedParameters[i]; if (list != null) { MethodParameter cur = new MethodParameter(getMethodDescriptor(), i); for (MethodParameter mp : list) { cache.addEdge(mp, cur); } } } }
/** * Returns methods which parameter is the file name * @return Map where keys are methods and values are parameter indexes which are used as file names */ public Map<MethodDescriptor, int[]> getFileNameStringMethods() { Set<MethodParameter> fileNameStringMethods = new HashSet<>(); for(MethodDescriptor md : FILENAME_STRING_METHODS) { fileNameStringMethods.add(new MethodParameter(md, 0)); } return findLinkedMethods(fileNameStringMethods); } }
public DumbMethodInvocations(BugReporter bugReporter) { this.bugReporter = bugReporter; this.bugAccumulator = new BugAccumulator(bugReporter); StringPassthruDatabase database = Global.getAnalysisCache().getDatabase(StringPassthruDatabase.class); allFileNameStringMethods = database.getFileNameStringMethods(); allDatabasePasswordMethods = database.findLinkedMethods(Collections.singleton(new MethodParameter(new MethodDescriptor( "java/sql/DriverManager", "getConnection", "(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;)Ljava/sql/Connection;", true), 2))); }
@Override public void visitAfter(Code obj) { super.visitAfter(obj); for (int i = 0; i < nArgs; i++) { List<MethodParameter> list = passedParameters[i]; if (list != null) { MethodParameter cur = new MethodParameter(getMethodDescriptor(), i); for (MethodParameter mp : list) { cache.addEdge(mp, cur); } } } }