@Override public void visit(ConstantNameAndType obj) { String methodName = obj.getName(getConstantPool()); String methodSig = obj.getSignature(getConstantPool()); if (!"clone".equals(methodName)) { return; } if (!methodSig.startsWith("()")) { return; } referencesCloneMethod = true; }
@DottedClassName String clazz = m.getClass(constantPool); ConstantNameAndType nt = (ConstantNameAndType) constantPool.getConstant(m.getNameAndTypeIndex(), Const.CONSTANT_NameAndType); String name = nt.getName(constantPool); if ("setAttribute".equals(name) && "javax.servlet.http.HttpSession".equals(clazz) || ("writeObject".equals(name) && ("java.io.ObjectOutput".equals(clazz)
if (constantEntry instanceof ConstantNameAndType) { ConstantNameAndType nt = (ConstantNameAndType) constantEntry; if ("putIfAbsent".equals(nt.getName(pool))) { found = true; break;
/** * Called to indicate that a field load or store was encountered. * * @param cpIndex * the constant pool index of the fieldref * @param isStatic * true if it is a static field access * @param isLoad * true if the access is a load */ private void setField(int cpIndex, boolean isStatic, boolean isLoad) { // We only allow one field access for an accessor method. accessCount++; if (accessCount != 1) { access = null; return; } ConstantPool cp = javaClass.getConstantPool(); ConstantFieldref fieldref = (ConstantFieldref) cp.getConstant(cpIndex); ConstantClass cls = (ConstantClass) cp.getConstant(fieldref.getClassIndex()); String className = cls.getBytes(cp).replace('/', '.'); ConstantNameAndType nameAndType = (ConstantNameAndType) cp.getConstant(fieldref.getNameAndTypeIndex()); String fieldName = nameAndType.getName(cp); String fieldSig = nameAndType.getSignature(cp); XField xfield = Hierarchy.findXField(className, fieldName, fieldSig, isStatic); if (xfield != null && xfield.isStatic() == isStatic && isValidAccessMethod(methodSig, xfield, isLoad)) { access = new InnerClassAccess(methodName, methodSig, xfield, isLoad); } }
System.out.println(" Analyzing method " + classContext.getJavaClass().getClassName() + "." + method.getName());
@Override public void visit(ConstantNameAndType obj) { String methodName = obj.getName(getConstantPool()); String methodSig = obj.getSignature(getConstantPool()); if (!"clone".equals(methodName)) { return; } if (!methodSig.startsWith("()")) { return; } referencesCloneMethod = true; }
private String getFieldName(ConstantFieldref fieldRef) { ConstantNameAndType nameAndType= (ConstantNameAndType) constantPool.getConstant(fieldRef.getNameAndTypeIndex()); return nameAndType.getName(constantPool); }
private void sawOpcodeAfterSync(int seen) { if (OpcodeUtils.isAStore(seen)) { localCollections.set(RegisterUtils.getAStoreReg(this, seen)); } else if (seen == Const.PUTFIELD) { ConstantFieldref ref = (ConstantFieldref) getConstantRefOperand(); ConstantNameAndType nandt = (ConstantNameAndType) getConstantPool().getConstant(ref.getNameAndTypeIndex()); memberCollections.add(nandt.getName(getConstantPool())); } state = State.SEEN_NOTHING; }
private void sawOpcodeAfterSync(int seen) { if (OpcodeUtils.isAStore(seen)) { localCollections.set(RegisterUtils.getAStoreReg(this, seen)); } else if (seen == PUTFIELD) { ConstantFieldref ref = (ConstantFieldref) getConstantRefOperand(); ConstantNameAndType nandt = (ConstantNameAndType) getConstantPool().getConstant(ref.getNameAndTypeIndex()); memberCollections.add(nandt.getName(getConstantPool())); } state = State.SEEN_NOTHING; }
private void sawOpcodeAfterNothing(int seen) { if ((seen == Const.INVOKESTATIC) && "java/util/Collections".equals(getClassConstantOperand())) { if (synchCollectionNames.contains(getNameConstantOperand())) { state = State.SEEN_SYNC; } } else if (OpcodeUtils.isALoad(seen)) { int reg = RegisterUtils.getALoadReg(this, seen); if (localCollections.get(reg)) { collectionInfo = Integer.valueOf(reg); state = State.SEEN_LOAD; } } else if (seen == Const.GETFIELD) { ConstantFieldref ref = (ConstantFieldref) getConstantRefOperand(); ConstantNameAndType nandt = (ConstantNameAndType) getConstantPool().getConstant(ref.getNameAndTypeIndex()); String fieldName = nandt.getName(getConstantPool()); if (memberCollections.contains(fieldName)) { collectionInfo = fieldName; state = State.SEEN_LOAD; } } }
private void sawOpcodeAfterNothing(int seen) { if ((seen == INVOKESTATIC) && "java/util/Collections".equals(getClassConstantOperand())) { if (synchCollectionNames.contains(getNameConstantOperand())) { state = State.SEEN_SYNC; } } else if (OpcodeUtils.isALoad(seen)) { int reg = RegisterUtils.getALoadReg(this, seen); if (localCollections.get(reg)) { collectionInfo = Integer.valueOf(reg); state = State.SEEN_LOAD; } } else if (seen == GETFIELD) { ConstantFieldref ref = (ConstantFieldref) getConstantRefOperand(); ConstantNameAndType nandt = (ConstantNameAndType) getConstantPool().getConstant(ref.getNameAndTypeIndex()); String fieldName = nandt.getName(getConstantPool()); if (memberCollections.contains(fieldName)) { collectionInfo = fieldName; state = State.SEEN_LOAD; } } }
/** * Override the parent method because our classname is held elsewhere. */ @Override public String getClassName( final ConstantPoolGen cpg ) { final ConstantPool cp = cpg.getConstantPool(); final ConstantInvokeDynamic cid = (ConstantInvokeDynamic) cp.getConstant(super.getIndex(), Const.CONSTANT_InvokeDynamic); return ((ConstantNameAndType) cp.getConstant(cid.getNameAndTypeIndex())).getName(cp); }
public static MethodBinding lookup(int index, ConstantPool constantPool) { ConstantCP methodRef= (ConstantCP) constantPool.getConstant(index); ConstantNameAndType nameAndType= (ConstantNameAndType) constantPool.getConstant(methodRef.getNameAndTypeIndex(), Constants.CONSTANT_NameAndType); String name= nameAndType.getName(constantPool); String signature= nameAndType.getSignature(constantPool); return lookup(methodRef.getClass(constantPool), name, signature); }
@Nullable private String getAnonymousName(ConstantMethodHandle cmh) { if (cmh == null || cmh.getReferenceKind() != Const.REF_invokeStatic) { return null; } ConstantPool cp = getConstantPool(); ConstantCP methodRef = (ConstantCP) cp.getConstant(cmh.getReferenceIndex()); String clsName = methodRef.getClass(cp); if (!clsName.equals(cls.getClassName())) { return null; } ConstantNameAndType nameAndType = (ConstantNameAndType) cp.getConstant(methodRef.getNameAndTypeIndex()); String signature = nameAndType.getSignature(cp); int numParms = SignatureUtils.getNumParameters(signature); if (((numParms == 1) && signature.endsWith("V")) || ((numParms == 2) && !signature.endsWith("V"))) { return null; } String methodName = nameAndType.getName(cp); if (!isSynthetic(methodName, nameAndType.getSignature(cp))) { return null; } return methodName; }
@Nullable private String getAnonymousName(ConstantMethodHandle cmh) { if ((cmh == null) || (cmh.getReferenceKind() != REF_invokeStatic)) { return null; } ConstantPool cp = getConstantPool(); ConstantCP methodRef = (ConstantCP) cp.getConstant(cmh.getReferenceIndex()); String clsName = methodRef.getClass(cp); if (!clsName.equals(cls.getClassName())) { return null; } ConstantNameAndType nameAndType = (ConstantNameAndType) cp.getConstant(methodRef.getNameAndTypeIndex()); String signature = nameAndType.getSignature(cp); if (signature.endsWith("V")) { return null; } String methodName = nameAndType.getName(cp); if (!isSynthetic(methodName, nameAndType.getSignature(cp))) { return null; } return methodName; }
private void checkNotEqualsStringBuilderLength() { byte[] bytes = getCode().getCode(); if ((lastPCs[2] != -1) && (CodeByteUtils.getbyte(bytes, lastPCs[3]) == INVOKEVIRTUAL) && (CodeByteUtils.getbyte(bytes, lastPCs[2]) == INVOKEVIRTUAL)) { ConstantPool pool = getConstantPool(); int toStringIndex = CodeByteUtils.getshort(bytes, lastPCs[2] + 1); ConstantMethodref toStringMR = (ConstantMethodref) pool.getConstant(toStringIndex); String toStringCls = toStringMR.getClass(pool); if (toStringCls.startsWith("java.lang.StringBu")) { int nandtIndex = toStringMR.getNameAndTypeIndex(); ConstantNameAndType cnt = (ConstantNameAndType) pool.getConstant(nandtIndex); if (Values.TOSTRING.equals(cnt.getName(pool))) { int lengthIndex = CodeByteUtils.getshort(bytes, lastPCs[3] + 1); ConstantMethodref lengthMR = (ConstantMethodref) pool.getConstant(lengthIndex); nandtIndex = lengthMR.getNameAndTypeIndex(); cnt = (ConstantNameAndType) pool.getConstant(nandtIndex); if ("length".equals(cnt.getName(pool))) { bugReporter.reportBug(new BugInstance(this, BugType.SPP_USE_STRINGBUILDER_LENGTH.name(), NORMAL_PRIORITY).addClass(this).addMethod(this) .addSourceLine(this)); } } } } }
private void checkNotEqualsStringBuilderLength() { byte[] bytes = getCode().getCode(); if ((lastPCs[2] != -1) && (CodeByteUtils.getbyte(bytes, lastPCs[3]) == Const.INVOKEVIRTUAL) && (CodeByteUtils.getbyte(bytes, lastPCs[2]) == Const.INVOKEVIRTUAL)) { ConstantPool pool = getConstantPool(); int toStringIndex = CodeByteUtils.getshort(bytes, lastPCs[2] + 1); ConstantMethodref toStringMR = (ConstantMethodref) pool.getConstant(toStringIndex); String toStringCls = toStringMR.getClass(pool); if (toStringCls.startsWith("java.lang.StringBu")) { int nandtIndex = toStringMR.getNameAndTypeIndex(); ConstantNameAndType cnt = (ConstantNameAndType) pool.getConstant(nandtIndex); if (Values.TOSTRING.equals(cnt.getName(pool))) { int lengthIndex = CodeByteUtils.getshort(bytes, lastPCs[3] + 1); ConstantMethodref lengthMR = (ConstantMethodref) pool.getConstant(lengthIndex); nandtIndex = lengthMR.getNameAndTypeIndex(); cnt = (ConstantNameAndType) pool.getConstant(nandtIndex); if ("length".equals(cnt.getName(pool))) { bugReporter.reportBug(new BugInstance(this, BugType.SPP_USE_STRINGBUILDER_LENGTH.name(), NORMAL_PRIORITY).addClass(this).addMethod(this) .addSourceLine(this)); } } } } }
/** * Verify for an inner class declared inside the 'main' method that the * enclosing method attribute is set correctly. */ public void testCheckMethodLevelNamedInnerClass() throws ClassNotFoundException { final JavaClass clazz = getTestClass(PACKAGE_BASE_NAME+".data.AttributeTestClassEM01$1S"); final ConstantPool pool = clazz.getConstantPool(); final Attribute[] encMethodAttrs = findAttribute("EnclosingMethod", clazz); assertTrue("Expected 1 EnclosingMethod attribute but found " + encMethodAttrs.length, encMethodAttrs.length == 1); final EnclosingMethod em = (EnclosingMethod) encMethodAttrs[0]; final String enclosingClassName = em.getEnclosingClass().getBytes(pool); final String enclosingMethodName = em.getEnclosingMethod().getName(pool); assertTrue( "Expected class name to be '"+PACKAGE_BASE_SIG+"/data/AttributeTestClassEM01' but was " + enclosingClassName, enclosingClassName .equals(PACKAGE_BASE_SIG+"/data/AttributeTestClassEM01")); assertTrue("Expected method name to be 'main' but was " + enclosingMethodName, enclosingMethodName.equals("main")); }
private void checkForEmptyStringAndNullChecks(int seen) { if (lastLoadWasString && (lastPCs[0] != -1)) { byte[] bytes = getCode().getCode(); int loadIns = CodeByteUtils.getbyte(bytes, lastPCs[2]); if ((((loadIns >= ALOAD_0) && (loadIns <= ALOAD_3)) || (loadIns == ALOAD)) && (CodeByteUtils.getbyte(bytes, lastPCs[3]) == INVOKEVIRTUAL) && (CodeByteUtils.getbyte(bytes, lastPCs[2]) == loadIns) && (CodeByteUtils.getbyte(bytes, lastPCs[1]) == IFNULL) && (CodeByteUtils.getbyte(bytes, lastPCs[0]) == loadIns) && ((loadIns != ALOAD) || (CodeByteUtils.getbyte(bytes, lastPCs[2] + 1) == CodeByteUtils.getbyte(bytes, lastPCs[0] + 1)))) { int brOffset = (loadIns == ALOAD) ? 11 : 10; if ((seen == IFNE) ? CodeByteUtils.getshort(bytes, lastPCs[1] + 1) > brOffset : CodeByteUtils.getshort(bytes, lastPCs[1] + 1) == brOffset) { int nextOp = CodeByteUtils.getbyte(bytes, getNextPC()); if ((nextOp != GOTO) && (nextOp != GOTO_W)) { ConstantPool pool = getConstantPool(); int mpoolIndex = CodeByteUtils.getshort(bytes, lastPCs[3] + 1); ConstantMethodref cmr = (ConstantMethodref) pool.getConstant(mpoolIndex); int nandtIndex = cmr.getNameAndTypeIndex(); ConstantNameAndType cnt = (ConstantNameAndType) pool.getConstant(nandtIndex); if ("length".equals(cnt.getName(pool))) { bugReporter.reportBug(new BugInstance(this, BugType.SPP_SUSPECT_STRING_TEST.name(), NORMAL_PRIORITY).addClass(this).addMethod(this) .addSourceLine(this)); } } } } } }
private void checkForEmptyStringAndNullChecks(int seen) { if (lastLoadWasString && (lastPCs[0] != -1)) { byte[] bytes = getCode().getCode(); int loadIns = CodeByteUtils.getbyte(bytes, lastPCs[2]); if ((((loadIns >= Const.ALOAD_0) && (loadIns <= Const.ALOAD_3)) || (loadIns == Const.ALOAD)) && (CodeByteUtils.getbyte(bytes, lastPCs[3]) == Const.INVOKEVIRTUAL) && (CodeByteUtils.getbyte(bytes, lastPCs[2]) == loadIns) && (CodeByteUtils.getbyte(bytes, lastPCs[1]) == Const.IFNULL) && (CodeByteUtils.getbyte(bytes, lastPCs[0]) == loadIns) && ((loadIns != Const.ALOAD) || (CodeByteUtils.getbyte(bytes, lastPCs[2] + 1) == CodeByteUtils.getbyte(bytes, lastPCs[0] + 1)))) { int brOffset = (loadIns == Const.ALOAD) ? 11 : 10; if ((seen == Const.IFNE) ? CodeByteUtils.getshort(bytes, lastPCs[1] + 1) > brOffset : CodeByteUtils.getshort(bytes, lastPCs[1] + 1) == brOffset) { int nextOp = CodeByteUtils.getbyte(bytes, getNextPC()); if ((nextOp != Const.GOTO) && (nextOp != Const.GOTO_W)) { ConstantPool pool = getConstantPool(); int mpoolIndex = CodeByteUtils.getshort(bytes, lastPCs[3] + 1); ConstantMethodref cmr = (ConstantMethodref) pool.getConstant(mpoolIndex); int nandtIndex = cmr.getNameAndTypeIndex(); ConstantNameAndType cnt = (ConstantNameAndType) pool.getConstant(nandtIndex); if ("length".equals(cnt.getName(pool))) { bugReporter.reportBug(new BugInstance(this, BugType.SPP_SUSPECT_STRING_TEST.name(), NORMAL_PRIORITY).addClass(this).addMethod(this) .addSourceLine(this)); } } } } } }