Refine search
Method findMethod(JavaClass clazz, String name, String sig) { Method[] m = clazz.getMethods(); for (Method aM : m) { if (aM.getName().equals(name) && aM.getSignature().equals(sig)) { return aM; } } return null; }
@Override public void visitClassContext(ClassContext classContext) { JavaClass javaClass = classContext.getJavaClass(); Method[] methodList = javaClass.getMethods(); for (Method m : methodList) { try { analyzeMethod(m, classContext); } catch (CFGBuilderException e) { } catch (DataflowAnalysisException e) { } } }
public @Nonnull List<Method> getMethodsInCallOrder() { Map<XMethod, Method> map = new HashMap<>(); for (Method m : getJavaClass().getMethods()) { XMethod xMethod = classInfo.findMethod(m.getName(), m.getSignature(), m.isStatic()); map.put(xMethod, m); } List<? extends XMethod> xmethodsInCallOrder = classInfo.getXMethodsInCallOrder(); List<Method> methodsInCallOrder = new ArrayList<>(xmethodsInCallOrder.size()); for (XMethod x : xmethodsInCallOrder) { Method m = map.get(x); if (m != null) { methodsInCallOrder.add(m); } } return methodsInCallOrder; }
@Override protected Iterable<Method> getMethodVisitOrder(JavaClass obj) { ArrayList<Method> visitOrder = new ArrayList<>(); Method staticInitializer = null; for(Method m : obj.getMethods()) { String name = m.getName(); if (Const.STATIC_INITIALIZER_NAME.equals(name)) { staticInitializer = m; } else if (Const.CONSTRUCTOR_NAME.equals(name)) { visitOrder.add(m); } } if (staticInitializer != null) { visitOrder.add(staticInitializer); } return visitOrder; }
@Override public void visitClassContext(ClassContext classContext) { JavaClass javaClass = classContext.getJavaClass(); for (Method m : javaClass.getMethods()) { if ("execute".equals(m.getName()) && "()Ljava/lang/String;".equals(m.getSignature())) { bugReporter.reportBug(new BugInstance(this, STRUTS2_ENDPOINT_TYPE, Priorities.LOW_PRIORITY) // .addClass(javaClass)); } } }
@Override public void visitClassContext(ClassContext classContext) { JavaClass javaClass = classContext.getJavaClass(); Method[] methodList = javaClass.getMethods(); for (Method m : methodList) { try { analyzeMethod(m,classContext); } catch (CFGBuilderException e) { } } }
@Override public void visit(JavaClass javaClass) { staticInitializerSeen = false; Method[] methods = javaClass.getMethods(); for (Method method : methods) { if (method.getName().equals(STATIC_INITIALIZER_NAME)) { // check field initialization before visiting methods doVisitMethod(method); staticInitializerSeen = true; break; } } isFirstArrayStore = false; wasToConstArrayConversion = false; }
@Override public void visitClassContext(ClassContext classContext) { JavaClass javaClass = classContext.getJavaClass(); //The class extends HttpServletRequestWrapper boolean isRequestWrapper = InterfaceUtils.isSubtype(javaClass, "javax.servlet.http.HttpServletRequestWrapper"); //Not the target of this detector if (!isRequestWrapper) return; Method[] methodList = javaClass.getMethods(); for (Method m : methodList) { if (m.getName().equals("stripXSS")) { bugReporter.reportBug(new BugInstance(this, XSS_REQUEST_WRAPPER_TYPE, Priorities.NORMAL_PRIORITY) // .addClassAndMethod(javaClass, m)); return; } } }
@Override public void visitClassContext(ClassContext classContext) { JavaClass javaClass = classContext.getJavaClass(); Method[] methodList = javaClass.getMethods(); for (Method m : methodList) { try { analyzeMethod(m, classContext); } catch (CFGBuilderException e) { } catch (DataflowAnalysisException e) { } } }
Set<String> definedInClass(JavaClass clazz) { HashSet<String> result = new HashSet<>(); for (Method m : clazz.getMethods()) { if (!skip(m)) { result.add(m.getName() + m.getSignature()); } } return result; }
@Override public void visitClassContext(ClassContext classContext) { JavaClass javaClass = classContext.getJavaClass(); //The class extends WebChromeClient boolean isWebChromeClient = InterfaceUtils.isSubtype(javaClass, "android.webkit.WebChromeClient"); //Not the target of this detector if (!isWebChromeClient) { return; } Method[] methodList = javaClass.getMethods(); for (Method m : methodList) { if (DEBUG) { System.out.println(">>> Method: " + m.getName()); } //The presence of onGeolocationPermissionsShowPrompt is not enforce for the moment if (!m.getName().equals("onGeolocationPermissionsShowPrompt")) { continue; } //Since the logic implemented need to be analyze by a human, all implementation will be flagged. bugReporter.reportBug(new BugInstance(this, ANDROID_GEOLOCATION_TYPE, Priorities.NORMAL_PRIORITY) // .addClassAndMethod(javaClass, m)); } }
@Override public void visitClassContext(ClassContext classContext) { JavaClass javaClass = classContext.getJavaClass(); Method[] methodList = javaClass.getMethods(); for (Method m : methodList) { try { analyzeMethod(m, classContext); } catch (CFGBuilderException | DataflowAnalysisException e) { AnalysisContext.logError("Cannot analyze method", e); } } }
public static Method findImplementation(JavaClass clazz, String name, String signature) { Method[] m = clazz.getMethods(); for (Method aM : m) { if (aM.getName().equals(name) && aM.getSignature().equals(signature) && !aM.isPrivate() && !aM.isStatic()) { return aM; } } return null; } }
@Override public void visitClassContext(ClassContext classContext) { Method[] methodList = classContext.getJavaClass().getMethods(); for (Method method : methodList) { if (method.getCode() == null) { continue; } // System.out.println("--> " + method.getName()); if (METHOD != null && !method.getName().equals(METHOD)) { continue; } try { System.out.println("Analyzing " + SignatureConverter.convertMethodSignature(classContext.getJavaClass(), method)); analyzeMethod(classContext, method); } catch (CFGBuilderException e) { bugReporter.logError("Error", e); } catch (DataflowAnalysisException e) { bugReporter.logError("Error", e); } catch (ClassNotFoundException e) { bugReporter.reportMissingClass(e); } } }
@Override public void visitClassContext(ClassContext classContext) { JavaClass clazz = classContext.getJavaClass(); if (hasRequestMapping(clazz)) { Method[] methods = clazz.getMethods(); for (Method m: methods) { try { analyzeMethod(m, classContext); } catch (CFGBuilderException e){ } } } }
boolean definedInThisClassOrSuper(JavaClass clazz, String method) throws ClassNotFoundException { if (clazz == null) { return false; } // System.out.println("Checking to see if " + method + " is defined in " // + clazz.getClassName()); for (Method m : clazz.getMethods()) { String key = m.getName() + ":" + m.getSignature(); if (!m.isStatic() && method.equals(key)) { return true; } } return definedInSuperClassOrInterface(clazz, method); }
@Override public void visitClassContext(ClassContext classContext) { JavaClass javaClass = classContext.getJavaClass(); Method[] methodList = javaClass.getMethods(); for (Method method : methodList) { if (method.getCode() == null) { continue; } try { analyzeMethod(classContext, method); } catch (MethodUnprofitableException e) { assert true; // move along; nothing to see } catch (CFGBuilderException e) { String msg = "Detector " + this.getClass().getName() + " caught exception while analyzing " + javaClass.getClassName() + "." + method.getName() + " : " + method.getSignature(); bugReporter.logError(msg, e); } catch (DataflowAnalysisException e) { String msg = "Detector " + this.getClass().getName() + " caught exception while analyzing " + javaClass.getClassName() + "." + method.getName() + " : " + method.getSignature(); bugReporter.logError(msg, e); } } }
@Override public void visitClassContext(ClassContext classContext) { Method[] methodList = classContext.getJavaClass().getMethods(); for (Method method : methodList) { if (method.getCode() == null) { continue; } try { analyzeMethod(classContext, method); } catch (CFGBuilderException e) { bugReporter.logError("Detector " + this.getClass().getName() + " caught exception", e); } catch (DataflowAnalysisException e) { // bugReporter.logError("Detector " + this.getClass().getName() // + " caught exception", e); } } }
public static @CheckForNull JavaClassAndMethod findMethod(JavaClass javaClass, String methodName, String methodSig, JavaClassAndMethodChooser chooser) { if (DEBUG_METHOD_LOOKUP) { System.out.println("Check " + javaClass.getClassName()); } Method[] methodList = javaClass.getMethods(); for (Method method : methodList) { if (method.getName().equals(methodName) && method.getSignature().equals(methodSig)) { JavaClassAndMethod m = new JavaClassAndMethod(javaClass, method); if (chooser.choose(m)) { if (DEBUG_METHOD_LOOKUP) { System.out.println("\t==> FOUND: " + method); } return m; } } } if (DEBUG_METHOD_LOOKUP) { System.out.println("\t==> NOT FOUND"); } return null; }
@Override public void visitClassContext(ClassContext classContext) { JavaClass javaClass = classContext.getJavaClass(); Method[] methodList = javaClass.getMethods(); for (Method method : methodList) { if (method.getCode() == null) { continue; } try { analyzeMethod(classContext, method); } catch (MethodUnprofitableException e) { assert true; // move along; nothing to see } catch (CFGBuilderException e) { String msg = "Detector " + this.getClass().getName() + " caught exception while analyzing " + javaClass.getClassName() + "." + method.getName() + " : " + method.getSignature(); bugReporter.logError(msg, e); } catch (DataflowAnalysisException e) { String msg = "Detector " + this.getClass().getName() + " caught exception while analyzing " + javaClass.getClassName() + "." + method.getName() + " : " + method.getSignature(); bugReporter.logError(msg, e); } } }