private boolean isString(Type type) { return STRING_SIGNATURE.equals(type.getSignature()); }
private static IncompatibleTypes getPriorityForAssumingCompatibleWithArray(Type rhsType) { if (rhsType.equals(Type.OBJECT)) { return ARRAY_AND_OBJECT; } String sig = rhsType.getSignature(); if ("Ljava/io/Serializable;".equals(sig) || "Ljava/lang/Cloneable;".equals(sig)) { return SEEMS_OK; } return ARRAY_AND_NON_ARRAY; }
public TypeAnnotation(Type objectType, String roleDescription) { this(objectType.getSignature(), roleDescription); if (objectType instanceof GenericObjectType) { GenericObjectType genericObjectType = (GenericObjectType) objectType; if (genericObjectType.getTypeCategory() == GenericUtilities.TypeCategory.PARAMETERIZED) { typeParameters = genericObjectType.getGenericParametersAsString(); } } }
private static Map<Integer, Value> getParameterTypes(MethodDescriptor descriptor) { Type[] argumentTypes = Type.getArgumentTypes(descriptor.getSignature()); int j = 0; Map<Integer, Value> result = new HashMap<>(); if(!descriptor.isStatic()) { result.put(j++, new Value("this", null, "L"+descriptor.getSlashedClassName()+";")); } for (int i = 0; i < argumentTypes.length; i++) { result.put(j, new Value("arg"+i, null, argumentTypes[i].getSignature())); j += argumentTypes[i].getSize(); } return result; }
@SuppressWarnings("unchecked") @Override public void visitMethod(Method obj) { argNums = null; Type[] argumentTypes = obj.getArgumentTypes(); if(argumentTypes.length == 0) { return; } int lvNum = obj.isStatic() ? 0 : 1; nArgs = argumentTypes.length; int argCount = lvNum; for(Type type : argumentTypes) { argCount+=type.getSize(); } for(int i=0; i<nArgs; i++) { if(argumentTypes[i].getSignature().equals("Ljava/lang/String;")) { if(argNums == null) { argNums = new int[argCount]; Arrays.fill(argNums, -1); } argNums[lvNum] = i; } lvNum+=argumentTypes[i].getSize(); } if(argNums != null) { passedParameters = new List[nArgs]; } super.visitMethod(obj); }
static List<Item> getInitialLocals(MethodDescriptor descriptor) { List<Item> locals = new ArrayList<>(); Type[] argTypes = Type.getArgumentTypes(descriptor.getSignature()); int reg = 0; if (!descriptor.isStatic()) { Item it = Item.typeOnly("L" + descriptor.getSlashedClassName() + ";"); locals.add(it); reg += it.getSize(); } for (Type argType : argTypes) { Item it = Item.typeOnly(argType.getSignature()); locals.add(it); reg += it.getSize(); if (it.usesTwoSlots()) { locals.add(null); } } return locals; }
String sig3 = operandType.getSignature(); if (!"Ljava/lang/String;".equals(sig3)) { stringAppendState.setSawTaint(handle);
return; String parCls = argTypes[0].getSignature(); if (parCls.length() < 3) { return; return; if ((argTypes.length == 2) && !argTypes[1].getSignature().equals(new SignatureParser(methodSig).getReturnTypeSignature())) { return;
state = State.SEEN_INVALID; } else { String signature = argTypes[curParm++].getSignature(); char typeChar0 = signature.charAt(0); if ((typeChar0 == 'L') || (typeChar0 == '[')) { char retSigChar0 = returnType.getSignature().charAt(0); if ((retSigChar0 == 'V') && (seen == Const.RETURN)) { state = State.SEEN_RETURN;
boolean propagateToReturnValue(Set<ValueInfo> vals, ValueNumber vn, GenLocation location, MethodDescriptor m) throws DataflowAnalysisException { for(ValueInfo vi : vals) { if(vi.type.getSignature().startsWith("[") && vi.hasObjectOnlyCall && vi.var == null && vn.getNumber() == vi.origValue) { // Ignore initialized arrays passed to methods vi.escaped = true; count--; } } if (Type.getReturnType(m.getSignature()) == Type.VOID || location instanceof ExceptionLocation) { return false; } InstructionHandle nextHandle = location.getHandle().getNext(); if (nextHandle == null || (nextHandle.getInstruction() instanceof POP || nextHandle.getInstruction() instanceof POP2)) { return false; } return propagateValues(vals, null, location.frameAfter().getTopValue()); }
@Override public void visitGETSTATIC(GETSTATIC obj) { Type type = obj.getType(getCPG()); XField xf = XFactory.createXField(obj, cpg); if (xf.isFinal()) { FieldSummary fieldSummary = AnalysisContext.currentAnalysisContext().getFieldSummary(); Item summary = fieldSummary.getSummary(xf); if (summary.isNull()) { pushValue(TypeFrame.getNullType()); return; } String slashedClassName = ClassName.fromFieldSignature(type.getSignature()); if (slashedClassName != null) { String dottedClassName = ClassName.toDottedClassName(slashedClassName); if (DEFAULT_SUSPICIOUS_SET.contains(dottedClassName)) { type = new FinalConstant(dottedClassName, xf); consumeStack(obj); pushValue(type); return; } } } if (STRING_SIGNATURE.equals(type.getSignature())) { handleLoad(obj); } else { super.visitGETSTATIC(obj); } }
Item it = Item.initialArgument(argType.getSignature(), reg); setLVValue(reg, it); reg += it.getSize();
@Override public void visitGETFIELD(GETFIELD obj) { Type type = obj.getType(getCPG()); if (STRING_SIGNATURE.equals(type.getSignature())) { handleLoad(obj); } else { XField xf = XFactory.createXField(obj, cpg); if (xf.isFinal()) { FieldSummary fieldSummary = AnalysisContext.currentAnalysisContext().getFieldSummary(); Item summary = fieldSummary.getSummary(xf); if (summary.isNull()) { consumeStack(obj); pushValue(TypeFrame.getNullType()); return; } String slashedClassName = ClassName.fromFieldSignature(type.getSignature()); if (slashedClassName != null) { String dottedClassName = ClassName.toDottedClassName(slashedClassName); if (DEFAULT_SUSPICIOUS_SET.contains(dottedClassName)) { type = new FinalConstant(dottedClassName, xf); consumeStack(obj); pushValue(type); return; } } } super.visitGETFIELD(obj); } }
private void handleLoad(FieldInstruction obj) { consumeStack(obj); Type type = obj.getType(getCPG()); if (!STRING_SIGNATURE.equals(type.getSignature())) { throw new IllegalArgumentException("type is not String: " + type); } try { String className = obj.getClassName(getCPG()); String fieldName = obj.getName(getCPG()); Field field = Hierarchy.findField(className, fieldName); if (field != null) { // If the field is final, we'll assume that the String value // is static. if (field.isFinal()) { pushValue(staticStringTypeInstance); } else { pushValue(type); } return; } } catch (ClassNotFoundException ex) { lookupFailureCallback.reportMissingClass(ex); } pushValue(type); } }
getPC()); if (lfp != null && lfp.frame.getTopValue().getSignature().equals("Ljava/util/EnumMap;")) { break;
return true; } else if ("()[Ljava/lang/Object;".equals(signature) && Subtypes2.isCollection(target) && !"Ljava/util/Arrays$ArrayList;".equals(topValue.getSignature())) { consumeStack(obj); pushReturnType(obj);
return; String lhs = SignatureConverter.convert(lhsType.getSignature()); String rhs = SignatureConverter.convert(rhsType.getSignature());
String callReturnClass = callSeen.getName().equals(Const.CONSTRUCTOR_NAME) ? callSeen.getClassDescriptor().getClassName() : ClassName.fromFieldSignature(callReturnType.getSignature()); String methodReturnClass = ClassName.fromFieldSignature(methodReturnType.getSignature()); if(callReturnClass != null && methodReturnClass != null && Subtypes2.instanceOf(ClassName.toDottedClassName(callReturnClass), ClassName.toDottedClassName(methodReturnClass))) {
property.addTypeSignature(storeType.getSignature());
TypeFrame typeFrame = typeDataflow.getFactAtLocation(location); Type objType = typeFrame.getStackValue(2); if(extendsConcurrentMap(ClassName.toDottedClassName(ClassName.fromFieldSignature(objType.getSignature())))) { InstructionHandle next = handle.getNext(); boolean isIgnored = next != null && next.getInstruction() instanceof POP;