private static boolean isCallingOverload(JavaSymbol.MethodJavaSymbol methodSymbol, ExpressionTree lastArg) { MethodTree enclosing = ExpressionUtils.getEnclosingMethod(lastArg); return enclosing != null && haveSameParamButLast(enclosing.symbol(), methodSymbol); }
private static boolean isCallingOverload(JavaSymbol.MethodJavaSymbol methodSymbol, ExpressionTree lastArg) { MethodTree enclosing = ExpressionUtils.getEnclosingMethod(lastArg); return enclosing != null && haveSameParamButLast(enclosing.symbol(), methodSymbol); }
@Override protected void onConstructorFound(NewClassTree newClassTree) { Tree mTree = ExpressionUtils.getEnclosingMethod(newClassTree); if (mTree != null) { MethodInvocationVisitor mitVisit = new MethodInvocationVisitor(newClassTree); mTree.accept(mitVisit); if (!mitVisit.secureRandomFound) { reportIssue(newClassTree, "Use a dynamically-generated, random IV."); } } }
@Override protected void onConstructorFound(NewClassTree newClassTree) { Tree mTree = ExpressionUtils.getEnclosingMethod(newClassTree); if (mTree != null) { MethodInvocationVisitor mitVisit = new MethodInvocationVisitor(newClassTree); mTree.accept(mitVisit); if (!mitVisit.secureRandomFound) { reportIssue(newClassTree, "Use a dynamically-generated, random IV."); } } }
@Override protected void onMethodInvocationFound(MethodInvocationTree methodInvocation) { Tree enclosingMethod = ExpressionUtils.getEnclosingMethod(methodInvocation); if (enclosingMethod == null) { return; } MethodBodyVisitor visitor = new MethodBodyVisitor(); enclosingMethod.accept(visitor); if (!visitor.foundCallsToSecuringMethods()) { reportIssue(methodInvocation.methodSelect(), "Secure this \"Transformer\" by either disabling external DTDs or enabling secure processing."); } }
@Override protected void onMethodInvocationFound(MethodInvocationTree methodInvocation) { Tree enclosingMethod = ExpressionUtils.getEnclosingMethod(methodInvocation); if (enclosingMethod == null) { return; } MethodBodyVisitor visitor = new MethodBodyVisitor(); enclosingMethod.accept(visitor); if (!visitor.foundCallsToSecuringMethods()) { reportIssue(methodInvocation.methodSelect(), "Secure this \"Transformer\" by either disabling external DTDs or enabling secure processing."); } }
@Override protected void onMethodInvocationFound(MethodInvocationTree mit) { MethodTree methodTree = ExpressionUtils.getEnclosingMethod(mit); String getInstanceArg = ConstantUtils.resolveAsStringConstant(mit.arguments().get(0)); if (methodTree != null && getInstanceArg != null) { MethodVisitor methodVisitor = new MethodVisitor(getInstanceArg); methodTree.accept(methodVisitor); } }
@Override protected void onMethodInvocationFound(MethodInvocationTree mit) { MethodTree methodTree = ExpressionUtils.getEnclosingMethod(mit); String getInstanceArg = ConstantUtils.resolveAsStringConstant(mit.arguments().get(0)); if (methodTree != null && getInstanceArg != null) { MethodVisitor methodVisitor = new MethodVisitor(getInstanceArg); methodTree.accept(methodVisitor); } }
private void checkMethodInvocation(MethodInvocationTree methodInvocation) { if (triggeringInvocationMatcher.matches(methodInvocation)) { MethodTree enclosingMethod = ExpressionUtils.getEnclosingMethod(methodInvocation); if (enclosingMethod != null) { if (securingInvocationPredicate instanceof AccessExternalDTDOrSchemaPredicate) { ((AccessExternalDTDOrSchemaPredicate) securingInvocationPredicate).externalDTDDisabled = false; ((AccessExternalDTDOrSchemaPredicate) securingInvocationPredicate).externalSchemaDisabled = false; } MethodVisitor methodVisitor = new MethodVisitor(securingInvocationPredicate); enclosingMethod.accept(methodVisitor); if (!methodVisitor.isExternalEntityProcessingDisabled) { reportIssue(methodInvocation.methodSelect(), "Disable XML external entity (XXE) processing."); } } } } }
private void checkMethodInvocation(MethodInvocationTree methodInvocation) { if (triggeringInvocationMatcher.matches(methodInvocation)) { MethodTree enclosingMethod = ExpressionUtils.getEnclosingMethod(methodInvocation); if (enclosingMethod != null) { if (securingInvocationPredicate instanceof AccessExternalDTDOrSchemaPredicate) { ((AccessExternalDTDOrSchemaPredicate) securingInvocationPredicate).externalDTDDisabled = false; ((AccessExternalDTDOrSchemaPredicate) securingInvocationPredicate).externalSchemaDisabled = false; } MethodVisitor methodVisitor = new MethodVisitor(securingInvocationPredicate); enclosingMethod.accept(methodVisitor); if (!methodVisitor.isExternalEntityProcessingDisabled) { reportIssue(methodInvocation.methodSelect(), "Disable XML external entity (XXE) processing."); } } } } }
@Override protected void onMethodInvocationFound(MethodInvocationTree mit) { MethodTree method = ExpressionUtils.getEnclosingMethod(mit); if (method != null) { Arguments args = mit.arguments(); if (ENABLING_SSL_METHODS.matches(mit) && LiteralUtils.isTrue(args.get(0))) { MethodBodyApacheVisitor apacheVisitor = new MethodBodyApacheVisitor(); method.accept(apacheVisitor); if (!apacheVisitor.isSecured) { reportIssue(mit, "Enable server identity validation on this SMTP SSL connection."); } } else if (HASHTABLE_PUT.matches(mit) && "mail.smtp.socketFactory.class".equals(ConstantUtils.resolveAsStringConstant(args.get(0))) && "javax.net.ssl.SSLSocketFactory".equals(ConstantUtils.resolveAsStringConstant(args.get(1)))) { MethodBodyHashtableVisitor hashVisitor = new MethodBodyHashtableVisitor(); method.accept(hashVisitor); if (!hashVisitor.isSecured) { reportIssue(mit, "Enable server identity validation, set \"mail.smtp.ssl.checkserveridentity\" to true"); } } } super.onMethodInvocationFound(mit); }
@Override protected void onMethodInvocationFound(MethodInvocationTree mit) { MethodTree method = ExpressionUtils.getEnclosingMethod(mit); if (method != null) { Arguments args = mit.arguments(); if (ENABLING_SSL_METHODS.matches(mit) && LiteralUtils.isTrue(args.get(0))) { MethodBodyApacheVisitor apacheVisitor = new MethodBodyApacheVisitor(); method.accept(apacheVisitor); if (!apacheVisitor.isSecured) { reportIssue(mit, "Enable server identity validation on this SMTP SSL connection."); } } else if (HASHTABLE_PUT.matches(mit) && "mail.smtp.socketFactory.class".equals(ConstantUtils.resolveAsStringConstant(args.get(0))) && "javax.net.ssl.SSLSocketFactory".equals(ConstantUtils.resolveAsStringConstant(args.get(1)))) { MethodBodyHashtableVisitor hashVisitor = new MethodBodyHashtableVisitor(); method.accept(hashVisitor); if (!hashVisitor.isSecured) { reportIssue(mit, "Enable server identity validation, set \"mail.smtp.ssl.checkserveridentity\" to true"); } } } super.onMethodInvocationFound(mit); }