private void categorizeBasedOnConstructor(NewClassTree newClassTree, VariableSymbol variableSymbol) { if (isIgnoredCookieName(newClassTree.arguments())) { ignoredVariables.add(variableSymbol); } else if (isCompliantConstructorCall(newClassTree)) { compliantConstructorInitializations.add(variableSymbol); } else { variablesToReport.add(variableSymbol); } }
@Override protected void onConstructorFound(NewClassTree newClassTree) { if (firstArgumentIsCookie(newClassTree.arguments())) { reportIssue(newClassTree.arguments().get(0), MESSAGE); } else if (secondArgumentIsValue(newClassTree.arguments())) { reportIssue(newClassTree.arguments().get(1), MESSAGE); } }
private void checkNewClassTree(NewClassTree nct) { if (MATCHERS.anyMatch(nct)) { nct.arguments().forEach(this::checkExpression); } }
private static boolean isCompliantConstructorCall(NewClassTree newClassTree) { if (CONSTRUCTORS_WITH_HTTP_ONLY_PARAM.stream().anyMatch(matcher -> matcher.matches(newClassTree))) { Arguments arguments = newClassTree.arguments(); ExpressionTree lastArgument = arguments.get(arguments.size() - 1); return LiteralUtils.isTrue(lastArgument); } else { return CONSTRUCTORS_WITH_GOOD_DEFAULT.stream().anyMatch(matcher -> matcher.matches(newClassTree)); } }
@Override public void visitNewClass(NewClassTree tree) { if (TARGETED_CLASS.contains(getclassName(tree)) && tree.arguments().size() == 1) { ExpressionTree argument = tree.arguments().get(0); if (argument.is(Tree.Kind.CHAR_LITERAL)) { String character = ((LiteralTree) argument).value(); context.reportIssue(this, argument, "Replace the constructor character parameter " + character + " with string parameter " + character.replace("'", "\"") + "."); } } }
private void categorizeBasedOnConstructor(ReturnStatementTree returnStatement) { ExpressionTree returnedExpression = returnStatement.expression(); if (returnedExpression != null && returnedExpression.is(Tree.Kind.NEW_CLASS)) { NewClassTree newClass = (NewClassTree) returnedExpression; if (!isIgnoredCookieName(newClass.arguments()) && !isCompliantConstructorCall(newClass) && CLASSES.stream().anyMatch(newClass.symbolType()::isSubtypeOf)) { newClassToReport.add(newClass); } } }
@Override protected void onConstructorFound(NewClassTree newClassTree) { ExpressionTree arg = newClassTree.arguments().get(0); if (isZeroIntLiteral(arg)) { reportIssue(arg, MESSAGE); } }
@Override public void visitNewClass(NewClassTree tree) { checkMethodInvocationArgument(tree.arguments(), tree.constructorSymbol()); super.visitNewClass(tree); }
private static Symbol.TypeSymbol wrapperClassSymbol(NewClassTree newClassTree) { Symbol.TypeSymbol classSymbol = newClassTree.symbolType().symbol(); if (PRIMITIVE_TYPES_BY_WRAPPER.containsKey(newClassTree.symbolType().fullyQualifiedName()) && !newClassTree.arguments().isEmpty()) { return classSymbol; } return null; }
private void buildNewClass(NewClassTree tree) { handleExceptionalPaths(tree.constructorSymbol()); currentBlock.elements.add(tree); build(tree.arguments()); ExpressionTree enclosingExpression = tree.enclosingExpression(); if (enclosingExpression != null) { build(enclosingExpression); } }
@Override public void visitNewClass(NewClassTree syntaxTree) { Symbol symbol = syntaxTree.constructorSymbol(); if (symbol.isMethodSymbol()) { int peekSize = syntaxTree.arguments().size(); List<SymbolicValue> argumentValues = Lists.reverse(programState.peekValues(peekSize)); checkNullArguments(syntaxTree, (JavaSymbol.MethodJavaSymbol) symbol, argumentValues); } }
private static Stream<ExpressionTree> arguments(Tree methodTree) { if (methodTree.is(Tree.Kind.METHOD_INVOCATION)) { return ((MethodInvocationTree) methodTree).arguments().stream(); } if (methodTree.is(Tree.Kind.NEW_CLASS)) { return ((NewClassTree) methodTree).arguments().stream(); } return Stream.empty(); }
@Override public void visitMethodInvocation(MethodInvocationTree methodInvocation) { if (SECURE_RANDOM_NEXT_BYTES.matches(methodInvocation)) { Symbol initVector = symbol(ivParameterSpecInstantiation.arguments().get(0)); if (initVector != null && initVector.equals(symbol(methodInvocation.arguments().get(0)))) { secureRandomFound = true; } } super.visitMethodInvocation(methodInvocation); }
private void executeNewClass(NewClassTree tree) { NewClassTree newClassTree = tree; programState = programState.unstackValue(newClassTree.arguments().size()).state; // Enqueue exceptional paths ((CFG.Block) node.programPoint.block).exceptions().forEach(b -> enqueue(new ProgramPoint(b), programState, !b.isCatchBlock())); SymbolicValue svNewClass = constraintManager.createSymbolicValue(newClassTree); programState = programState.stackValue(svNewClass); programState = svNewClass.setSingleConstraint(programState, ObjectConstraint.NOT_NULL); }
private void handleConstructor(NewClassTree tree) { if (!PASSWORD_AUTHENTICATION_CONSTRUCTOR.matches(tree)) { return; } ExpressionTree secondArg = tree.arguments().get(1); if (secondArg.is(Tree.Kind.METHOD_INVOCATION)) { MethodInvocationTree mit = (MethodInvocationTree) secondArg; if (STRING_TO_CHAR_ARRAY.matches(mit) && isCallOnStringLiteral(mit.methodSelect())) { reportIssue(tree, "Remove this hard-coded password."); } } }
@Override public void visitNewClass(NewClassTree tree) { scan(tree.enclosingExpression()); scan(tree.identifier()); scan(tree.typeArguments()); scan(tree.arguments()); //do not scan body of anonymous classes. } }
@Override public ProgramState checkPreStatement(CheckerContext context, Tree syntaxNode) { ProgramState state = context.getState(); if (syntaxNode.is(Tree.Kind.METHOD_INVOCATION)) { MethodInvocationTree mit = (MethodInvocationTree) syntaxNode; checkParameters(mit, mit.symbol(), mit.arguments(), state); } else if (syntaxNode.is(Tree.Kind.NEW_CLASS)) { NewClassTree nct = (NewClassTree) syntaxNode; checkParameters(nct, nct.constructorSymbol(), nct.arguments(), state); } return state; }
@Override public void visitNewClass(NewClassTree tree) { scan(tree.enclosingExpression()); scan(tree.identifier()); scan(tree.typeArguments()); scan(tree.arguments()); scan(tree.classBody()); }