Java Code Examples for edu.umd.cs.findbugs.BugInstance

The following examples show how to use edu.umd.cs.findbugs.BugInstance. These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
private String getPatternOrPatternType() {
    if (data instanceof IMarker) {
        BugInstance bug = MarkerUtil.findBugInstanceForMarker((IMarker) data);
        if (bug == null) {
            return null;
        }
        if (useSpecificPattern) {
            // uses specific pattern kind, the naming "Type" is misleading
            return bug.getType();
        }
        // uses pattern type, the naming "Abbrev" is misleading
        return bug.getAbbrev();
    } else if (data instanceof BugPattern) {
        BugPattern pattern = (BugPattern) data;
        if (useSpecificPattern) {
            // uses specific pattern kind, the naming "Type" is misleading
            return pattern.getType();
        }
        // uses pattern type, the naming "Abbrev" is misleading
        return pattern.getAbbrev();
    } else if (data instanceof BugCode) {
        // same as pattern.getAbbrev(): it's pattern type
        return ((BugCode) data).getAbbrev();
    }
    return null;
}
 
Example 2
@Override
public void sawOpcode(int seen) {
    switch (seen) {
    default:
        break;
    case Const.IF_ICMPEQ:
    case Const.IF_ICMPNE:
        OpcodeStack.Item left = stack.getStackItem(1);
        OpcodeStack.Item right = stack.getStackItem(0);
        if (bad(left, right) || bad(right, left)) {
            accumulator.accumulateBug(new BugInstance(this, "TESTING", NORMAL_PRIORITY).addClassAndMethod(this)
                    .addValueSource(left, this).addValueSource(right, this)
                    .addString("Just check the sign of the result of compare or compareTo, not specific values such as 1 or -1"), this);
        }
        break;
    }

}
 
Example 3
@Override
    public void sawOpcode(int seen) {
        //printOpCode(seen);

//        JspSpringEvalDetector: [0039]  ldc   "${expression}"
//        JspSpringEvalDetector: [0041]  ldc   java/lang/String
//        JspSpringEvalDetector: [0043]  aload_2
//        JspSpringEvalDetector: [0044]  aconst_null
//        JspSpringEvalDetector: [0045]  invokestatic   org/apache/jasper/runtime/PageContextImpl.evaluateExpression (Ljava/lang/String;Ljava/lang/Class;Ljavax/servlet/jsp/PageContext;Lorg/apache/jasper/runtime/ProtectedFunctionMapper;)Ljava/lang/Object;
//        JspSpringEvalDetector: [0048]  checkcast
//        JspSpringEvalDetector: [0051]  invokevirtual   org/springframework/web/servlet/tags/EvalTag.setExpression (Ljava/lang/String;)V

        if (seen == Constants.INVOKEVIRTUAL && getClassConstantOperand().equals("org/springframework/web/servlet/tags/EvalTag")
                && getNameConstantOperand().equals("setExpression") && getSigConstantOperand().equals("(Ljava/lang/String;)V")) {

            if (StackUtils.isVariableString(stack.getStackItem(0))) {
                bugReporter.reportBug(new BugInstance(this, JSP_SPRING_EVAL, Priorities.HIGH_PRIORITY) //
                        .addClass(this).addMethod(this).addSourceLine(this));
            }
        }
    }
 
Example 4
@Override
@SuppressWarnings("rawtypes")
public Object getAdapter(Object adaptableObject, Class adapterType) {
    if (adapterType == IPropertySheetPage.class) {
        if (adaptableObject instanceof BugExplorerView || adaptableObject instanceof AbstractFindbugsView) {
            return new BugPropertySheetPage();
        }
    }
    if (adapterType == IPropertySource.class) {
        if (adaptableObject instanceof BugPattern || adaptableObject instanceof BugInstance
                || adaptableObject instanceof DetectorFactory || adaptableObject instanceof Plugin
                || adaptableObject instanceof BugGroup
                || adaptableObject instanceof BugAnnotation) {
            return new PropertySource(adaptableObject);
        }
        IMarker marker = Util.getAdapter(IMarker.class, adaptableObject);
        if (!MarkerUtil.isFindBugsMarker(marker)) {
            return null;
        }
        return new MarkerPropertySource(marker);
    }
    return null;
}
 
Example 5
private void reportNullDeref(WarningPropertySet<WarningProperty> propertySet, Location location, String type, int priority,
        @CheckForNull BugAnnotation variable) {

    BugInstance bugInstance = new BugInstance(this, type, priority).addClassAndMethod(classContext.getJavaClass(), method);
    if (variable != null) {
        bugInstance.add(variable);
    } else {
        bugInstance.add(new LocalVariableAnnotation("?", -1, -1));
    }
    bugInstance.addSourceLine(classContext, method, location).describe("SOURCE_LINE_DEREF");

    if (FindBugsAnalysisFeatures.isRelaxedMode()) {
        WarningPropertyUtil.addPropertiesForDataMining(propertySet, classContext, method, location);
    }
    addPropertiesForDereferenceLocations(propertySet, Collections.singleton(location), false);

    propertySet.decorateBugInstance(bugInstance);

    bugReporter.reportBug(bugInstance);
}
 
Example 6
Source Project: spotbugs   Source File: FieldMatcher.java    License: GNU Lesser General Public License v2.1 6 votes vote down vote up
@Override
public boolean match(BugInstance bugInstance) {
    FieldAnnotation fieldAnnotation = null;
    if (role == null || "".equals(role)) {
        fieldAnnotation = bugInstance.getPrimaryField();
    } else {
        for (BugAnnotation a : bugInstance.getAnnotations()) {
            if (a instanceof FieldAnnotation && role.equals(a.getDescription())) {
                fieldAnnotation = (FieldAnnotation) a;
                break;
            }
        }
    }
    return fieldAnnotation != null
            && name.match(fieldAnnotation.getFieldName())
            && (signature == null || signature.match(fieldAnnotation.getFieldSignature()));
}
 
Example 7
Source Project: spotbugs   Source File: Filter.java    License: GNU Lesser General Public License v2.1 6 votes vote down vote up
/**
 * Do any prep work needed to perform bug filtering
 *
 * @param origCollection
 */
public void getReady(SortedBugCollection origCollection) {
    if (maybeMutatedAsString != null) {
        HashSet<String> addedIssues = new HashSet<>();
        HashSet<String> removedIssues = new HashSet<>();
        for (BugInstance b : origCollection) {
            if (b.getFirstVersion() == maybeMutated) {
                addedIssues.add(getBugLocation(b));
            } else if (b.getLastVersion() == maybeMutated - 1) {
                removedIssues.add(getBugLocation(b));
            }
        }
        addedIssues.remove(null);
        addedIssues.retainAll(removedIssues);
        mutationPoints = addedIssues;
    }

}
 
Example 8
static public SortedBugCollection union(SortedBugCollection origCollection, SortedBugCollection newCollection) {

        SortedBugCollection result = origCollection.duplicate();

        for (Iterator<BugInstance> i = newCollection.iterator(); i.hasNext();) {
            BugInstance bugInstance = i.next();
            result.add(bugInstance);
        }
        ProjectStats stats = result.getProjectStats();
        ProjectStats stats2 = newCollection.getProjectStats();
        stats.addStats(stats2);

        Project project = result.getProject();
        project.add(newCollection.getProject());

        return result;
    }
 
Example 9
@Override
public void visit(Code obj) {
    found.clear();
    // Solution to sourceforge bug 1765925; returning null is the
    // convention used by java.io.File.listFiles()
    if ("listFiles".equals(getMethodName())) {
        return;
    }
    String returnType = getMethodSig().substring(getMethodSig().indexOf(')') + 1);
    if (returnType.startsWith("[")) {
        nullOnTOS = false;
        super.visit(obj);
        if (!found.isEmpty()) {
            BugInstance bug = new BugInstance(this, "PZLA_PREFER_ZERO_LENGTH_ARRAYS", LOW_PRIORITY).addClassAndMethod(this);
            for (SourceLineAnnotation s : found) {
                bug.add(s);
            }
            bugReporter.reportBug(bug);
            found.clear();
        }
    }
}
 
Example 10
@Override
public void visitClassContext(ClassContext classContext) {
    JavaClass javaClass = classContext.getJavaClass();
    
    //The class extends WebChromeClient
    boolean isWebChromeClient = InterfaceUtils.isSubtype(javaClass, "android.webkit.WebChromeClient");
    
    //Not the target of this detector
    if (!isWebChromeClient) {
        return;
    }
    Method[] methodList = javaClass.getMethods();
    for (Method m : methodList) {
        if (DEBUG) {
            System.out.println(">>> Method: " + m.getName());
        }
        //The presence of onGeolocationPermissionsShowPrompt is not enforce for the moment
        if (!m.getName().equals("onGeolocationPermissionsShowPrompt")) {
            continue;
        }
        //Since the logic implemented need to be analyze by a human, all implementation will be flagged.
        bugReporter.reportBug(new BugInstance(this, ANDROID_GEOLOCATION_TYPE, Priorities.NORMAL_PRIORITY) //
                .addClassAndMethod(javaClass, m));
    }
}
 
Example 11
@Override
    public void sawOpcode(int seen) {
        //printOpCode(seen);

        // getClassConstantOperand().equals("java/net/Socket")

        if (seen == Constants.INVOKEVIRTUAL && ( //List of method mark as external file access
                getNameConstantOperand().equals("sendStickyBroadcast") ||
                        getNameConstantOperand().equals("sendStickyOrderedBroadcast") ||
                        getNameConstantOperand().equals("sendStickyBroadcastAsUser") ||
                        getNameConstantOperand().equals("sendStickyOrderedBroadcastAsUser")
        )) {
//            System.out.println(getSigConstantOperand());
            bugReporter.reportBug(new BugInstance(this, ANDROID_STICKY_BROADCAST_TYPE, Priorities.NORMAL_PRIORITY) //
                    .addClass(this).addMethod(this).addSourceLine(this));
        }
    }
 
Example 12
@Override
public void visitClassContext(ClassContext classContext) {
    JavaClass javaClass = classContext.getJavaClass();

    //The class extends HttpServletRequestWrapper
    boolean isRequestWrapper = InterfaceUtils.isSubtype(javaClass, "javax.servlet.http.HttpServletRequestWrapper");

    //Not the target of this detector
    if (!isRequestWrapper) return;

    Method[] methodList = javaClass.getMethods();

    for (Method m : methodList) {
        if (m.getName().equals("stripXSS")) {
            bugReporter.reportBug(new BugInstance(this, XSS_REQUEST_WRAPPER_TYPE, Priorities.NORMAL_PRIORITY) //
                    .addClassAndMethod(javaClass, m));
            return;
        }
    }

}
 
Example 13
private void analyzeMethod(Method m, ClassContext classContext) throws CFGBuilderException, DataflowAnalysisException {

        ConstantPoolGen cpg = classContext.getConstantPoolGen();
        CFG cfg = classContext.getCFG(m);
        
        for (Iterator<Location> i = cfg.locationIterator(); i.hasNext(); ) {
            Location location = i.next();

            Instruction inst = location.getHandle().getInstruction();
            
            if (inst instanceof LDC) {
                LDC ldc = (LDC) inst;
                if (ldc != null) {
                    if("java.naming.security.authentication".equals(ldc.getValue(cpg)) &&
                       "none".equals(ByteCode.getConstantLDC(location.getHandle().getNext(), cpg, String.class))){
                        JavaClass clz = classContext.getJavaClass();
                        bugReporter.reportBug(new BugInstance(this, LDAP_ANONYMOUS, Priorities.LOW_PRIORITY) //
                        .addClass(clz)
                        .addMethod(clz, m)
                        .addSourceLine(classContext, m, location));
                        break;
                    }
                }
            }            
        }
    }
 
Example 14
/**
 * If feature is enabled, suppress warnings where there is at least one live
 * store on the line where the warning would be reported.
 *
 * @param accumulator
 *            BugAccumulator containing warnings for method
 * @param liveStoreSourceLineSet
 *            bitset of lines where at least one live store was seen
 */
private void suppressWarningsIfOneLiveStoreOnLine(BugAccumulator accumulator, BitSet liveStoreSourceLineSet) {
    if (!SUPPRESS_IF_AT_LEAST_ONE_LIVE_STORE_ON_LINE) {
        return;
    }

    // Eliminate any accumulated warnings for instructions
    // that (due to inlining) *can* be live stores.
    entryLoop: for (Iterator<? extends BugInstance> i = accumulator.uniqueBugs().iterator(); i.hasNext();) {

        for (SourceLineAnnotation annotation : accumulator.locations(i.next())) {
            if (liveStoreSourceLineSet.get(annotation.getStartLine())) {
                // This instruction can be a live store; don't report
                // it as a warning.
                i.remove();
                continue entryLoop;
            }
        }
    }
}
 
Example 15
Source Project: analysis-model   Source File: FindBugsParser.java    License: MIT License 6 votes vote down vote up
private void setAffectedLines(final BugInstance warning, final IssueBuilder builder,
        final LineRange primary) {
    Iterator<BugAnnotation> annotationIterator = warning.annotationIterator();
    LineRangeList lineRanges = new LineRangeList();
    while (annotationIterator.hasNext()) {
        BugAnnotation bugAnnotation = annotationIterator.next();
        if (bugAnnotation instanceof SourceLineAnnotation) {
            SourceLineAnnotation annotation = (SourceLineAnnotation) bugAnnotation;
            LineRange lineRange = new LineRange(annotation.getStartLine(), annotation.getEndLine());
            if (!lineRanges.contains(lineRange) && !primary.equals(lineRange)) {
                lineRanges.add(lineRange);
            }
        }
    }
    builder.setLineRanges(lineRanges);
}
 
Example 16
Source Project: spotbugs   Source File: URLProblems.java    License: GNU Lesser General Public License v2.1 6 votes vote down vote up
@Override
public void visit(Signature obj) {
    String sig = obj.getSignature();
    for (String s : BAD_SIGNATURES) {
        if (sig.indexOf(s) >= 0) {
            if (visitingField()) {
                bugReporter.reportBug(new BugInstance(this, "DMI_COLLECTION_OF_URLS", HIGH_PRIORITY).addClass(this)
                        .addVisitedField(this));
            } else if (visitingMethod()) {
                bugReporter.reportBug(new BugInstance(this, "DMI_COLLECTION_OF_URLS", HIGH_PRIORITY).addClassAndMethod(this));
            } else {
                bugReporter.reportBug(new BugInstance(this, "DMI_COLLECTION_OF_URLS", HIGH_PRIORITY).addClass(this).addClass(
                        this));
            }
        }
    }
}
 
Example 17
Source Project: spotbugs   Source File: WaitInLoop.java    License: GNU Lesser General Public License v2.1 6 votes vote down vote up
@Override
public void visit(Code obj) {
    sawWait = false;
    sawAwait = false;
    waitHasTimeout = false;
    sawNotify = false;
    earliestJump = 9999999;
    super.visit(obj);
    if ((sawWait || sawAwait) && waitAt < earliestJump) {
        String bugType = sawWait ? "WA_NOT_IN_LOOP" : "WA_AWAIT_NOT_IN_LOOP";
        bugReporter.reportBug(new BugInstance(this, bugType, waitHasTimeout ? LOW_PRIORITY : NORMAL_PRIORITY)
                .addClassAndMethod(this).addSourceLine(this, waitAt));
    }
    if (sawNotify) {
        bugReporter.reportBug(new BugInstance(this, "NO_NOTIFY_NOT_NOTIFYALL", LOW_PRIORITY).addClassAndMethod(this)
                .addSourceLine(this, notifyPC));
    }
}
 
Example 18
Source Project: spotbugs   Source File: ClassMatcher.java    License: GNU Lesser General Public License v2.1 6 votes vote down vote up
@Override
public boolean match(BugInstance bugInstance) {
    ClassAnnotation classAnnotation = bugInstance.getPrimaryClass();
    if (role != null && !"".equals(role)) {
        for (BugAnnotation a : bugInstance.getAnnotations()) {
            if (a instanceof ClassAnnotation && role.equals(a.getDescription())) {
                classAnnotation = (ClassAnnotation) a;
                break;
            }
        }
    }
    String bugClassName = classAnnotation.getClassName();
    boolean result = className.match(bugClassName);
    LOG.debug("Matching {} with {}, result = {}", bugClassName, className, result);
    return result;
}
 
Example 19
Source Project: spotbugs   Source File: MarkerUtil.java    License: GNU Lesser General Public License v2.1 6 votes vote down vote up
/**
 * As a side-effect this method updates missing line information for some
 * bugs stored in the given bug collection
 *
 * @param project
 * @param theCollection
 * @return never null
 */
public static List<MarkerParameter> createBugParameters(IJavaProject project, BugCollection theCollection,
        IProgressMonitor monitor) {
    List<MarkerParameter> bugParameters = new ArrayList<>();
    if (project == null) {
        FindbugsPlugin.getDefault().logException(new NullPointerException("project is null"), "project is null");
        return bugParameters;
    }
    Iterator<BugInstance> iterator = theCollection.iterator();
    while (iterator.hasNext() && !monitor.isCanceled()) {
        BugInstance bug = iterator.next();
        DetectorFactory detectorFactory = bug.getDetectorFactory();
        if (detectorFactory != null && !detectorFactory.getPlugin().isGloballyEnabled()) {
            continue;
        }
        MarkerParameter mp = createMarkerParameter(project, bug);
        if (mp != null) {
            bugParameters.add(mp);
        }
    }
    return bugParameters;
}
 
Example 20
@Override
public void visit(Code obj) {
    if (!directChildOfTestCase && (getMethodName().equals("setUp") || getMethodName().equals("tearDown"))
            && !getMethod().isPrivate() && getMethodSig().equals("()V")) {
        sawSuperCall = false;
        super.visit(obj);
        if (sawSuperCall) {
            return;
        }
        JavaClass we = Lookup.findSuperImplementor(getThisClass(), getMethodName(), "()V", bugReporter);
        if (we != null && !we.getClassName().equals("junit.framework.TestCase")) {
            // OK, got a bug
            int offset = 0;
            if (getMethodName().equals("tearDown")) {
                offset = obj.getCode().length - 1;
            }
            Method superMethod = Lookup.findImplementation(we, getMethodName(), "()V");
            Code superCode = superMethod.getCode();
            if (superCode != null && superCode.getCode().length > 3) {
                bugReporter.reportBug(new BugInstance(this, getMethodName().equals("setUp") ? "IJU_SETUP_NO_SUPER"
                        : "IJU_TEARDOWN_NO_SUPER", NORMAL_PRIORITY).addClassAndMethod(this).addMethod(we, superMethod)
                                .describe(MethodAnnotation.METHOD_OVERRIDDEN).addSourceLine(this, offset));
            }
        }
    }
}
 
Example 21
Source Project: super-cloudops   Source File: DefaultHtmlBugExporter.java    License: Apache License 2.0 5 votes vote down vote up
@Override
public void doExport(Project project, BugCollection bugs, File f) throws Exception {
	HTMLBugReporter reporter = new HTMLBugReporter(project, "default.xsl");
	reporter.setIsRelaxed(true);
	reporter.setOutputStream(UTF8.printStream(new FileOutputStream(f)));
	for (BugInstance bug : bugs.getCollection()) {
		try {
			reporter.reportBug(bug);
		} catch (Exception e) {
			e.printStackTrace(); // Print to parent process
		}
	}
	reporter.finish();
}
 
Example 22
@Override
public void sawOpcode(int seen) {
    if (seen == Const.ISTORE || seen == Const.ISTORE_0 || seen == Const.ISTORE_1 || seen == Const.ISTORE_2 || seen == Const.ISTORE_3) {
        lastRegStore = getRegisterOperand();
    }
    if (lineNumbers != null
            && stack.getStackDepth() >= 2
            && (seen == Const.IF_ICMPGE || seen == Const.IF_ICMPGT || seen == Const.IF_ICMPLT || seen == Const.IF_ICMPLE
                    || seen == Const.IF_ICMPNE || seen == Const.IF_ICMPEQ)) {
        OpcodeStack.Item item0 = stack.getStackItem(0);
        OpcodeStack.Item item1 = stack.getStackItem(1);
        int r0 = item0.getRegisterNumber();
        int r1 = item1.getRegisterNumber();
        int rMin = Math.min(r0, r1);
        int rMax = Math.max(r0, r1);
        int branchTarget = getBranchTarget();
        if (rMin == -1 && rMax > 0 && rMax == lastRegStore && branchTarget - 6 > getPC()) {
            int beforeTarget = getCodeByte(branchTarget - 3);
            int beforeGoto = getCodeByte(branchTarget - 6);
            if (beforeTarget == Const.GOTO && beforeGoto == Const.IINC) {
                int offset1 = (byte) getCodeByte(branchTarget - 2);
                int offset2 = getCodeByte(branchTarget - 1);
                int offset = offset1 << 8 | offset2;
                int backTarget = branchTarget - 3 + offset;
                int reg = getCodeByte(branchTarget - 5);
                int testLineNumber = lineNumbers.getSourceLine(getPC());
                int incLineNumber = lineNumbers.getSourceLine(branchTarget - 6);
                int beforeIncLineNumber = lineNumbers.getSourceLine(branchTarget - 7);
                if (backTarget < getPC() && getPC() - 8 < backTarget && reg != rMax && incLineNumber < testLineNumber + 3
                        && beforeIncLineNumber > incLineNumber) {

                    bugReporter.reportBug(new BugInstance(this, "QF_QUESTIONABLE_FOR_LOOP", NORMAL_PRIORITY)
                            .addClassAndMethod(this).addSourceLine(this));
                }
            }

        }
    }
}
 
Example 23
@Override
public void visit(Code obj) {
    state = 0;
    sawAnythingElse = false;
    sawFieldNulling = false;
    if (inFinalize) {
        super.visit(obj);
        bugAccumulator.reportAccumulatedBugs();
        if (!sawAnythingElse && sawFieldNulling) {
            BugInstance bug = new BugInstance(this, "FI_FINALIZER_ONLY_NULLS_FIELDS", HIGH_PRIORITY).addClassAndMethod(this);
            bugReporter.reportBug(bug);
        }
    }
}
 
Example 24
private void handleSuspiciousRefComparison(JavaClass jclass, Method method, MethodGen methodGen,
        List<WarningWithProperties> refComparisonList, Location location, String lhs, ReferenceType lhsType,
        ReferenceType rhsType) {
    XField xf = null;
    if (lhsType instanceof FinalConstant) {
        xf = ((FinalConstant) lhsType).getXField();
    } else if (rhsType instanceof FinalConstant) {
        xf = ((FinalConstant) rhsType).getXField();
    }
    String sourceFile = jclass.getSourceFileName();
    String bugPattern = "RC_REF_COMPARISON";
    int priority = Priorities.HIGH_PRIORITY;
    if ("java.lang.Boolean".equals(lhs)) {
        bugPattern = "RC_REF_COMPARISON_BAD_PRACTICE_BOOLEAN";
        priority = Priorities.NORMAL_PRIORITY;
    } else if (xf != null && xf.isStatic() && xf.isFinal()) {
        bugPattern = "RC_REF_COMPARISON_BAD_PRACTICE";
        if (xf.isPublic() || !methodGen.isPublic()) {
            priority = Priorities.NORMAL_PRIORITY;
        }
    }
    BugInstance instance = new BugInstance(this, bugPattern, priority).addClassAndMethod(methodGen, sourceFile)
            .addType("L" + lhs.replace('.', '/') + ";").describe(TypeAnnotation.FOUND_ROLE);
    if (xf != null) {
        instance.addField(xf).describe(FieldAnnotation.LOADED_FROM_ROLE);
    } else {
        instance.addSomeSourceForTopTwoStackValues(classContext, method, location);
    }
    SourceLineAnnotation sourceLineAnnotation = SourceLineAnnotation.fromVisitedInstruction(classContext, methodGen,
            sourceFile, location.getHandle());

    refComparisonList.add(new WarningWithProperties(instance, new WarningPropertySet<>(),
            sourceLineAnnotation, location));
}
 
Example 25
/**
 * Sets the title of the source tabs for either docking or non-docking
 * versions.
 */
void setSourceTab(String title, @CheckForNull BugInstance bug) {
    JComponent label = mainFrame.getGuiLayout().getSourceViewComponent();
    if (label != null) {
        removeLink(label);
    }
    mainFrame.getGuiLayout().setSourceTitle(title);
}
 
Example 26
@Override
public void sawOpcode(int seen) {
    //printOpCode(seen);

    //Important sample from \plugin\src\test\webapp\includes\jsp_include_1.jsp
    //org.apache.jasper.runtime.JspRuntimeLibrary
    //JspRuntimeLibrary.include(request, response, (String)PageContextImpl.evaluateExpression("${param.secret_param}", String.class, _jspx_page_context, null), out, false);
    //  JspIncludeDetector: [0119]  invokestatic   org/apache/jasper/runtime/JspRuntimeLibrary.include (Ljavax/servlet/ServletRequest;Ljavax/servlet/ServletResponse;Ljava/lang/String;Ljavax/servlet/jsp/JspWriter;Z)V

    //Important sample from \plugin\src\test\webapp\includes\jsp_include_3.jsp
    //ImportTag _jspx_th_c_import_0 = (ImportTag)this._jspx_tagPool_c_import_url_nobody.get(ImportTag.class);
    //_jspx_th_c_import_0.setUrl((String)PageContextImpl.evaluateExpression("${param.secret_param}", String.class, _jspx_page_context, null));
    //  JspIncludeDetector: [0051]  invokevirtual   org/apache/taglibs/standard/tag/rt/core/ImportTag.setUrl (Ljava/lang/String;)V


    if (seen == Constants.INVOKESTATIC && ("org/apache/jasper/runtime/JspRuntimeLibrary".equals(getClassConstantOperand()) || "org/apache/sling/scripting/jsp/jasper/runtime/JspRuntimeLibrary".equals(getClassConstantOperand()))
            && getNameConstantOperand().equals("include") && getSigConstantOperand().equals("(Ljavax/servlet/ServletRequest;Ljavax/servlet/ServletResponse;Ljava/lang/String;Ljavax/servlet/jsp/JspWriter;Z)V")) {

        bugReporter.reportBug(new BugInstance(this, JSP_INCLUDE_TYPE, Priorities.HIGH_PRIORITY) //
                .addClass(this).addMethod(this).addSourceLine(this));
    }
    else if (seen == Constants.INVOKEVIRTUAL && getClassConstantOperand().equals("org/apache/taglibs/standard/tag/rt/core/ImportTag")
            && getNameConstantOperand().equals("setUrl") && getSigConstantOperand().equals("(Ljava/lang/String;)V")) {

        bugReporter.reportBug(new BugInstance(this, JSP_INCLUDE_TYPE, Priorities.HIGH_PRIORITY) //
                .addClass(this).addMethod(this).addSourceLine(this));
    }

}
 
Example 27
Source Project: spotbugs   Source File: DontUseEnum.java    License: GNU Lesser General Public License v2.1 5 votes vote down vote up
@Override
public void visit(Field obj) {
    if (isReservedName(obj.getName())) {
        BugInstance bug = new BugInstance(this, "NM_FUTURE_KEYWORD_USED_AS_MEMBER_IDENTIFIER", isVisible(obj) ? HIGH_PRIORITY
                : NORMAL_PRIORITY).addClass(this).addField(this);
        bugReporter.reportBug(bug);
    }
}
 
Example 28
@Override
public void sawOpcode(int seen) {

    try {
        if(seen == INVOKEVIRTUAL && REDIRECT_METHODS.contains(getNameConstantOperand())) {
            if("scala/runtime/AbstractFunction0".equals(getClassDescriptor().getXClass().getSuperclassDescriptor().getClassName())) {
                bugReporter.reportBug(new BugInstance(this, PLAY_UNVALIDATED_REDIRECT_TYPE, Priorities.NORMAL_PRIORITY) //
                    .addClass(this).addMethod(this).addSourceLine(this).addString(getNameConstantOperand())); //
            }
        }
    } catch (CheckedAnalysisException e) {
    }
}
 
Example 29
@Override
public void visit(Method obj) {
    if (DEBUG) {
        System.out.println("FFI: visiting " + getFullyQualifiedMethodName());
    }
    if ("finalize".equals(getMethodName()) && "()V".equals(getMethodSig()) && (obj.getAccessFlags() & (Const.ACC_PUBLIC)) != 0) {
        bugReporter
                .reportBug(new BugInstance(this, "FI_PUBLIC_SHOULD_BE_PROTECTED", NORMAL_PRIORITY).addClassAndMethod(this));
    }
}
 
Example 30
@Test
public void shouldReturnTheOriginalMatcherWhenAskedToInvertANotMatcher() {
    BugInstance bug = new BugInstance("UUF_UNUSED_FIELD", 0);
    Matcher originalMatcher = FilterFactory.makeMatcher(asList(Sortables.BUGCODE), bug);
    Matcher notMatcher = FilterFactory.invertMatcher(originalMatcher);
    Matcher notNotMatcher = FilterFactory.invertMatcher(notMatcher);

    assertSame("Should return the originally wrapped matcher.", originalMatcher, notNotMatcher);
    assertTrue("Original matcher should now not match.", notNotMatcher.match(bug));
}