Java Code Examples for org.apache.bcel.classfile.ElementValue

The following examples show how to use org.apache.bcel.classfile.ElementValue. These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
private static boolean isVulnerable(Method method) {

        // If the method is not annotated with `@RequestMapping`, there is no vulnerability.
        AnnotationEntry requestMappingAnnotation = findRequestMappingAnnotation(method);
        if (requestMappingAnnotation == null) {
            return false;
        }

        // If the `@RequestMapping` annotation is used without the `method` annotation attribute,
        // there is a vulnerability.
        ElementValuePair methodAnnotationAttribute = findMethodAnnotationAttribute(requestMappingAnnotation);
        if (methodAnnotationAttribute == null) {
            return true;
        }

        // If the `@RequestMapping` annotation is used with the `method` annotation attribute equal to `{}`,
        // there is a vulnerability.
        ElementValue methodAnnotationAttributeValue = methodAnnotationAttribute.getValue();
        if (isEmptyArray(methodAnnotationAttributeValue)) {
            return true;
        }

        // If the `@RequestMapping` annotation is used with the `method` annotation attribute but contains a mix of
        // unprotected and protected HTTP request methods, there is a vulnerability.
        return isMixOfUnprotectedAndProtectedHttpRequestMethods(methodAnnotationAttributeValue);
    }
 
Example 2
@Override
public void visitAnnotation(Annotations arg0) {
    for (AnnotationEntry ae : arg0.getAnnotationEntries()) {
        boolean runtimeVisible = ae.isRuntimeVisible();
        String name = ClassName.fromFieldSignature(ae.getAnnotationType());
        if (name == null) {
            continue;
        }
        name = ClassName.toDottedClassName(name);
        Map<String, ElementValue> map = new HashMap<>();
        for (ElementValuePair ev : ae.getElementValuePairs()) {
            map.put(ev.getNameString(), ev.getValue());
        }
        visitAnnotation(name, map, runtimeVisible);

    }

}
 
Example 3
@Override
public void visitParameterAnnotation(int p, String annotationClass, Map<String, ElementValue> map, boolean runtimeVisible) {
    if (!isSuppressWarnings(annotationClass)) {
        return;
    }
    if (!getMethod().isStatic()) {
        p++;
    }

    String[] suppressed = getAnnotationParameterAsStringArray(map, "value");
    if (suppressed == null || suppressed.length == 0) {
        suppressWarning(p, null);
    } else {
        for (String s : suppressed) {
            suppressWarning(p, s);
        }
    }
}
 
Example 4
@Override
public void visitParameterAnnotation(int p, String annotationClass, Map<String, ElementValue> map, boolean runtimeVisible) {
    if (database == null) {
        return;
    }

    NullnessAnnotation n = NullnessAnnotation.Parser.parse(annotationClass);
    annotationClass = lastPortion(annotationClass);
    if (n == null) {
        return;
    }

    XMethod xmethod = XFactory.createXMethod(this);
    if (DEBUG) {
        System.out.println("Parameter " + p + " @" + annotationClass.substring(annotationClass.lastIndexOf('/') + 1) + " in "
                + xmethod.toString());
    }
    XMethodParameter xparameter = new XMethodParameter(xmethod, p);

    database.addDirectAnnotation(xparameter, n);

}
 
Example 5
@Override
public void visitAnnotation(String annotationClass, Map<String, ElementValue> map, boolean runtimeVisible) {
    if (annotationClass.startsWith(NET_JCIP_ANNOTATIONS)) {
        annotationClass = annotationClass.substring(NET_JCIP_ANNOTATIONS.length());
    } else if (annotationClass.startsWith(JSR305_CONCURRENT_ANNOTATIONS)) {
        annotationClass = annotationClass.substring(JSR305_CONCURRENT_ANNOTATIONS.length());
    } else {
        return;
    }
    JCIPAnnotationDatabase annotationDatabase = AnalysisContext.currentAnalysisContext()
            .getJCIPAnnotationDatabase();
    ElementValue value = map.get("value");
    ClassMember member;
    if (visitingField()) {
        member = XFactory.createXField(this);
    } else if (visitingMethod()) {
        member = XFactory.createXMethod(this);
    } else {
        annotationDatabase.addEntryForClass(getDottedClassName(), annotationClass, value);
        return;
    }
    annotationDatabase.addEntryForClassMember(member, annotationClass, value);
}
 
Example 6
private static boolean isEmptyArray(ElementValue methodAnnotationAttributeValue) {
    if (!(methodAnnotationAttributeValue instanceof ArrayElementValue)) {
        return false;
    }
    ArrayElementValue arrayElementValue = (ArrayElementValue) methodAnnotationAttributeValue;

    return arrayElementValue.getElementValuesArraySize() == 0;
}
 
Example 7
private static boolean isMixOfUnprotectedAndProtectedHttpRequestMethods(ElementValue methodAnnotationAttributeValue) {
    if (!(methodAnnotationAttributeValue instanceof ArrayElementValue)) {
        return false;
    }
    ArrayElementValue arrayElementValue = (ArrayElementValue) methodAnnotationAttributeValue;

    // There cannot be a mix if there is no more than one element.
    if (arrayElementValue.getElementValuesArraySize() <= 1) {
        return false;
    }

    // Return `true` as soon as we find at least one unprotected and at least one protected HTTP request method.
    boolean atLeastOneUnprotected = false;
    boolean atLeastOneProtected = false;
    ElementValue[] elementValues = arrayElementValue.getElementValuesArray();
    for (ElementValue elementValue : elementValues) {
        if (UNPROTECTED_HTTP_REQUEST_METHODS.contains(elementValue.stringifyValue())) {
            atLeastOneUnprotected = true;
        } else {
            atLeastOneProtected = true;
        }
        if (atLeastOneUnprotected && atLeastOneProtected) {
            return true;
        }
    }
    return false;
}
 
Example 8
protected static String getAnnotationParameterAsString(Map<String, ElementValue> map, String parameter) {
    try {
        ElementValue ev = map.get(parameter);

        if (ev instanceof SimpleElementValue) {
            return ((SimpleElementValue) ev).getValueString();
        }
        return null;
    } catch (Exception e) {
        return null;

    }
}
 
Example 9
@Override
public void visitParameterAnnotation(ParameterAnnotations arg0) {
    ParameterAnnotationEntry[] parameterAnnotationEntries = arg0.getParameterAnnotationEntries();
    int numParametersToMethod = getNumberMethodArguments();
    int offset = 0;
    if (numParametersToMethod > parameterAnnotationEntries.length) {
        offset = 1;
    }
    for (int i = 0; i < parameterAnnotationEntries.length; i++) {
        ParameterAnnotationEntry e = parameterAnnotationEntries[i];
        for (AnnotationEntry ae : e.getAnnotationEntries()) {
            boolean runtimeVisible = ae.isRuntimeVisible();

            String name = ClassName.fromFieldSignature(ae.getAnnotationType());
            if (name == null) {
                continue;
            }
            name = ClassName.toDottedClassName(name);
            Map<String, ElementValue> map = new HashMap<>();
            for (ElementValuePair ev : ae.getElementValuePairs()) {
                map.put(ev.getNameString(), ev.getValue());
            }
            visitParameterAnnotation(offset + i, name, map, runtimeVisible);

        }
    }
}
 
Example 10
@Override
public void visitAnnotation(String annotationClass, Map<String, ElementValue> map, boolean runtimeVisible) {
    if (!visitingField()) {
        return;
    }
    if (UnreadFields.isInjectionAttribute(annotationClass)) {
        containerFields.add(FieldAnnotation.fromVisitedField(this));
    }

}
 
Example 11
@Override
public void visitAnnotation(String annotationClass, Map<String, ElementValue> map, boolean runtimeVisible) {
    if (!isSuppressWarnings(annotationClass)) {
        return;
    }
    String[] suppressed = getAnnotationParameterAsStringArray(map, "value");
    if (suppressed == null || suppressed.length == 0) {
        suppressWarning(null);
    } else {
        for (String s : suppressed) {
            suppressWarning(s);
        }
    }
}
 
Example 12
Source Project: spotbugs   Source File: UnreadFields.java    License: GNU Lesser General Public License v2.1 5 votes vote down vote up
@Override
public void visitAnnotation(String annotationClass, Map<String, ElementValue> map, boolean runtimeVisible) {
    if (!visitingField()) {
        return;
    }
    if (isInjectionAttribute(annotationClass)) {
        data.containerFields.add(XFactory.createXField(this));
    }
    if (!annotationClass.startsWith("edu.umd.cs.findbugs") && !annotationClass.startsWith("javax.lang")) {
        data.unknownAnnotation.add(XFactory.createXField(this), annotationClass);
    }

}
 
Example 13
@Override
public void visitAnnotation(String annotationClass, Map<String, ElementValue> map, boolean runtimeVisible) {

    if (!"java.lang.annotation.Retention".equals(annotationClass)) {
        return;
    }
    EnumElementValue v = (EnumElementValue) map.get("value");

    if ("RUNTIME".equals(v.getEnumValueString())) {
        runtimeRetention = true;
    }
}
 
Example 14
@Override
public void visitAnnotation(String annotationClass, Map<String, ElementValue> map, boolean runtimeVisible) {

    if (database == null) {
        return;
    }

    NullnessAnnotation n = NullnessAnnotation.Parser.parse(annotationClass);
    annotationClass = lastPortion(annotationClass);
    if (n == null) {
        if (annotationClass.startsWith("DefaultAnnotation")) {
            annotationClass = annotationClass.substring("DefaultAnnotation".length());

            Target annotationTarget = defaultKind.get(annotationClass);
            if (annotationTarget != Target.METHOD) {
                return;
            }

            ElementValue v = map.get("value");
            if (v instanceof ClassElementValue) {
                handleClassElementValue((ClassElementValue) v, annotationTarget);
            } else if (v instanceof ArrayElementValue) {
                for (ElementValue v2 : ((ArrayElementValue) v).getElementValuesArray()) {
                    if (v2 instanceof ClassElementValue) {
                        handleClassElementValue((ClassElementValue) v2, annotationTarget);
                    }
                }
            }

            return;
        }

    } else if (visitingMethod()) {
        database.addDirectAnnotation(XFactory.createXMethod(this), n);
    } else if (visitingField()) {
        database.addDirectAnnotation(XFactory.createXField(this), n);
    }

}
 
Example 15
private void handleClassElementValue(ClassElementValue value, Map<String, ElementValue> map, Target annotationTarget) {
    if ("CheckReturnValue".equals(simpleClassName(value.getClassString()))) {
        CheckReturnValueAnnotation n = CheckReturnValueAnnotation.parse(getAnnotationParameterAsString(map, "priority"));
        if (n != null) {
            AnalysisContext.currentAnalysisContext().getCheckReturnAnnotationDatabase()
                    .addDefaultAnnotation(annotationTarget, getDottedClassName(), n);
        }

    }
}
 
Example 16
public void addEntryForClass(@DottedClassName String dottedClassName,
        String annotationClass, ElementValue value) {
    Map<String, ElementValue> map = getEntryForClass(dottedClassName);
    if (map == null) {
        map = new HashMap<>(3);
        classAnnotations.put(dottedClassName, map);
    }
    map.put(annotationClass, value);
}
 
Example 17
Source Project: commons-bcel   Source File: ClassElementValueGen.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Return immutable variant of this ClassElementValueGen
 */
@Override
public ElementValue getElementValue()
{
    return new ClassElementValue(super.getElementValueType(),
            idx,
            getConstantPool().getConstantPool());
}
 
Example 18
Source Project: commons-bcel   Source File: ElementValuePairGen.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Retrieve an immutable version of this ElementNameValuePairGen
 */
public ElementValuePair getElementNameValuePair()
{
    final ElementValue immutableValue = value.getElementValue();
    return new ElementValuePair(nameIdx, immutableValue, constantPoolGen
            .getConstantPool());
}
 
Example 19
Source Project: commons-bcel   Source File: EnumElementValueGen.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Return immutable variant of this EnumElementValue
 */
@Override
public ElementValue getElementValue()
{
    System.err.println("Duplicating value: " + getEnumTypeString() + ":"
            + getEnumValueString());
    return new EnumElementValue(super.getElementValueType(), typeIdx, valueIdx,
            getConstantPool().getConstantPool());
}
 
Example 20
Source Project: commons-bcel   Source File: ArrayElementValueGen.java    License: Apache License 2.0 5 votes vote down vote up
public ArrayElementValueGen(final int type, final ElementValue[] datums,
        final ConstantPoolGen cpool)
{
    super(type, cpool);
    if (type != ARRAY) {
        throw new IllegalArgumentException(
                "Only element values of type array can be built with this ctor - type specified: " + type);
    }
    this.evalues = new ArrayList<>();
    for (final ElementValue datum : datums) {
        evalues.add(ElementValueGen.copy(datum, cpool, true));
    }
}
 
Example 21
Source Project: commons-bcel   Source File: ArrayElementValueGen.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Return immutable variant of this ArrayElementValueGen
 */
@Override
public ElementValue getElementValue()
{
    final ElementValue[] immutableData = new ElementValue[evalues.size()];
    int i = 0;
    for (final ElementValueGen element : evalues) {
        immutableData[i++] = element.getElementValue();
    }
    return new ArrayElementValue(super.getElementValueType(),
            immutableData,
            getConstantPool().getConstantPool());
}
 
Example 22
Source Project: commons-bcel   Source File: ArrayElementValueGen.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * @param value
 * @param cpool
 */
public ArrayElementValueGen(final ArrayElementValue value, final ConstantPoolGen cpool,
        final boolean copyPoolEntries)
{
    super(ARRAY, cpool);
    evalues = new ArrayList<>();
    final ElementValue[] in = value.getElementValuesArray();
    for (final ElementValue element : in) {
        evalues.add(ElementValueGen.copy(element, cpool, copyPoolEntries));
    }
}
 
Example 23
Source Project: commons-bcel   Source File: AnnotationElementValueGen.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Return immutable variant of this AnnotationElementValueGen
 */
@Override
public ElementValue getElementValue()
{
    return new AnnotationElementValue(super.getElementValueType(),
            a.getAnnotation(),
            getConstantPool().getConstantPool());
}
 
Example 24
Source Project: commons-bcel   Source File: ElementValueGen.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Creates an (modifiable) ElementValueGen copy of an (immutable)
 * ElementValue - constant pool is assumed correct.
 */
public static ElementValueGen copy(final ElementValue value,
        final ConstantPoolGen cpool, final boolean copyPoolEntries)
{
    switch (value.getElementValueType())
    {
    case 'B': // byte
    case 'C': // char
    case 'D': // double
    case 'F': // float
    case 'I': // int
    case 'J': // long
    case 'S': // short
    case 'Z': // boolean
    case 's': // String
        return new SimpleElementValueGen((SimpleElementValue) value, cpool,
                copyPoolEntries);
    case 'e': // Enum constant
        return new EnumElementValueGen((EnumElementValue) value, cpool,
                copyPoolEntries);
    case '@': // Annotation
        return new AnnotationElementValueGen(
                (AnnotationElementValue) value, cpool, copyPoolEntries);
    case '[': // Array
        return new ArrayElementValueGen((ArrayElementValue) value, cpool,
                copyPoolEntries);
    case 'c': // Class
        return new ClassElementValueGen((ClassElementValue) value, cpool,
                copyPoolEntries);
    default:
        throw new UnsupportedOperationException("Not implemented yet! (" + value.getElementValueType() + ")");
    }
}
 
Example 25
/**
 * For values in an annotation that have default values, we should be able
 * to query the AnnotationDefault attribute against the method to discover
 * the default value that was originally declared.
 */
public void testMethodAnnotations() throws ClassNotFoundException
{
    final JavaClass clazz = getTestClass(PACKAGE_BASE_NAME+".data.SimpleAnnotation");
    final Method m = getMethod(clazz, "fruit");
    final AnnotationDefault a = (AnnotationDefault) findAttribute(
            "AnnotationDefault", m.getAttributes());
    final SimpleElementValue val = (SimpleElementValue) a.getDefaultValue();
    assertTrue("Should be STRING but is " + val.getElementValueType(), val
            .getElementValueType() == ElementValue.STRING);
    assertTrue("Should have default of bananas but default is "
            + val.getValueString(), val.getValueString().equals("bananas"));
}
 
Example 26
private void assertArrayElementValue(final int nExpectedArrayValues, final AnnotationEntry anno)
{
    final ElementValuePair elementValuePair = anno.getElementValuePairs()[0];
    assertEquals("value", elementValuePair.getNameString());
    final ArrayElementValue ev = (ArrayElementValue) elementValuePair.getValue();
    final ElementValue[] eva = ev.getElementValuesArray();
    assertEquals(nExpectedArrayValues, eva.length);
}
 
Example 27
@CheckForNull
public ElementValue getClassAnnotation(@DottedClassName String dottedClassName, String annotationClass) {
    Map<String, ElementValue> map = getEntryForClass(dottedClassName);
    return map == null ? null : map.get(annotationClass);
}
 
Example 28
@CheckForNull
public ElementValue getFieldAnnotation(XField field, String annotationClass) {
    Map<String, ElementValue> map = getEntryForClassMember(field);
    return map == null ? null : map.get(annotationClass);
}
 
Example 29
public boolean hasFieldAnnotation(XField field, String annotationClass) {
    Map<String, ElementValue> map = getEntryForClassMember(field);
    return map != null && map.containsKey(annotationClass);
}
 
Example 30
@CheckForNull
public ElementValue getMethodAnnotation(XMethod method, String annotationClass) {
    Map<String, ElementValue> map = getEntryForClassMember(method);
    return map == null ? null : map.get(annotationClass);
}