Java Code Examples for edu.umd.cs.findbugs.BugInstance#addClassAndMethod()
The following examples show how to use
edu.umd.cs.findbugs.BugInstance#addClassAndMethod() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: IteratorIdioms.java From spotbugs with GNU Lesser General Public License v2.1 | 5 votes |
|
@Override
public void visit(Code obj) {
if (!shouldVisitCode) {
return;
}
sawNoSuchElement = false;
sawCall = false;
super.visit(obj);
if (!sawNoSuchElement) {
BugInstance bug = new BugInstance(this, "IT_NO_SUCH_ELEMENT", sawCall ? LOW_PRIORITY : NORMAL_PRIORITY);
bug.addClassAndMethod(this);
bugReporter.reportBug(bug);
}
}
Example 2
| Source File: FindSqlInjection.java From spotbugs with GNU Lesser General Public License v2.1 | 5 votes |
|
private BugInstance generateBugInstance(JavaClass javaClass, MethodGen methodGen, InstructionHandle handle,
StringAppendState stringAppendState, boolean isExecute) {
int priority = LOW_PRIORITY;
boolean sawSeriousTaint = false;
if (stringAppendState.getSawAppend(handle)) {
if (stringAppendState.getSawOpenQuote(handle) && stringAppendState.getSawCloseQuote(handle)) {
priority = HIGH_PRIORITY;
} else if (stringAppendState.getSawComma(handle)) {
priority = NORMAL_PRIORITY;
}
if (!stringAppendState.getSawUnsafeAppend(handle)) {
priority += 2;
} else if (stringAppendState.getSawSeriousTaint(handle)) {
priority--;
sawSeriousTaint = true;
} else if (!stringAppendState.getSawTaint(handle)) {
priority++;
}
}
String description;
if (isExecute) {
description = "SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE";
} else {
description = "SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING";
}
BugInstance bug = new BugInstance(this, description, priority);
bug.addClassAndMethod(methodGen, javaClass.getSourceFileName());
if (sawSeriousTaint) {
bug.addString("non-constant SQL string involving HTTP taint");
}
return bug;
}
Example 3
| Source File: InjectionSink.java From Android_Code_Arbiter with GNU Lesser General Public License v3.0 | 4 votes |
|
/**
* Uses immutable values, updated priority and added lines for reporting
*
* @param taintedInsideMethod true if not influenced by method arguments
* @return new bug instance filled with information
*/
public BugInstance generateBugInstance(boolean taintedInsideMethod) {
BugInstance bug = new BugInstance(detector, bugType, originalPriority);
bug.addClassAndMethod(classContext.getJavaClass(), method);
bug.addSourceLine(SourceLineAnnotation.fromVisitedInstruction(classContext, method, instructionHandle));
addMessage(bug, "Sink method", sinkMethod);
for(TaintLocation source : unknownSources) {
addMessage(bug, "Unknown source", source.getTaintSource());
//md.getSlashedClassName() + "." + md.getName() + md.getSignature());
}
addMessage(bug, "Sink method", sinkMethod);
if (sinkPriority != UNKNOWN_SINK_PRIORITY) {
// higher priority is represented by lower integer
if (sinkPriority < originalPriority) {
bug.setPriority(sinkPriority);
addMessage(bug, "Method usage", "with tainted arguments detected");
} else if (sinkPriority > originalPriority) {
bug.setPriority(Priorities.LOW_PRIORITY);
addMessage(bug, "Method usage", "detected only with safe arguments");
}
} else if (!taintedInsideMethod) {
addMessage(bug, "Method usage", "not detected");
}
Collections.sort(lines);
SourceLineAnnotation annotation = null;
for (Iterator<SourceLineAnnotation> it = lines.iterator(); it.hasNext();) {
SourceLineAnnotation prev = annotation;
annotation = it.next();
if (prev != null && prev.getClassName().equals(annotation.getClassName())
&& prev.getStartLine() == annotation.getStartLine()) {
// keep only one annotation per line
it.remove();
}
}
for (SourceLineAnnotation sourceLine : lines) {
bug.addSourceLine(sourceLine);
}
return bug;
}
