Java Code Examples for edu.umd.cs.findbugs.BugInstance#addClassAndMethod()

The following examples show how to use edu.umd.cs.findbugs.BugInstance#addClassAndMethod() . These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
@Override
public void visit(Code obj) {
    if (!shouldVisitCode) {
        return;
    }
    sawNoSuchElement = false;
    sawCall = false;
    super.visit(obj);
    if (!sawNoSuchElement) {
        BugInstance bug = new BugInstance(this, "IT_NO_SUCH_ELEMENT", sawCall ? LOW_PRIORITY : NORMAL_PRIORITY);
        bug.addClassAndMethod(this);
        bugReporter.reportBug(bug);
    }
}
 
Example 2
private BugInstance generateBugInstance(JavaClass javaClass, MethodGen methodGen, InstructionHandle handle,
        StringAppendState stringAppendState, boolean isExecute) {
    int priority = LOW_PRIORITY;
    boolean sawSeriousTaint = false;
    if (stringAppendState.getSawAppend(handle)) {
        if (stringAppendState.getSawOpenQuote(handle) && stringAppendState.getSawCloseQuote(handle)) {
            priority = HIGH_PRIORITY;
        } else if (stringAppendState.getSawComma(handle)) {
            priority = NORMAL_PRIORITY;
        }

        if (!stringAppendState.getSawUnsafeAppend(handle)) {
            priority += 2;
        } else if (stringAppendState.getSawSeriousTaint(handle)) {
            priority--;
            sawSeriousTaint = true;
        } else if (!stringAppendState.getSawTaint(handle)) {
            priority++;
        }
    }

    String description;
    if (isExecute) {
        description = "SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE";
    } else {
        description = "SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING";
    }

    BugInstance bug = new BugInstance(this, description, priority);
    bug.addClassAndMethod(methodGen, javaClass.getSourceFileName());
    if (sawSeriousTaint) {
        bug.addString("non-constant SQL string involving HTTP taint");
    }

    return bug;
}
 
Example 3
/**
 * Uses immutable values, updated priority and added lines for reporting
 * 
 * @param taintedInsideMethod true if not influenced by method arguments
 * @return new bug instance filled with information
 */
public BugInstance generateBugInstance(boolean taintedInsideMethod) {
    BugInstance bug = new BugInstance(detector, bugType, originalPriority);
    bug.addClassAndMethod(classContext.getJavaClass(), method);
    bug.addSourceLine(SourceLineAnnotation.fromVisitedInstruction(classContext, method, instructionHandle));
    addMessage(bug, "Sink method", sinkMethod);

    for(TaintLocation source : unknownSources) {
        addMessage(bug, "Unknown source", source.getTaintSource());
        //md.getSlashedClassName() + "." + md.getName() + md.getSignature());
    }

    addMessage(bug, "Sink method", sinkMethod);
    if (sinkPriority != UNKNOWN_SINK_PRIORITY) {
        // higher priority is represented by lower integer
        if (sinkPriority < originalPriority) {
            bug.setPriority(sinkPriority);
            addMessage(bug, "Method usage", "with tainted arguments detected");
        } else if (sinkPriority > originalPriority) {
            bug.setPriority(Priorities.LOW_PRIORITY);
            addMessage(bug, "Method usage", "detected only with safe arguments");
        }
    } else if (!taintedInsideMethod) {
        addMessage(bug, "Method usage", "not detected");
    }
    Collections.sort(lines);
    SourceLineAnnotation annotation = null;
    for (Iterator<SourceLineAnnotation> it = lines.iterator(); it.hasNext();) {
        SourceLineAnnotation prev = annotation;
        annotation = it.next();
        if (prev != null && prev.getClassName().equals(annotation.getClassName())
                && prev.getStartLine() == annotation.getStartLine()) {
            // keep only one annotation per line
            it.remove();
        }
    }
    for (SourceLineAnnotation sourceLine : lines) {
        bug.addSourceLine(sourceLine);
    }
    return bug;
}