Java Code Examples for edu.umd.cs.findbugs.Priorities#NORMAL_PRIORITY

The following examples show how to use edu.umd.cs.findbugs.Priorities#NORMAL_PRIORITY . These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
@Override
protected int getPriority(Taint taint) {
    if (!taint.isSafe()) {
        //(Condition extracted for clarity)
        //Either specifically safe for new line or URL encoded which encoded few other characters
        boolean newLineSafe = (taint.hasTag(Taint.Tag.CR_ENCODED) && taint.hasTag(Taint.Tag.LF_ENCODED));
        boolean urlSafe = (taint.hasTag(Taint.Tag.URL_ENCODED));
        if(newLineSafe || urlSafe) {
            return Priorities.IGNORE_PRIORITY;
        }
    }
    if (taint.isTainted()) {
        return Priorities.NORMAL_PRIORITY;
    } else if (!taint.isSafe()) {
        return Priorities.LOW_PRIORITY;
    } else {
        return Priorities.IGNORE_PRIORITY;
    }
}
 
Example 2
@Override
protected int getPriorityFromTaintFrame(TaintFrame fact, int offset)
        throws DataflowAnalysisException {
    Taint valueTaint = fact.getStackValue(0);
    Taint parameterTaint = fact.getStackValue(1);

    if(valueTaint.getConstantValue() == null || parameterTaint.getConstantValue() == null) {
        return Priorities.IGNORE_PRIORITY;
    }

    String parameterValue = parameterTaint.getConstantValue().toLowerCase();
    if(parameterValue.equals("java.naming.security.credentials")) {
        return Priorities.NORMAL_PRIORITY;
    }
    for (String password : PASSWORD_WORDS) {
        if (parameterValue.contains(password)) {//Is a constant value
            return Priorities.NORMAL_PRIORITY;
        }
    }
    return Priorities.IGNORE_PRIORITY;
}
 
Example 3
private void checkForCompatibleLongComparison(OpcodeStack.Item left, OpcodeStack.Item right) {
    if (left.getSpecialKind() == Item.RESULT_OF_I2L && right.getConstant() != null) {
        long value = ((Number) right.getConstant()).longValue();
        if ((value > Integer.MAX_VALUE || value < Integer.MIN_VALUE)) {
            int priority = Priorities.HIGH_PRIORITY;
            if (value == Integer.MAX_VALUE + 1L || value == Integer.MIN_VALUE - 1L) {
                priority = Priorities.NORMAL_PRIORITY;
            }
            String stringValue = IntAnnotation.getShortInteger(value) + "L";
            if (value == 0xffffffffL) {
                stringValue = "0xffffffffL";
            } else if (value == 0x80000000L) {
                stringValue = "0x80000000L";
            }
            accumulator.accumulateBug(new BugInstance(this, "INT_BAD_COMPARISON_WITH_INT_VALUE", priority).addClassAndMethod(this)
                    .addString(stringValue).describe(StringAnnotation.STRING_NONSTRING_CONSTANT_ROLE)
                    .addValueSource(left, this), this);
        }
    }
}
 
Example 4
public int getPriority() {
    int hash = getHash();

    if ((hash & 0x1ff0) == 0) {
        hash = hash & 0xf;
        if (hash < 1) {
            return Priorities.HIGH_PRIORITY;
        } else if (hash < 1 + 2) {
            return Priorities.NORMAL_PRIORITY;
        } else if (hash < 1 + 2 + 4) {
            return Priorities.LOW_PRIORITY;
        } else {
            return Priorities.IGNORE_PRIORITY;
        }
    } else {
        return Priorities.IGNORE_PRIORITY + 1;
    }
}
 
Example 5
@Override
public void sawOpcode(int seen) {
    if (seen == Const.INVOKEVIRTUAL && "start".equals(getNameConstantOperand()) && "()V".equals(getSigConstantOperand())) {
        try {
            if (Hierarchy.isSubtype(getDottedClassConstantOperand(), "java.lang.Thread")) {
                int priority = Priorities.NORMAL_PRIORITY;
                if (getPC() + 4 >= getCode().getCode().length) {
                    priority = Priorities.LOW_PRIORITY;
                }
                BugInstance bug = new BugInstance(this, "SC_START_IN_CTOR", priority).addClassAndMethod(this)
                        .addCalledMethod(this);
                Subtypes2 subtypes2 = AnalysisContext.currentAnalysisContext().getSubtypes2();
                Set<ClassDescriptor> directSubtypes = subtypes2.getDirectSubtypes(getClassDescriptor());
                if (!directSubtypes.isEmpty()) {
                    for (ClassDescriptor sub : directSubtypes) {
                        bug.addClass(sub).describe(ClassAnnotation.SUBCLASS_ROLE);
                    }
                    bug.setPriority(Priorities.HIGH_PRIORITY);
                }
                bugAccumulator.accumulateBug(bug, this);
            }
        } catch (ClassNotFoundException e) {
            bugReporter.reportMissingClass(e);
        }
    }
}
 
Example 6
/**
 * Convert an integer warning priority threshold value to a String.
 */
public static String getIntPriorityAsString(int prio) {
    String minPriority;
    switch (prio) {
    case Priorities.EXP_PRIORITY:
        minPriority = ProjectFilterSettings.EXPERIMENTAL_PRIORITY;
        break;
    case Priorities.LOW_PRIORITY:
        minPriority = ProjectFilterSettings.LOW_PRIORITY;
        break;
    case Priorities.NORMAL_PRIORITY:
        minPriority = ProjectFilterSettings.MEDIUM_PRIORITY;
        break;
    case Priorities.HIGH_PRIORITY:
        minPriority = ProjectFilterSettings.HIGH_PRIORITY;
        break;
    default:
        minPriority = ProjectFilterSettings.DEFAULT_PRIORITY;
        break;
    }
    return minPriority;
}
 
Example 7
private void analyzeMethod(Method m, ClassContext classContext) throws CFGBuilderException{
    JavaClass clazz = classContext.getJavaClass();
    ConstantPoolGen cpg = classContext.getConstantPoolGen();
    CFG cfg = classContext.getCFG(m);

    for (Iterator<Location> i = cfg.locationIterator(); i.hasNext(); ) {
        Location loc = i.next();
        Instruction inst = loc.getHandle().getInstruction();

        if (inst instanceof INVOKEVIRTUAL) {
            INVOKEVIRTUAL invoke = (INVOKEVIRTUAL)inst;
            if( "java.lang.StringBuilder".equals(invoke.getClassName(cpg)) && "append".equals(invoke.getMethodName(cpg))) {
                Instruction prev = loc.getHandle().getPrev().getInstruction();

                if (prev instanceof LDC) {
                    LDC ldc = (LDC)prev;
                    Object value = ldc.getValue(cpg);

                    if (value instanceof String) {
                        String v = (String)value;

                        if ("redirect:".equals(v)) {
                            BugInstance bug = new BugInstance(this, SPRING_UNVALIDATED_REDIRECT_TYPE, Priorities.NORMAL_PRIORITY);
                            bug.addClass(clazz).addMethod(clazz,m).addSourceLine(classContext,m,loc);
                            reporter.reportBug(bug);
                        }
                    }
                }
            }
        }
    }
}
 
Example 8
@Override
protected int getPriority(Taint taint) {
    boolean newLineSafe = taint.hasTag(Taint.Tag.CR_ENCODED) && taint.hasTag(Taint.Tag.LF_ENCODED);
    if (!taint.isSafe() && newLineSafe || taint.hasTag(Taint.Tag.URL_ENCODED)) {
        return Priorities.IGNORE_PRIORITY;
    } else if (taint.isTainted()) {
        return Priorities.NORMAL_PRIORITY;
    } else if (!taint.isSafe()) {
        return Priorities.LOW_PRIORITY;
    } else {
        return Priorities.IGNORE_PRIORITY;
    }
}
 
Example 9
@Override
protected int getPriority(Taint taint) {
    if (taint.isTainted()) {
        return Priorities.NORMAL_PRIORITY;
    }
    else if (!taint.isSafe()) {
        return Priorities.LOW_PRIORITY;
    }
    else {
        return Priorities.IGNORE_PRIORITY;
    }
}
 
Example 10
public void mergeSummary(XField fieldOperand, OpcodeStack.Item mergeValue) {
    if (SystemProperties.ASSERTIONS_ENABLED) {
        String mSignature = mergeValue.getSignature();

        Type mergeType = Type.getType(mSignature);
        Type fieldType = Type.getType(fieldOperand.getSignature());
        IncompatibleTypes check = IncompatibleTypes.getPriorityForAssumingCompatible(mergeType, fieldType, false);
        if (check.getPriority() <= Priorities.NORMAL_PRIORITY) {
            AnalysisContext.logError(fieldOperand + " not compatible with " + mergeValue,
                    new IllegalArgumentException(check.toString()));
        }

    }

    OpcodeStack.Item oldSummary = summary.get(fieldOperand);
    if (oldSummary != null) {
        Item newValue = OpcodeStack.Item.merge(mergeValue, oldSummary);
        newValue.clearNewlyAllocated();
        summary.put(fieldOperand, newValue);
    } else {
        if (mergeValue.isNewlyAllocated()) {
            mergeValue = new OpcodeStack.Item(mergeValue);
            mergeValue.clearNewlyAllocated();
        }
        summary.put(fieldOperand, mergeValue);
    }
}
 
Example 11
@Override
protected int getPriorityFromTaintFrame(TaintFrame fact, int offset)
        throws DataflowAnalysisException {
    Taint stringValue = fact.getStackValue(offset);

    if (stringValue.isSafe() && stringValue.getConstantValue() != null) { //Is a constant value
        return Priorities.NORMAL_PRIORITY;
    } else {
        return Priorities.IGNORE_PRIORITY;
    }
}
 
Example 12
private void addToReport(Method m, ClassContext classContext, Location locationWeakness, Number n){
    JavaClass clz = classContext.getJavaClass();
    int priority = (n.intValue() < 1024) ? Priorities.NORMAL_PRIORITY : Priorities.LOW_PRIORITY;
    bugReporter.reportBug(new BugInstance(this, RSA_KEY_SIZE_TYPE, priority) //
            .addClass(clz)
            .addMethod(clz, m)
            .addSourceLine(classContext, m, locationWeakness));
}
 
Example 13
@Override
protected int getPriorityFromTaintFrame(TaintFrame fact, int offset)
        throws DataflowAnalysisException {
    Taint stringValue = fact.getStackValue(offset);
    System.out.println(stringValue.getConstantValue());
    if (stringValue.getConstantValue() == null) { //Is a constant value
        return Priorities.NORMAL_PRIORITY;
    } else {
        return Priorities.IGNORE_PRIORITY;
    }
}
 
Example 14
@Override
    protected int getPriorityFromTaintFrame(TaintFrame fact, int offset)
            throws DataflowAnalysisException {
        Taint stringValue = fact.getStackValue(offset);
//        System.out.println(stringValue.getConstantValue());
        if (stringValue.isTainted() || stringValue.isUnknown()) {
            return Priorities.NORMAL_PRIORITY;
        } else {
            return Priorities.IGNORE_PRIORITY;
        }
    }
 
Example 15
@Override
    protected int getPriorityFromTaintFrame(TaintFrame fact, int offset)
            throws DataflowAnalysisException {
        Taint stringValue = fact.getStackValue(offset);
//        System.out.println(stringValue.getConstantValue());
        if (stringValue.getConstantValue() == null) { //Is a constant value
            return Priorities.NORMAL_PRIORITY;
        } else {
            return Priorities.IGNORE_PRIORITY;
        }
    }
 
Example 16
static public @Nonnull IncompatibleTypes getPriorityForAssumingCompatible(GenericObjectType genericType, Type plainType) {
    IncompatibleTypes result = IncompatibleTypes.getPriorityForAssumingCompatible(genericType.getObjectType(), plainType);
    List<? extends ReferenceType> parameters = genericType.getParameters();
    if (result.getPriority() == Priorities.NORMAL_PRIORITY && parameters != null && parameters.contains(plainType)) {
        result = UNRELATED_TYPES_BUT_MATCHES_TYPE_PARAMETER;
    }
    return result;

}
 
Example 17
@Override
public void foundNullDeref(Location location, ValueNumber valueNumber, IsNullValue refValue, ValueNumberFrame vnaFrame,
        boolean isConsistent) {
    if (!refValue.isNullOnComplicatedPath23()) {
        return;
    }
    WarningPropertySet<WarningProperty> propertySet = new WarningPropertySet<>();
    if (valueNumber.hasFlag(ValueNumber.CONSTANT_CLASS_OBJECT)) {
        return;
    }

    boolean onExceptionPath = refValue.isException();
    if (onExceptionPath) {
        propertySet.addProperty(GeneralWarningProperty.ON_EXCEPTION_PATH);
    }
    BugAnnotation variable = ValueNumberSourceInfo.findAnnotationFromValueNumber(method, location, valueNumber, vnaFrame,
            "VALUE_OF");
    addPropertiesForDereferenceLocations(propertySet, Collections.singleton(location));
    Instruction ins = location.getHandle().getInstruction();
    BugAnnotation cause;
    final ConstantPoolGen cpg = classContext.getConstantPoolGen();

    if (ins instanceof InvokeInstruction) {
        if (ins instanceof INVOKEDYNAMIC) {
            return;
        }
        InvokeInstruction iins = (InvokeInstruction) ins;
        XMethod invokedMethod = XFactory.createXMethod((InvokeInstruction) ins, cpg);
        cause = MethodAnnotation.fromXMethod(invokedMethod);
        cause.setDescription(MethodAnnotation.METHOD_CALLED);

        if ("close".equals(iins.getMethodName(cpg)) && "()V".equals(iins.getSignature(cpg))) {
            propertySet.addProperty(NullDerefProperty.CLOSING_NULL);
        }
    } else if (ins instanceof FieldInstruction) {
        FieldInstruction fins = (FieldInstruction) ins;
        XField referencedField = XFactory.createXField(fins, cpg);
        cause = FieldAnnotation.fromXField(referencedField);

    } else {
        cause = new StringAnnotation(ins.getName());
    }

    boolean caught = inCatchNullBlock(location);
    if (caught && skipIfInsideCatchNull()) {
        return;
    }

    int basePriority = Priorities.NORMAL_PRIORITY;

    if (!refValue.isNullOnComplicatedPath2()) {
        basePriority--;
    }
    reportNullDeref(propertySet, location, "NOISE_NULL_DEREFERENCE", basePriority, cause, variable);

}
 
Example 18
@Override
public void sawOpcode(int seen) {
    // System.out.println(state + " " + getPC() + " " + Const.getOpcodeName(seen));
    if (countDown == 2 && seen == Const.GOTO) {
        CodeException tryBlock = getSurroundingTryBlock(getPC());
        if (tryBlock != null && tryBlock.getEndPC() == getPC()) {
            pendingBug.lowerPriority();
        }
    }
    if (countDown > 0) {
        countDown--;
        if (countDown == 0) {
            if (seen == Const.MONITOREXIT) {
                pendingBug.lowerPriority();
            }

            bugReporter.reportBug(pendingBug);
            pendingBug = null;
        }
    }
    if (seen == Const.PUTFIELD) {

        if (syncField != null && getPrevOpcode(1) != Const.ALOAD_0 && syncField.equals(getXFieldOperand())) {
            OpcodeStack.Item value = stack.getStackItem(0);
            int priority = Priorities.HIGH_PRIORITY;
            if (value.isNull()) {
                priority = Priorities.NORMAL_PRIORITY;
            }
            pendingBug = new BugInstance(this, "ML_SYNC_ON_FIELD_TO_GUARD_CHANGING_THAT_FIELD", priority)
                    .addClassAndMethod(this).addField(syncField).addSourceLine(this);
            countDown = 2;

        }

    }
    if (seen == Const.MONITOREXIT) {
        pendingBug = null;
        countDown = 0;
    }

    if (seen == Const.MONITORENTER) {
        syncField = null;
    }

    switch (state) {
    case 0:
        if (seen == Const.ALOAD_0) {
            state = 1;
        }
        break;
    case 1:
        if (seen == Const.GETFIELD) {
            state = 2;
            field = getXFieldOperand();
        } else {
            state = 0;
        }
        break;
    case 2:
        if (seen == Const.DUP) {
            state = 3;
        } else {
            state = 0;
        }
        break;
    case 3:
        if (isRegisterStore()) {
            state = 4;
        } else {
            state = 0;
        }
        break;
    case 4:
        if (seen == Const.MONITORENTER) {
            state = 0;
            syncField = field;
        } else {
            state = 0;
        }
        break;
    default:
        break;
    }

}
 
Example 19
private static int getPriorityForBeingMutable(Type type) {
    if (type instanceof ArrayType) {
        return HIGH_PRIORITY;
    } else if (type instanceof ObjectType) {
        UnreadFieldsData unreadFields = AnalysisContext.currentAnalysisContext().getUnreadFieldsData();

        ClassDescriptor cd = DescriptorFactory.getClassDescriptor((ObjectType) type);
        @SlashedClassName
        String className = cd.getClassName();
        if (immutableClassNames.contains(className)) {
            return Priorities.LOW_PRIORITY;
        }

        XClass xClass = AnalysisContext.currentXFactory().getXClass(cd);
        if (xClass == null) {
            return Priorities.IGNORE_PRIORITY;
        }
        ClassDescriptor superclassDescriptor = xClass.getSuperclassDescriptor();
        if (superclassDescriptor != null) {
            @SlashedClassName
            String superClassName = superclassDescriptor.getClassName();
            if ("java/lang/Enum".equals(superClassName)) {
                return Priorities.LOW_PRIORITY;
            }
        }
        boolean hasMutableField = false;
        boolean hasUpdates = false;
        for (XField f : xClass.getXFields()) {
            if (!f.isStatic()) {
                if (!f.isFinal() && !f.isSynthetic()) {
                    hasMutableField = true;
                    if (unreadFields.isWrittenOutsideOfInitialization(f)) {
                        hasUpdates = true;
                    }
                }
                String signature = f.getSignature();
                if (signature.startsWith("Ljava/util/concurrent") || signature.startsWith("Ljava/lang/StringB")
                        || signature.charAt(0) == '[' || signature.indexOf("Map") >= 0 || signature.indexOf("List") >= 0
                        || signature.indexOf("Set") >= 0) {
                    hasMutableField = hasUpdates = true;
                }

            }
        }

        if (!hasMutableField && !xClass.isInterface() && !xClass.isAbstract()) {
            return Priorities.LOW_PRIORITY;
        }
        if (hasUpdates || className.startsWith("java/util") || className.indexOf("Map") >= 0
                || className.indexOf("List") >= 0) {
            return Priorities.HIGH_PRIORITY;
        }
        return Priorities.NORMAL_PRIORITY;

    } else {
        return Priorities.IGNORE_PRIORITY;
    }
}
 
Example 20
/**
 * The default implementation of <code>getPriority()</code> can be overridden if the severity and the confidence for risk
 * is particular.
 *
 * By default, injection will be rated "High" if the complete link between source and sink is made.
 * If it is not the case but concatenation with external source is made, "Medium" is used.
 *
 * @param taint Detail about the state of the value passed (Cumulative information leading to the variable passed).
 * @return Priorities interface values from 1 to 5 (Enum-like interface)
 */
protected int getPriority(Taint taint) {
    if (taint.isTainted()) {
        return Priorities.HIGH_PRIORITY;
    } else if (!taint.isSafe()) {
        return Priorities.NORMAL_PRIORITY;
    } else {
        return Priorities.IGNORE_PRIORITY;
    }
}