Java Code Examples for org.apache.bcel.Constants#INVOKESTATIC
The following examples show how to use
org.apache.bcel.Constants#INVOKESTATIC .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: RsaNoPaddingDetector.java From Android_Code_Arbiter with GNU Lesser General Public License v3.0 | 6 votes |
|
@Override
public void sawOpcode(int seen) {
if (seen == Constants.INVOKESTATIC
&& getClassConstantOperand().equals("javax/crypto/Cipher")
&& getNameConstantOperand().equals("getInstance")) {
OpcodeStack.Item item = stack.getStackItem(getSigConstantOperand().contains(";L") ? 1 : 0);
if (StackUtils.isConstantString(item)) {
String cipherValue = (String) item.getConstant();
// default padding for "RSA" only is PKCS1 so it is not reported
if (cipherValue.startsWith("RSA/") && cipherValue.endsWith("/NoPadding")) {
bugReporter.reportBug(new BugInstance(this, RSA_NO_PADDING_TYPE, Priorities.NORMAL_PRIORITY) //
.addClass(this).addMethod(this).addSourceLine(this));
}
}
}
}
Example 2
| Source File: ExternalFileAccessDetector.java From Android_Code_Arbiter with GNU Lesser General Public License v3.0 | 6 votes |
|
@Override
public void sawOpcode(int seen) {
// printOpCode(seen);
// getClassConstantOperand().equals("java/net/Socket")
if (seen == Constants.INVOKEVIRTUAL && ( //List of method mark as external file access
getNameConstantOperand().equals("getExternalCacheDir") ||
getNameConstantOperand().equals("getExternalCacheDirs") ||
getNameConstantOperand().equals("getExternalFilesDir") ||
getNameConstantOperand().equals("getExternalFilesDirs") ||
getNameConstantOperand().equals("getExternalMediaDirs")
)) {
// System.out.println(getSigConstantOperand());
bugReporter.reportBug(new BugInstance(this, ANDROID_EXTERNAL_FILE_ACCESS_TYPE, Priorities.NORMAL_PRIORITY) //
.addClass(this).addMethod(this).addSourceLine(this));
}
else if(seen == Constants.INVOKESTATIC && getClassConstantOperand().equals("android/os/Environment") && (
getNameConstantOperand().equals("getExternalStorageDirectory") ||
getNameConstantOperand().equals("getExternalStoragePublicDirectory")
)) {
bugReporter.reportBug(new BugInstance(this, ANDROID_EXTERNAL_FILE_ACCESS_TYPE, Priorities.NORMAL_PRIORITY) //
.addClass(this).addMethod(this).addSourceLine(this));
}
}
Example 3
| Source File: InstructionFactory.java From ApkToolPlus with Apache License 2.0 | 6 votes |
|
/** Create an invoke instruction.
*
* @param class_name name of the called class
* @param name name of the called method
* @param ret_type return type of method
* @param arg_types argument types of method
* @param kind how to invoke, i.e., INVOKEINTERFACE, INVOKESTATIC, INVOKEVIRTUAL,
* or INVOKESPECIAL
* @see Constants
*/
public InvokeInstruction createInvoke(String class_name, String name, Type ret_type,
Type[] arg_types, short kind) {
int index;
int nargs = 0;
String signature = Type.getMethodSignature(ret_type, arg_types);
for(int i=0; i < arg_types.length; i++) // Count size of arguments
nargs += arg_types[i].getSize();
if(kind == Constants.INVOKEINTERFACE)
index = cp.addInterfaceMethodref(class_name, name, signature);
else
index = cp.addMethodref(class_name, name, signature);
switch(kind) {
case Constants.INVOKESPECIAL: return new INVOKESPECIAL(index);
case Constants.INVOKEVIRTUAL: return new INVOKEVIRTUAL(index);
case Constants.INVOKESTATIC: return new INVOKESTATIC(index);
case Constants.INVOKEINTERFACE: return new INVOKEINTERFACE(index, nargs + 1);
default:
throw new RuntimeException("Oops: Unknown invoke kind:" + kind);
}
}
Example 4
| Source File: InvokeInstruction.java From ApkToolPlus with Apache License 2.0 | 6 votes |
|
/**
* Also works for instructions whose stack effect depends on the
* constant pool entry they reference.
* @return Number of words consumed from stack by this instruction
*/
public int consumeStack(ConstantPoolGen cpg) {
String signature = getSignature(cpg);
Type[] args = Type.getArgumentTypes(signature);
int sum;
if(opcode == Constants.INVOKESTATIC)
sum = 0;
else
sum = 1; // this reference
int n = args.length;
for (int i = 0; i < n; i++)
sum += args[i].getSize();
return sum;
}
Example 5
| Source File: WeakFilenameUtilsMethodDetector.java From Android_Code_Arbiter with GNU Lesser General Public License v3.0 | 5 votes |
|
@Override
public void sawOpcode(int seen) {
if (seen == Constants.INVOKESTATIC && FILENAMEUTILS_NULL_METHOD.matches(this)) {
bugReporter.reportBug(new BugInstance(this, WEAK_FILENAMEUTILS_TYPE, Priorities.LOW_PRIORITY) //
.addClass(this).addMethod(this).addSourceLine(this)
.addString(getNameConstantOperand()));
}
}
Example 6
| Source File: JspIncludeDetector.java From Android_Code_Arbiter with GNU Lesser General Public License v3.0 | 5 votes |
|
@Override
public void sawOpcode(int seen) {
//printOpCode(seen);
//Important sample from \plugin\src\test\webapp\includes\jsp_include_1.jsp
//org.apache.jasper.runtime.JspRuntimeLibrary
//JspRuntimeLibrary.include(request, response, (String)PageContextImpl.evaluateExpression("${param.secret_param}", String.class, _jspx_page_context, null), out, false);
// JspIncludeDetector: [0119] invokestatic org/apache/jasper/runtime/JspRuntimeLibrary.include (Ljavax/servlet/ServletRequest;Ljavax/servlet/ServletResponse;Ljava/lang/String;Ljavax/servlet/jsp/JspWriter;Z)V
//Important sample from \plugin\src\test\webapp\includes\jsp_include_3.jsp
//ImportTag _jspx_th_c_import_0 = (ImportTag)this._jspx_tagPool_c_import_url_nobody.get(ImportTag.class);
//_jspx_th_c_import_0.setUrl((String)PageContextImpl.evaluateExpression("${param.secret_param}", String.class, _jspx_page_context, null));
// JspIncludeDetector: [0051] invokevirtual org/apache/taglibs/standard/tag/rt/core/ImportTag.setUrl (Ljava/lang/String;)V
if (seen == Constants.INVOKESTATIC && ("org/apache/jasper/runtime/JspRuntimeLibrary".equals(getClassConstantOperand()) || "org/apache/sling/scripting/jsp/jasper/runtime/JspRuntimeLibrary".equals(getClassConstantOperand()))
&& getNameConstantOperand().equals("include") && getSigConstantOperand().equals("(Ljavax/servlet/ServletRequest;Ljavax/servlet/ServletResponse;Ljava/lang/String;Ljavax/servlet/jsp/JspWriter;Z)V")) {
bugReporter.reportBug(new BugInstance(this, JSP_INCLUDE_TYPE, Priorities.HIGH_PRIORITY) //
.addClass(this).addMethod(this).addSourceLine(this));
}
else if (seen == Constants.INVOKEVIRTUAL && getClassConstantOperand().equals("org/apache/taglibs/standard/tag/rt/core/ImportTag")
&& getNameConstantOperand().equals("setUrl") && getSigConstantOperand().equals("(Ljava/lang/String;)V")) {
bugReporter.reportBug(new BugInstance(this, JSP_INCLUDE_TYPE, Priorities.HIGH_PRIORITY) //
.addClass(this).addMethod(this).addSourceLine(this));
}
}
Example 7
| Source File: WeakTLSDetector.java From Android_Code_Arbiter with GNU Lesser General Public License v3.0 | 5 votes |
|
@Override
public void sawOpcode(int seen) {
if (seen == Constants.INVOKESPECIAL
&& getClassConstantOperand().equals("org/apache/http/impl/client/DefaultHttpClient")
&& getNameConstantOperand().equals("<init>")
&& getSigConstantOperand().equals("()V")) {
//DefaultHttpClient constructor with no parameter
bugReporter.reportBug(new BugInstance(this, DEFAULT_HTTP_CLIENT, Priorities.NORMAL_PRIORITY)
.addClass(this).addMethod(this).addSourceLine(this));
}
if (seen == Constants.INVOKESTATIC
&& getClassConstantOperand().equals("javax/net/ssl/SSLContext")
&& getNameConstantOperand().equals("getInstance")
&& getSigConstantOperand().equals("(Ljava/lang/String;)Ljavax/net/ssl/SSLContext;")) {
//System.out.println("SSLContext.getInstance(" + this.getSigConstantOperand() + ")");
final OpcodeStack.Item item = stack.getStackItem(0);
String sslContextName = (String) item.getConstant(); //Null if the value passed isn't constant
if (sslContextName != null && sslContextName.equalsIgnoreCase("SSL")) {
bugReporter.reportBug(new BugInstance(this, SSL_CONTEXT, Priorities.NORMAL_PRIORITY)
.addClass(this).addMethod(this).addSourceLine(this));
}
}
}
Example 8
| Source File: CipherWithNoIntegrityDetector.java From Android_Code_Arbiter with GNU Lesser General Public License v3.0 | 5 votes |
|
@Override
public void sawOpcode(int seen) {
if ((seen != Constants.INVOKESTATIC
|| !getClassConstantOperand().equals("javax/crypto/Cipher"))
|| !getNameConstantOperand().equals("getInstance")) {
return;
}
OpcodeStack.Item item = stack.getStackItem(getSigConstantOperand().contains(";L") ? 1 : 0);
String cipherValue;
if (StackUtils.isConstantString(item)) {
cipherValue = (String) item.getConstant();
} else {
return;
}
if (INSECURE_ECB_MODES.matcher(cipherValue).matches()) {
reportBug(ECB_MODE_TYPE);
}
if (cipherValue.contains("/CBC/PKCS5Padding")) {
reportBug(PADDING_ORACLE_TYPE);
}
//Some cipher will not have mode specified (ie: "RSA" .. issue GitHub #24)
if (!AUTHENTICATED_CIPHER_MODES.matcher(cipherValue).matches()
&& !cipherValue.startsWith("RSA")) {
reportBug(CIPHER_INTEGRITY_TYPE);
}
}
Example 9
| Source File: VelocityDetector.java From Android_Code_Arbiter with GNU Lesser General Public License v3.0 | 5 votes |
|
@Override
public void sawOpcode(int seen) {
// printOpCode(seen);
if (seen == Constants.INVOKESTATIC && getClassConstantOperand().equals("org/apache/velocity/app/Velocity")
&& getNameConstantOperand().equals("evaluate")) {
OpcodeStack.Item item = stack.getStackItem(0);
if(!StackUtils.isConstantString(item)) {
bugReporter.reportBug(new BugInstance(this, VELOCITY_TYPE, Priorities.NORMAL_PRIORITY) //
.addClass(this).addMethod(this).addSourceLine(this));
}
}
}
Example 10
| Source File: PredictableRandomDetector.java From Android_Code_Arbiter with GNU Lesser General Public License v3.0 | 5 votes |
|
@Override
public void sawOpcode(int seen) {
//printOpCode(seen);
if (seen == Constants.INVOKESPECIAL && getClassConstantOperand().equals("java/util/Random")
&& getNameConstantOperand().equals("<init>")) {
bugReporter.reportBug(new BugInstance(this, PREDICTABLE_RANDOM_TYPE, Priorities.NORMAL_PRIORITY) //
.addClass(this).addMethod(this).addSourceLine(this) //
.addString("java.util.Random"));
} else if (seen == Constants.INVOKESTATIC && getClassConstantOperand().equals("java/lang/Math")
&& getNameConstantOperand().equals("random")) {
bugReporter.reportBug(new BugInstance(this, PREDICTABLE_RANDOM_TYPE, Priorities.NORMAL_PRIORITY) //
.addClass(this).addMethod(this).addSourceLine(this) //
.addString("java.lang.Math.random()"));
} else if (seen == Constants.INVOKESTATIC && getClassConstantOperand().equals("java/util/concurrent/ThreadLocalRandom")
&& getNameConstantOperand().equals("current")) {
bugReporter.reportBug(new BugInstance(this, PREDICTABLE_RANDOM_TYPE, Priorities.NORMAL_PRIORITY) //
.addClass(this).addMethod(this).addSourceLine(this) //
.addString("java.util.concurrent.ThreadLocalRandom"));
} else if (seen == Constants.INVOKESPECIAL && getClassConstantOperand().equals("scala/util/Random")
&& getNameConstantOperand().equals("<init>")) {
bugReporter.reportBug(new BugInstance(this, PREDICTABLE_RANDOM_SCALA_TYPE, Priorities.NORMAL_PRIORITY) //
.addClass(this).addMethod(this).addSourceLine(this) //
.addString("scala.util.Random"));
} else if (seen == Constants.INVOKEVIRTUAL && RANDOM_NEXT_METHODS.matches(this)) {
bugReporter.reportBug(new BugInstance(this, PREDICTABLE_RANDOM_SCALA_TYPE, Priorities.NORMAL_PRIORITY) //
.addClass(this).addMethod(this).addSourceLine(this) //
.addString("scala.util.Random."+getNameConstantOperand()+"()"));
}
}
Example 11
| Source File: INVOKESTATIC.java From ApkToolPlus with Apache License 2.0 | 4 votes |
|
public INVOKESTATIC(int index) {
super(Constants.INVOKESTATIC, index);
}
