org.apache.bcel.classfile.AnnotationEntry Java Examples
The following examples show how to use
org.apache.bcel.classfile.AnnotationEntry.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: UnsafeJacksonDeserializationDetector.java From Android_Code_Arbiter with GNU Lesser General Public License v3.0 | 6 votes |
private void analyzeField(Field field, JavaClass javaClass) { for (AnnotationEntry annotation : field.getAnnotationEntries()) { if (ANNOTATION_TYPES.contains(annotation.getAnnotationType()) || annotation.getAnnotationType().contains("JsonTypeInfo")) { for (ElementValuePair elementValuePair : annotation.getElementValuePairs()) { if ("use".equals((elementValuePair.getNameString())) && VULNERABLE_USE_NAMES.contains(elementValuePair.getValue().stringifyValue())) { bugReporter.reportBug(new BugInstance(this, DESERIALIZATION_TYPE, HIGH_PRIORITY) .addClass(javaClass) .addString(javaClass.getClassName() + " on field " + field.getName() + " of type " + field.getType() + " annotated with " + annotation.toShortString()) .addField(FieldAnnotation.fromBCELField(javaClass, field)) .addString("") ); } } } } }
Example #2
Source File: GeneratingAnnotatedClassesTestCase.java From commons-bcel with Apache License 2.0 | 6 votes |
private void assertParameterAnnotations(final Method method, final int... expectedNumberOfParmeterAnnotations) { final String methodName= "For "+method.getName(); final ParameterAnnotationEntry[] parameterAnnotations= method.getParameterAnnotationEntries(); assertEquals(methodName, expectedNumberOfParmeterAnnotations.length, parameterAnnotations.length); int i= 0; for (final ParameterAnnotationEntry parameterAnnotation : parameterAnnotations) { final AnnotationEntry[] annos= parameterAnnotation.getAnnotationEntries(); final int expectedLength = expectedNumberOfParmeterAnnotations[i++]; assertEquals(methodName+" parameter "+i, expectedLength, annos.length); if(expectedLength!=0) { assertSimpleElementValue(annos[0]); } } }
Example #3
Source File: FieldAnnotationsTestCase.java From commons-bcel with Apache License 2.0 | 6 votes |
public void checkValue(final AnnotationEntry a, final String name, final String tostring) { for (int i = 0; i < a.getElementValuePairs().length; i++) { final ElementValuePair element = a.getElementValuePairs()[i]; if (element.getNameString().equals(name)) { if (!element.getValue().stringifyValue().equals(tostring)) { fail("Expected element " + name + " to have value " + tostring + " but it had value " + element.getValue().stringifyValue()); } return; } } fail("Didnt find named element " + name); }
Example #4
Source File: FieldAnnotationsTestCase.java From commons-bcel with Apache License 2.0 | 6 votes |
private void checkAnnotationEntry(final AnnotationEntry a, final String name, final String elementname, final String elementvalue) { assertTrue("Expected AnnotationEntry to have name " + name + " but it had name " + a.getAnnotationType(), a.getAnnotationType() .equals(name)); assertTrue("Expected AnnotationEntry to have one element but it had " + a.getElementValuePairs().length, a.getElementValuePairs().length == 1); final ElementValuePair envp = a.getElementValuePairs()[0]; assertTrue("Expected element name " + elementname + " but was " + envp.getNameString(), elementname .equals(envp.getNameString())); assertTrue("Expected element value " + elementvalue + " but was " + envp.getValue().stringifyValue(), elementvalue.equals(envp .getValue().stringifyValue())); }
Example #5
Source File: FieldGen.java From commons-bcel with Apache License 2.0 | 6 votes |
/** * Instantiate from existing field. * * @param field Field object * @param cp constant pool (must contain the same entries as the field's constant pool) */ public FieldGen(final Field field, final ConstantPoolGen cp) { this(field.getAccessFlags(), Type.getType(field.getSignature()), field.getName(), cp); final Attribute[] attrs = field.getAttributes(); for (final Attribute attr : attrs) { if (attr instanceof ConstantValue) { setValue(((ConstantValue) attr).getConstantValueIndex()); } else if (attr instanceof Annotations) { final Annotations runtimeAnnotations = (Annotations)attr; final AnnotationEntry[] annotationEntries = runtimeAnnotations.getAnnotationEntries(); for (final AnnotationEntry element : annotationEntries) { addAnnotationEntry(new AnnotationEntryGen(element,cp,false)); } } else { addAttribute(attr); } } }
Example #6
Source File: FindUncalledPrivateMethods.java From spotbugs with GNU Lesser General Public License v2.1 | 6 votes |
@Override public void visitMethod(Method obj) { if (!obj.isPrivate() || obj.isSynthetic()) { return; } super.visitMethod(obj); String methodName = getMethodName(); if (!"writeReplace".equals(methodName) && !"readResolve".equals(methodName) && !"readObject".equals(methodName) && !"readObjectNoData".equals(methodName) && !"writeObject".equals(methodName) && methodName.indexOf("debug") == -1 && methodName.indexOf("Debug") == -1 && methodName.indexOf("trace") == -1 && methodName.indexOf("Trace") == -1 && !Const.CONSTRUCTOR_NAME.equals(methodName) && !Const.STATIC_INITIALIZER_NAME.equals(methodName)) { for (AnnotationEntry a : obj.getAnnotationEntries()) { String typeName = a.getAnnotationType(); if ("Ljavax/annotation/PostConstruct;".equals(typeName) || "Ljavax/annotation/PreDestroy;".equals(typeName)) { return; } } definedPrivateMethods.add(MethodAnnotation.fromVisitedMethod(this)); } }
Example #7
Source File: AnnotationVisitor.java From spotbugs with GNU Lesser General Public License v2.1 | 6 votes |
@Override public void visitAnnotation(Annotations arg0) { for (AnnotationEntry ae : arg0.getAnnotationEntries()) { boolean runtimeVisible = ae.isRuntimeVisible(); String name = ClassName.fromFieldSignature(ae.getAnnotationType()); if (name == null) { continue; } name = ClassName.toDottedClassName(name); Map<String, ElementValue> map = new HashMap<>(); for (ElementValuePair ev : ae.getElementValuePairs()) { map.put(ev.getNameString(), ev.getValue()); } visitAnnotation(name, map, runtimeVisible); } }
Example #8
Source File: SpringCsrfUnrestrictedRequestMappingDetector.java From Android_Code_Arbiter with GNU Lesser General Public License v3.0 | 6 votes |
private static boolean isVulnerable(Method method) { // If the method is not annotated with `@RequestMapping`, there is no vulnerability. AnnotationEntry requestMappingAnnotation = findRequestMappingAnnotation(method); if (requestMappingAnnotation == null) { return false; } // If the `@RequestMapping` annotation is used without the `method` annotation attribute, // there is a vulnerability. ElementValuePair methodAnnotationAttribute = findMethodAnnotationAttribute(requestMappingAnnotation); if (methodAnnotationAttribute == null) { return true; } // If the `@RequestMapping` annotation is used with the `method` annotation attribute equal to `{}`, // there is a vulnerability. ElementValue methodAnnotationAttributeValue = methodAnnotationAttribute.getValue(); if (isEmptyArray(methodAnnotationAttributeValue)) { return true; } // If the `@RequestMapping` annotation is used with the `method` annotation attribute but contains a mix of // unprotected and protected HTTP request methods, there is a vulnerability. return isMixOfUnprotectedAndProtectedHttpRequestMethods(methodAnnotationAttributeValue); }
Example #9
Source File: AnnotationEntryGen.java From commons-bcel with Apache License 2.0 | 5 votes |
/** * Retrieve an immutable version of this AnnotationGen */ public AnnotationEntry getAnnotation() { final AnnotationEntry a = new AnnotationEntry(typeIndex, cpool.getConstantPool(), isRuntimeVisible); for (final ElementValuePairGen element : evs) { a.addElementNameValuePair(element.getElementNameValuePair()); } return a; }
Example #10
Source File: AbstractTestCase.java From commons-bcel with Apache License 2.0 | 5 votes |
protected String dumpAnnotationEntries(final AnnotationEntry[] as) { final StringBuilder result = new StringBuilder(); result.append("["); for (int i = 0; i < as.length; i++) { final AnnotationEntry annotation = as[i]; result.append(annotation.toShortString()); if (i + 1 < as.length) { result.append(","); } } result.append("]"); return result.toString(); }
Example #11
Source File: GeneratingAnnotatedClassesTestCase.java From commons-bcel with Apache License 2.0 | 5 votes |
private void assertSimpleElementValue(final AnnotationEntry anno) { final ElementValuePair elementValuePair = anno.getElementValuePairs()[0]; assertEquals("id", elementValuePair.getNameString()); final SimpleElementValue ev = (SimpleElementValue)elementValuePair.getValue(); assertEquals(42, ev.getValueInt()); }
Example #12
Source File: SpringUnvalidatedRedirectDetector.java From Android_Code_Arbiter with GNU Lesser General Public License v3.0 | 5 votes |
private boolean hasRequestMapping(JavaClass clazz) { Method[] methods = clazz.getMethods(); for (Method m: methods) { AnnotationEntry[] annotations = m.getAnnotationEntries(); for (AnnotationEntry ae: annotations) { if (REQUEST_MAPPING_ANNOTATION_TYPES.contains(ae.getAnnotationType())) { return true; } } } return false; }
Example #13
Source File: GeneratingAnnotatedClassesTestCase.java From commons-bcel with Apache License 2.0 | 5 votes |
private void assertArrayElementValue(final int nExpectedArrayValues, final AnnotationEntry anno) { final ElementValuePair elementValuePair = anno.getElementValuePairs()[0]; assertEquals("value", elementValuePair.getNameString()); final ArrayElementValue ev = (ArrayElementValue) elementValuePair.getValue(); final ElementValue[] eva = ev.getElementValuesArray(); assertEquals(nExpectedArrayValues, eva.length); }
Example #14
Source File: GeneratingAnnotatedClassesTestCase.java From commons-bcel with Apache License 2.0 | 5 votes |
private void assertMethodAnnotations(final Method method, final int expectedNumberAnnotations, final int nExpectedArrayValues) { final String methodName= method.getName(); final AnnotationEntry[] annos= method.getAnnotationEntries(); assertEquals("For "+methodName, expectedNumberAnnotations, annos.length); if(expectedNumberAnnotations!=0) { assertArrayElementValue(nExpectedArrayValues, annos[0]); } }
Example #15
Source File: SpringCsrfUnrestrictedRequestMappingDetector.java From Android_Code_Arbiter with GNU Lesser General Public License v3.0 | 5 votes |
private static AnnotationEntry findRequestMappingAnnotation(Method method) { for (AnnotationEntry annotationEntry : method.getAnnotationEntries()) { if (REQUEST_MAPPING_ANNOTATION_TYPE.equals(annotationEntry.getAnnotationType())) { return annotationEntry; } } return null; }
Example #16
Source File: FieldAnnotationsTestCase.java From commons-bcel with Apache License 2.0 | 5 votes |
public void checkAnnotatedField(final JavaClass clazz, final String fieldname, final String AnnotationEntryName, final String AnnotationEntryElementName, final String AnnotationEntryElementValue) { final Field[] fields = clazz.getFields(); for (final Field f : fields) { final AnnotationEntry[] fieldAnnotationEntrys = f.getAnnotationEntries(); if (f.getName().equals(fieldname)) { checkAnnotationEntry(fieldAnnotationEntrys[0], AnnotationEntryName, AnnotationEntryElementName, AnnotationEntryElementValue); } } }
Example #17
Source File: JaxRsEndpointDetector.java From Android_Code_Arbiter with GNU Lesser General Public License v3.0 | 5 votes |
@Override public void visitClassContext(ClassContext classContext) { JavaClass javaClass = classContext.getJavaClass(); for (Method m : javaClass.getMethods()) { for (AnnotationEntry ae : m.getAnnotationEntries()) { //Every method mark with @javax.ws.rs.Path is mark as an Endpoint if (ae.getAnnotationType().equals("Ljavax/ws/rs/Path;")) { bugReporter.reportBug(new BugInstance(this, JAXRS_ENDPOINT_TYPE, Priorities.LOW_PRIORITY) // .addClassAndMethod(javaClass, m)); } } } }
Example #18
Source File: AnnotationEntryGen.java From commons-bcel with Apache License 2.0 | 5 votes |
/** * Here we are taking a fixed annotation of type Annotation and building a * modifiable AnnotationGen object. If the pool passed in is for a different * class file, then copyPoolEntries should have been passed as true as that * will force us to do a deep copy of the annotation and move the cpool * entries across. We need to copy the type and the element name value pairs * and the visibility. */ public AnnotationEntryGen(final AnnotationEntry a, final ConstantPoolGen cpool, final boolean copyPoolEntries) { this.cpool = cpool; if (copyPoolEntries) { typeIndex = cpool.addUtf8(a.getAnnotationType()); } else { typeIndex = a.getAnnotationTypeIndex(); } isRuntimeVisible = a.isRuntimeVisible(); evs = copyValues(a.getElementValuePairs(), cpool, copyPoolEntries); }
Example #19
Source File: MethodGen.java From commons-bcel with Apache License 2.0 | 5 votes |
private List<AnnotationEntryGen> makeMutableVersion(final AnnotationEntry[] mutableArray) { final List<AnnotationEntryGen> result = new ArrayList<>(); for (final AnnotationEntry element : mutableArray) { result.add(new AnnotationEntryGen(element, getConstantPool(), false)); } return result; }
Example #20
Source File: SpringCsrfUnrestrictedRequestMappingDetector.java From Android_Code_Arbiter with GNU Lesser General Public License v3.0 | 5 votes |
private static ElementValuePair findMethodAnnotationAttribute(AnnotationEntry requestMappingAnnotation) { for (ElementValuePair elementValuePair : requestMappingAnnotation.getElementValuePairs()) { if (METHOD_ANNOTATION_ATTRIBUTE_KEY.equals(elementValuePair.getNameString())) { return elementValuePair; } } return null; }
Example #21
Source File: BetaDetector.java From google-http-java-client with Apache License 2.0 | 5 votes |
/** Returns true if the given annotations contain {@link Beta}. */ private static boolean isBeta(AnnotationEntry[] annotationEntries) { for (AnnotationEntry annotation : annotationEntries) { if (BETA_ANNOTATION.equals(annotation.getAnnotationType())) { return true; } } return false; }
Example #22
Source File: CheckReturnAnnotationDatabase.java From spotbugs with GNU Lesser General Public License v2.1 | 5 votes |
private CheckReturnValueAnnotation createSpotBugsAnnotation(AnnotationEntry entry) { for (ElementValuePair pair : entry.getElementValuePairs()) { if (pair.getNameString().equals("confidence")) { return CheckReturnValueAnnotation.parse(pair.getValue().stringifyValue()); } } // use default value return CheckReturnValueAnnotation.parse(Confidence.MEDIUM.name()); }
Example #23
Source File: CheckReturnAnnotationDatabase.java From spotbugs with GNU Lesser General Public License v2.1 | 5 votes |
private CheckReturnValueAnnotation createJSR305Annotation(AnnotationEntry entry) { for (ElementValuePair pair : entry.getElementValuePairs()) { if (pair.getNameString().equals("when")) { return CheckReturnValueAnnotation.createFor(When.valueOf(pair.getValue().stringifyValue())); } } // use default value return CheckReturnValueAnnotation.createFor(When.ALWAYS); }
Example #24
Source File: CheckReturnAnnotationDatabase.java From spotbugs with GNU Lesser General Public License v2.1 | 5 votes |
/** * Try to find default {@link CheckReturnValueAnnotation} for methods inside of target class. * */ @CheckForNull private CheckReturnValueAnnotation parsePackage(@DottedClassName String packageName) { String className = ClassName.toSlashedClassName(packageName) + "/package-info"; ClassDescriptor descriptor = DescriptorFactory.createClassDescriptor(className); // ClassInfoAnalysisEngine doesn't support parsing package-info to generate XClass, so use JavaClass instead JavaClass clazz; try { clazz = AnalysisContext.currentAnalysisContext().lookupClass(descriptor); } catch (ClassNotFoundException e) { // no annotation on package return null; } for (AnnotationEntry entry : clazz.getAnnotationEntries()) { @SlashedClassName String type = entry.getAnnotationType(); switch (type) { case NAME_OF_CHECK_RETURN_NULL_SPOTBUGS: return createSpotBugsAnnotation(entry); case NAME_OF_CHECK_RETURN_NULL_JSR305: return createJSR305Annotation(entry); case NAME_OF_CHECK_RETURN_NULL_ERRORPRONE: return CheckReturnValueAnnotation.createFor(When.ALWAYS); case NAME_OF_CAN_IGNORE_RETURN_VALUE: return CheckReturnValueAnnotation.createFor(When.NEVER); default: // check next annotation } } return null; }
Example #25
Source File: JaxWsEndpointDetector.java From Android_Code_Arbiter with GNU Lesser General Public License v3.0 | 5 votes |
@Override public void visitClassContext(ClassContext classContext) { JavaClass javaClass = classContext.getJavaClass(); for (Method m : javaClass.getMethods()) { for (AnnotationEntry ae : m.getAnnotationEntries()) { //Every method mark with @javax.jws.WebMethod is mark as an Endpoint if (ae.getAnnotationType().equals("Ljavax/jws/WebMethod;")) { bugReporter.reportBug(new BugInstance(this, JAXWS_ENDPOINT_TYPE, Priorities.LOW_PRIORITY) // .addClassAndMethod(javaClass, m)); } } } }
Example #26
Source File: SpringMvcEndpointDetector.java From Android_Code_Arbiter with GNU Lesser General Public License v3.0 | 5 votes |
@Override public void visitClassContext(ClassContext classContext) { JavaClass javaClass = classContext.getJavaClass(); method : for (Method m : javaClass.getMethods()) { for (AnnotationEntry ae : m.getAnnotationEntries()) { if (REQUEST_MAPPING_ANNOTATION_TYPES.contains(ae.getAnnotationType())) { bugReporter.reportBug(new BugInstance(this, SPRING_ENDPOINT_TYPE, Priorities.LOW_PRIORITY) // .addClassAndMethod(javaClass, m)); continue method; } } } }
Example #27
Source File: AnnotationVisitor.java From spotbugs with GNU Lesser General Public License v2.1 | 5 votes |
@Override public void visitParameterAnnotation(ParameterAnnotations arg0) { ParameterAnnotationEntry[] parameterAnnotationEntries = arg0.getParameterAnnotationEntries(); int numParametersToMethod = getNumberMethodArguments(); int offset = 0; if (numParametersToMethod > parameterAnnotationEntries.length) { offset = 1; } for (int i = 0; i < parameterAnnotationEntries.length; i++) { ParameterAnnotationEntry e = parameterAnnotationEntries[i]; for (AnnotationEntry ae : e.getAnnotationEntries()) { boolean runtimeVisible = ae.isRuntimeVisible(); String name = ClassName.fromFieldSignature(ae.getAnnotationType()); if (name == null) { continue; } name = ClassName.toDottedClassName(name); Map<String, ElementValue> map = new HashMap<>(); for (ElementValuePair ev : ae.getElementValuePairs()) { map.put(ev.getNameString(), ev.getValue()); } visitParameterAnnotation(offset + i, name, map, runtimeVisible); } } }
Example #28
Source File: MethodGen.java From commons-bcel with Apache License 2.0 | 4 votes |
/** * Instantiate from existing method. * * @param method method * @param className class name containing this method * @param cp constant pool */ public MethodGen(final Method method, final String className, final ConstantPoolGen cp) { this(method.getAccessFlags(), Type.getReturnType(method.getSignature()), Type.getArgumentTypes(method.getSignature()), null /* may be overridden anyway */ , method.getName(), className, ((method.getAccessFlags() & (Const.ACC_ABSTRACT | Const.ACC_NATIVE)) == 0) ? new InstructionList(getByteCodes(method)) : null, cp); final Attribute[] attributes = method.getAttributes(); for (final Attribute attribute : attributes) { Attribute a = attribute; if (a instanceof Code) { final Code c = (Code) a; setMaxStack(c.getMaxStack()); setMaxLocals(c.getMaxLocals()); final CodeException[] ces = c.getExceptionTable(); if (ces != null) { for (final CodeException ce : ces) { final int type = ce.getCatchType(); ObjectType c_type = null; if (type > 0) { final String cen = method.getConstantPool().getConstantString(type, Const.CONSTANT_Class); c_type = ObjectType.getInstance(cen); } final int end_pc = ce.getEndPC(); final int length = getByteCodes(method).length; InstructionHandle end; if (length == end_pc) { // May happen, because end_pc is exclusive end = il.getEnd(); } else { end = il.findHandle(end_pc); end = end.getPrev(); // Make it inclusive } addExceptionHandler(il.findHandle(ce.getStartPC()), end, il.findHandle(ce.getHandlerPC()), c_type); } } final Attribute[] c_attributes = c.getAttributes(); for (final Attribute c_attribute : c_attributes) { a = c_attribute; if (a instanceof LineNumberTable) { final LineNumber[] ln = ((LineNumberTable) a).getLineNumberTable(); for (final LineNumber l : ln) { final InstructionHandle ih = il.findHandle(l.getStartPC()); if (ih != null) { addLineNumber(ih, l.getLineNumber()); } } } else if (a instanceof LocalVariableTable) { updateLocalVariableTable((LocalVariableTable) a); } else if (a instanceof LocalVariableTypeTable) { this.localVariableTypeTable = (LocalVariableTypeTable) a.copy(cp.getConstantPool()); } else { addCodeAttribute(a); } } } else if (a instanceof ExceptionTable) { final String[] names = ((ExceptionTable) a).getExceptionNames(); for (final String name2 : names) { addException(name2); } } else if (a instanceof Annotations) { final Annotations runtimeAnnotations = (Annotations) a; final AnnotationEntry[] aes = runtimeAnnotations.getAnnotationEntries(); for (final AnnotationEntry element : aes) { addAnnotationEntry(new AnnotationEntryGen(element, cp, false)); } } else { addAttribute(a); } } }
Example #29
Source File: ElementValueGen.java From commons-bcel with Apache License 2.0 | 4 votes |
public static ElementValueGen readElementValue(final DataInput dis, final ConstantPoolGen cpGen) throws IOException { final int type = dis.readUnsignedByte(); switch (type) { case 'B': // byte return new SimpleElementValueGen(PRIMITIVE_BYTE, dis .readUnsignedShort(), cpGen); case 'C': // char return new SimpleElementValueGen(PRIMITIVE_CHAR, dis .readUnsignedShort(), cpGen); case 'D': // double return new SimpleElementValueGen(PRIMITIVE_DOUBLE, dis .readUnsignedShort(), cpGen); case 'F': // float return new SimpleElementValueGen(PRIMITIVE_FLOAT, dis .readUnsignedShort(), cpGen); case 'I': // int return new SimpleElementValueGen(PRIMITIVE_INT, dis .readUnsignedShort(), cpGen); case 'J': // long return new SimpleElementValueGen(PRIMITIVE_LONG, dis .readUnsignedShort(), cpGen); case 'S': // short return new SimpleElementValueGen(PRIMITIVE_SHORT, dis .readUnsignedShort(), cpGen); case 'Z': // boolean return new SimpleElementValueGen(PRIMITIVE_BOOLEAN, dis .readUnsignedShort(), cpGen); case 's': // String return new SimpleElementValueGen(STRING, dis.readUnsignedShort(), cpGen); case 'e': // Enum constant return new EnumElementValueGen(dis.readUnsignedShort(), dis .readUnsignedShort(), cpGen); case 'c': // Class return new ClassElementValueGen(dis.readUnsignedShort(), cpGen); case '@': // Annotation // TODO: isRuntimeVisible ?????????? // FIXME return new AnnotationElementValueGen(ANNOTATION, new AnnotationEntryGen(AnnotationEntry.read(dis, cpGen .getConstantPool(), true), cpGen, false), cpGen); case '[': // Array final int numArrayVals = dis.readUnsignedShort(); final ElementValue[] evalues = new ElementValue[numArrayVals]; for (int j = 0; j < numArrayVals; j++) { evalues[j] = ElementValue.readElementValue(dis, cpGen .getConstantPool()); } return new ArrayElementValueGen(ARRAY, evalues, cpGen); default: throw new IllegalArgumentException("Unexpected element value kind in annotation: " + type); } }
Example #30
Source File: StringRepresentation.java From commons-bcel with Apache License 2.0 | 4 votes |
/** * @since 6.0 */ @Override public void visitAnnotationEntry(final AnnotationEntry obj) { tostring = toString(obj); }