Java Code Examples for org.apache.bcel.generic.LDC#getValue()

The following examples show how to use org.apache.bcel.generic.LDC#getValue() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: TaintFrameModelingVisitor.java    From Android_Code_Arbiter with GNU Lesser General Public License v3.0 6 votes vote down vote up 
@Override
public void visitLDC(LDC ldc) {
    Taint taint = new Taint(Taint.State.SAFE);
    Object value = ldc.getValue(cpg);
    if (value instanceof String) {
        taint.setConstantValue((String) value);
    }
    if (FindSecBugsGlobalConfig.getInstance().isDebugTaintState()) {
        if (value instanceof String) {
            taint.setDebugInfo("\"" + value + "\"");
        } else {
            taint.setDebugInfo("LDC " + ldc.getType(cpg).getSignature());
        }
    }
    getFrame().pushValue(taint);
}
Example 2
Source File: FindSqlInjection.java    From spotbugs with GNU Lesser General Public License v2.1 6 votes vote down vote up 
private StringAppendState updateStringAppendState(Location location, ConstantPoolGen cpg, StringAppendState stringAppendState) {
    InstructionHandle handle = location.getHandle();
    Instruction ins = handle.getInstruction();
    if (!isConstantStringLoad(location, cpg)) {
        throw new IllegalArgumentException("instruction must be LDC");
    }

    LDC load = (LDC) ins;
    Object value = load.getValue(cpg);
    String stringValue = ((String) value).trim();
    if (stringValue.startsWith(",") || stringValue.endsWith(",")) {
        stringAppendState.setSawComma(handle);
    }
    if (isCloseQuote(stringValue) && stringAppendState.getSawOpenQuote(handle)) {
        stringAppendState.setSawCloseQuote(handle);
    }
    if (isOpenQuote(stringValue)) {
        stringAppendState.setSawOpenQuote(handle);
    }

    return stringAppendState;
}
Example 3
Source File: SpringUnvalidatedRedirectDetector.java    From Android_Code_Arbiter with GNU Lesser General Public License v3.0 5 votes vote down vote up 
private void analyzeMethod(Method m, ClassContext classContext) throws CFGBuilderException{
    JavaClass clazz = classContext.getJavaClass();
    ConstantPoolGen cpg = classContext.getConstantPoolGen();
    CFG cfg = classContext.getCFG(m);

    for (Iterator<Location> i = cfg.locationIterator(); i.hasNext(); ) {
        Location loc = i.next();
        Instruction inst = loc.getHandle().getInstruction();

        if (inst instanceof INVOKEVIRTUAL) {
            INVOKEVIRTUAL invoke = (INVOKEVIRTUAL)inst;
            if( "java.lang.StringBuilder".equals(invoke.getClassName(cpg)) && "append".equals(invoke.getMethodName(cpg))) {
                Instruction prev = loc.getHandle().getPrev().getInstruction();

                if (prev instanceof LDC) {
                    LDC ldc = (LDC)prev;
                    Object value = ldc.getValue(cpg);

                    if (value instanceof String) {
                        String v = (String)value;

                        if ("redirect:".equals(v)) {
                            BugInstance bug = new BugInstance(this, SPRING_UNVALIDATED_REDIRECT_TYPE, Priorities.NORMAL_PRIORITY);
                            bug.addClass(clazz).addMethod(clazz,m).addSourceLine(classContext,m,loc);
                            reporter.reportBug(bug);
                        }
                    }
                }
            }
        }
    }
}
Example 4
Source File: FindRefComparison.java    From spotbugs with GNU Lesser General Public License v2.1 5 votes vote down vote up 
@Override
public void visitLDC(LDC obj) {
    Type type = obj.getType(getCPG());
    if (isString(type)) {
        Object value = obj.getValue(getCPG());
        if (value instanceof String && ((String) value).length() == 0) {
            pushValue(emptyStringTypeInstance);
        } else {
            pushValue(staticStringTypeInstance);
        }
    } else {
        pushValue(type);
    }
}
Example 5
Source File: FindSqlInjection.java    From spotbugs with GNU Lesser General Public License v2.1 5 votes vote down vote up 
private boolean isConstantStringLoad(Location location, ConstantPoolGen cpg) {
    Instruction ins = location.getHandle().getInstruction();
    if (ins instanceof LDC) {
        LDC load = (LDC) ins;
        Object value = load.getValue(cpg);
        if (value instanceof String) {
            return true;
        }
    }

    return false;
}
Example 6
Source File: ConstantFrameModelingVisitor.java    From spotbugs with GNU Lesser General Public License v2.1 4 votes vote down vote up 
@Override
public void visitLDC(LDC obj) {
    Object value = obj.getValue(getCPG());
    Constant c = new Constant(value);
    getFrame().pushValue(c);
}
Example 7
Source File: ForwardTypeQualifierDataflowAnalysis.java    From spotbugs with GNU Lesser General Public License v2.1 4 votes vote down vote up 
private void registerLDCValueSource(Location location) throws DataflowAnalysisException {

        LDC instruction = (LDC) location.getHandle().getInstruction();
        Object constantValue = instruction.getValue(cpg);
        registerConstantSource(location, constantValue);
    }