edu.umd.cs.findbugs.Priorities Java Examples

The following examples show how to use edu.umd.cs.findbugs.Priorities. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: Noise.java    From spotbugs with GNU Lesser General Public License v2.1 6 votes vote down vote up
public int getPriority() {
    int hash = getHash();

    if ((hash & 0x1ff0) == 0) {
        hash = hash & 0xf;
        if (hash < 1) {
            return Priorities.HIGH_PRIORITY;
        } else if (hash < 1 + 2) {
            return Priorities.NORMAL_PRIORITY;
        } else if (hash < 1 + 2 + 4) {
            return Priorities.LOW_PRIORITY;
        } else {
            return Priorities.IGNORE_PRIORITY;
        }
    } else {
        return Priorities.IGNORE_PRIORITY + 1;
    }
}
 
Example #2
Source File: CodeAnalysisTest.java    From raml-tester with Apache License 2.0 6 votes vote down vote up
@Override
protected FindBugsResult analyzeFindBugs() {
    final BugCollector collector = new BugCollector().minPriority(Priorities.NORMAL_PRIORITY)
            .because("I don't agree",
                    In.everywhere().ignore("SBSC_USE_STRINGBUFFER_CONCATENATION"))
            .because("it's in test",
                    In.loc("*Test$*")
                            .ignore("SIC_INNER_SHOULD_BE_STATIC_ANON", "SE_NO_SERIALVERSIONID", "DM_DEFAULT_ENCODING", "BC_UNCONFIRMED_CAST"),
                    In.loc("*Test")
                            .ignore("ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD", "DM_DEFAULT_ENCODING", "UWF_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR"))
            .because("TODO",                 //TODO
                    In.locs("RestAssuredRamlRequest", "ServletRamlRequest", "ServletRamlResponse").ignore("DM_DEFAULT_ENCODING"))
            .because("arrays are only used internally",
                    In.locs("*Response", "*Request").ignore("EI_EXPOSE_REP", "EI_EXPOSE_REP2"))
            .because("They are snippets",
                    In.loc("guru.nidi.ramltester.snippets*").ignoreAll())
            .because("it's class private and only used in 1 occasion",
                    In.loc("CheckerHelper$ResourceMatch").ignore("EQ_COMPARETO_USE_OBJECT_EQUALS"));
    return new FindBugsAnalyzer(AnalyzerConfig.maven().mainAndTest(), collector).analyze();
}
 
Example #3
Source File: TrustBoundaryViolationValueDetector.java    From Android_Code_Arbiter with GNU Lesser General Public License v3.0 6 votes vote down vote up
/**=
 * All or nothing :
 * <ul>
 * <li>If the taint to sink path is found, it is mark as high</li>
 * <li>If the source is not confirm, it is mark as low. This is will be the most common case.</li>
 * </ul>
 * @param taint Taint state
 * @return High or low confidence
 */
@Override
protected int getPriority(Taint taint) {
    //**Low risk**
    //It is very common that variable are not sanetize and store in session.
    //By it self it pose little risk. The thinking is the injection or the critical operation
    //will be catch.
    //After all storing value in the session is not so different to storing value in local variables or any indirection.
    //**False positive**
    //The usual and most common configuration is to hide LOW priority (confidence).
    //This way this FP producer will not polute day to day review by developers.

    if (taint.isTainted() || !taint.isSafe()) {
        return Priorities.LOW_PRIORITY;
    }
    else {
        return Priorities.IGNORE_PRIORITY;
    }
}
 
Example #4
Source File: DumbMethods.java    From spotbugs with GNU Lesser General Public License v2.1 6 votes vote down vote up
private void checkForCompatibleLongComparison(OpcodeStack.Item left, OpcodeStack.Item right) {
    if (left.getSpecialKind() == Item.RESULT_OF_I2L && right.getConstant() != null) {
        long value = ((Number) right.getConstant()).longValue();
        if ((value > Integer.MAX_VALUE || value < Integer.MIN_VALUE)) {
            int priority = Priorities.HIGH_PRIORITY;
            if (value == Integer.MAX_VALUE + 1L || value == Integer.MIN_VALUE - 1L) {
                priority = Priorities.NORMAL_PRIORITY;
            }
            String stringValue = IntAnnotation.getShortInteger(value) + "L";
            if (value == 0xffffffffL) {
                stringValue = "0xffffffffL";
            } else if (value == 0x80000000L) {
                stringValue = "0x80000000L";
            }
            accumulator.accumulateBug(new BugInstance(this, "INT_BAD_COMPARISON_WITH_INT_VALUE", priority).addClassAndMethod(this)
                    .addString(stringValue).describe(StringAnnotation.STRING_NONSTRING_CONSTANT_ROLE)
                    .addValueSource(left, this), this);
        }
    }
}
 
Example #5
Source File: CodeAnalysisTest.java    From graphviz-java with Apache License 2.0 6 votes vote down vote up
@Override
protected FindBugsResult analyzeFindBugs() {
    final BugCollector collector = new BugCollector().minPriority(Priorities.NORMAL_PRIORITY)
            .apply(FindBugsConfigs.dependencyTestIgnore(CodeAnalysisTest.class))
            .because("It's examples", In.loc("ReadmeTest").ignore("DLS_DEAD_LOCAL_STORE"))
            .because("GraphvizServer is on localhost",
                    In.locs("GraphvizServer", "GraphvizServerEngine")
                            .ignore("UNENCRYPTED_SERVER_SOCKET", "UNENCRYPTED_SOCKET"))
            .because("It's ok",
                    In.loc("Datatype").ignore("NP_BOOLEAN_RETURN_NULL"),
                    In.loc("TempFiles").ignore("PATH_TRAVERSAL_IN", "RV_RETURN_VALUE_IGNORED_BAD_PRACTICE"),
                    In.loc("Options").ignore("URLCONNECTION_SSRF_FD"),
                    In.locs("BuiltInRasterizer#rasterize", "NopRasterizer", "PortSource").ignore("NP_NONNULL_RETURN_VIOLATION"),
                    In.loc("CommandLineExecutor").ignore("DM_DEFAULT_ENCODING"),
                    In.loc("GraphvizServer").ignore("COMMAND_INJECTION", "CRLF_INJECTION_LOGS"),
                    In.locs("AbstractGraphvizEngine", "Options", "GraphvizCmdLineEngine", "EngineTest", "SystemUtils", "Renderer").ignore("PATH_TRAVERSAL_IN"),
                    In.locs("EngineTest", "RendererTest", "EngineResult").ignore("RV_RETURN_VALUE_IGNORED_BAD_PRACTICE"),
                    In.loc("OptionsTest").ignore("DMI_HARDCODED_ABSOLUTE_FILENAME"),
                    In.loc("SimpleLabel").ignore("IM_BAD_CHECK_FOR_ODD"),
                    In.loc("JavascriptEngineTest").ignore("PREDICTABLE_RANDOM"),
                    In.loc("DatatypeTest").ignore("SIC_INNER_SHOULD_BE_STATIC"),
                    In.loc("Communicator").ignore("RR_NOT_CHECKED"));
    return new FindBugsAnalyzer(AnalyzerConfig.maven().mainAndTest(), collector).analyze();
}
 
Example #6
Source File: XssJspDetector.java    From Android_Code_Arbiter with GNU Lesser General Public License v3.0 6 votes vote down vote up
@Override
protected int getPriority(Taint taint) {
    if (!taint.isSafe() && taint.hasTag(Taint.Tag.XSS_SAFE)) {
        if(FindSecBugsGlobalConfig.getInstance().isReportPotentialXssWrongContext()) {
            return Priorities.LOW_PRIORITY;
        }
        else {
            return Priorities.IGNORE_PRIORITY;
        }
    } else if (!taint.isSafe()
            && (taint.hasTag(Taint.Tag.QUOTE_ENCODED) || taint.hasTag(Taint.Tag.APOSTROPHE_ENCODED))
            && taint.hasTag(Taint.Tag.LT_ENCODED)) {
        return Priorities.LOW_PRIORITY;
    } else {
        return super.getPriority(taint);
    }
}
 
Example #7
Source File: XssServletDetector.java    From Android_Code_Arbiter with GNU Lesser General Public License v3.0 6 votes vote down vote up
@Override
protected int getPriority(Taint taint) {
    if (!taint.isSafe() && taint.hasTag(Taint.Tag.XSS_SAFE)) {
        if(FindSecBugsGlobalConfig.getInstance().isReportPotentialXssWrongContext()) {
            return Priorities.LOW_PRIORITY;
        } else {
            return Priorities.IGNORE_PRIORITY;
        }
    } else if (!taint.isSafe()
            && (taint.hasTag(Taint.Tag.QUOTE_ENCODED) || taint.hasTag(Taint.Tag.APOSTROPHE_ENCODED))
            && taint.hasTag(Taint.Tag.LT_ENCODED)) {
        return Priorities.LOW_PRIORITY;
    } else {
        return super.getPriority(taint);
    }
}
 
Example #8
Source File: WebViewJavascriptEnabledDetector.java    From Android_Code_Arbiter with GNU Lesser General Public License v3.0 6 votes vote down vote up
@Override
public void sawOpcode(int seen) {
    //printOpCode(seen);
    if (seen == Constants.INVOKEVIRTUAL && getClassConstantOperand().equals("android/webkit/WebSettings") &&
            (getNameConstantOperand().equals("setJavaScriptEnabled") ||
             getNameConstantOperand().equals("setAllowFileAccess") ||
             getNameConstantOperand().equals("setAllowFileAccessFromFileURLs") ||
             getNameConstantOperand().equals("setAllowUniversalAccessFromFileURLs"))) {
        OpcodeStack.Item item = stack.getStackItem(0); //First item on the stack is the last
        if(StackUtils.isConstantInteger(item)) {
            Integer value = (Integer) item.getConstant();
            if(value == null || value == 1) {
                bugReporter.reportBug(new BugInstance(this, ANDROID_WEB_VIEW_JAVASCRIPT_TYPE, Priorities.NORMAL_PRIORITY) //
                        .addClass(this).addMethod(this).addSourceLine(this));
            }
        }
    }
}
 
Example #9
Source File: GeolocationDetector.java    From Android_Code_Arbiter with GNU Lesser General Public License v3.0 6 votes vote down vote up
@Override
public void visitClassContext(ClassContext classContext) {
    JavaClass javaClass = classContext.getJavaClass();
    
    //The class extends WebChromeClient
    boolean isWebChromeClient = InterfaceUtils.isSubtype(javaClass, "android.webkit.WebChromeClient");
    
    //Not the target of this detector
    if (!isWebChromeClient) {
        return;
    }
    Method[] methodList = javaClass.getMethods();
    for (Method m : methodList) {
        if (DEBUG) {
            System.out.println(">>> Method: " + m.getName());
        }
        //The presence of onGeolocationPermissionsShowPrompt is not enforce for the moment
        if (!m.getName().equals("onGeolocationPermissionsShowPrompt")) {
            continue;
        }
        //Since the logic implemented need to be analyze by a human, all implementation will be flagged.
        bugReporter.reportBug(new BugInstance(this, ANDROID_GEOLOCATION_TYPE, Priorities.NORMAL_PRIORITY) //
                .addClassAndMethod(javaClass, m));
    }
}
 
Example #10
Source File: ConstantPasswordDetector.java    From Android_Code_Arbiter with GNU Lesser General Public License v3.0 6 votes vote down vote up
private void reportBadSink() {
    if (!sinkMethods.containsKey(calledMethod)) {
        return;
    }
    Collection<Integer> offsets = sinkMethods.get(calledMethod);
    Collection<Integer> offsetsToReport = new ArrayList<Integer>();
    for (Integer offset : offsets) {
        if (hasHardCodedStackItem(offset) && !stack.getStackItem(offset).isNull()) {
            offsetsToReport.add(offset);
            String sourceField = getStackFieldName(offset);
            if (sourceField != null) {
                reportedFields.add(sourceField);
            }
        }
    }
    if (!offsetsToReport.isEmpty()) {
        reportBugSink(Priorities.HIGH_PRIORITY, offsets);
    }
}
 
Example #11
Source File: JspSpringEvalDetector.java    From Android_Code_Arbiter with GNU Lesser General Public License v3.0 6 votes vote down vote up
@Override
    public void sawOpcode(int seen) {
        //printOpCode(seen);

//        JspSpringEvalDetector: [0039]  ldc   "${expression}"
//        JspSpringEvalDetector: [0041]  ldc   java/lang/String
//        JspSpringEvalDetector: [0043]  aload_2
//        JspSpringEvalDetector: [0044]  aconst_null
//        JspSpringEvalDetector: [0045]  invokestatic   org/apache/jasper/runtime/PageContextImpl.evaluateExpression (Ljava/lang/String;Ljava/lang/Class;Ljavax/servlet/jsp/PageContext;Lorg/apache/jasper/runtime/ProtectedFunctionMapper;)Ljava/lang/Object;
//        JspSpringEvalDetector: [0048]  checkcast
//        JspSpringEvalDetector: [0051]  invokevirtual   org/springframework/web/servlet/tags/EvalTag.setExpression (Ljava/lang/String;)V

        if (seen == Constants.INVOKEVIRTUAL && getClassConstantOperand().equals("org/springframework/web/servlet/tags/EvalTag")
                && getNameConstantOperand().equals("setExpression") && getSigConstantOperand().equals("(Ljava/lang/String;)V")) {

            if (StackUtils.isVariableString(stack.getStackItem(0))) {
                bugReporter.reportBug(new BugInstance(this, JSP_SPRING_EVAL, Priorities.HIGH_PRIORITY) //
                        .addClass(this).addMethod(this).addSourceLine(this));
            }
        }
    }
 
Example #12
Source File: CheckTypeQualifiers.java    From spotbugs with GNU Lesser General Public License v2.1 6 votes vote down vote up
private void emitSourceWarning(String bugType, XMethod xMethod, TypeQualifierValue<?> typeQualifierValue,
        FlowValue backwardsFlowValue, TypeQualifierValueSet backwardsFact, SourceSinkInfo source, ValueNumber vn,
        Location location) {

    BugInstance warning = new BugInstance(this, bugType, Priorities.NORMAL_PRIORITY).addClassAndMethod(xMethod);
    annotateWarningWithTypeQualifier(warning, typeQualifierValue);

    annotateWarningWithSourceSinkInfo(warning, xMethod, vn, source);

    Set<? extends SourceSinkInfo> sinkSet = (backwardsFlowValue == FlowValue.NEVER) ? backwardsFact.getWhereNever(vn)
            : backwardsFact
                    .getWhereAlways(vn);
    for (SourceSinkInfo sink : sinkSet) {
        annotateWarningWithSourceSinkInfo(warning, xMethod, vn, sink);
    }

    bugReporter.reportBug(warning);
}
 
Example #13
Source File: RsaNoPaddingDetector.java    From Android_Code_Arbiter with GNU Lesser General Public License v3.0 6 votes vote down vote up
@Override
public void sawOpcode(int seen) {
    if (seen == Constants.INVOKESTATIC
            && getClassConstantOperand().equals("javax/crypto/Cipher")
            && getNameConstantOperand().equals("getInstance")) {
        OpcodeStack.Item item = stack.getStackItem(getSigConstantOperand().contains(";L") ? 1 : 0);
        if (StackUtils.isConstantString(item)) {
            String cipherValue = (String) item.getConstant();
            // default padding for "RSA" only is PKCS1 so it is not reported
            if (cipherValue.startsWith("RSA/") && cipherValue.endsWith("/NoPadding")) {
                bugReporter.reportBug(new BugInstance(this, RSA_NO_PADDING_TYPE, Priorities.NORMAL_PRIORITY) //
                        .addClass(this).addMethod(this).addSourceLine(this));
            }
        }
    }
}
 
Example #14
Source File: StartInConstructor.java    From spotbugs with GNU Lesser General Public License v2.1 6 votes vote down vote up
@Override
public void sawOpcode(int seen) {
    if (seen == Const.INVOKEVIRTUAL && "start".equals(getNameConstantOperand()) && "()V".equals(getSigConstantOperand())) {
        try {
            if (Hierarchy.isSubtype(getDottedClassConstantOperand(), "java.lang.Thread")) {
                int priority = Priorities.NORMAL_PRIORITY;
                if (getPC() + 4 >= getCode().getCode().length) {
                    priority = Priorities.LOW_PRIORITY;
                }
                BugInstance bug = new BugInstance(this, "SC_START_IN_CTOR", priority).addClassAndMethod(this)
                        .addCalledMethod(this);
                Subtypes2 subtypes2 = AnalysisContext.currentAnalysisContext().getSubtypes2();
                Set<ClassDescriptor> directSubtypes = subtypes2.getDirectSubtypes(getClassDescriptor());
                if (!directSubtypes.isEmpty()) {
                    for (ClassDescriptor sub : directSubtypes) {
                        bug.addClass(sub).describe(ClassAnnotation.SUBCLASS_ROLE);
                    }
                    bug.setPriority(Priorities.HIGH_PRIORITY);
                }
                bugAccumulator.accumulateBug(bug, this);
            }
        } catch (ClassNotFoundException e) {
            bugReporter.reportMissingClass(e);
        }
    }
}
 
Example #15
Source File: XssMvcApiDetector.java    From Android_Code_Arbiter with GNU Lesser General Public License v3.0 6 votes vote down vote up
@Override
protected int getPriority(Taint taint) {
    if (!taint.isSafe() && taint.hasTag(Taint.Tag.XSS_SAFE)) {
        if (FindSecBugsGlobalConfig.getInstance().isReportPotentialXssWrongContext()) {
            return Priorities.LOW_PRIORITY;
        } else {
            return Priorities.IGNORE_PRIORITY;
        }
    } else if (!taint.isSafe()
            && (taint.hasTag(Taint.Tag.QUOTE_ENCODED) || taint.hasTag(Taint.Tag.APOSTROPHE_ENCODED))
            && taint.hasTag(Taint.Tag.LT_ENCODED)) {
        return Priorities.LOW_PRIORITY;
    } else {
        return super.getPriority(taint);
    }
}
 
Example #16
Source File: XssMvcApiDetector.java    From Android_Code_Arbiter with GNU Lesser General Public License v3.0 6 votes vote down vote up
@Override
protected int getPriorityFromTaintFrame(TaintFrame fact, int offset)
        throws DataflowAnalysisException {
    Taint mvcResultTaint = fact.getStackValue(offset);

    // The MVC Result object was tainted - This could still be safe if the content-type is a safe one
    if (!mvcResultTaint.isSafe()) {
        // Get the value of the content-type parameter
        Taint parameterTaint = fact.getStackValue(0);

        if ( !parameterTaint.isSafe()
                || VULNERABLE_CONTENT_TYPE.equalsIgnoreCase(parameterTaint.getConstantValue())) {
            return getPriority(mvcResultTaint);
        }
    }

    return Priorities.IGNORE_PRIORITY;
}
 
Example #17
Source File: XssTwirlDetector.java    From Android_Code_Arbiter with GNU Lesser General Public License v3.0 6 votes vote down vote up
@Override
protected int getPriority(Taint taint) {
    if (!taint.isSafe() && taint.hasTag(Taint.Tag.XSS_SAFE)) {
        if(FindSecBugsGlobalConfig.getInstance().isReportPotentialXssWrongContext()) {
            return Priorities.LOW_PRIORITY;
        }
        else {
            return Priorities.IGNORE_PRIORITY;
        }
    } else if (!taint.isSafe()
            && (taint.hasTag(Taint.Tag.QUOTE_ENCODED) || taint.hasTag(Taint.Tag.APOSTROPHE_ENCODED))
            && taint.hasTag(Taint.Tag.LT_ENCODED)) {
        return Priorities.LOW_PRIORITY;
    } else {
        return super.getPriority(taint);
    }
}
 
Example #18
Source File: ProjectFilterSettings.java    From spotbugs with GNU Lesser General Public License v2.1 6 votes vote down vote up
/**
 * Convert an integer warning priority threshold value to a String.
 */
public static String getIntPriorityAsString(int prio) {
    String minPriority;
    switch (prio) {
    case Priorities.EXP_PRIORITY:
        minPriority = ProjectFilterSettings.EXPERIMENTAL_PRIORITY;
        break;
    case Priorities.LOW_PRIORITY:
        minPriority = ProjectFilterSettings.LOW_PRIORITY;
        break;
    case Priorities.NORMAL_PRIORITY:
        minPriority = ProjectFilterSettings.MEDIUM_PRIORITY;
        break;
    case Priorities.HIGH_PRIORITY:
        minPriority = ProjectFilterSettings.HIGH_PRIORITY;
        break;
    default:
        minPriority = ProjectFilterSettings.DEFAULT_PRIORITY;
        break;
    }
    return minPriority;
}
 
Example #19
Source File: Struts2EndpointDetector.java    From Android_Code_Arbiter with GNU Lesser General Public License v3.0 5 votes vote down vote up
@Override
public void visitClassContext(ClassContext classContext) {
    JavaClass javaClass = classContext.getJavaClass();

    for (Method m : javaClass.getMethods()) {
        if ("execute".equals(m.getName()) && "()Ljava/lang/String;".equals(m.getSignature())) {
            bugReporter.reportBug(new BugInstance(this, STRUTS2_ENDPOINT_TYPE, Priorities.LOW_PRIORITY) //
                    .addClass(javaClass));
        }
    }
}
 
Example #20
Source File: PredictableRandomDetector.java    From Android_Code_Arbiter with GNU Lesser General Public License v3.0 5 votes vote down vote up
@Override
public void sawOpcode(int seen) {
    //printOpCode(seen);

    if (seen == Constants.INVOKESPECIAL && getClassConstantOperand().equals("java/util/Random")
            && getNameConstantOperand().equals("<init>")) {

        bugReporter.reportBug(new BugInstance(this, PREDICTABLE_RANDOM_TYPE, Priorities.NORMAL_PRIORITY) //
                .addClass(this).addMethod(this).addSourceLine(this) //
                .addString("java.util.Random"));

    } else if (seen == Constants.INVOKESTATIC && getClassConstantOperand().equals("java/lang/Math")
            && getNameConstantOperand().equals("random")) {

        bugReporter.reportBug(new BugInstance(this, PREDICTABLE_RANDOM_TYPE, Priorities.NORMAL_PRIORITY) //
                .addClass(this).addMethod(this).addSourceLine(this) //
                .addString("java.lang.Math.random()"));

    } else if (seen == Constants.INVOKESTATIC && getClassConstantOperand().equals("java/util/concurrent/ThreadLocalRandom")
            && getNameConstantOperand().equals("current")) {
        
        bugReporter.reportBug(new BugInstance(this, PREDICTABLE_RANDOM_TYPE, Priorities.NORMAL_PRIORITY) //
                .addClass(this).addMethod(this).addSourceLine(this) //
                .addString("java.util.concurrent.ThreadLocalRandom"));

    } else if (seen == Constants.INVOKESPECIAL && getClassConstantOperand().equals("scala/util/Random")
            && getNameConstantOperand().equals("<init>")) {

        bugReporter.reportBug(new BugInstance(this, PREDICTABLE_RANDOM_SCALA_TYPE, Priorities.NORMAL_PRIORITY) //
                .addClass(this).addMethod(this).addSourceLine(this) //
                .addString("scala.util.Random"));

    } else if (seen == Constants.INVOKEVIRTUAL && RANDOM_NEXT_METHODS.matches(this)) {

        bugReporter.reportBug(new BugInstance(this, PREDICTABLE_RANDOM_SCALA_TYPE, Priorities.NORMAL_PRIORITY) //
                .addClass(this).addMethod(this).addSourceLine(this) //
                .addString("scala.util.Random."+getNameConstantOperand()+"()"));
    }
}
 
Example #21
Source File: IncompatibleTypes.java    From spotbugs with GNU Lesser General Public License v2.1 5 votes vote down vote up
static public @Nonnull IncompatibleTypes getPriorityForAssumingCompatible(GenericObjectType genericType, Type plainType) {
    IncompatibleTypes result = IncompatibleTypes.getPriorityForAssumingCompatible(genericType.getObjectType(), plainType);
    List<? extends ReferenceType> parameters = genericType.getParameters();
    if (result.getPriority() == Priorities.NORMAL_PRIORITY && parameters != null && parameters.contains(plainType)) {
        result = UNRELATED_TYPES_BUT_MATCHES_TYPE_PARAMETER;
    }
    return result;

}
 
Example #22
Source File: FieldSummary.java    From spotbugs with GNU Lesser General Public License v2.1 5 votes vote down vote up
public void mergeSummary(XField fieldOperand, OpcodeStack.Item mergeValue) {
    if (SystemProperties.ASSERTIONS_ENABLED) {
        String mSignature = mergeValue.getSignature();

        Type mergeType = Type.getType(mSignature);
        Type fieldType = Type.getType(fieldOperand.getSignature());
        IncompatibleTypes check = IncompatibleTypes.getPriorityForAssumingCompatible(mergeType, fieldType, false);
        if (check.getPriority() <= Priorities.NORMAL_PRIORITY) {
            AnalysisContext.logError(fieldOperand + " not compatible with " + mergeValue,
                    new IllegalArgumentException(check.toString()));
        }

    }

    OpcodeStack.Item oldSummary = summary.get(fieldOperand);
    if (oldSummary != null) {
        Item newValue = OpcodeStack.Item.merge(mergeValue, oldSummary);
        newValue.clearNewlyAllocated();
        summary.put(fieldOperand, newValue);
    } else {
        if (mergeValue.isNewlyAllocated()) {
            mergeValue = new OpcodeStack.Item(mergeValue);
            mergeValue.clearNewlyAllocated();
        }
        summary.put(fieldOperand, mergeValue);
    }
}
 
Example #23
Source File: UnencryptedServerSocketDetector.java    From Android_Code_Arbiter with GNU Lesser General Public License v3.0 5 votes vote down vote up
@Override
public void sawOpcode(int seen) {
    //printOpCode(seen);

    if (seen == Constants.INVOKESPECIAL && getClassConstantOperand().equals("java/net/ServerSocket") &&
            getNameConstantOperand().equals("<init>")) {
        bugReporter.reportBug(new BugInstance(this, UNENCRYPTED_SERVER_SOCKET_TYPE, Priorities.NORMAL_PRIORITY) //
                .addClass(this).addMethod(this).addSourceLine(this));
    }
}
 
Example #24
Source File: Struts1EndpointDetector.java    From Android_Code_Arbiter with GNU Lesser General Public License v3.0 5 votes vote down vote up
@Override
public void visitClassContext(ClassContext classContext) {
    JavaClass javaClass = classContext.getJavaClass();

    if ("org.apache.struts.action.Action".equals(javaClass.getSuperclassName())) {
        bugReporter.reportBug(new BugInstance(this, STRUTS1_ENDPOINT_TYPE, Priorities.LOW_PRIORITY) //
                .addClass(javaClass));
    }
}
 
Example #25
Source File: AppendingToAnObjectOutputStream.java    From spotbugs with GNU Lesser General Public License v2.1 5 votes vote down vote up
@Override
public void sawOpcode(int seen) {
    if (seen != Const.INVOKESPECIAL) {
        sawOpenInAppendMode = false;
        return;
    }
    String calledClassName = getClassConstantOperand();
    String calledMethodName = getNameConstantOperand();
    String calledMethodSig = getSigConstantOperand();
    if (!sawOpenInAppendMode) {
        if ("java/io/ObjectOutputStream".equals(calledClassName) && Const.CONSTRUCTOR_NAME.equals(calledMethodName)
                && "(Ljava/io/OutputStream;)V".equals(calledMethodSig)
                && stack.getStackItem(0).getSpecialKind() == OpcodeStack.Item.FILE_OPENED_IN_APPEND_MODE) {
            bugReporter.reportBug(new BugInstance(this, "IO_APPENDING_TO_OBJECT_OUTPUT_STREAM", Priorities.HIGH_PRIORITY)
                    .addClassAndMethod(this).addSourceLine(this));
        }
        return;
    }
    if ("java/io/FileOutputStream".equals(calledClassName) && Const.CONSTRUCTOR_NAME.equals(calledMethodName)
            && ("(Ljava/io/File;Z)V".equals(calledMethodSig) || "(Ljava/lang/String;Z)V".equals(calledMethodSig))) {
        OpcodeStack.Item item = stack.getStackItem(0);
        Object value = item.getConstant();
        sawOpenInAppendMode = value instanceof Integer && ((Integer) value).intValue() == 1;
    } else if ("java/io/BufferedOutputStream".equals(calledClassName) && Const.CONSTRUCTOR_NAME.equals(calledMethodName)
            && "(Ljava/io/OutputStream;)V".equals(calledMethodSig)) {
        // do nothing

    } else if ("java/io/ObjectOutputStream".equals(calledClassName) && Const.CONSTRUCTOR_NAME.equals(calledMethodName)
            && "(Ljava/io/OutputStream;)V".equals(calledMethodSig)) {
        bugReporter.reportBug(new BugInstance(this, "IO_APPENDING_TO_OBJECT_OUTPUT_STREAM", Priorities.HIGH_PRIORITY)
                .addClassAndMethod(this).addSourceLine(this));
        sawOpenInAppendMode = false;
    } else {
        sawOpenInAppendMode = false;
    }

}
 
Example #26
Source File: WeakTrustManagerDetector.java    From Android_Code_Arbiter with GNU Lesser General Public License v3.0 5 votes vote down vote up
private void allow_All_Hostname_Verify(ClassContext classContext, JavaClass javaClass, Method m){
        ConstantPoolGen cpg = classContext.getConstantPoolGen();
        CFG cfg = null;
        try {
            cfg = classContext.getCFG(m);
        } catch (CFGBuilderException e) {
            e.printStackTrace();
        }

        for (Iterator<Location> i = cfg.locationIterator(); i.hasNext(); ) {
            Location loc = i.next();
            //ByteCode.printOpCode(loc.getHandle().getInstruction(), cpg);

            Instruction inst = loc.getHandle().getInstruction();
            if (inst instanceof GETSTATIC) {
                GETSTATIC invoke = (GETSTATIC) inst;
//                        System.out.println(invoke.getClassName(cpg));
//                        System.out.println(invoke.getName(cpg));
//                        System.out.println(invoke.getSignature(cpg));
//                if("org.apache.http.conn.ssl.SSLSocketFactory".equals(invoke.getClassName(cpg)) &&
//                        "Lorg/apache/http/conn/ssl/X509HostnameVerifier;".equals(invoke.getSignature(cpg)) &&
//                        "ALLOW_ALL_HOSTNAME_VERIFIER".equals(invoke.getName(cpg))){
                if("ALLOW_ALL_HOSTNAME_VERIFIER".equals(invoke.getName(cpg))){
                    bugReporter.reportBug(new BugInstance(this, WEAK_HOSTNAME_VERIFIER_TYPE, Priorities.NORMAL_PRIORITY)
                            .addClassAndMethod(javaClass, m));
                }
            }
        }
    }
 
Example #27
Source File: WicketEndpointDetector.java    From Android_Code_Arbiter with GNU Lesser General Public License v3.0 5 votes vote down vote up
@Override
public void visitClassContext(ClassContext classContext) {
    JavaClass javaClass = classContext.getJavaClass();

    String superClassName = javaClass.getSuperclassName();
    if ("org.apache.wicket.markup.html.WebPage".equals(superClassName)) {
        bugReporter.reportBug(new BugInstance(this, WICKET_ENDPOINT_TYPE, Priorities.LOW_PRIORITY) //
                .addClass(javaClass));
        return;
    }
}
 
Example #28
Source File: FindNonShortCircuitTest.java    From spotbugs with GNU Lesser General Public License v2.1 5 votes vote down vote up
@Test
public void testBugTypeAndPriorityMethodCallOld() {
    check.sawDangerOld = true;
    check.sawMethodCallOld = true;
    BugInstance bug = check.createBugInstance();
    assertEquals(FindNonShortCircuit.NS_DANGEROUS_NON_SHORT_CIRCUIT, bug.getType());
    assertEquals(Priorities.HIGH_PRIORITY, bug.getPriority());
}
 
Example #29
Source File: SpringMvcEndpointDetector.java    From Android_Code_Arbiter with GNU Lesser General Public License v3.0 5 votes vote down vote up
@Override
public void visitClassContext(ClassContext classContext) {
    JavaClass javaClass = classContext.getJavaClass();
    method : for (Method m : javaClass.getMethods()) {

        for (AnnotationEntry ae : m.getAnnotationEntries()) {

            if (REQUEST_MAPPING_ANNOTATION_TYPES.contains(ae.getAnnotationType())) {
                bugReporter.reportBug(new BugInstance(this, SPRING_ENDPOINT_TYPE, Priorities.LOW_PRIORITY) //
                        .addClassAndMethod(javaClass, m));
                continue method;
            }
        }
    }
}
 
Example #30
Source File: SpringUnvalidatedRedirectDetector.java    From Android_Code_Arbiter with GNU Lesser General Public License v3.0 5 votes vote down vote up
private void analyzeMethod(Method m, ClassContext classContext) throws CFGBuilderException{
    JavaClass clazz = classContext.getJavaClass();
    ConstantPoolGen cpg = classContext.getConstantPoolGen();
    CFG cfg = classContext.getCFG(m);

    for (Iterator<Location> i = cfg.locationIterator(); i.hasNext(); ) {
        Location loc = i.next();
        Instruction inst = loc.getHandle().getInstruction();

        if (inst instanceof INVOKEVIRTUAL) {
            INVOKEVIRTUAL invoke = (INVOKEVIRTUAL)inst;
            if( "java.lang.StringBuilder".equals(invoke.getClassName(cpg)) && "append".equals(invoke.getMethodName(cpg))) {
                Instruction prev = loc.getHandle().getPrev().getInstruction();

                if (prev instanceof LDC) {
                    LDC ldc = (LDC)prev;
                    Object value = ldc.getValue(cpg);

                    if (value instanceof String) {
                        String v = (String)value;

                        if ("redirect:".equals(v)) {
                            BugInstance bug = new BugInstance(this, SPRING_UNVALIDATED_REDIRECT_TYPE, Priorities.NORMAL_PRIORITY);
                            bug.addClass(clazz).addMethod(clazz,m).addSourceLine(classContext,m,loc);
                            reporter.reportBug(bug);
                        }
                    }
                }
            }
        }
    }
}