Java Code Examples for edu.umd.cs.findbugs.BugInstance#addSourceLine()
The following examples show how to use
edu.umd.cs.findbugs.BugInstance#addSourceLine() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: MarkerUtil.java From spotbugs with GNU Lesser General Public License v2.1 | 5 votes |
|
private static void completeInnerClassInfo(String qualifiedClassName, String innerName, @Nonnull IType type, BugInstance bug)
throws JavaModelException {
int lineNbr = findChildSourceLine(type, innerName, bug);
if (lineNbr > 0) {
String sourceFileStr = getSourceFileHint(type, qualifiedClassName);
if (sourceFileStr != null && sourceFileStr.length() > 0) {
bug.addSourceLine(new SourceLineAnnotation(qualifiedClassName, sourceFileStr, lineNbr, lineNbr, 0, 0));
if (Reporter.DEBUG) {
System.out.println("1. Fixed start line to: " + lineNbr + " on " + qualifiedClassName + "$" + innerName);
}
}
}
}
Example 2
| Source File: BadSyntaxForRegularExpression.java From spotbugs with GNU Lesser General Public License v2.1 | 5 votes |
|
private void sawRegExPattern(int stackDepth, int flags) {
if (stack.getStackDepth() < stackDepth) {
return;
}
OpcodeStack.Item it = stack.getStackItem(stackDepth);
if (it.getSpecialKind() == OpcodeStack.Item.FILE_SEPARATOR_STRING && (flags & Pattern.LITERAL) == 0) {
bugReporter.reportBug(new BugInstance(this, "RE_CANT_USE_FILE_SEPARATOR_AS_REGULAR_EXPRESSION", HIGH_PRIORITY)
.addClassAndMethod(this).addCalledMethod(this).addSourceLine(this));
return;
}
Object value = it.getConstant();
if (!(value instanceof String)) {
return;
}
String regex = (String) value;
try {
Pattern.compile(regex, flags);
} catch (IllegalArgumentException e) {
String message = e.getMessage();
int eol = message.indexOf('\n');
if (eol > 0) {
message = message.substring(0, eol);
}
BugInstance bug = new BugInstance(this, "RE_BAD_SYNTAX_FOR_REGULAR_EXPRESSION", HIGH_PRIORITY)
.addClassAndMethod(this).addCalledMethod(this).addString(message).describe(StringAnnotation.ERROR_MSG_ROLE)
.addString(regex).describe(StringAnnotation.REGEX_ROLE);
String options = getOptions(flags);
if (options.length() > 0) {
bug.addString("Regex flags: " + options).describe(StringAnnotation.STRING_MESSAGE);
}
bug.addSourceLine(this);
bugReporter.reportBug(bug);
}
}
Example 3
| Source File: InjectionSink.java From Android_Code_Arbiter with GNU Lesser General Public License v3.0 | 4 votes |
|
/**
* Uses immutable values, updated priority and added lines for reporting
*
* @param taintedInsideMethod true if not influenced by method arguments
* @return new bug instance filled with information
*/
public BugInstance generateBugInstance(boolean taintedInsideMethod) {
BugInstance bug = new BugInstance(detector, bugType, originalPriority);
bug.addClassAndMethod(classContext.getJavaClass(), method);
bug.addSourceLine(SourceLineAnnotation.fromVisitedInstruction(classContext, method, instructionHandle));
addMessage(bug, "Sink method", sinkMethod);
for(TaintLocation source : unknownSources) {
addMessage(bug, "Unknown source", source.getTaintSource());
//md.getSlashedClassName() + "." + md.getName() + md.getSignature());
}
addMessage(bug, "Sink method", sinkMethod);
if (sinkPriority != UNKNOWN_SINK_PRIORITY) {
// higher priority is represented by lower integer
if (sinkPriority < originalPriority) {
bug.setPriority(sinkPriority);
addMessage(bug, "Method usage", "with tainted arguments detected");
} else if (sinkPriority > originalPriority) {
bug.setPriority(Priorities.LOW_PRIORITY);
addMessage(bug, "Method usage", "detected only with safe arguments");
}
} else if (!taintedInsideMethod) {
addMessage(bug, "Method usage", "not detected");
}
Collections.sort(lines);
SourceLineAnnotation annotation = null;
for (Iterator<SourceLineAnnotation> it = lines.iterator(); it.hasNext();) {
SourceLineAnnotation prev = annotation;
annotation = it.next();
if (prev != null && prev.getClassName().equals(annotation.getClassName())
&& prev.getStartLine() == annotation.getStartLine()) {
// keep only one annotation per line
it.remove();
}
}
for (SourceLineAnnotation sourceLine : lines) {
bug.addSourceLine(sourceLine);
}
return bug;
}
Example 4
| Source File: ReDosDetector.java From Android_Code_Arbiter with GNU Lesser General Public License v3.0 | 4 votes |
|
private int recurAnalyseRegex(String regex, int startPosition, int level) {
// print(level, "level = " + level);
if (level == 2) {
MethodDescriptor md = this.getMethodDescriptor();
FieldDescriptor fd = this.getFieldDescriptor();
BugInstance bug = new BugInstance(this, REDOS_TYPE, Priorities.NORMAL_PRIORITY) //
.addString(regex).addClass(this);
if (md != null)
bug.addMethod(md);
if (fd != null)
bug.addField(fd);
try {
bug.addSourceLine(this);
} catch (IllegalStateException e) {
}
bugReporter.reportBug(bug);
return 0;
}
// print(level, "Analysing " + regex.substring(0, startPosition + 1));
boolean openingMode = false;
for (int i = startPosition; i >= 0; i--) {
// print(level, "[" + i + "] = '" + regex.charAt(i) + "'");
if (isChar(regex, i, OPENING_CHAR)) {
// print(level, "<<<<");
return i;
}
if (isChar(regex, i, CLOSING_CHAR)) {
int newLevel = level;
if (i + 1 < regex.length() && isChar(regex, i + 1, PLUS_CHAR)) {
newLevel += 1;
}
// print(level, ">>>>");
openingMode = true;
i = recurAnalyseRegex(regex, i - 1, newLevel);
if (i == -1) {
return 0;
}
// print(level, "Restarting at " + i);
}
}
// print(level, "END!");
return 0;
}
Example 5
| Source File: CheckTypeQualifiers.java From spotbugs with GNU Lesser General Public License v2.1 | 4 votes |
|
private void annotateWarningWithSourceSinkInfo(BugInstance warning, XMethod xMethod, ValueNumber vn,
SourceSinkInfo sourceSinkInfo) {
MethodDescriptor methodDescriptor = xMethod.getMethodDescriptor();
switch (sourceSinkInfo.getType()) {
case PARAMETER:
try {
Method method = Global.getAnalysisCache().getMethodAnalysis(Method.class, methodDescriptor);
LocalVariableAnnotation lva = LocalVariableAnnotation.getParameterLocalVariableAnnotation(method,
sourceSinkInfo.getLocal());
lva.setDescription(lva.isSignificant() ? LocalVariableAnnotation.PARAMETER_VALUE_SOURCE_NAMED_ROLE
: LocalVariableAnnotation.PARAMETER_VALUE_SOURCE_ROLE);
warning.add(lva);
} catch (CheckedAnalysisException e) {
warning.addSourceLine(methodDescriptor, sourceSinkInfo.getLocation()).describe("SOURCE_LINE_VALUE_SOURCE");
}
break;
case CONSTANT_VALUE:
Object constantValue = sourceSinkInfo.getConstantValue();
if (constantValue instanceof String) {
warning.addString((String) constantValue).describe(StringAnnotation.STRING_CONSTANT_ROLE);
} else if (constantValue instanceof Integer) {
warning.addInt((Integer) constantValue).describe(IntAnnotation.INT_VALUE);
} else if (constantValue == null) {
warning.addString("null").describe(StringAnnotation.STRING_NONSTRING_CONSTANT_ROLE);
} else {
warning.addString(constantValue.toString()).describe(StringAnnotation.STRING_NONSTRING_CONSTANT_ROLE);
}
break;
case RETURN_VALUE_OF_CALLED_METHOD:
case FIELD_LOAD:
warning.addSourceLine(methodDescriptor, sourceSinkInfo.getLocation()).describe("SOURCE_LINE_VALUE_SOURCE");
break;
case ARGUMENT_TO_CALLED_METHOD:
case RETURN_VALUE:
case FIELD_STORE:
warning.addSourceLine(methodDescriptor, sourceSinkInfo.getLocation());
return;
default:
throw new IllegalStateException();
}
}
