• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号

Java CFG类代码示例

原作者: [db:作者] 来自: [db:来源] 收藏 邀请

本文整理汇总了Java中edu.umd.cs.findbugs.ba.CFG的典型用法代码示例。如果您正苦于以下问题:Java CFG类的具体用法?Java CFG怎么用?Java CFG使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。



CFG类属于edu.umd.cs.findbugs.ba包,在下文中一共展示了CFG类的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的Java代码示例。

示例1: hasCustomReadObject

import edu.umd.cs.findbugs.ba.CFG; //导入依赖的package包/类
/**
 * Check if the readObject is doing multiple external call beyond the basic readByte, readBoolean, etc..
 * @param m
 * @param classContext
 * @return
 * @throws CFGBuilderException
 * @throws DataflowAnalysisException
 */
private boolean hasCustomReadObject(Method m, ClassContext classContext,List<String> classesToIgnore)
        throws CFGBuilderException, DataflowAnalysisException {
    ConstantPoolGen cpg = classContext.getConstantPoolGen();
    CFG cfg = classContext.getCFG(m);
    int count = 0;
    for (Iterator<Location> i = cfg.locationIterator(); i.hasNext(); ) {
        Location location = i.next();
        Instruction inst = location.getHandle().getInstruction();
        //ByteCode.printOpCode(inst,cpg);
        if(inst instanceof InvokeInstruction) {
            InvokeInstruction invoke = (InvokeInstruction) inst;
            if (!READ_DESERIALIZATION_METHODS.contains(invoke.getMethodName(cpg))
                    && !classesToIgnore.contains(invoke.getClassName(cpg))) {
                count +=1;
            }
        }
    }
    return count > 3;
}
 
开发者ID:blackarbiter,项目名称:Android_Code_Arbiter,代码行数:28,代码来源:DeserializationGadgetDetector.java


示例2: analyzeMethod

import edu.umd.cs.findbugs.ba.CFG; //导入依赖的package包/类
private void analyzeMethod(Method m, ClassContext classContext) throws CFGBuilderException, DataflowAnalysisException {
    MethodGen methodGen = classContext.getMethodGen(m);
    ConstantPoolGen cpg = classContext.getConstantPoolGen();
    CFG cfg = classContext.getCFG(m);

    if (methodGen == null || methodGen.getInstructionList() == null) {
        return; //No instruction .. nothing to do
    }
    for (Iterator<Location> i = cfg.locationIterator(); i.hasNext(); ) {
        Location location = i.next();
        Instruction inst = location.getHandle().getInstruction();
        if (inst instanceof InvokeInstruction) {
            InvokeInstruction invoke = (InvokeInstruction) inst;
            String methodName = invoke.getMethodName(cpg);
            if ("enableDefaultTyping".equals(methodName)) {
                JavaClass clz = classContext.getJavaClass();
                bugReporter.reportBug(new BugInstance(this, DESERIALIZATION_TYPE, HIGH_PRIORITY)
                        .addClass(clz)
                        .addMethod(clz, m)
                        .addCalledMethod(cpg, invoke)
                        .addSourceLine(classContext, m, location)
                );
            }
        }
    }
}
 
开发者ID:blackarbiter,项目名称:Android_Code_Arbiter,代码行数:27,代码来源:UnsafeJacksonDeserializationDetector.java


示例3: analyzeMethod

import edu.umd.cs.findbugs.ba.CFG; //导入依赖的package包/类
private void analyzeMethod(Method m, ClassContext classContext) throws CFGBuilderException, DataflowAnalysisException {

        ConstantPoolGen cpg = classContext.getConstantPoolGen();
        CFG cfg = classContext.getCFG(m);
        
        for (Iterator<Location> i = cfg.locationIterator(); i.hasNext(); ) {
            Location location = i.next();

            Instruction inst = location.getHandle().getInstruction();
            
            if (inst instanceof LDC) {
                LDC ldc = (LDC) inst;
                if (ldc != null) {
                    if("java.naming.security.authentication".equals(ldc.getValue(cpg)) &&
                       "none".equals(ByteCode.getConstantLDC(location.getHandle().getNext(), cpg, String.class))){
                        JavaClass clz = classContext.getJavaClass();
                        bugReporter.reportBug(new BugInstance(this, LDAP_ANONYMOUS, Priorities.LOW_PRIORITY) //
                        .addClass(clz)
                        .addMethod(clz, m)
                        .addSourceLine(classContext, m, location));
                        break;
                    }
                }
            }            
        }
    }
 
开发者ID:blackarbiter,项目名称:Android_Code_Arbiter,代码行数:27,代码来源:AnonymousLdapDetector.java


示例4: countLocalStoresLoadsAndIncrements

import edu.umd.cs.findbugs.ba.CFG; //导入依赖的package包/类
/**
 * Count stores, loads, and increments of local variables in method whose
 * CFG is given.
 * 
 * @param localStoreCount
 *            counts of local stores (indexed by local)
 * @param localLoadCount
 *            counts of local loads (indexed by local)
 * @param localIncrementCount
 *            counts of local increments (indexed by local)
 * @param cfg
 *            control flow graph (CFG) of method
 */
private void countLocalStoresLoadsAndIncrements(int[] localStoreCount, int[] localLoadCount, int[] localIncrementCount,
        CFG cfg) {
    for (Iterator<Location> i = cfg.locationIterator(); i.hasNext();) {
        Location location = i.next();

        if (location.getBasicBlock().isExceptionHandler())
            continue;

        boolean isStore = isStore(location);
        boolean isLoad = isLoad(location);
        if (!isStore && !isLoad)
            continue;

        IndexedInstruction ins = (IndexedInstruction) location.getHandle().getInstruction();
        int local = ins.getIndex();
        if (ins instanceof IINC) {
            localStoreCount[local]++;
            localLoadCount[local]++;
            localIncrementCount[local]++;
        } else if (isStore)
            localStoreCount[local]++;
        else
            localLoadCount[local]++;
    }
}
 
开发者ID:ytus,项目名称:findbugs-all-the-bugs,代码行数:39,代码来源:FindDeadLocalStores.java


示例5: checkForConflictingValues

import edu.umd.cs.findbugs.ba.CFG; //导入依赖的package包/类
private void checkForConflictingValues(XMethod xMethod, CFG cfg,
        TypeQualifierValue typeQualifierValue, TypeQualifierValueSet forwardsFact, TypeQualifierValueSet backwardsFact,
        Location locationToReport, Location locationWhereDoomedValueIsObserved, ValueNumberFrame vnaFrame) throws CheckedAnalysisException {
    Set<ValueNumber> valueNumberSet = new HashSet<ValueNumber>();
    valueNumberSet.addAll(forwardsFact.getValueNumbers());
    valueNumberSet.addAll(backwardsFact.getValueNumbers());

    for (ValueNumber vn : valueNumberSet) {
        FlowValue forward = forwardsFact.getValue(vn);
        FlowValue backward = backwardsFact.getValue(vn);
        if (!FlowValue.valuesConflict(typeQualifierValue.isStrictQualifier() && !xMethod.isIdentity(), forward, backward))
            continue;

        if (DEBUG) {
            System.out.println("Check " + vn + ": forward=" + forward + ", backward=" + backward + " at " + checkLocation);
            forwardsFact.getValue(vn);
            backwardsFact.getValue(vn);
        }

        emitDataflowWarning(xMethod, typeQualifierValue, forwardsFact, backwardsFact, vn, forward, backward,
                locationToReport, locationWhereDoomedValueIsObserved, vnaFrame);

    }
}
 
开发者ID:OpenNTF,项目名称:FindBug-for-Domino-Designer,代码行数:25,代码来源:CheckTypeQualifiers.java


示例6: getPreviousLocation

import edu.umd.cs.findbugs.ba.CFG; //导入依赖的package包/类
private @CheckForNull
Location getPreviousLocation(CFG cfg, Location startLocation, boolean skipNops) {
    Location loc = startLocation;
    InstructionHandle prev = getPreviousInstruction(loc.getHandle(), skipNops);
    if (prev != null)
        return new Location(prev, loc.getBasicBlock());
    BasicBlock block = loc.getBasicBlock();
    while (true) {
        block = cfg.getPredecessorWithEdgeType(block, EdgeTypes.FALL_THROUGH_EDGE);
        if (block == null)
            return null;
        InstructionHandle lastInstruction = block.getLastInstruction();
        if (lastInstruction != null)
            return new Location(lastInstruction, block);
    }
}
 
开发者ID:OpenNTF,项目名称:FindBug-for-Domino-Designer,代码行数:17,代码来源:FindSqlInjection.java


示例7: isSafeValue

import edu.umd.cs.findbugs.ba.CFG; //导入依赖的package包/类
private boolean isSafeValue(Location location, ConstantPoolGen cpg) throws CFGBuilderException {
    Instruction prevIns = location.getHandle().getInstruction();
    if (prevIns instanceof LDC || prevIns instanceof GETSTATIC)
        return true;
    if (prevIns instanceof InvokeInstruction) {
        String methodName = ((InvokeInstruction) prevIns).getMethodName(cpg);
        if (methodName.startsWith("to") && methodName.endsWith("String") && methodName.length() > 8)
            return true;
    }
    if (prevIns instanceof AALOAD) {
        CFG cfg = classContext.getCFG(method);

        Location prev = getPreviousLocation(cfg, location, true);
        if (prev != null) {
            Location prev2 = getPreviousLocation(cfg, prev, true);
            if (prev2 != null && prev2.getHandle().getInstruction() instanceof GETSTATIC) {
                GETSTATIC getStatic = (GETSTATIC) prev2.getHandle().getInstruction();
                if (getStatic.getSignature(cpg).equals("[Ljava/lang/String;"))
                    return true;
            }
        }
    }
    return false;
}
 
开发者ID:ytus,项目名称:findbugs-all-the-bugs,代码行数:25,代码来源:FindSqlInjection.java


示例8: findThenFinish

import edu.umd.cs.findbugs.ba.CFG; //导入依赖的package包/类
private InstructionHandle findThenFinish(CFG cfg, BasicBlock thenBB, int elsePos) {
    InstructionHandle inst = thenBB.getFirstInstruction();
    while (inst == null) {
        Iterator<Edge> ie = cfg.outgoingEdgeIterator(thenBB);
        while (ie.hasNext()) {
            Edge e = ie.next();
            if (e.getType() == EdgeTypes.FALL_THROUGH_EDGE) {
                thenBB = e.getTarget();
                break;
            }
        }
        inst = thenBB.getFirstInstruction();
    }

    InstructionHandle lastIns = inst;
    while (inst.getPosition() < elsePos) {
        lastIns = inst;
        inst = inst.getNext();
    }

    return lastIns;
}
 
开发者ID:OpenNTF,项目名称:FindBug-for-Domino-Designer,代码行数:23,代码来源:DuplicateBranches.java


示例9: isDuplicated

import edu.umd.cs.findbugs.ba.CFG; //导入依赖的package包/类
/**
 * @param propertySet
 * @param pc
 * @param isConsistent
 * @return
 */
public boolean isDuplicated(WarningPropertySet<WarningProperty> propertySet, int pc, boolean isConsistent) {
    boolean duplicated = false;
    if (!isConsistent) {
        if (propertySet.containsProperty(NullDerefProperty.DEREFS_ARE_CLONED))
            duplicated = true;

        else
            try {
                CFG cfg = classContext.getCFG(method);
                if (cfg.getLocationsContainingInstructionWithOffset(pc).size() > 1) {
                    propertySet.addProperty(NullDerefProperty.DEREFS_ARE_INLINED_FINALLY_BLOCKS);
                    duplicated = true;
                }
            } catch (CFGBuilderException e) {
                AnalysisContext.logError("Error while analyzing " + classContext.getFullyQualifiedMethodName(method), e);
            }
    }
    return duplicated;
}
 
开发者ID:ytus,项目名称:findbugs-all-the-bugs,代码行数:26,代码来源:FindNullDeref.java


示例10: buildResourceCollection

import edu.umd.cs.findbugs.ba.CFG; //导入依赖的package包/类
private ResourceCollection<Resource> buildResourceCollection(ClassContext classContext, Method method,
        ResourceTrackerType resourceTracker) throws CFGBuilderException, DataflowAnalysisException {

    ResourceCollection<Resource> resourceCollection = new ResourceCollection<Resource>();

    CFG cfg = classContext.getCFG(method);
    ConstantPoolGen cpg = classContext.getConstantPoolGen();

    for (Iterator<Location> i = cfg.locationIterator(); i.hasNext();) {
        Location location = i.next();
        Resource resource = resourceTracker.isResourceCreation(location.getBasicBlock(), location.getHandle(), cpg);
        if (resource != null)
            resourceCollection.addCreatedResource(location, resource);
    }

    return resourceCollection;
}
 
开发者ID:ytus,项目名称:findbugs-all-the-bugs,代码行数:18,代码来源:ResourceTrackingDetector.java


示例11: analyze

import edu.umd.cs.findbugs.ba.CFG; //导入依赖的package包/类
public LiveLocalStoreDataflow analyze(IAnalysisCache analysisCache, MethodDescriptor descriptor)
        throws CheckedAnalysisException {
    MethodGen methodGen = getMethodGen(analysisCache, descriptor);
    if (methodGen == null) {
        return null;
    }
    CFG cfg = getCFG(analysisCache, descriptor);

    ReverseDepthFirstSearch rdfs = getReverseDepthFirstSearch(analysisCache, descriptor);

    LiveLocalStoreAnalysis analysis = new LiveLocalStoreAnalysis(methodGen, rdfs, getDepthFirstSearch(analysisCache,
            descriptor));
    LiveLocalStoreDataflow dataflow = new LiveLocalStoreDataflow(cfg, analysis);

    dataflow.execute();
    if (ClassContext.DUMP_DATAFLOW_ANALYSIS) {
        ClassContext.dumpLiveLocalStoreDataflow(descriptor, cfg, dataflow);

    }
    return dataflow;
}
 
开发者ID:ytus,项目名称:findbugs-all-the-bugs,代码行数:22,代码来源:LiveLocalStoreDataflowFactory.java


示例12: visitClass

import edu.umd.cs.findbugs.ba.CFG; //导入依赖的package包/类
public void visitClass(ClassDescriptor classDescriptor) throws CheckedAnalysisException {
    IAnalysisCache analysisCache = Global.getAnalysisCache();

    JavaClass jclass = analysisCache.getClassAnalysis(JavaClass.class, classDescriptor);
    classContext = analysisCache.getClassAnalysis(ClassContext.class, classDescriptor);

    for (Method m : classContext.getMethodsInCallOrder()) {
        if (m.getCode() == null) {
            continue;
        }
        method = m;

        MethodDescriptor methodDescriptor = BCELUtil.getMethodDescriptor(jclass, method);

        // Try to get MethodGen. If we can't get one,
        // then this method should be skipped.
        MethodGen methodGen = analysisCache.getMethodAnalysis(MethodGen.class, methodDescriptor);
        if (methodGen == null) {
            continue;
        }

        CFG cfg = analysisCache.getMethodAnalysis(CFG.class, methodDescriptor);
        visitMethodCFG(methodDescriptor, cfg);
    }
}
 
开发者ID:ytus,项目名称:findbugs-all-the-bugs,代码行数:26,代码来源:CFGDetector.java


示例13: IsNullValueAnalysis

import edu.umd.cs.findbugs.ba.CFG; //导入依赖的package包/类
public IsNullValueAnalysis(MethodDescriptor descriptor, MethodGen methodGen, CFG cfg, ValueNumberDataflow vnaDataflow,
        TypeDataflow typeDataflow, DepthFirstSearch dfs, AssertionMethods assertionMethods) {
    super(dfs);

    this.trackValueNumbers = AnalysisContext.currentAnalysisContext().getBoolProperty(
            AnalysisFeatures.TRACK_VALUE_NUMBERS_IN_NULL_POINTER_ANALYSIS);

    this.methodGen = methodGen;
    this.visitor = new IsNullValueFrameModelingVisitor(methodGen.getConstantPool(), assertionMethods, vnaDataflow,
            typeDataflow, trackValueNumbers);
    this.vnaDataflow = vnaDataflow;
    this.cfg = cfg;
    this.locationWhereValueBecomesNullSet = new HashSet<LocationWhereValueBecomesNull>();
    this.pointerEqualityCheck = getForPointerEqualityCheck(cfg, vnaDataflow);

    if (DEBUG) {
        System.out.println("IsNullValueAnalysis for " + methodGen.getClassName() + "." + methodGen.getName() + " : "
                + methodGen.getSignature());
    }
}
 
开发者ID:ytus,项目名称:findbugs-all-the-bugs,代码行数:21,代码来源:IsNullValueAnalysis.java


示例14: buildCallMap

import edu.umd.cs.findbugs.ba.CFG; //导入依赖的package包/类
private static Map<InstructionHandle, Call> buildCallMap(CFG cfg, ConstantPoolGen cpg) {
    Map<InstructionHandle, Call> callMap = new HashMap<InstructionHandle, Call>();

    for (Iterator<Location> i = cfg.locationIterator(); i.hasNext();) {
        InstructionHandle handle = i.next().getHandle();
        Instruction ins = handle.getInstruction();

        if (ins instanceof InvokeInstruction) {
            InvokeInstruction inv = (InvokeInstruction) ins;
            Call call = new Call(inv.getClassName(cpg), inv.getName(cpg), inv.getSignature(cpg));
            callMap.put(handle, call);
        }
    }

    return callMap;
}
 
开发者ID:ytus,项目名称:findbugs-all-the-bugs,代码行数:17,代码来源:CallListAnalysis.java


示例15: TypeAnalysis

import edu.umd.cs.findbugs.ba.CFG; //导入依赖的package包/类
/**
 * Constructor.
 * 
 * @param method
 *            TODO
 * @param methodGen
 *            the MethodGen whose CFG we'll be analyzing
 * @param cfg
 *            the control flow graph
 * @param dfs
 *            DepthFirstSearch of the method
 * @param typeMerger
 *            object to merge types
 * @param visitor
 *            a TypeFrameModelingVisitor to use to model the effect of
 *            instructions
 * @param lookupFailureCallback
 *            lookup failure callback
 * @param exceptionSetFactory
 *            factory for creating ExceptionSet objects
 */
public TypeAnalysis(Method method, MethodGen methodGen, CFG cfg, DepthFirstSearch dfs, TypeMerger typeMerger,
        TypeFrameModelingVisitor visitor, RepositoryLookupFailureCallback lookupFailureCallback,
        ExceptionSetFactory exceptionSetFactory) {
    super(dfs);
    this.method = method;
    Code code = method.getCode();
    if (code == null)
        throw new IllegalArgumentException(method.getName() + " has no code");
    for (Attribute a : code.getAttributes()) {
        if (a instanceof LocalVariableTypeTable) 
            visitor.setLocalTypeTable((LocalVariableTypeTable) a);
    }
    this.methodGen = methodGen;
    this.cfg = cfg;
    this.typeMerger = typeMerger;
    this.visitor = visitor;
    this.thrownExceptionSetMap = new HashMap<BasicBlock, CachedExceptionSet>();
    this.lookupFailureCallback = lookupFailureCallback;
    this.exceptionSetFactory = exceptionSetFactory;
    this.instanceOfCheckMap = new HashMap<BasicBlock, InstanceOfCheck>();
    if (DEBUG) {
        System.out.println("\n\nAnalyzing " + methodGen);
    }
}
 
开发者ID:ytus,项目名称:findbugs-all-the-bugs,代码行数:46,代码来源:TypeAnalysis.java


示例16: scan

import edu.umd.cs.findbugs.ba.CFG; //导入依赖的package包/类
/**
 * Scan a method for self call sites.
 *
 * @param node the CallGraphNode for the method to be scanned
 */
private void scan(CallGraphNode node) throws CFGBuilderException {
	Method method = node.getMethod();
	CFG cfg = classContext.getCFG(method);

	if (method.isSynchronized())
		hasSynchronization = true;

	Iterator<BasicBlock> i = cfg.blockIterator();
	while (i.hasNext()) {
		BasicBlock block = i.next();
		Iterator<InstructionHandle> j = block.instructionIterator();
		while (j.hasNext()) {
			InstructionHandle handle = j.next();

			Instruction ins = handle.getInstruction();
			if (ins instanceof InvokeInstruction) {
				InvokeInstruction inv = (InvokeInstruction) ins;
				Method called = isSelfCall(inv);
				if (called != null) {
					// Add edge to call graph
					CallSite callSite = new CallSite(method, block, handle);
					callGraph.createEdge(node, callGraph.getNodeForMethod(called), callSite);

					// Add to called method set
					calledMethodSet.add(called);
				}
			} else if (ins instanceof MONITORENTER || ins instanceof MONITOREXIT) {
				hasSynchronization = true;
			}
		}
	}
}
 
开发者ID:parabuild-ci,项目名称:parabuild-ci,代码行数:38,代码来源:SelfCalls.java


示例17: analyzeMethod

import edu.umd.cs.findbugs.ba.CFG; //导入依赖的package包/类
private void analyzeMethod(Method m, ClassContext classContext) throws CFGBuilderException{
    JavaClass clazz = classContext.getJavaClass();
    ConstantPoolGen cpg = classContext.getConstantPoolGen();
    CFG cfg = classContext.getCFG(m);

    for (Iterator<Location> i = cfg.locationIterator(); i.hasNext(); ) {
        Location loc = i.next();
        Instruction inst = loc.getHandle().getInstruction();

        if (inst instanceof INVOKEVIRTUAL) {
            INVOKEVIRTUAL invoke = (INVOKEVIRTUAL)inst;
            if( "java.lang.StringBuilder".equals(invoke.getClassName(cpg)) && "append".equals(invoke.getMethodName(cpg))) {
                Instruction prev = loc.getHandle().getPrev().getInstruction();

                if (prev instanceof LDC) {
                    LDC ldc = (LDC)prev;
                    Object value = ldc.getValue(cpg);

                    if (value instanceof String) {
                        String v = (String)value;

                        if ("redirect:".equals(v)) {
                            BugInstance bug = new BugInstance(this, SPRING_UNVALIDATED_REDIRECT_TYPE, Priorities.NORMAL_PRIORITY);
                            bug.addClass(clazz).addMethod(clazz,m).addSourceLine(classContext,m,loc);
                            reporter.reportBug(bug);
                        }
                    }
                }
            }
        }
    }
}
 
开发者ID:blackarbiter,项目名称:Android_Code_Arbiter,代码行数:33,代码来源:SpringUnvalidatedRedirectDetector.java


示例18: analyze

import edu.umd.cs.findbugs.ba.CFG; //导入依赖的package包/类
@Override
public TaintDataflow analyze(IAnalysisCache cache, MethodDescriptor descriptor)
        throws CheckedAnalysisException {
    if(FindSecBugsGlobalConfig.getInstance().isDebugPrintInstructionVisited() || FindSecBugsGlobalConfig.getInstance().isDebugPrintInvocationVisited()) {
        System.out.println("==[ Method: "+descriptor.getName()+" ]==");
    }

    CFG cfg = cache.getMethodAnalysis(CFG.class, descriptor);
    DepthFirstSearch dfs = cache.getMethodAnalysis(DepthFirstSearch.class, descriptor);
    MethodGen methodGen = cache.getMethodAnalysis(MethodGen.class, descriptor);
    TaintAnalysis analysis = new TaintAnalysis(methodGen, dfs, descriptor, taintConfig);
    TaintDataflow flow = new TaintDataflow(cfg, analysis);
    flow.execute();
    analysis.finishAnalysis();
    if (CONFIG.isDebugOutputTaintConfigs() && writer != null) {
        TaintMethodConfig derivedConfig = taintConfig.get(getSlashedMethodName(methodGen));
        if (derivedConfig != null) {
            try {
                writer.append(getSlashedMethodName(methodGen) + ":" + derivedConfig + "\n");
                writer.flush();
            } catch (IOException ex) {
                AnalysisContext.logError("Cannot write derived configs", ex);
            }
        }
    }
    return flow;
}
 
开发者ID:blackarbiter,项目名称:Android_Code_Arbiter,代码行数:28,代码来源:TaintDataflowEngine.java


示例19: analyzeMethod

import edu.umd.cs.findbugs.ba.CFG; //导入依赖的package包/类
private void analyzeMethod(Method m, ClassContext classContext) throws CFGBuilderException, DataflowAnalysisException {

        ConstantPoolGen cpg = classContext.getConstantPoolGen();
        CFG cfg = classContext.getCFG(m);
        
        for (Iterator<Location> i = cfg.locationIterator(); i.hasNext(); ) {
            Location location = i.next();

            Instruction inst = location.getHandle().getInstruction();

            if (inst instanceof INVOKEINTERFACE) {
                INVOKEINTERFACE invoke = (INVOKEINTERFACE) inst;
                String methodName = invoke.getMethodName(cpg);
                String className = invoke.getClassName(cpg);

                if (className.equals("javax.servlet.http.HttpServletResponse") &&
                   (methodName.equals("addHeader") || methodName.equals("setHeader"))) {

                    LDC ldc = ByteCode.getPrevInstruction(location.getHandle().getPrev(), LDC.class);
                    if (ldc != null) {
                        String headerValue = ByteCode.getConstantLDC(location.getHandle().getPrev(), cpg, String.class);
                        if ("Access-Control-Allow-Origin".equalsIgnoreCase((String)ldc.getValue(cpg)) &&
                            (headerValue.contains("*") || "null".equalsIgnoreCase(headerValue))) {

                            JavaClass clz = classContext.getJavaClass();
                            bugReporter.reportBug(new BugInstance(this, PERMISSIVE_CORS, Priorities.HIGH_PRIORITY)
                            .addClass(clz)
                            .addMethod(clz, m)
                            .addSourceLine(classContext, m, location));
                        }
                    }
                }
            }
        }         
        
    }
 
开发者ID:blackarbiter,项目名称:Android_Code_Arbiter,代码行数:37,代码来源:PermissiveCORSDetector.java


示例20: allow_All_Hostname_Verify

import edu.umd.cs.findbugs.ba.CFG; //导入依赖的package包/类
private void allow_All_Hostname_Verify(ClassContext classContext, JavaClass javaClass, Method m){
        ConstantPoolGen cpg = classContext.getConstantPoolGen();
        CFG cfg = null;
        try {
            cfg = classContext.getCFG(m);
        } catch (CFGBuilderException e) {
            e.printStackTrace();
        }

        for (Iterator<Location> i = cfg.locationIterator(); i.hasNext(); ) {
            Location loc = i.next();
            //ByteCode.printOpCode(loc.getHandle().getInstruction(), cpg);

            Instruction inst = loc.getHandle().getInstruction();
            if (inst instanceof GETSTATIC) {
                GETSTATIC invoke = (GETSTATIC) inst;
//                        System.out.println(invoke.getClassName(cpg));
//                        System.out.println(invoke.getName(cpg));
//                        System.out.println(invoke.getSignature(cpg));
//                if("org.apache.http.conn.ssl.SSLSocketFactory".equals(invoke.getClassName(cpg)) &&
//                        "Lorg/apache/http/conn/ssl/X509HostnameVerifier;".equals(invoke.getSignature(cpg)) &&
//                        "ALLOW_ALL_HOSTNAME_VERIFIER".equals(invoke.getName(cpg))){
                if("ALLOW_ALL_HOSTNAME_VERIFIER".equals(invoke.getName(cpg))){
                    bugReporter.reportBug(new BugInstance(this, WEAK_HOSTNAME_VERIFIER_TYPE, Priorities.NORMAL_PRIORITY)
                            .addClassAndMethod(javaClass, m));
                }
            }
        }
    }
 
开发者ID:blackarbiter,项目名称:Android_Code_Arbiter,代码行数:30,代码来源:WeakTrustManagerDetector.java



注:本文中的edu.umd.cs.findbugs.ba.CFG类示例整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。


鲜花

握手

雷人

路过

鸡蛋
该文章已有0人参与评论

请发表评论

全部评论

专题导读
上一篇:
Java ParseProblem类代码示例发布时间:2022-05-22
下一篇:
Java ResolvedLink类代码示例发布时间:2022-05-22
热门推荐
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap