本文整理汇总了Java中edu.umd.cs.findbugs.ba.CFG类的典型用法代码示例。如果您正苦于以下问题:Java CFG类的具体用法?Java CFG怎么用?Java CFG使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
CFG类属于edu.umd.cs.findbugs.ba包,在下文中一共展示了CFG类的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的Java代码示例。
示例1: hasCustomReadObject
import edu.umd.cs.findbugs.ba.CFG; //导入依赖的package包/类
/**
* Check if the readObject is doing multiple external call beyond the basic readByte, readBoolean, etc..
* @param m
* @param classContext
* @return
* @throws CFGBuilderException
* @throws DataflowAnalysisException
*/
private boolean hasCustomReadObject(Method m, ClassContext classContext,List<String> classesToIgnore)
throws CFGBuilderException, DataflowAnalysisException {
ConstantPoolGen cpg = classContext.getConstantPoolGen();
CFG cfg = classContext.getCFG(m);
int count = 0;
for (Iterator<Location> i = cfg.locationIterator(); i.hasNext(); ) {
Location location = i.next();
Instruction inst = location.getHandle().getInstruction();
//ByteCode.printOpCode(inst,cpg);
if(inst instanceof InvokeInstruction) {
InvokeInstruction invoke = (InvokeInstruction) inst;
if (!READ_DESERIALIZATION_METHODS.contains(invoke.getMethodName(cpg))
&& !classesToIgnore.contains(invoke.getClassName(cpg))) {
count +=1;
}
}
}
return count > 3;
}
开发者ID:blackarbiter,项目名称:Android_Code_Arbiter,代码行数:28,代码来源:DeserializationGadgetDetector.java
示例2: analyzeMethod
import edu.umd.cs.findbugs.ba.CFG; //导入依赖的package包/类
private void analyzeMethod(Method m, ClassContext classContext) throws CFGBuilderException, DataflowAnalysisException {
MethodGen methodGen = classContext.getMethodGen(m);
ConstantPoolGen cpg = classContext.getConstantPoolGen();
CFG cfg = classContext.getCFG(m);
if (methodGen == null || methodGen.getInstructionList() == null) {
return; //No instruction .. nothing to do
}
for (Iterator<Location> i = cfg.locationIterator(); i.hasNext(); ) {
Location location = i.next();
Instruction inst = location.getHandle().getInstruction();
if (inst instanceof InvokeInstruction) {
InvokeInstruction invoke = (InvokeInstruction) inst;
String methodName = invoke.getMethodName(cpg);
if ("enableDefaultTyping".equals(methodName)) {
JavaClass clz = classContext.getJavaClass();
bugReporter.reportBug(new BugInstance(this, DESERIALIZATION_TYPE, HIGH_PRIORITY)
.addClass(clz)
.addMethod(clz, m)
.addCalledMethod(cpg, invoke)
.addSourceLine(classContext, m, location)
);
}
}
}
}
开发者ID:blackarbiter,项目名称:Android_Code_Arbiter,代码行数:27,代码来源:UnsafeJacksonDeserializationDetector.java
示例3: analyzeMethod
import edu.umd.cs.findbugs.ba.CFG; //导入依赖的package包/类
private void analyzeMethod(Method m, ClassContext classContext) throws CFGBuilderException, DataflowAnalysisException {
ConstantPoolGen cpg = classContext.getConstantPoolGen();
CFG cfg = classContext.getCFG(m);
for (Iterator<Location> i = cfg.locationIterator(); i.hasNext(); ) {
Location location = i.next();
Instruction inst = location.getHandle().getInstruction();
if (inst instanceof LDC) {
LDC ldc = (LDC) inst;
if (ldc != null) {
if("java.naming.security.authentication".equals(ldc.getValue(cpg)) &&
"none".equals(ByteCode.getConstantLDC(location.getHandle().getNext(), cpg, String.class))){
JavaClass clz = classContext.getJavaClass();
bugReporter.reportBug(new BugInstance(this, LDAP_ANONYMOUS, Priorities.LOW_PRIORITY) //
.addClass(clz)
.addMethod(clz, m)
.addSourceLine(classContext, m, location));
break;
}
}
}
}
}
开发者ID:blackarbiter,项目名称:Android_Code_Arbiter,代码行数:27,代码来源:AnonymousLdapDetector.java
示例4: countLocalStoresLoadsAndIncrements
import edu.umd.cs.findbugs.ba.CFG; //导入依赖的package包/类
/**
* Count stores, loads, and increments of local variables in method whose
* CFG is given.
*
* @param localStoreCount
* counts of local stores (indexed by local)
* @param localLoadCount
* counts of local loads (indexed by local)
* @param localIncrementCount
* counts of local increments (indexed by local)
* @param cfg
* control flow graph (CFG) of method
*/
private void countLocalStoresLoadsAndIncrements(int[] localStoreCount, int[] localLoadCount, int[] localIncrementCount,
CFG cfg) {
for (Iterator<Location> i = cfg.locationIterator(); i.hasNext();) {
Location location = i.next();
if (location.getBasicBlock().isExceptionHandler())
continue;
boolean isStore = isStore(location);
boolean isLoad = isLoad(location);
if (!isStore && !isLoad)
continue;
IndexedInstruction ins = (IndexedInstruction) location.getHandle().getInstruction();
int local = ins.getIndex();
if (ins instanceof IINC) {
localStoreCount[local]++;
localLoadCount[local]++;
localIncrementCount[local]++;
} else if (isStore)
localStoreCount[local]++;
else
localLoadCount[local]++;
}
}
开发者ID:ytus,项目名称:findbugs-all-the-bugs,代码行数:39,代码来源:FindDeadLocalStores.java
示例5: checkForConflictingValues
import edu.umd.cs.findbugs.ba.CFG; //导入依赖的package包/类
private void checkForConflictingValues(XMethod xMethod, CFG cfg,
TypeQualifierValue typeQualifierValue, TypeQualifierValueSet forwardsFact, TypeQualifierValueSet backwardsFact,
Location locationToReport, Location locationWhereDoomedValueIsObserved, ValueNumberFrame vnaFrame) throws CheckedAnalysisException {
Set<ValueNumber> valueNumberSet = new HashSet<ValueNumber>();
valueNumberSet.addAll(forwardsFact.getValueNumbers());
valueNumberSet.addAll(backwardsFact.getValueNumbers());
for (ValueNumber vn : valueNumberSet) {
FlowValue forward = forwardsFact.getValue(vn);
FlowValue backward = backwardsFact.getValue(vn);
if (!FlowValue.valuesConflict(typeQualifierValue.isStrictQualifier() && !xMethod.isIdentity(), forward, backward))
continue;
if (DEBUG) {
System.out.println("Check " + vn + ": forward=" + forward + ", backward=" + backward + " at " + checkLocation);
forwardsFact.getValue(vn);
backwardsFact.getValue(vn);
}
emitDataflowWarning(xMethod, typeQualifierValue, forwardsFact, backwardsFact, vn, forward, backward,
locationToReport, locationWhereDoomedValueIsObserved, vnaFrame);
}
}
开发者ID:OpenNTF,项目名称:FindBug-for-Domino-Designer,代码行数:25,代码来源:CheckTypeQualifiers.java
示例6: getPreviousLocation
import edu.umd.cs.findbugs.ba.CFG; //导入依赖的package包/类
private @CheckForNull
Location getPreviousLocation(CFG cfg, Location startLocation, boolean skipNops) {
Location loc = startLocation;
InstructionHandle prev = getPreviousInstruction(loc.getHandle(), skipNops);
if (prev != null)
return new Location(prev, loc.getBasicBlock());
BasicBlock block = loc.getBasicBlock();
while (true) {
block = cfg.getPredecessorWithEdgeType(block, EdgeTypes.FALL_THROUGH_EDGE);
if (block == null)
return null;
InstructionHandle lastInstruction = block.getLastInstruction();
if (lastInstruction != null)
return new Location(lastInstruction, block);
}
}
开发者ID:OpenNTF,项目名称:FindBug-for-Domino-Designer,代码行数:17,代码来源:FindSqlInjection.java
示例7: isSafeValue
import edu.umd.cs.findbugs.ba.CFG; //导入依赖的package包/类
private boolean isSafeValue(Location location, ConstantPoolGen cpg) throws CFGBuilderException {
Instruction prevIns = location.getHandle().getInstruction();
if (prevIns instanceof LDC || prevIns instanceof GETSTATIC)
return true;
if (prevIns instanceof InvokeInstruction) {
String methodName = ((InvokeInstruction) prevIns).getMethodName(cpg);
if (methodName.startsWith("to") && methodName.endsWith("String") && methodName.length() > 8)
return true;
}
if (prevIns instanceof AALOAD) {
CFG cfg = classContext.getCFG(method);
Location prev = getPreviousLocation(cfg, location, true);
if (prev != null) {
Location prev2 = getPreviousLocation(cfg, prev, true);
if (prev2 != null && prev2.getHandle().getInstruction() instanceof GETSTATIC) {
GETSTATIC getStatic = (GETSTATIC) prev2.getHandle().getInstruction();
if (getStatic.getSignature(cpg).equals("[Ljava/lang/String;"))
return true;
}
}
}
return false;
}
开发者ID:ytus,项目名称:findbugs-all-the-bugs,代码行数:25,代码来源:FindSqlInjection.java
示例8: findThenFinish
import edu.umd.cs.findbugs.ba.CFG; //导入依赖的package包/类
private InstructionHandle findThenFinish(CFG cfg, BasicBlock thenBB, int elsePos) {
InstructionHandle inst = thenBB.getFirstInstruction();
while (inst == null) {
Iterator<Edge> ie = cfg.outgoingEdgeIterator(thenBB);
while (ie.hasNext()) {
Edge e = ie.next();
if (e.getType() == EdgeTypes.FALL_THROUGH_EDGE) {
thenBB = e.getTarget();
break;
}
}
inst = thenBB.getFirstInstruction();
}
InstructionHandle lastIns = inst;
while (inst.getPosition() < elsePos) {
lastIns = inst;
inst = inst.getNext();
}
return lastIns;
}
开发者ID:OpenNTF,项目名称:FindBug-for-Domino-Designer,代码行数:23,代码来源:DuplicateBranches.java
示例9: isDuplicated
import edu.umd.cs.findbugs.ba.CFG; //导入依赖的package包/类
/**
* @param propertySet
* @param pc
* @param isConsistent
* @return
*/
public boolean isDuplicated(WarningPropertySet<WarningProperty> propertySet, int pc, boolean isConsistent) {
boolean duplicated = false;
if (!isConsistent) {
if (propertySet.containsProperty(NullDerefProperty.DEREFS_ARE_CLONED))
duplicated = true;
else
try {
CFG cfg = classContext.getCFG(method);
if (cfg.getLocationsContainingInstructionWithOffset(pc).size() > 1) {
propertySet.addProperty(NullDerefProperty.DEREFS_ARE_INLINED_FINALLY_BLOCKS);
duplicated = true;
}
} catch (CFGBuilderException e) {
AnalysisContext.logError("Error while analyzing " + classContext.getFullyQualifiedMethodName(method), e);
}
}
return duplicated;
}
开发者ID:ytus,项目名称:findbugs-all-the-bugs,代码行数:26,代码来源:FindNullDeref.java
示例10: buildResourceCollection
import edu.umd.cs.findbugs.ba.CFG; //导入依赖的package包/类
private ResourceCollection<Resource> buildResourceCollection(ClassContext classContext, Method method,
ResourceTrackerType resourceTracker) throws CFGBuilderException, DataflowAnalysisException {
ResourceCollection<Resource> resourceCollection = new ResourceCollection<Resource>();
CFG cfg = classContext.getCFG(method);
ConstantPoolGen cpg = classContext.getConstantPoolGen();
for (Iterator<Location> i = cfg.locationIterator(); i.hasNext();) {
Location location = i.next();
Resource resource = resourceTracker.isResourceCreation(location.getBasicBlock(), location.getHandle(), cpg);
if (resource != null)
resourceCollection.addCreatedResource(location, resource);
}
return resourceCollection;
}
开发者ID:ytus,项目名称:findbugs-all-the-bugs,代码行数:18,代码来源:ResourceTrackingDetector.java
示例11: analyze
import edu.umd.cs.findbugs.ba.CFG; //导入依赖的package包/类
public LiveLocalStoreDataflow analyze(IAnalysisCache analysisCache, MethodDescriptor descriptor)
throws CheckedAnalysisException {
MethodGen methodGen = getMethodGen(analysisCache, descriptor);
if (methodGen == null) {
return null;
}
CFG cfg = getCFG(analysisCache, descriptor);
ReverseDepthFirstSearch rdfs = getReverseDepthFirstSearch(analysisCache, descriptor);
LiveLocalStoreAnalysis analysis = new LiveLocalStoreAnalysis(methodGen, rdfs, getDepthFirstSearch(analysisCache,
descriptor));
LiveLocalStoreDataflow dataflow = new LiveLocalStoreDataflow(cfg, analysis);
dataflow.execute();
if (ClassContext.DUMP_DATAFLOW_ANALYSIS) {
ClassContext.dumpLiveLocalStoreDataflow(descriptor, cfg, dataflow);
}
return dataflow;
}
开发者ID:ytus,项目名称:findbugs-all-the-bugs,代码行数:22,代码来源:LiveLocalStoreDataflowFactory.java
示例12: visitClass
import edu.umd.cs.findbugs.ba.CFG; //导入依赖的package包/类
public void visitClass(ClassDescriptor classDescriptor) throws CheckedAnalysisException {
IAnalysisCache analysisCache = Global.getAnalysisCache();
JavaClass jclass = analysisCache.getClassAnalysis(JavaClass.class, classDescriptor);
classContext = analysisCache.getClassAnalysis(ClassContext.class, classDescriptor);
for (Method m : classContext.getMethodsInCallOrder()) {
if (m.getCode() == null) {
continue;
}
method = m;
MethodDescriptor methodDescriptor = BCELUtil.getMethodDescriptor(jclass, method);
// Try to get MethodGen. If we can't get one,
// then this method should be skipped.
MethodGen methodGen = analysisCache.getMethodAnalysis(MethodGen.class, methodDescriptor);
if (methodGen == null) {
continue;
}
CFG cfg = analysisCache.getMethodAnalysis(CFG.class, methodDescriptor);
visitMethodCFG(methodDescriptor, cfg);
}
}
开发者ID:ytus,项目名称:findbugs-all-the-bugs,代码行数:26,代码来源:CFGDetector.java
示例13: IsNullValueAnalysis
import edu.umd.cs.findbugs.ba.CFG; //导入依赖的package包/类
public IsNullValueAnalysis(MethodDescriptor descriptor, MethodGen methodGen, CFG cfg, ValueNumberDataflow vnaDataflow,
TypeDataflow typeDataflow, DepthFirstSearch dfs, AssertionMethods assertionMethods) {
super(dfs);
this.trackValueNumbers = AnalysisContext.currentAnalysisContext().getBoolProperty(
AnalysisFeatures.TRACK_VALUE_NUMBERS_IN_NULL_POINTER_ANALYSIS);
this.methodGen = methodGen;
this.visitor = new IsNullValueFrameModelingVisitor(methodGen.getConstantPool(), assertionMethods, vnaDataflow,
typeDataflow, trackValueNumbers);
this.vnaDataflow = vnaDataflow;
this.cfg = cfg;
this.locationWhereValueBecomesNullSet = new HashSet<LocationWhereValueBecomesNull>();
this.pointerEqualityCheck = getForPointerEqualityCheck(cfg, vnaDataflow);
if (DEBUG) {
System.out.println("IsNullValueAnalysis for " + methodGen.getClassName() + "." + methodGen.getName() + " : "
+ methodGen.getSignature());
}
}
开发者ID:ytus,项目名称:findbugs-all-the-bugs,代码行数:21,代码来源:IsNullValueAnalysis.java
示例14: buildCallMap
import edu.umd.cs.findbugs.ba.CFG; //导入依赖的package包/类
private static Map<InstructionHandle, Call> buildCallMap(CFG cfg, ConstantPoolGen cpg) {
Map<InstructionHandle, Call> callMap = new HashMap<InstructionHandle, Call>();
for (Iterator<Location> i = cfg.locationIterator(); i.hasNext();) {
InstructionHandle handle = i.next().getHandle();
Instruction ins = handle.getInstruction();
if (ins instanceof InvokeInstruction) {
InvokeInstruction inv = (InvokeInstruction) ins;
Call call = new Call(inv.getClassName(cpg), inv.getName(cpg), inv.getSignature(cpg));
callMap.put(handle, call);
}
}
return callMap;
}
开发者ID:ytus,项目名称:findbugs-all-the-bugs,代码行数:17,代码来源:CallListAnalysis.java
示例15: TypeAnalysis
import edu.umd.cs.findbugs.ba.CFG; //导入依赖的package包/类
/**
* Constructor.
*
* @param method
* TODO
* @param methodGen
* the MethodGen whose CFG we'll be analyzing
* @param cfg
* the control flow graph
* @param dfs
* DepthFirstSearch of the method
* @param typeMerger
* object to merge types
* @param visitor
* a TypeFrameModelingVisitor to use to model the effect of
* instructions
* @param lookupFailureCallback
* lookup failure callback
* @param exceptionSetFactory
* factory for creating ExceptionSet objects
*/
public TypeAnalysis(Method method, MethodGen methodGen, CFG cfg, DepthFirstSearch dfs, TypeMerger typeMerger,
TypeFrameModelingVisitor visitor, RepositoryLookupFailureCallback lookupFailureCallback,
ExceptionSetFactory exceptionSetFactory) {
super(dfs);
this.method = method;
Code code = method.getCode();
if (code == null)
throw new IllegalArgumentException(method.getName() + " has no code");
for (Attribute a : code.getAttributes()) {
if (a instanceof LocalVariableTypeTable)
visitor.setLocalTypeTable((LocalVariableTypeTable) a);
}
this.methodGen = methodGen;
this.cfg = cfg;
this.typeMerger = typeMerger;
this.visitor = visitor;
this.thrownExceptionSetMap = new HashMap<BasicBlock, CachedExceptionSet>();
this.lookupFailureCallback = lookupFailureCallback;
this.exceptionSetFactory = exceptionSetFactory;
this.instanceOfCheckMap = new HashMap<BasicBlock, InstanceOfCheck>();
if (DEBUG) {
System.out.println("\n\nAnalyzing " + methodGen);
}
}
开发者ID:ytus,项目名称:findbugs-all-the-bugs,代码行数:46,代码来源:TypeAnalysis.java
示例16: scan
import edu.umd.cs.findbugs.ba.CFG; //导入依赖的package包/类
/**
* Scan a method for self call sites.
*
* @param node the CallGraphNode for the method to be scanned
*/
private void scan(CallGraphNode node) throws CFGBuilderException {
Method method = node.getMethod();
CFG cfg = classContext.getCFG(method);
if (method.isSynchronized())
hasSynchronization = true;
Iterator<BasicBlock> i = cfg.blockIterator();
while (i.hasNext()) {
BasicBlock block = i.next();
Iterator<InstructionHandle> j = block.instructionIterator();
while (j.hasNext()) {
InstructionHandle handle = j.next();
Instruction ins = handle.getInstruction();
if (ins instanceof InvokeInstruction) {
InvokeInstruction inv = (InvokeInstruction) ins;
Method called = isSelfCall(inv);
if (called != null) {
// Add edge to call graph
CallSite callSite = new CallSite(method, block, handle);
callGraph.createEdge(node, callGraph.getNodeForMethod(called), callSite);
// Add to called method set
calledMethodSet.add(called);
}
} else if (ins instanceof MONITORENTER || ins instanceof MONITOREXIT) {
hasSynchronization = true;
}
}
}
}
开发者ID:parabuild-ci,项目名称:parabuild-ci,代码行数:38,代码来源:SelfCalls.java
示例17: analyzeMethod
import edu.umd.cs.findbugs.ba.CFG; //导入依赖的package包/类
private void analyzeMethod(Method m, ClassContext classContext) throws CFGBuilderException{
JavaClass clazz = classContext.getJavaClass();
ConstantPoolGen cpg = classContext.getConstantPoolGen();
CFG cfg = classContext.getCFG(m);
for (Iterator<Location> i = cfg.locationIterator(); i.hasNext(); ) {
Location loc = i.next();
Instruction inst = loc.getHandle().getInstruction();
if (inst instanceof INVOKEVIRTUAL) {
INVOKEVIRTUAL invoke = (INVOKEVIRTUAL)inst;
if( "java.lang.StringBuilder".equals(invoke.getClassName(cpg)) && "append".equals(invoke.getMethodName(cpg))) {
Instruction prev = loc.getHandle().getPrev().getInstruction();
if (prev instanceof LDC) {
LDC ldc = (LDC)prev;
Object value = ldc.getValue(cpg);
if (value instanceof String) {
String v = (String)value;
if ("redirect:".equals(v)) {
BugInstance bug = new BugInstance(this, SPRING_UNVALIDATED_REDIRECT_TYPE, Priorities.NORMAL_PRIORITY);
bug.addClass(clazz).addMethod(clazz,m).addSourceLine(classContext,m,loc);
reporter.reportBug(bug);
}
}
}
}
}
}
}
开发者ID:blackarbiter,项目名称:Android_Code_Arbiter,代码行数:33,代码来源:SpringUnvalidatedRedirectDetector.java
示例18: analyze
import edu.umd.cs.findbugs.ba.CFG; //导入依赖的package包/类
@Override
public TaintDataflow analyze(IAnalysisCache cache, MethodDescriptor descriptor)
throws CheckedAnalysisException {
if(FindSecBugsGlobalConfig.getInstance().isDebugPrintInstructionVisited() || FindSecBugsGlobalConfig.getInstance().isDebugPrintInvocationVisited()) {
System.out.println("==[ Method: "+descriptor.getName()+" ]==");
}
CFG cfg = cache.getMethodAnalysis(CFG.class, descriptor);
DepthFirstSearch dfs = cache.getMethodAnalysis(DepthFirstSearch.class, descriptor);
MethodGen methodGen = cache.getMethodAnalysis(MethodGen.class, descriptor);
TaintAnalysis analysis = new TaintAnalysis(methodGen, dfs, descriptor, taintConfig);
TaintDataflow flow = new TaintDataflow(cfg, analysis);
flow.execute();
analysis.finishAnalysis();
if (CONFIG.isDebugOutputTaintConfigs() && writer != null) {
TaintMethodConfig derivedConfig = taintConfig.get(getSlashedMethodName(methodGen));
if (derivedConfig != null) {
try {
writer.append(getSlashedMethodName(methodGen) + ":" + derivedConfig + "\n");
writer.flush();
} catch (IOException ex) {
AnalysisContext.logError("Cannot write derived configs", ex);
}
}
}
return flow;
}
开发者ID:blackarbiter,项目名称:Android_Code_Arbiter,代码行数:28,代码来源:TaintDataflowEngine.java
示例19: analyzeMethod
import edu.umd.cs.findbugs.ba.CFG; //导入依赖的package包/类
private void analyzeMethod(Method m, ClassContext classContext) throws CFGBuilderException, DataflowAnalysisException {
ConstantPoolGen cpg = classContext.getConstantPoolGen();
CFG cfg = classContext.getCFG(m);
for (Iterator<Location> i = cfg.locationIterator(); i.hasNext(); ) {
Location location = i.next();
Instruction inst = location.getHandle().getInstruction();
if (inst instanceof INVOKEINTERFACE) {
INVOKEINTERFACE invoke = (INVOKEINTERFACE) inst;
String methodName = invoke.getMethodName(cpg);
String className = invoke.getClassName(cpg);
if (className.equals("javax.servlet.http.HttpServletResponse") &&
(methodName.equals("addHeader") || methodName.equals("setHeader"))) {
LDC ldc = ByteCode.getPrevInstruction(location.getHandle().getPrev(), LDC.class);
if (ldc != null) {
String headerValue = ByteCode.getConstantLDC(location.getHandle().getPrev(), cpg, String.class);
if ("Access-Control-Allow-Origin".equalsIgnoreCase((String)ldc.getValue(cpg)) &&
(headerValue.contains("*") || "null".equalsIgnoreCase(headerValue))) {
JavaClass clz = classContext.getJavaClass();
bugReporter.reportBug(new BugInstance(this, PERMISSIVE_CORS, Priorities.HIGH_PRIORITY)
.addClass(clz)
.addMethod(clz, m)
.addSourceLine(classContext, m, location));
}
}
}
}
}
}
开发者ID:blackarbiter,项目名称:Android_Code_Arbiter,代码行数:37,代码来源:PermissiveCORSDetector.java
示例20: allow_All_Hostname_Verify
import edu.umd.cs.findbugs.ba.CFG; //导入依赖的package包/类
private void allow_All_Hostname_Verify(ClassContext classContext, JavaClass javaClass, Method m){
ConstantPoolGen cpg = classContext.getConstantPoolGen();
CFG cfg = null;
try {
cfg = classContext.getCFG(m);
} catch (CFGBuilderException e) {
e.printStackTrace();
}
for (Iterator<Location> i = cfg.locationIterator(); i.hasNext(); ) {
Location loc = i.next();
//ByteCode.printOpCode(loc.getHandle().getInstruction(), cpg);
Instruction inst = loc.getHandle().getInstruction();
if (inst instanceof GETSTATIC) {
GETSTATIC invoke = (GETSTATIC) inst;
// System.out.println(invoke.getClassName(cpg));
// System.out.println(invoke.getName(cpg));
// System.out.println(invoke.getSignature(cpg));
// if("org.apache.http.conn.ssl.SSLSocketFactory".equals(invoke.getClassName(cpg)) &&
// "Lorg/apache/http/conn/ssl/X509HostnameVerifier;".equals(invoke.getSignature(cpg)) &&
// "ALLOW_ALL_HOSTNAME_VERIFIER".equals(invoke.getName(cpg))){
if("ALLOW_ALL_HOSTNAME_VERIFIER".equals(invoke.getName(cpg))){
bugReporter.reportBug(new BugInstance(this, WEAK_HOSTNAME_VERIFIER_TYPE, Priorities.NORMAL_PRIORITY)
.addClassAndMethod(javaClass, m));
}
}
}
}
开发者ID:blackarbiter,项目名称:Android_Code_Arbiter,代码行数:30,代码来源:WeakTrustManagerDetector.java
注:本文中的edu.umd.cs.findbugs.ba.CFG类示例整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。 |
请发表评论