Java Code Examples for org.apache.bcel.generic.InvokeInstruction#getMethodName()
The following examples show how to use
org.apache.bcel.generic.InvokeInstruction#getMethodName() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: UnsafeJacksonDeserializationDetector.java From Android_Code_Arbiter with GNU Lesser General Public License v3.0 | 6 votes |
private void analyzeMethod(Method m, ClassContext classContext) throws CFGBuilderException, DataflowAnalysisException { MethodGen methodGen = classContext.getMethodGen(m); ConstantPoolGen cpg = classContext.getConstantPoolGen(); CFG cfg = classContext.getCFG(m); if (methodGen == null || methodGen.getInstructionList() == null) { return; //No instruction .. nothing to do } for (Iterator<Location> i = cfg.locationIterator(); i.hasNext(); ) { Location location = i.next(); Instruction inst = location.getHandle().getInstruction(); if (inst instanceof InvokeInstruction) { InvokeInstruction invoke = (InvokeInstruction) inst; String methodName = invoke.getMethodName(cpg); if ("enableDefaultTyping".equals(methodName)) { JavaClass clz = classContext.getJavaClass(); bugReporter.reportBug(new BugInstance(this, DESERIALIZATION_TYPE, HIGH_PRIORITY) .addClass(clz) .addMethod(clz, m) .addCalledMethod(cpg, invoke) .addSourceLine(classContext, m, location) ); } } } }
Example 2
Source File: FindUseOfNonSerializableValue.java From spotbugs with GNU Lesser General Public License v2.1 | 6 votes |
@CheckForNull Use getUse(ConstantPoolGen cpg, Instruction ins) { if (ins instanceof InvokeInstruction) { InvokeInstruction invoke = (InvokeInstruction) ins; String mName = invoke.getMethodName(cpg); String cName = invoke.getClassName(cpg); if ("setAttribute".equals(mName) && "javax.servlet.http.HttpSession".equals(cName)) { return Use.STORE_INTO_HTTP_SESSION; } if ("writeObject".equals(mName) && ("java.io.ObjectOutput".equals(cName) || "java.io.ObjectOutputStream".equals(cName))) { return Use.PASSED_TO_WRITE_OBJECT; } } return null; }
Example 3
Source File: TaintFrameModelingVisitor.java From Android_Code_Arbiter with GNU Lesser General Public License v3.0 | 5 votes |
private TaintMethodConfig getMethodConfig(InvokeInstruction obj) { String signature = obj.getSignature(cpg); String returnType = getReturnType(signature); String className = getInstanceClassName(obj); String methodName = obj.getMethodName(cpg); String methodId = "." + methodName + signature; TaintMethodConfig config = taintConfig.getMethodConfig(getFrame(), methodDescriptor, className, methodId); if (config != null) { config = getConfigWithReplaceTags(config, className, methodName); } if (config != null && config.isConfigured()) { return config; } if (taintConfig.isClassTaintSafe(returnType)) { return TaintMethodConfig.SAFE_CONFIG; } if (config != null) { return config; } if (Constants.CONSTRUCTOR_NAME.equals(methodName) && !taintConfig.isClassTaintSafe("L" + className + ";")) { try { int stackSize = getFrame().getNumArgumentsIncludingObjectInstance(obj, cpg); return TaintMethodConfig.getDefaultConstructorConfig(stackSize); } catch (DataflowAnalysisException ex) { throw new InvalidBytecodeException(ex.getMessage(), ex); } } return null; }
Example 4
Source File: TaintFrameModelingVisitor.java From Android_Code_Arbiter with GNU Lesser General Public License v3.0 | 5 votes |
private TaintLocation getTaintLocation() { Instruction inst = getLocation().getHandle().getInstruction(); if(inst instanceof InvokeInstruction) { InvokeInstruction invoke = (InvokeInstruction) inst; String sig = invoke.getClassName(cpg).replaceAll("\\.","/") + "." + invoke.getMethodName(cpg) + invoke.getSignature(cpg); return new TaintLocation(methodDescriptor, getLocation().getHandle().getPosition(), sig); } return new TaintLocation(methodDescriptor, getLocation().getHandle().getPosition(), "Oups!!"); }
Example 5
Source File: ObjectDeserializationDetector.java From Android_Code_Arbiter with GNU Lesser General Public License v3.0 | 5 votes |
private void analyzeMethod(Method m, ClassContext classContext) throws CFGBuilderException, DataflowAnalysisException { MethodGen methodGen = classContext.getMethodGen(m); ConstantPoolGen cpg = classContext.getConstantPoolGen(); CFG cfg = classContext.getCFG(m); if (methodGen == null || methodGen.getInstructionList() == null) { return; //No instruction .. nothing to do } for (Iterator<Location> i = cfg.locationIterator(); i.hasNext(); ) { Location location = i.next(); Instruction inst = location.getHandle().getInstruction(); // if (inst instanceof InvokeInstruction) { // System.out.println(inst.getName()); InvokeInstruction invoke = (InvokeInstruction) inst; String className = invoke.getClassName(cpg); if ("java.io.ObjectInputStream".equals(className) || className.contains("InputStream") || InterfaceUtils.isSubtype(className, "java.io.ObjectInputStream")) { String methodName = invoke.getMethodName(cpg); if (OBJECT_INPUTSTREAM_READ_METHODS.contains(methodName)) { JavaClass clz = classContext.getJavaClass(); bugReporter.reportBug(new BugInstance(this, OBJECT_DESERIALIZATION_TYPE, HIGH_PRIORITY) // .addClass(clz).addMethod(clz, m).addSourceLine(classContext,m,location)); } } } } }
Example 6
Source File: SelfCalls.java From spotbugs with GNU Lesser General Public License v2.1 | 5 votes |
/** * Is the given instruction a self-call? */ private Method isSelfCall(InvokeInstruction inv) { ConstantPoolGen cpg = classContext.getConstantPoolGen(); JavaClass jclass = classContext.getJavaClass(); String calledClassName = inv.getClassName(cpg); // FIXME: is it possible we would see a superclass name here? // Not a big deal for now, as we are mostly just interested in calls // to private methods, for which we will definitely see the right // called class name. if (!calledClassName.equals(jclass.getClassName())) { return null; } String calledMethodName = inv.getMethodName(cpg); String calledMethodSignature = inv.getSignature(cpg); boolean isStaticCall = (inv instanceof INVOKESTATIC); // Scan methods for one that matches. Method[] methods = jclass.getMethods(); for (Method method : methods) { String methodName = method.getName(); String signature = method.getSignature(); boolean isStatic = method.isStatic(); if (methodName.equals(calledMethodName) && signature.equals(calledMethodSignature) && isStatic == isStaticCall) { // This method looks like a match. return wantCallsFor(method) ? method : null; } } // Hmm...no matching method found. // This is almost certainly because the named method // was inherited from a superclass. LOG.debug("No method found for {}.{} : {}", calledClassName, calledMethodName, calledMethodSignature); return null; }
Example 7
Source File: BCELFactory.java From commons-bcel with Apache License 2.0 | 5 votes |
@Override public void visitInvokeInstruction( final InvokeInstruction i ) { final short opcode = i.getOpcode(); final String class_name = i.getClassName(_cp); final String method_name = i.getMethodName(_cp); final Type type = i.getReturnType(_cp); final Type[] arg_types = i.getArgumentTypes(_cp); _out.println("il.append(_factory.createInvoke(\"" + class_name + "\", \"" + method_name + "\", " + BCELifier.printType(type) + ", " + BCELifier.printArgumentTypes(arg_types) + ", " + CONSTANT_PREFIX + Const.getOpcodeName(opcode).toUpperCase(Locale.ENGLISH) + "));"); }
Example 8
Source File: Hierarchy.java From spotbugs with GNU Lesser General Public License v2.1 | 5 votes |
/** * Determine if given Instruction is a monitor wait. * * @param ins * the Instruction * @param cpg * the ConstantPoolGen for the Instruction * * @return true if the instruction is a monitor wait, false if not */ public static boolean isMonitorNotify(Instruction ins, ConstantPoolGen cpg) { if (!(ins instanceof InvokeInstruction)) { return false; } if (ins.getOpcode() == Const.INVOKESTATIC) { return false; } InvokeInstruction inv = (InvokeInstruction) ins; String methodName = inv.getMethodName(cpg); String methodSig = inv.getSignature(cpg); return isMonitorNotify(methodName, methodSig); }
Example 9
Source File: Hierarchy.java From spotbugs with GNU Lesser General Public License v2.1 | 5 votes |
/** * Determine if given Instruction is a monitor wait. * * @param ins * the Instruction * @param cpg * the ConstantPoolGen for the Instruction * * @return true if the instruction is a monitor wait, false if not */ public static boolean isMonitorWait(Instruction ins, ConstantPoolGen cpg) { if (!(ins instanceof InvokeInstruction)) { return false; } if (ins.getOpcode() == Const.INVOKESTATIC) { return false; } InvokeInstruction inv = (InvokeInstruction) ins; String methodName = inv.getMethodName(cpg); String methodSig = inv.getSignature(cpg); return isMonitorWait(methodName, methodSig); }
Example 10
Source File: FindRefComparison.java From spotbugs with GNU Lesser General Public License v2.1 | 5 votes |
public MethodDescriptor getInvokedMethod(ConstantPoolGen cpg, InvokeInstruction inv) { String invoked = inv.getClassName(cpg); String methodName = inv.getMethodName(cpg); String methodSig = inv.getSignature(cpg); MethodDescriptor invokedMethod = DescriptorFactory.instance().getMethodDescriptor(ClassName.toSlashedClassName(invoked), methodName, methodSig, inv instanceof INVOKESTATIC); return invokedMethod; }
Example 11
Source File: StreamFrameModelingVisitor.java From spotbugs with GNU Lesser General Public License v2.1 | 5 votes |
@Override protected boolean instanceEscapes(InvokeInstruction inv, int instanceArgNum) { ConstantPoolGen cpg = getCPG(); String className = inv.getClassName(cpg); // System.out.print("[Passed as arg="+instanceArgNum+" at " + inv + // "]"); boolean escapes = (inv.getOpcode() == Const.INVOKESTATIC || instanceArgNum != 0); String methodName = inv.getMethodName(cpg); String methodSig = inv.getSignature(cpg); if (inv.getOpcode() == Const.INVOKEVIRTUAL && ("load".equals(methodName) || "loadFromXml".equals(methodName) || "store".equals(methodName) || "save".equals(methodName)) && "java.util.Properties".equals(className)) { escapes = false; } if (inv.getOpcode() == Const.INVOKEVIRTUAL && ("load".equals(methodName) || "store".equals(methodName)) && "java.security.KeyStore".equals(className)) { escapes = false; } if (inv.getOpcode() == Const.INVOKEVIRTUAL && "getChannel".equals(methodName) && "()Ljava/nio/channels/FileChannel;".equals(methodSig)) { escapes = true; } if (FindOpenStream.DEBUG && escapes) { System.out.println("ESCAPE at " + location + " at call to " + className + "." + methodName + ":" + methodSig); } // Record the fact that this might be a stream escape if (stream.getOpenLocation() != null) { resourceTracker.addStreamEscape(stream, location); } return escapes; }
Example 12
Source File: FindNullDeref.java From spotbugs with GNU Lesser General Public License v2.1 | 5 votes |
boolean callToAssertionMethod(Location loc) { InstructionHandle h = loc.getHandle(); int firstPos = h.getPosition(); LineNumberTable ln = method.getLineNumberTable(); int firstLine = ln == null ? -1 : ln.getSourceLine(firstPos); while (h != null) { int pos = h.getPosition(); if (ln == null) { if (pos > firstPos + 15) { break; } } else { int line = ln.getSourceLine(pos); if (line != firstLine) { break; } } Instruction i = h.getInstruction(); if (i instanceof InvokeInstruction) { InvokeInstruction ii = (InvokeInstruction) i; String name = ii.getMethodName(classContext.getConstantPoolGen()); if (name.startsWith("check") || name.startsWith("assert")) { return true; } } h = h.getNext(); } return false; }
Example 13
Source File: Invoke.java From spotbugs with GNU Lesser General Public License v2.1 | 4 votes |
@Override public MatchResult match(InstructionHandle handle, ConstantPoolGen cpg, ValueNumberFrame before, ValueNumberFrame after, BindingSet bindingSet) throws DataflowAnalysisException { // See if the instruction is an InvokeInstruction Instruction ins = handle.getInstruction(); if (!(ins instanceof InvokeInstruction)) { return null; } InvokeInstruction inv = (InvokeInstruction) ins; String methodName = inv.getMethodName(cpg); boolean isStatic = inv.getOpcode() == Const.INVOKESTATIC; boolean isCtor = Const.CONSTRUCTOR_NAME.equals(methodName); int actualMode = 0; if (isStatic) { actualMode |= STATIC; } if (isCtor) { actualMode |= CONSTRUCTOR; } if (!isStatic && !isCtor) { actualMode |= INSTANCE; } // Intersection of actual and desired modes must be nonempty. if ((actualMode & mode) == 0) { return null; } // Check class name, method name, and method signature. if (!methodNameMatcher.match(methodName) || !methodSigMatcher.match(inv.getSignature(cpg)) || !classNameMatcher.match(inv.getClassName(cpg))) { return null; } // It's a match! return new MatchResult(this, bindingSet); }
Example 14
Source File: BasicInjectionDetector.java From Android_Code_Arbiter with GNU Lesser General Public License v3.0 | 4 votes |
private String getFullMethodName(InvokeInstruction invoke, ConstantPoolGen cpg) { return ClassName.toSlashedClassName(invoke.getReferenceType(cpg).toString()) + "." + invoke.getMethodName(cpg) + invoke.getSignature(cpg); }
Example 15
Source File: MethodDescriptor.java From spotbugs with GNU Lesser General Public License v2.1 | 4 votes |
public MethodDescriptor(InvokeInstruction iins, ConstantPoolGen cpg) { super(ClassName.toSlashedClassName(iins.getClassName(cpg)), iins.getMethodName(cpg), iins.getSignature(cpg), iins instanceof INVOKESTATIC); }
Example 16
Source File: FindNonSerializableValuePassedToWriteObject.java From spotbugs with GNU Lesser General Public License v2.1 | 4 votes |
private void analyzeMethod(ClassContext classContext, Method method) throws CFGBuilderException, DataflowAnalysisException { MethodGen methodGen = classContext.getMethodGen(method); if (methodGen == null) { return; } BitSet bytecodeSet = classContext.getBytecodeSet(method); if (bytecodeSet == null) { return; } // We don't adequately model instanceof interfaces yet if (bytecodeSet.get(Const.INSTANCEOF) || bytecodeSet.get(Const.CHECKCAST)) { return; } CFG cfg = classContext.getCFG(method); TypeDataflow typeDataflow = classContext.getTypeDataflow(method); ConstantPoolGen cpg = classContext.getConstantPoolGen(); String sourceFile = classContext.getJavaClass().getSourceFileName(); if (DEBUG) { String methodName = methodGen.getClassName() + "." + methodGen.getName(); System.out.println("Checking " + methodName); } for (Iterator<Location> i = cfg.locationIterator(); i.hasNext();) { Location location = i.next(); InstructionHandle handle = location.getHandle(); Instruction ins = handle.getInstruction(); if (!(ins instanceof InvokeInstruction)) { continue; } InvokeInstruction invoke = (InvokeInstruction) ins; String mName = invoke.getMethodName(cpg); if (!"writeObject".equals(mName)) { continue; } String cName = invoke.getClassName(cpg); if (!"java.io.ObjectOutput".equals(cName) && !"java.io.ObjectOutputStream".equals(cName)) { continue; } TypeFrame frame = typeDataflow.getFactAtLocation(location); if (!frame.isValid()) { // This basic block is probably dead continue; } Type operandType = frame.getTopValue(); if (operandType.equals(TopType.instance())) { // unreachable continue; } if (!(operandType instanceof ReferenceType)) { // Shouldn't happen - illegal bytecode continue; } ReferenceType refType = (ReferenceType) operandType; if (refType.equals(NullType.instance())) { continue; } try { double isSerializable = DeepSubtypeAnalysis.isDeepSerializable(refType); if (isSerializable >= 0.9) { continue; } ReferenceType problem = DeepSubtypeAnalysis.getLeastSerializableTypeComponent(refType); double isRemote = DeepSubtypeAnalysis.isDeepRemote(refType); if (isRemote >= 0.9) { continue; } if (isSerializable < isRemote) { isSerializable = isRemote; } SourceLineAnnotation sourceLineAnnotation = SourceLineAnnotation.fromVisitedInstruction(classContext, methodGen, sourceFile, handle); bugReporter.reportBug(new BugInstance(this, "DMI_NONSERIALIZABLE_OBJECT_WRITTEN", isSerializable < 0.15 ? HIGH_PRIORITY : isSerializable > 0.5 ? LOW_PRIORITY : NORMAL_PRIORITY) .addClassAndMethod(methodGen, sourceFile).addType(problem).describe(TypeAnnotation.FOUND_ROLE) .addSourceLine(sourceLineAnnotation)); } catch (ClassNotFoundException e) { // ignore } } }
Example 17
Source File: FindRefComparison.java From spotbugs with GNU Lesser General Public License v2.1 | 4 votes |
private void inspectLocation(JavaClass jclass, ConstantPoolGen cpg, Method method, MethodGen methodGen, LinkedList<WarningWithProperties> refComparisonList, LinkedList<WarningWithProperties> stringComparisonList, RefComparisonTypeFrameModelingVisitor visitor, TypeDataflow typeDataflow, Location location) throws DataflowAnalysisException { Instruction ins = location.getHandle().getInstruction(); short opcode = ins.getOpcode(); if (opcode == Const.IF_ACMPEQ || opcode == Const.IF_ACMPNE) { checkRefComparison(location, jclass, method, methodGen, visitor, typeDataflow, stringComparisonList, refComparisonList); } else if (ins instanceof InvokeInstruction) { InvokeInstruction inv = (InvokeInstruction) ins; boolean isStatic = inv instanceof INVOKESTATIC; @DottedClassName String className = inv.getClassName(cpg); String methodName = inv.getMethodName(cpg); String methodSig = inv.getSignature(cpg); if ("assertSame".equals(methodName) && "(Ljava/lang/Object;Ljava/lang/Object;)V".equals(methodSig)) { checkRefComparison(location, jclass, method, methodGen, visitor, typeDataflow, stringComparisonList, refComparisonList); } else if ("assertFalse".equals(methodName) && "(Z)V".equals(methodSig)) { SourceLineAnnotation lastLocation = bugAccumulator.getLastBugLocation(); InstructionHandle prevHandle = location.getHandle().getPrev(); if (lastLocation != null && prevHandle != null && lastLocation.getEndBytecode() == prevHandle.getPosition()) { bugAccumulator.forgetLastBug(); if (DEBUG) { System.out.println("Forgetting last bug due to call to " + className + "." + methodName); } } } else { boolean equalsMethod = !isStatic && "equals".equals(methodName) && "(Ljava/lang/Object;)Z".equals(methodSig) || isStatic && "assertEquals".equals(methodName) && "(Ljava/lang/Object;Ljava/lang/Object;)V".equals(methodSig) || isStatic && "equal".equals(methodName) && "(Ljava/lang/Object;Ljava/lang/Object;)Z".equals(methodSig) && "com.google.common.base.Objects".equals(className) || isStatic && "equals".equals(methodName) && "(Ljava/lang/Object;Ljava/lang/Object;)Z".equals(methodSig) && "java.util.Objects".equals(className); if (equalsMethod) { checkEqualsComparison(location, jclass, method, methodGen, cpg, typeDataflow); } } } }
Example 18
Source File: FindUnreleasedLock.java From spotbugs with GNU Lesser General Public License v2.1 | 4 votes |
@Override public boolean ignoreExceptionEdge(Edge edge, Lock resource, ConstantPoolGen cpg) { try { Location location = cfg.getExceptionThrowerLocation(edge); if (DEBUG) { System.out.println("Exception thrower location: " + location); } Instruction ins = location.getHandle().getInstruction(); if (ins instanceof GETFIELD) { GETFIELD insGetfield = (GETFIELD) ins; String fieldName = insGetfield.getFieldName(cpg); if (DEBUG) { System.out.println("Inspecting GETFIELD of " + fieldName + " at " + location); } // Ignore exceptions from getfield instructions where the // object reference is known not to be null if ("lock".equals(fieldName)) { return true; } IsNullValueFrame frame = isNullDataflow.getFactAtLocation(location); if (!frame.isValid()) { return false; } IsNullValue receiver = frame.getInstance(ins, cpg); boolean notNull = receiver.isDefinitelyNotNull(); if (DEBUG && notNull) { System.out.println("Ignoring exception from non-null GETFIELD"); } return notNull; } else if (ins instanceof InvokeInstruction) { InvokeInstruction iins = (InvokeInstruction) ins; String methodName = iins.getMethodName(cpg); // System.out.println("Method " + methodName); if (methodName.startsWith("access$")) { return true; } if ("readLock".equals(methodName) || "writeLock".equals(methodName)) { return true; } if ("lock".equals(methodName) || "unlock".equals(methodName)) { return true; } } if (DEBUG) { System.out.println("FOUND Exception thrower at: " + location); } } catch (DataflowAnalysisException e) { AnalysisContext.logError("Error while looking for exception edge", e); } return false; }
Example 19
Source File: FindUnsatisfiedObligation.java From spotbugs with GNU Lesser General Public License v2.1 | 4 votes |
private void checkForPossibleObligationTransfer(InvokeInstruction inv, InstructionHandle handle) throws ClassNotFoundException { // // We will assume that a method invocation might transfer // an obligation from one type to another if // 1. either // - it's a constructor where the constructed // type and exactly one param type // are obligation types, or // - it's a method where the return type and // exactly one param type are obligation types // 2. at least one instance of the resource "consumed" // by the transfer exists at the point of the transfer. // E.g., if we see a transfer of InputStream->Reader, // there must be an instance of InputStream at // the transfer point. // if (inv instanceof INVOKEDYNAMIC) { return; } if (DEBUG_FP) { System.out.println("Checking " + handle + " as possible obligation transfer...:"); } // Find the State which is a prefix of the error state // at the location of this (possible) transfer. State transferState = getTransferState(handle); if (transferState == null) { if (DEBUG_FP) { System.out.println("No transfer state???"); } return; } String methodName = inv.getMethodName(cpg); Type producedType = Const.CONSTRUCTOR_NAME.equals(methodName) ? inv.getReferenceType(cpg) : inv.getReturnType(cpg); if (DEBUG_FP && !(producedType instanceof ObjectType)) { System.out.println("Produced type " + producedType + " not an ObjectType"); } if (producedType instanceof ObjectType) { Obligation produced = database.getFactory().getObligationByType((ObjectType) producedType); if (DEBUG_FP && produced == null) { System.out.println("Produced type " + producedType + " not an obligation type"); } if (produced != null) { XMethod calledMethod = XFactory.createXMethod(inv, cpg); Obligation[] params = database.getFactory().getParameterObligationTypes(calledMethod); for (int i = 0; i < params.length; i++) { Obligation consumed = params[i]; if (DEBUG_FP && consumed == null) { System.out.println("Param " + i + " not an obligation type"); } if (DEBUG_FP && consumed != null && consumed.equals(produced)) { System.out.println("Consumed type is the same as produced type"); } if (consumed != null && !consumed.equals(produced)) { // See if an instance of the consumed obligation // type // exists here. if (transferState.getObligationSet().getCount(consumed.getId()) > 0) { transferList.add(new PossibleObligationTransfer(consumed, produced)); if (DEBUG_FP) { System.out.println("===> Possible transfer of " + consumed + " to " + produced + " at " + handle); } } else if (DEBUG_FP) { System.out.println(handle + " not a transfer " + "of " + consumed + "->" + produced + " because no instances of " + consumed); System.out.println("I see " + transferState.getObligationSet()); } } } } } }
Example 20
Source File: BugInstance.java From spotbugs with GNU Lesser General Public License v2.1 | 3 votes |
/** * Add a method annotation for the method which is called by given * instruction. * * @param cpg * the constant pool for the method containing the call * @param inv * the InvokeInstruction * @return this object */ @Nonnull public BugInstance addCalledMethod(ConstantPoolGen cpg, InvokeInstruction inv) { String className = inv.getClassName(cpg); String methodName = inv.getMethodName(cpg); String methodSig = inv.getSignature(cpg); addMethod(className, methodName, methodSig, inv.getOpcode() == Const.INVOKESTATIC); describe(MethodAnnotation.METHOD_CALLED); return this; }