org.apache.bcel.classfile.ElementValue Java Examples
The following examples show how to use
org.apache.bcel.classfile.ElementValue.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: SpringCsrfUnrestrictedRequestMappingDetector.java From Android_Code_Arbiter with GNU Lesser General Public License v3.0 | 6 votes |
|
private static boolean isVulnerable(Method method) {
// If the method is not annotated with `@RequestMapping`, there is no vulnerability.
AnnotationEntry requestMappingAnnotation = findRequestMappingAnnotation(method);
if (requestMappingAnnotation == null) {
return false;
}
// If the `@RequestMapping` annotation is used without the `method` annotation attribute,
// there is a vulnerability.
ElementValuePair methodAnnotationAttribute = findMethodAnnotationAttribute(requestMappingAnnotation);
if (methodAnnotationAttribute == null) {
return true;
}
// If the `@RequestMapping` annotation is used with the `method` annotation attribute equal to `{}`,
// there is a vulnerability.
ElementValue methodAnnotationAttributeValue = methodAnnotationAttribute.getValue();
if (isEmptyArray(methodAnnotationAttributeValue)) {
return true;
}
// If the `@RequestMapping` annotation is used with the `method` annotation attribute but contains a mix of
// unprotected and protected HTTP request methods, there is a vulnerability.
return isMixOfUnprotectedAndProtectedHttpRequestMethods(methodAnnotationAttributeValue);
}
Example #2
| Source File: NoteJCIPAnnotation.java From spotbugs with GNU Lesser General Public License v2.1 | 6 votes |
|
@Override
public void visitAnnotation(String annotationClass, Map<String, ElementValue> map, boolean runtimeVisible) {
if (annotationClass.startsWith(NET_JCIP_ANNOTATIONS)) {
annotationClass = annotationClass.substring(NET_JCIP_ANNOTATIONS.length());
} else if (annotationClass.startsWith(JSR305_CONCURRENT_ANNOTATIONS)) {
annotationClass = annotationClass.substring(JSR305_CONCURRENT_ANNOTATIONS.length());
} else {
return;
}
JCIPAnnotationDatabase annotationDatabase = AnalysisContext.currentAnalysisContext()
.getJCIPAnnotationDatabase();
ElementValue value = map.get("value");
ClassMember member;
if (visitingField()) {
member = XFactory.createXField(this);
} else if (visitingMethod()) {
member = XFactory.createXMethod(this);
} else {
annotationDatabase.addEntryForClass(getDottedClassName(), annotationClass, value);
return;
}
annotationDatabase.addEntryForClassMember(member, annotationClass, value);
}
Example #3
| Source File: BuildNonNullAnnotationDatabase.java From spotbugs with GNU Lesser General Public License v2.1 | 6 votes |
|
@Override
public void visitParameterAnnotation(int p, String annotationClass, Map<String, ElementValue> map, boolean runtimeVisible) {
if (database == null) {
return;
}
NullnessAnnotation n = NullnessAnnotation.Parser.parse(annotationClass);
annotationClass = lastPortion(annotationClass);
if (n == null) {
return;
}
XMethod xmethod = XFactory.createXMethod(this);
if (DEBUG) {
System.out.println("Parameter " + p + " @" + annotationClass.substring(annotationClass.lastIndexOf('/') + 1) + " in "
+ xmethod.toString());
}
XMethodParameter xparameter = new XMethodParameter(xmethod, p);
database.addDirectAnnotation(xparameter, n);
}
Example #4
| Source File: AnnotationVisitor.java From spotbugs with GNU Lesser General Public License v2.1 | 6 votes |
|
@Override
public void visitAnnotation(Annotations arg0) {
for (AnnotationEntry ae : arg0.getAnnotationEntries()) {
boolean runtimeVisible = ae.isRuntimeVisible();
String name = ClassName.fromFieldSignature(ae.getAnnotationType());
if (name == null) {
continue;
}
name = ClassName.toDottedClassName(name);
Map<String, ElementValue> map = new HashMap<>();
for (ElementValuePair ev : ae.getElementValuePairs()) {
map.put(ev.getNameString(), ev.getValue());
}
visitAnnotation(name, map, runtimeVisible);
}
}
Example #5
| Source File: NoteSuppressedWarnings.java From spotbugs with GNU Lesser General Public License v2.1 | 6 votes |
|
@Override
public void visitParameterAnnotation(int p, String annotationClass, Map<String, ElementValue> map, boolean runtimeVisible) {
if (!isSuppressWarnings(annotationClass)) {
return;
}
if (!getMethod().isStatic()) {
p++;
}
String[] suppressed = getAnnotationParameterAsStringArray(map, "value");
if (suppressed == null || suppressed.length == 0) {
suppressWarning(p, null);
} else {
for (String s : suppressed) {
suppressWarning(p, s);
}
}
}
Example #6
| Source File: JCIPAnnotationDatabase.java From spotbugs with GNU Lesser General Public License v2.1 | 5 votes |
|
public void addEntryForClass(@DottedClassName String dottedClassName,
String annotationClass, ElementValue value) {
Map<String, ElementValue> map = getEntryForClass(dottedClassName);
if (map == null) {
map = new HashMap<>(3);
classAnnotations.put(dottedClassName, map);
}
map.put(annotationClass, value);
}
Example #7
| Source File: SpringCsrfUnrestrictedRequestMappingDetector.java From Android_Code_Arbiter with GNU Lesser General Public License v3.0 | 5 votes |
|
private static boolean isEmptyArray(ElementValue methodAnnotationAttributeValue) {
if (!(methodAnnotationAttributeValue instanceof ArrayElementValue)) {
return false;
}
ArrayElementValue arrayElementValue = (ArrayElementValue) methodAnnotationAttributeValue;
return arrayElementValue.getElementValuesArraySize() == 0;
}
Example #8
| Source File: ClassElementValueGen.java From commons-bcel with Apache License 2.0 | 5 votes |
|
/**
* Return immutable variant of this ClassElementValueGen
*/
@Override
public ElementValue getElementValue()
{
return new ClassElementValue(super.getElementValueType(),
idx,
getConstantPool().getConstantPool());
}
Example #9
| Source File: ElementValuePairGen.java From commons-bcel with Apache License 2.0 | 5 votes |
|
/**
* Retrieve an immutable version of this ElementNameValuePairGen
*/
public ElementValuePair getElementNameValuePair()
{
final ElementValue immutableValue = value.getElementValue();
return new ElementValuePair(nameIdx, immutableValue, constantPoolGen
.getConstantPool());
}
Example #10
| Source File: EnumElementValueGen.java From commons-bcel with Apache License 2.0 | 5 votes |
|
/**
* Return immutable variant of this EnumElementValue
*/
@Override
public ElementValue getElementValue()
{
System.err.println("Duplicating value: " + getEnumTypeString() + ":"
+ getEnumValueString());
return new EnumElementValue(super.getElementValueType(), typeIdx, valueIdx,
getConstantPool().getConstantPool());
}
Example #11
| Source File: ArrayElementValueGen.java From commons-bcel with Apache License 2.0 | 5 votes |
|
public ArrayElementValueGen(final int type, final ElementValue[] datums,
final ConstantPoolGen cpool)
{
super(type, cpool);
if (type != ARRAY) {
throw new IllegalArgumentException(
"Only element values of type array can be built with this ctor - type specified: " + type);
}
this.evalues = new ArrayList<>();
for (final ElementValue datum : datums) {
evalues.add(ElementValueGen.copy(datum, cpool, true));
}
}
Example #12
| Source File: ArrayElementValueGen.java From commons-bcel with Apache License 2.0 | 5 votes |
|
/**
* Return immutable variant of this ArrayElementValueGen
*/
@Override
public ElementValue getElementValue()
{
final ElementValue[] immutableData = new ElementValue[evalues.size()];
int i = 0;
for (final ElementValueGen element : evalues) {
immutableData[i++] = element.getElementValue();
}
return new ArrayElementValue(super.getElementValueType(),
immutableData,
getConstantPool().getConstantPool());
}
Example #13
| Source File: ArrayElementValueGen.java From commons-bcel with Apache License 2.0 | 5 votes |
|
/**
* @param value
* @param cpool
*/
public ArrayElementValueGen(final ArrayElementValue value, final ConstantPoolGen cpool,
final boolean copyPoolEntries)
{
super(ARRAY, cpool);
evalues = new ArrayList<>();
final ElementValue[] in = value.getElementValuesArray();
for (final ElementValue element : in) {
evalues.add(ElementValueGen.copy(element, cpool, copyPoolEntries));
}
}
Example #14
| Source File: AnnotationElementValueGen.java From commons-bcel with Apache License 2.0 | 5 votes |
|
/**
* Return immutable variant of this AnnotationElementValueGen
*/
@Override
public ElementValue getElementValue()
{
return new AnnotationElementValue(super.getElementValueType(),
a.getAnnotation(),
getConstantPool().getConstantPool());
}
Example #15
| Source File: ElementValueGen.java From commons-bcel with Apache License 2.0 | 5 votes |
|
/**
* Creates an (modifiable) ElementValueGen copy of an (immutable)
* ElementValue - constant pool is assumed correct.
*/
public static ElementValueGen copy(final ElementValue value,
final ConstantPoolGen cpool, final boolean copyPoolEntries)
{
switch (value.getElementValueType())
{
case 'B': // byte
case 'C': // char
case 'D': // double
case 'F': // float
case 'I': // int
case 'J': // long
case 'S': // short
case 'Z': // boolean
case 's': // String
return new SimpleElementValueGen((SimpleElementValue) value, cpool,
copyPoolEntries);
case 'e': // Enum constant
return new EnumElementValueGen((EnumElementValue) value, cpool,
copyPoolEntries);
case '@': // Annotation
return new AnnotationElementValueGen(
(AnnotationElementValue) value, cpool, copyPoolEntries);
case '[': // Array
return new ArrayElementValueGen((ArrayElementValue) value, cpool,
copyPoolEntries);
case 'c': // Class
return new ClassElementValueGen((ClassElementValue) value, cpool,
copyPoolEntries);
default:
throw new UnsupportedOperationException("Not implemented yet! (" + value.getElementValueType() + ")");
}
}
Example #16
| Source File: AnnotationDefaultAttributeTestCase.java From commons-bcel with Apache License 2.0 | 5 votes |
|
/**
* For values in an annotation that have default values, we should be able
* to query the AnnotationDefault attribute against the method to discover
* the default value that was originally declared.
*/
public void testMethodAnnotations() throws ClassNotFoundException
{
final JavaClass clazz = getTestClass(PACKAGE_BASE_NAME+".data.SimpleAnnotation");
final Method m = getMethod(clazz, "fruit");
final AnnotationDefault a = (AnnotationDefault) findAttribute(
"AnnotationDefault", m.getAttributes());
final SimpleElementValue val = (SimpleElementValue) a.getDefaultValue();
assertTrue("Should be STRING but is " + val.getElementValueType(), val
.getElementValueType() == ElementValue.STRING);
assertTrue("Should have default of bananas but default is "
+ val.getValueString(), val.getValueString().equals("bananas"));
}
Example #17
| Source File: GeneratingAnnotatedClassesTestCase.java From commons-bcel with Apache License 2.0 | 5 votes |
|
private void assertArrayElementValue(final int nExpectedArrayValues, final AnnotationEntry anno)
{
final ElementValuePair elementValuePair = anno.getElementValuePairs()[0];
assertEquals("value", elementValuePair.getNameString());
final ArrayElementValue ev = (ArrayElementValue) elementValuePair.getValue();
final ElementValue[] eva = ev.getElementValuesArray();
assertEquals(nExpectedArrayValues, eva.length);
}
Example #18
| Source File: SpringCsrfUnrestrictedRequestMappingDetector.java From Android_Code_Arbiter with GNU Lesser General Public License v3.0 | 5 votes |
|
private static boolean isMixOfUnprotectedAndProtectedHttpRequestMethods(ElementValue methodAnnotationAttributeValue) {
if (!(methodAnnotationAttributeValue instanceof ArrayElementValue)) {
return false;
}
ArrayElementValue arrayElementValue = (ArrayElementValue) methodAnnotationAttributeValue;
// There cannot be a mix if there is no more than one element.
if (arrayElementValue.getElementValuesArraySize() <= 1) {
return false;
}
// Return `true` as soon as we find at least one unprotected and at least one protected HTTP request method.
boolean atLeastOneUnprotected = false;
boolean atLeastOneProtected = false;
ElementValue[] elementValues = arrayElementValue.getElementValuesArray();
for (ElementValue elementValue : elementValues) {
if (UNPROTECTED_HTTP_REQUEST_METHODS.contains(elementValue.stringifyValue())) {
atLeastOneUnprotected = true;
} else {
atLeastOneProtected = true;
}
if (atLeastOneUnprotected && atLeastOneProtected) {
return true;
}
}
return false;
}
Example #19
| Source File: AnnotationVisitor.java From spotbugs with GNU Lesser General Public License v2.1 | 5 votes |
|
protected static String getAnnotationParameterAsString(Map<String, ElementValue> map, String parameter) {
try {
ElementValue ev = map.get(parameter);
if (ev instanceof SimpleElementValue) {
return ((SimpleElementValue) ev).getValueString();
}
return null;
} catch (Exception e) {
return null;
}
}
Example #20
| Source File: AnnotationVisitor.java From spotbugs with GNU Lesser General Public License v2.1 | 5 votes |
|
@Override
public void visitParameterAnnotation(ParameterAnnotations arg0) {
ParameterAnnotationEntry[] parameterAnnotationEntries = arg0.getParameterAnnotationEntries();
int numParametersToMethod = getNumberMethodArguments();
int offset = 0;
if (numParametersToMethod > parameterAnnotationEntries.length) {
offset = 1;
}
for (int i = 0; i < parameterAnnotationEntries.length; i++) {
ParameterAnnotationEntry e = parameterAnnotationEntries[i];
for (AnnotationEntry ae : e.getAnnotationEntries()) {
boolean runtimeVisible = ae.isRuntimeVisible();
String name = ClassName.fromFieldSignature(ae.getAnnotationType());
if (name == null) {
continue;
}
name = ClassName.toDottedClassName(name);
Map<String, ElementValue> map = new HashMap<>();
for (ElementValuePair ev : ae.getElementValuePairs()) {
map.put(ev.getNameString(), ev.getValue());
}
visitParameterAnnotation(offset + i, name, map, runtimeVisible);
}
}
}
Example #21
| Source File: FindUninitializedGet.java From spotbugs with GNU Lesser General Public License v2.1 | 5 votes |
|
@Override
public void visitAnnotation(String annotationClass, Map<String, ElementValue> map, boolean runtimeVisible) {
if (!visitingField()) {
return;
}
if (UnreadFields.isInjectionAttribute(annotationClass)) {
containerFields.add(FieldAnnotation.fromVisitedField(this));
}
}
Example #22
| Source File: NoteSuppressedWarnings.java From spotbugs with GNU Lesser General Public License v2.1 | 5 votes |
|
@Override
public void visitAnnotation(String annotationClass, Map<String, ElementValue> map, boolean runtimeVisible) {
if (!isSuppressWarnings(annotationClass)) {
return;
}
String[] suppressed = getAnnotationParameterAsStringArray(map, "value");
if (suppressed == null || suppressed.length == 0) {
suppressWarning(null);
} else {
for (String s : suppressed) {
suppressWarning(s);
}
}
}
Example #23
| Source File: BuildCheckReturnAnnotationDatabase.java From spotbugs with GNU Lesser General Public License v2.1 | 5 votes |
|
private void handleClassElementValue(ClassElementValue value, Map<String, ElementValue> map, Target annotationTarget) {
if ("CheckReturnValue".equals(simpleClassName(value.getClassString()))) {
CheckReturnValueAnnotation n = CheckReturnValueAnnotation.parse(getAnnotationParameterAsString(map, "priority"));
if (n != null) {
AnalysisContext.currentAnalysisContext().getCheckReturnAnnotationDatabase()
.addDefaultAnnotation(annotationTarget, getDottedClassName(), n);
}
}
}
Example #24
| Source File: BuildNonNullAnnotationDatabase.java From spotbugs with GNU Lesser General Public License v2.1 | 5 votes |
|
@Override
public void visitAnnotation(String annotationClass, Map<String, ElementValue> map, boolean runtimeVisible) {
if (database == null) {
return;
}
NullnessAnnotation n = NullnessAnnotation.Parser.parse(annotationClass);
annotationClass = lastPortion(annotationClass);
if (n == null) {
if (annotationClass.startsWith("DefaultAnnotation")) {
annotationClass = annotationClass.substring("DefaultAnnotation".length());
Target annotationTarget = defaultKind.get(annotationClass);
if (annotationTarget != Target.METHOD) {
return;
}
ElementValue v = map.get("value");
if (v instanceof ClassElementValue) {
handleClassElementValue((ClassElementValue) v, annotationTarget);
} else if (v instanceof ArrayElementValue) {
for (ElementValue v2 : ((ArrayElementValue) v).getElementValuesArray()) {
if (v2 instanceof ClassElementValue) {
handleClassElementValue((ClassElementValue) v2, annotationTarget);
}
}
}
return;
}
} else if (visitingMethod()) {
database.addDirectAnnotation(XFactory.createXMethod(this), n);
} else if (visitingField()) {
database.addDirectAnnotation(XFactory.createXField(this), n);
}
}
Example #25
| Source File: NoteAnnotationRetention.java From spotbugs with GNU Lesser General Public License v2.1 | 5 votes |
|
@Override
public void visitAnnotation(String annotationClass, Map<String, ElementValue> map, boolean runtimeVisible) {
if (!"java.lang.annotation.Retention".equals(annotationClass)) {
return;
}
EnumElementValue v = (EnumElementValue) map.get("value");
if ("RUNTIME".equals(v.getEnumValueString())) {
runtimeRetention = true;
}
}
Example #26
| Source File: UnreadFields.java From spotbugs with GNU Lesser General Public License v2.1 | 5 votes |
|
@Override
public void visitAnnotation(String annotationClass, Map<String, ElementValue> map, boolean runtimeVisible) {
if (!visitingField()) {
return;
}
if (isInjectionAttribute(annotationClass)) {
data.containerFields.add(XFactory.createXField(this));
}
if (!annotationClass.startsWith("edu.umd.cs.findbugs") && !annotationClass.startsWith("javax.lang")) {
data.unknownAnnotation.add(XFactory.createXField(this), annotationClass);
}
}
Example #27
| Source File: SimpleElementValueGen.java From commons-bcel with Apache License 2.0 | 4 votes |
|
/**
* Return immutable variant
*/
@Override
public ElementValue getElementValue()
{
return new SimpleElementValue(super.getElementValueType(), idx, getConstantPool().getConstantPool());
}
Example #28
| Source File: GeneratingAnnotatedClassesTestCase.java From commons-bcel with Apache License 2.0 | 4 votes |
|
/**
* Steps in the test:
* <ol>
* <li>Programmatically construct the HelloWorld program</li>
* <li>Add two simple annotations at the class level</li>
* <li>Save the class to disk</li>
* <li>Reload the class using the 'static' variant of the BCEL classes</li>
* <li>Check the attributes are OK</li>
* </ol>
*/
public void testGenerateClassLevelAnnotations()
throws ClassNotFoundException
{
// Create HelloWorld
final ClassGen cg = createClassGen("HelloWorld");
cg.setMajor(49);
cg.setMinor(0);
final ConstantPoolGen cp = cg.getConstantPool();
final InstructionList il = new InstructionList();
cg.addAnnotationEntry(createSimpleVisibleAnnotation(cp));
cg.addAnnotationEntry(createSimpleInvisibleAnnotation(cp));
buildClassContents(cg, cp, il);
//System.out.println(cg.getJavaClass().toString());
dumpClass(cg, "HelloWorld.class");
final JavaClass jc = getClassFrom(".", "HelloWorld");
final AnnotationEntry[] as = jc.getAnnotationEntries();
assertTrue("Should be two AnnotationEntries but found " + as.length,
as.length == 2);
// TODO L??;
assertTrue(
"Name of annotation 1 should be LSimpleAnnotation; but it is "
+ as[0].getAnnotationType(), as[0].getAnnotationType()
.equals("LSimpleAnnotation;"));
assertTrue(
"Name of annotation 2 should be LSimpleAnnotation; but it is "
+ as[1].getAnnotationType(), as[1].getAnnotationType()
.equals("LSimpleAnnotation;"));
final ElementValuePair[] vals = as[0].getElementValuePairs();
final ElementValuePair nvp = vals[0];
assertTrue(
"Name of element in SimpleAnnotation should be 'id' but it is "
+ nvp.getNameString(), nvp.getNameString().equals("id"));
final ElementValue ev = nvp.getValue();
assertTrue("Type of element value should be int but it is "
+ ev.getElementValueType(),
ev.getElementValueType() == ElementValue.PRIMITIVE_INT);
assertTrue("Value of element should be 4 but it is "
+ ev.stringifyValue(), ev.stringifyValue().equals("4"));
assertTrue(createTestdataFile("HelloWorld.class").delete());
}
Example #29
| Source File: ElementValueGen.java From commons-bcel with Apache License 2.0 | 4 votes |
|
public static ElementValueGen readElementValue(final DataInput dis,
final ConstantPoolGen cpGen) throws IOException
{
final int type = dis.readUnsignedByte();
switch (type)
{
case 'B': // byte
return new SimpleElementValueGen(PRIMITIVE_BYTE, dis
.readUnsignedShort(), cpGen);
case 'C': // char
return new SimpleElementValueGen(PRIMITIVE_CHAR, dis
.readUnsignedShort(), cpGen);
case 'D': // double
return new SimpleElementValueGen(PRIMITIVE_DOUBLE, dis
.readUnsignedShort(), cpGen);
case 'F': // float
return new SimpleElementValueGen(PRIMITIVE_FLOAT, dis
.readUnsignedShort(), cpGen);
case 'I': // int
return new SimpleElementValueGen(PRIMITIVE_INT, dis
.readUnsignedShort(), cpGen);
case 'J': // long
return new SimpleElementValueGen(PRIMITIVE_LONG, dis
.readUnsignedShort(), cpGen);
case 'S': // short
return new SimpleElementValueGen(PRIMITIVE_SHORT, dis
.readUnsignedShort(), cpGen);
case 'Z': // boolean
return new SimpleElementValueGen(PRIMITIVE_BOOLEAN, dis
.readUnsignedShort(), cpGen);
case 's': // String
return new SimpleElementValueGen(STRING, dis.readUnsignedShort(),
cpGen);
case 'e': // Enum constant
return new EnumElementValueGen(dis.readUnsignedShort(), dis
.readUnsignedShort(), cpGen);
case 'c': // Class
return new ClassElementValueGen(dis.readUnsignedShort(), cpGen);
case '@': // Annotation
// TODO: isRuntimeVisible ??????????
// FIXME
return new AnnotationElementValueGen(ANNOTATION,
new AnnotationEntryGen(AnnotationEntry.read(dis, cpGen
.getConstantPool(), true), cpGen, false), cpGen);
case '[': // Array
final int numArrayVals = dis.readUnsignedShort();
final ElementValue[] evalues = new ElementValue[numArrayVals];
for (int j = 0; j < numArrayVals; j++)
{
evalues[j] = ElementValue.readElementValue(dis, cpGen
.getConstantPool());
}
return new ArrayElementValueGen(ARRAY, evalues, cpGen);
default:
throw new IllegalArgumentException("Unexpected element value kind in annotation: " + type);
}
}
Example #30
| Source File: JCIPAnnotationDatabase.java From spotbugs with GNU Lesser General Public License v2.1 | 4 votes |
|
@CheckForNull
public ElementValue getClassAnnotation(@DottedClassName String dottedClassName, String annotationClass) {
Map<String, ElementValue> map = getEntryForClass(dottedClassName);
return map == null ? null : map.get(annotationClass);
}
