@Override
  public void visitClassContext(ClassContext classContext) {
    JavaClass javaClass = classContext.getJavaClass();

    Method[] methodList = javaClass.getMethods();

    for (Method m : methodList) {
      MethodGen methodGen = classContext.getMethodGen(m);

      if (DEBUG) {
        System.out.println(">>> Method: " + m.getName());
      }

      // To suspect that an invalid String representation is being build,
      // we identify the construction of a MessageDigest and
      // the use of a function that trim leading 0.
      boolean invokeMessageDigest = false;
      boolean invokeToHexString = false;

      ConstantPoolGen cpg = classContext.getConstantPoolGen();
      if (methodGen == null || methodGen.getInstructionList() == null) {
        continue; // No instruction .. nothing to do
      }
      for (Iterator itIns = methodGen.getInstructionList().iterator(); itIns.hasNext(); ) {
        Instruction inst = ((InstructionHandle) itIns.next()).getInstruction();
        if (DEBUG) {
          ByteCode.printOpCode(inst, cpg);
        }

        if (inst instanceof INVOKEVIRTUAL) { // MessageDigest.digest is called
          INVOKEVIRTUAL invoke = (INVOKEVIRTUAL) inst;
          if ("java.security.MessageDigest".equals(invoke.getClassName(cpg))
              && "digest".equals(invoke.getMethodName(cpg))) {
            invokeMessageDigest = true;
          }
        } else if (inst instanceof INVOKESTATIC
            && invokeMessageDigest) { // The conversion must occurs after the digest was created
          INVOKESTATIC invoke = (INVOKESTATIC) inst;
          if ("java.lang.Integer".equals(invoke.getClassName(cpg))
              && "toHexString".equals(invoke.getMethodName(cpg))) {
            invokeToHexString = true;
          }
        }
      }

      if (invokeMessageDigest && invokeToHexString) {
        bugReporter.reportBug(
            new BugInstance(this, BAD_HEXA_CONVERSION_TYPE, Priorities.NORMAL_PRIORITY) //
                .addClassAndMethod(javaClass, m));
      }
    }
  }
Ejemplo n.º 2
0
 public static String getCallClassName(Instruction ins, ConstantPoolGen cp) {
   if (ins instanceof INVOKESTATIC) {
     INVOKESTATIC invst = (INVOKESTATIC) ins;
     return invst.getClassName(cp);
   } else if (ins instanceof INVOKEVIRTUAL) {
     INVOKEVIRTUAL invst = (INVOKEVIRTUAL) ins;
     return invst.getClassName(cp);
   } else if (ins instanceof INVOKEINTERFACE) {
     INVOKEINTERFACE invst = (INVOKEINTERFACE) ins;
     return invst.getClassName(cp);
   } else if (ins instanceof INVOKESPECIAL) {
     INVOKESPECIAL invst = (INVOKESPECIAL) ins;
     return invst.getClassName(cp);
   } else {
     return null;
   }
 }
Ejemplo n.º 3
0
 public static Type[] getCallArgTypes(Instruction ins, ConstantPoolGen cp) {
   if (ins instanceof INVOKESTATIC) {
     INVOKESTATIC invst = (INVOKESTATIC) ins;
     return invst.getArgumentTypes(cp);
   } else if (ins instanceof INVOKEVIRTUAL) {
     INVOKEVIRTUAL invst = (INVOKEVIRTUAL) ins;
     return invst.getArgumentTypes(cp);
   } else if (ins instanceof INVOKEINTERFACE) {
     INVOKEINTERFACE invst = (INVOKEINTERFACE) ins;
     return invst.getArgumentTypes(cp);
   } else if (ins instanceof INVOKESPECIAL) {
     INVOKESPECIAL invst = (INVOKESPECIAL) ins;
     return invst.getArgumentTypes(cp);
   } else {
     return null;
   }
 }
Ejemplo n.º 4
0
 /** Symbolically executes the corresponding Java Virtual Machine instruction. */
 public void visitINVOKEVIRTUAL(INVOKEVIRTUAL o) {
   stack().pop(); // objectref
   for (int i = 0; i < o.getArgumentTypes(cpg).length; i++) {
     stack().pop();
   }
   // We are sure the invoked method will xRETURN eventually
   // We simulate xRETURNs functionality here because we
   // don't really "jump into" and simulate the invoked
   // method.
   if (o.getReturnType(cpg) != Type.VOID) {
     Type t = o.getReturnType(cpg);
     if (t.equals(Type.BOOLEAN)
         || t.equals(Type.CHAR)
         || t.equals(Type.BYTE)
         || t.equals(Type.SHORT)) {
       t = Type.INT;
     }
     stack().push(t);
   }
 }
Ejemplo n.º 5
0
 public static Instruction getNewInvoke(Instruction ins, int index) {
   if (ins instanceof INVOKESTATIC) {
     INVOKESTATIC invst = (INVOKESTATIC) ins;
     invst.setIndex(index);
     return invst;
   } else if (ins instanceof INVOKEVIRTUAL) {
     INVOKEVIRTUAL invst = (INVOKEVIRTUAL) ins;
     invst.setIndex(index);
     return invst;
   } else if (ins instanceof INVOKEINTERFACE) {
     INVOKEINTERFACE invst = (INVOKEINTERFACE) ins;
     invst.setIndex(index);
     return invst;
   } else if (ins instanceof INVOKESPECIAL) {
     INVOKESPECIAL invst = (INVOKESPECIAL) ins;
     invst.setIndex(index);
     return invst;
   } else {
     return null;
   }
 }
Ejemplo n.º 6
0
  /**
   * Transforms invoke instructions that match the specified list for this class to call the
   * specified static call instead.
   */
  private InstructionList xform_inst(MethodGen mg, Instruction inst) {

    switch (inst.getOpcode()) {
      case Constants.INVOKESTATIC:
        {
          InstructionList il = new InstructionList();
          INVOKESTATIC is = (INVOKESTATIC) inst;
          String cname = is.getClassName(pgen);
          String mname = is.getMethodName(pgen);
          Type[] args = is.getArgumentTypes(pgen);
          MethodDef orig = new MethodDef(cname + "." + mname, args);
          MethodInfo call = method_map.get(orig);
          if (call != null) {
            call.cnt++;
            String classname = call.method_class;
            String methodname = mname;
            debug_map.log(
                "%s.%s: Replacing method %s.%s (%s) with %s.%s%n",
                mg.getClassName(),
                mg.getName(),
                cname,
                mname,
                UtilMDE.join(args, ", "),
                classname,
                methodname);
            il.append(
                ifact.createInvoke(
                    classname, methodname, is.getReturnType(pgen), args, Constants.INVOKESTATIC));
          }
          return (il);
        }

      case Constants.INVOKEVIRTUAL:
        {
          InstructionList il = new InstructionList();
          INVOKEVIRTUAL iv = (INVOKEVIRTUAL) inst;
          String cname = iv.getClassName(pgen);
          String mname = iv.getMethodName(pgen);
          Type[] args = iv.getArgumentTypes(pgen);
          Type instance_type = iv.getReferenceType(pgen);
          Type[] new_args = BCELUtil.insert_type(instance_type, args);
          MethodDef orig = new MethodDef(cname + "." + mname, args);
          if (debug_class) System.out.printf("looking for %s in map %s%n", orig, method_map);
          MethodInfo call = method_map.get(orig);
          if (call != null) {
            call.cnt++;
            String classname = call.method_class;
            String methodname = mname;
            debug_map.log(
                "Replacing method %s.%s (%s) with %s.%s%n",
                cname, mname, ArraysMDE.toString(args), classname, methodname);
            il.append(
                ifact.createInvoke(
                    classname,
                    methodname,
                    iv.getReturnType(pgen),
                    new_args,
                    Constants.INVOKESTATIC));
          }
          return (il);
        }

      default:
        return (null);
    }
  }