@Override
  public void sawOpcode(int seen) {
    if (seen == PUTFIELD) {
      XField xField = getXFieldOperand();
      if (xField != null && xField.getClassDescriptor().equals(getClassDescriptor())) {
        Item first = stack.getStackItem(0);
        boolean isPutOfDefaultValue = first.isNull(); // huh?? || first.isInitialParameter();
        if (!isPutOfDefaultValue && first.getConstant() != null) {
          Object constant = first.getConstant();
          if (constant instanceof Number && ((Number) constant).intValue() == 0
              || constant.equals(Boolean.FALSE)) isPutOfDefaultValue = true;
        }

        if (isPutOfDefaultValue) {
          if (getMethodName().equals("<init>"))
            transientFieldsSetToDefaultValueInConstructor.add(xField);
        } else {
          String nameOfField = getNameConstantOperand();

          if (transientFieldsUpdates.containsKey(xField)) {
            if (getMethodName().equals("<init>")) transientFieldsSetInConstructor.add(xField);
            else transientFieldsUpdates.put(xField, transientFieldsUpdates.get(xField) + 1);
          } else if (fieldsThatMightBeAProblem.containsKey(nameOfField)) {
            try {

              JavaClass classStored = first.getJavaClass();
              if (classStored == null) {
                return;
              }
              double isSerializable = DeepSubtypeAnalysis.isDeepSerializable(classStored);
              if (isSerializable <= 0.2) {
                XField f = fieldsThatMightBeAProblem.get(nameOfField);

                String sig = f.getSignature();
                // System.out.println("Field signature: " + sig);
                // System.out.println("Class stored: " +
                // classStored.getClassName());
                String genSig = "L" + classStored.getClassName().replace('.', '/') + ";";
                if (!sig.equals(genSig)) {
                  double bias = 0.0;
                  if (!getMethodName().equals("<init>")) bias = 1.0;
                  int priority = computePriority(isSerializable, bias);

                  fieldWarningList.add(
                      new BugInstance(this, "SE_BAD_FIELD_STORE", priority)
                          .addClass(getThisClass().getClassName())
                          .addField(f)
                          .addType(genSig)
                          .describe("TYPE_FOUND")
                          .addSourceLine(this));
                }
              }
            } catch (Exception e) {
              // ignore it
            }
          }
        }
      }
    }
  }
Esempio n. 2
0
  private boolean bad(Item left, Item right) {
    XMethod m = left.getReturnValueOf();

    if (m == null) return false;
    Object value = right.getConstant();
    if (!(value instanceof Integer) && ((Integer) value).intValue() == 0) return false;
    if (m.isStatic() || !m.isPublic()) return false;

    if (m.getName().equals("compareTo") && m.getSignature().equals("(Ljava/lang/Object;)I"))
      return true;
    if (m.getName().equals("compare")
        && m.getSignature().equals("(Ljava/lang/Object;Ljava/lang/Object;)I")) return true;

    return false;
  }