コード例 #1
0
  @Override
  public void visitClassContext(ClassContext classContext) {
    if (!enabled()) {
      return;
    }

    JavaClass jClass = classContext.getJavaClass();
    XClass xClass = classContext.getXClass();

    try {

      if (!isJunit3TestCase(xClass)) {
        return;
      }
      if ((jClass.getAccessFlags() & ACC_ABSTRACT) == 0) {
        if (!hasTestMethods(jClass)) {
          bugReporter.reportBug(
              new BugInstance(this, "IJU_NO_TESTS", LOW_PRIORITY).addClass(jClass));
        }
      }
      directChildOfTestCase = "junit.framework.TestCase".equals(jClass.getSuperclassName());
      jClass.accept(this);
    } catch (ClassNotFoundException cnfe) {
      bugReporter.reportMissingClass(cnfe);
    }
  }
コード例 #2
0
  @Override
  public void visitClassContext(ClassContext classContext) {
    JavaClass javaClass = classContext.getJavaClass();

    // The class extends WebChromeClient
    boolean isWebChromeClient =
        InterfaceUtils.isSubtype(javaClass, "android.webkit.WebChromeClient");

    // Not the target of this detector
    if (!isWebChromeClient) return;

    Method[] methodList = javaClass.getMethods();

    for (Method m : methodList) {
      MethodGen methodGen = classContext.getMethodGen(m);

      if (DEBUG) System.out.println(">>> Method: " + m.getName());

      // The presence of onGeolocationPermissionsShowPrompt is not enforce for the moment
      if (!m.getName().equals("onGeolocationPermissionsShowPrompt")) {
        continue;
      }

      // Since the logic implemented need to be analyze by a human, all implementation will be
      // flagged.

      bugReporter.reportBug(
          new BugInstance(this, ANDROID_GEOLOCATION_TYPE, Priorities.NORMAL_PRIORITY) //
              .addClassAndMethod(javaClass, m));
    }
  }
コード例 #3
0
  @Override
  public void visitClassContext(ClassContext classContext) {
    if (!testingEnabled) {
      return;
    }
    analysisContext = AnalysisContext.currentAnalysisContext();
    Method[] methodList = classContext.getJavaClass().getMethods();
    for (Method method : methodList) {
      if (method.getCode() == null) {
        continue;
      }

      try {

        analyzeMethod(classContext, method);
      } catch (CFGBuilderException e) {
        bugReporter.logError(
            "Error checking for infinite recursive loop in "
                + SignatureConverter.convertMethodSignature(classContext.getJavaClass(), method),
            e);
      } catch (DataflowAnalysisException e) {
        bugReporter.logError(
            "Error checking for infinite recursive loop in "
                + SignatureConverter.convertMethodSignature(classContext.getJavaClass(), method),
            e);
      }
    }
  }
コード例 #4
0
  /**
   * @param classContext
   * @param method
   */
  private void analyzeMethod(ClassContext classContext, Method method)
      throws MethodUnprofitableException, CFGBuilderException, DataflowAnalysisException {
    if (method.isSynthetic()
        || (method.getAccessFlags() & Constants.ACC_BRIDGE) == Constants.ACC_BRIDGE) return;
    CFG cfg = classContext.getCFG(method);
    TypeDataflow typeDataflow = classContext.getTypeDataflow(method);
    ConstantPoolGen constantPoolGen = classContext.getConstantPoolGen();

    locationLoop:
    for (Iterator<Location> iter = cfg.locationIterator(); iter.hasNext(); ) {
      Location location = iter.next();
      InstructionHandle handle = location.getHandle();
      Instruction ins = handle.getInstruction();

      // Only consider invoke instructions
      if (!(ins instanceof InvokeInstruction)) continue;
      if (ins instanceof INVOKEINTERFACE) continue;

      InvokeInstruction inv = (InvokeInstruction) ins;
      TypeFrame frame = typeDataflow.getFactAtLocation(location);

      String methodName = inv.getMethodName(constantPoolGen);
      if (methodName.toLowerCase().indexOf("unsupported") >= 0) continue;
      String methodSig = inv.getSignature(constantPoolGen);
      if (methodSig.equals("()Ljava/lang/UnsupportedOperationException;")) continue;

      Set<XMethod> targets;
      try {

        targets = Hierarchy2.resolveMethodCallTargets(inv, frame, constantPoolGen);
      } catch (ClassNotFoundException e) {
        AnalysisContext.reportMissingClass(e);
        continue locationLoop;
      }
      if (targets.isEmpty()) continue locationLoop;
      int priority = targets.size() == 1 ? Priorities.HIGH_PRIORITY : Priorities.NORMAL_PRIORITY;
      for (XMethod m : targets) {
        if (!m.isUnsupported()) continue locationLoop;
        XClass xc = AnalysisContext.currentXFactory().getXClass(m.getClassDescriptor());
        if (!(inv instanceof INVOKESTATIC) && !(m.isFinal() || xc.isFinal()))
          priority = Priorities.NORMAL_PRIORITY;
        if (xc == null || xc.isAbstract()) {
          try {
            if (!AnalysisContext.currentAnalysisContext()
                .getSubtypes2()
                .hasSubtypes(m.getClassDescriptor())) continue locationLoop;
          } catch (ClassNotFoundException e) {
            AnalysisContext.reportMissingClass(e);
            continue locationLoop;
          }
        }
      }
      BugInstance bug =
          new BugInstance(this, "DMI_UNSUPPORTED_METHOD", priority)
              .addClassAndMethod(classContext.getJavaClass(), method)
              .addCalledMethod(constantPoolGen, inv)
              .addSourceLine(classContext, method, location);
      bugReporter.reportBug(bug);
    }
  }
コード例 #5
0
 @Override
 public void visitClassContext(ClassContext classContext) {
   ConstantPoolGen cpg = classContext.getConstantPoolGen();
   List<InjectionSource> selectedSources = new ArrayList<InjectionSource>();
   for (InjectionSource source : getInjectionSource()) {
     if (source.isCandidate(cpg)) {
       selectedSources.add(source);
     }
   }
   if (selectedSources.isEmpty()) {
     // return; // analysis still must be requested
   }
   for (Method method : classContext.getMethodsInCallOrder()) {
     MethodGen methodGen = classContext.getMethodGen(method);
     if (methodGen == null) {
       continue;
     }
     try {
       analyzeMethod(classContext, method, selectedSources);
     } catch (CheckedAnalysisException e) {
       logException(classContext, method, e);
     } catch (RuntimeException e) {
       logException(classContext, method, e);
     }
   }
 }
コード例 #6
0
  @Override
  public void visitClassContext(ClassContext classContext) {
    JavaClass javaClass = classContext.getJavaClass();

    Method[] methodList = javaClass.getMethods();

    for (Method m : methodList) {
      MethodGen methodGen = classContext.getMethodGen(m);

      if (DEBUG) {
        System.out.println(">>> Method: " + m.getName());
      }

      // To suspect that an invalid String representation is being build,
      // we identify the construction of a MessageDigest and
      // the use of a function that trim leading 0.
      boolean invokeMessageDigest = false;
      boolean invokeToHexString = false;

      ConstantPoolGen cpg = classContext.getConstantPoolGen();
      if (methodGen == null || methodGen.getInstructionList() == null) {
        continue; // No instruction .. nothing to do
      }
      for (Iterator itIns = methodGen.getInstructionList().iterator(); itIns.hasNext(); ) {
        Instruction inst = ((InstructionHandle) itIns.next()).getInstruction();
        if (DEBUG) {
          ByteCode.printOpCode(inst, cpg);
        }

        if (inst instanceof INVOKEVIRTUAL) { // MessageDigest.digest is called
          INVOKEVIRTUAL invoke = (INVOKEVIRTUAL) inst;
          if ("java.security.MessageDigest".equals(invoke.getClassName(cpg))
              && "digest".equals(invoke.getMethodName(cpg))) {
            invokeMessageDigest = true;
          }
        } else if (inst instanceof INVOKESTATIC
            && invokeMessageDigest) { // The conversion must occurs after the digest was created
          INVOKESTATIC invoke = (INVOKESTATIC) inst;
          if ("java.lang.Integer".equals(invoke.getClassName(cpg))
              && "toHexString".equals(invoke.getMethodName(cpg))) {
            invokeToHexString = true;
          }
        }
      }

      if (invokeMessageDigest && invokeToHexString) {
        bugReporter.reportBug(
            new BugInstance(this, BAD_HEXA_CONVERSION_TYPE, Priorities.NORMAL_PRIORITY) //
                .addClassAndMethod(javaClass, m));
      }
    }
  }
コード例 #7
0
  /**
   * overrides the visitor to initialize and tear down the opcode stack
   *
   * @param classContext the context object of the currently parsed class
   */
  @Override
  public void visitClassContext(ClassContext classContext) {
    try {
      String clsName = classContext.getJavaClass().getClassName();
      isInnerClass = clsName.contains("$");

      clsSignature = SignatureUtils.classToSignature(clsName);
      stack = new OpcodeStack();
      localSpecialObjects = new HashMap<>();
      fieldSpecialObjects = new HashMap<>();
      super.visitClassContext(classContext);

      if (!isInnerClass && !fieldSpecialObjects.isEmpty()) {

        for (Map.Entry<String, String> entry : fieldSpecialObjects.entrySet()) {
          String fieldName = entry.getKey();
          String signature = entry.getValue();
          bugReporter.reportBug(
              makeFieldBugInstance().addClass(this).addField(clsName, fieldName, signature, false));
        }
      }
    } finally {
      stack = null;
      localSpecialObjects = null;
      fieldSpecialObjects = null;
    }
  }
コード例 #8
0
 /**
  * The detector is only meaningful for Java5 class libraries.
  *
  * @param classContext the context object that holds the JavaClass parsed
  */
 @Override
 public void visitClassContext(ClassContext classContext) {
   int majorVersion = classContext.getJavaClass().getMajor();
   if (majorVersion >= MAJOR_1_5) {
     super.visitClassContext(classContext);
   }
 }
コード例 #9
0
 private static Iterator<Location> getLocationIterator(ClassContext classContext, Method method)
     throws CheckedAnalysisException {
   try {
     return classContext.getCFG(method).locationIterator();
   } catch (CFGBuilderException ex) {
     throw new CheckedAnalysisException("cannot get control flow graph", ex);
   }
 }
 /** Use this to screen out methods that do not contain invocations. */
 public boolean prescreen(ClassContext classContext, Method method) {
   BitSet bytecodeSet = classContext.getBytecodeSet(method);
   return bytecodeSet != null
       && (bytecodeSet.get(Constants.INVOKEINTERFACE)
           || bytecodeSet.get(Constants.INVOKEVIRTUAL)
           || bytecodeSet.get(Constants.INVOKESPECIAL)
           || bytecodeSet.get(Constants.INVOKESTATIC)
           || bytecodeSet.get(Constants.INVOKENONVIRTUAL));
 }
 @Override
 public void visitClassContext(ClassContext context) {
   try {
     stack = new OpcodeStack();
     clsName = context.getJavaClass().getClassName();
     super.visitClassContext(context);
   } finally {
     stack = null;
   }
 }
コード例 #12
0
  public static @CheckForNull LocalVariableAnnotation findMatchingIgnoredParameter(
      ClassContext classContext, Method method, String name, String signature) {
    try {
      Dataflow<BitSet, LiveLocalStoreAnalysis> llsaDataflow =
          classContext.getLiveLocalStoreDataflow(method);
      CFG cfg;

      cfg = classContext.getCFG(method);
      LocalVariableAnnotation match = null;
      int lowestCost = Integer.MAX_VALUE;
      BitSet liveStoreSetAtEntry = llsaDataflow.getAnalysis().getResultFact(cfg.getEntry());
      int localsThatAreParameters = PreorderVisitor.getNumberArguments(method.getSignature());
      int startIndex = 0;
      if (!method.isStatic()) startIndex = 1;
      SignatureParser parser = new SignatureParser(method.getSignature());
      Iterator<String> signatureIterator = parser.parameterSignatureIterator();
      for (int i = startIndex; i < localsThatAreParameters + startIndex; i++) {
        String sig = signatureIterator.next();
        if (!liveStoreSetAtEntry.get(i) && signature.equals(sig)) {
          // parameter isn't live and signatures match
          LocalVariableAnnotation potentialMatch =
              LocalVariableAnnotation.getLocalVariableAnnotation(method, i, 0, 0);
          potentialMatch.setDescription(DID_YOU_MEAN_ROLE);
          if (!potentialMatch.isNamed()) return potentialMatch;
          int distance = EditDistance.editDistance(name, potentialMatch.getName());
          if (distance < lowestCost) {
            match = potentialMatch;
            match.setDescription(DID_YOU_MEAN_ROLE);
            lowestCost = distance;
          } else if (distance == lowestCost) {
            // not unique best match
            match = null;
          }
        }
      }
      return match;
    } catch (DataflowAnalysisException e) {
      AnalysisContext.logError("", e);
    } catch (CFGBuilderException e) {
      AnalysisContext.logError("", e);
    }
    return null;
  }
コード例 #13
0
  private void analyzeMethod(
      ClassContext classContext, Method method, Collection<InjectionSource> selectedSources)
      throws DataflowAnalysisException, CheckedAnalysisException {
    TaintDataflow dataflow = getTaintDataFlow(classContext, method);
    ConstantPoolGen cpg = classContext.getConstantPoolGen();
    String currentMethod = getFullMethodName(classContext.getMethodGen(method));
    for (Iterator<Location> i = getLocationIterator(classContext, method); i.hasNext(); ) {
      Location location = i.next();
      InstructionHandle handle = location.getHandle();
      Instruction instruction = handle.getInstruction();
      if (!(instruction instanceof InvokeInstruction)) {
        continue;
      }
      InvokeInstruction invoke = (InvokeInstruction) instruction;
      TaintFrame fact = dataflow.getFactAtLocation(location);
      assert fact != null;
      if (!fact.isValid()) {
        continue;
      }
      SourceLineAnnotation sourceLine =
          SourceLineAnnotation.fromVisitedInstruction(classContext, method, handle);
      checkTaintSink(getFullMethodName(cpg, invoke), fact, sourceLine, currentMethod);
      InjectionPoint injectionPoint = getInjectionPoint(invoke, cpg, handle, selectedSources);
      for (int offset : injectionPoint.getInjectableArguments()) {

        Taint parameterTaint = fact.getStackValue(offset);

        int priority = getPriority(parameterTaint);
        if (priority == Priorities.IGNORE_PRIORITY) {
          continue;
        }
        BugInstance bugInstance = new BugInstance(this, injectionPoint.getBugType(), priority);

        bugInstance.addClassAndMethod(classContext.getJavaClass(), method);
        bugInstance.addSourceLine(sourceLine);
        if (injectionPoint.getInjectableMethod() != null) {
          bugInstance.addString(injectionPoint.getInjectableMethod());
        }
        reportBug(bugInstance, parameterTaint, currentMethod);
      }
    }
  }
コード例 #14
0
 /**
  * implements the visitor to create and clear the stack and syncRegs
  *
  * @param classContext the context object of the currently parsed class
  */
 @Override
 public void visitClassContext(ClassContext classContext) {
   try {
     stack = new OpcodeStack();
     syncRegs = new HashMap<Integer, CollectionRegInfo>();
     classVersion = classContext.getJavaClass().getMajor();
     super.visitClassContext(classContext);
   } finally {
     stack = null;
     syncRegs = null;
   }
 }
コード例 #15
0
ファイル: UseSplit.java プロジェクト: tpounds/fb-contrib
 @Override
 public void visitClassContext(ClassContext classContext) {
   try {
     JavaClass cls = classContext.getJavaClass();
     if (cls.getMajor() >= MAJOR_1_4) {
       stack = new OpcodeStack();
       regValueType = new HashMap<Integer, State>();
       super.visitClassContext(classContext);
     }
   } finally {
     stack = null;
     regValueType = null;
   }
 }
コード例 #16
0
  public void visitClassContext(ClassContext classContext) {

    JavaClass jclass = classContext.getJavaClass();

    for (Method method : jclass.getMethods()) {
      XMethod xmethod = XFactory.createXMethod(classContext.getJavaClass(), method);
      ParameterProperty nonnullParameters =
          AnalysisContext.currentAnalysisContext()
              .getUnconditionalDerefParamDatabase()
              .getProperty(xmethod.getMethodDescriptor());
      if (nonnullParameters != null) {
        for (int p : nonnullParameters.iterable()) {
          TypeQualifierAnnotation directTypeQualifierAnnotation =
              TypeQualifierApplications.getDirectTypeQualifierAnnotation(
                  xmethod, p, nonnullTypeQualifierValue);
          if (directTypeQualifierAnnotation != null
              && directTypeQualifierAnnotation.when == When.UNKNOWN) {
            //
            // The LocalVariableAnnotation is constructed using the local variable
            // number of the parameter, not the parameter number.
            //
            int paramLocal = xmethod.isStatic() ? p : p + 1;

            reporter.reportBug(
                new BugInstance(
                        this,
                        "NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE",
                        NORMAL_PRIORITY)
                    .addClassAndMethod(jclass, method)
                    .add(
                        LocalVariableAnnotation.getParameterLocalVariableAnnotation(
                            method, paramLocal)));
          }
        }
      }
    }
  }
コード例 #17
0
 /**
  * implements the detector to collect the super classes
  *
  * @param classContext the context object for the currently parsed class
  */
 @Override
 public void visitClassContext(ClassContext classContext) {
   try {
     clsContext = classContext;
     JavaClass cls = classContext.getJavaClass();
     if (cls.isInterface()) return;
     superClasses = cls.getSuperClasses();
     cls.accept(this);
   } catch (ClassNotFoundException cnfe) {
     bugReporter.reportMissingClass(cnfe);
   } finally {
     clsContext = null;
     superClasses = null;
   }
 }
コード例 #18
0
  @Override
  public void visitClassContext(ClassContext classContext) {
    if (appletClass == null) {
      return;
    }

    JavaClass cls = classContext.getJavaClass();
    try {
      if (cls.instanceOf(appletClass)) {
        cls.accept(this);
      }
    } catch (ClassNotFoundException cnfe) {
      bugReporter.reportMissingClass(cnfe);
    }
  }
コード例 #19
0
  public void visitClassContext(ClassContext classContext) {
    JavaClass javaClass = classContext.getJavaClass();
    Method[] methodList = javaClass.getMethods();

    for (Method method : methodList) {
      if (method.getCode() == null) continue;

      try {
        analyzeMethod(classContext, method);
      } catch (MethodUnprofitableException e) {
        assert true; // move along; nothing to see
      } catch (CFGBuilderException e) {
        String msg =
            "Detector "
                + this.getClass().getName()
                + " caught exception while analyzing "
                + javaClass.getClassName()
                + "."
                + method.getName()
                + " : "
                + method.getSignature();
        bugReporter.logError(msg, e);
      } catch (DataflowAnalysisException e) {
        String msg =
            "Detector "
                + this.getClass().getName()
                + " caught exception while analyzing "
                + javaClass.getClassName()
                + "."
                + method.getName()
                + " : "
                + method.getSignature();
        bugReporter.logError(msg, e);
      }
    }
  }
コード例 #20
0
  private void analyzeMethod(ClassContext classContext, Method method)
      throws CFGBuilderException, DataflowAnalysisException {
    if (BCELUtil.isSynthetic(method)
        || (method.getAccessFlags() & Const.ACC_BRIDGE) == Const.ACC_BRIDGE) {
      return;
    }
    CFG cfg = classContext.getCFG(method);

    ConstantPoolGen cpg = classContext.getConstantPoolGen();
    TypeDataflow typeDataflow = classContext.getTypeDataflow(method);

    for (Iterator<BasicBlock> i = cfg.blockIterator(); i.hasNext(); ) {
      BasicBlock basicBlock = i.next();

      // Check if it's a method invocation.
      if (!basicBlock.isExceptionThrower()) {
        continue;
      }
      InstructionHandle thrower = basicBlock.getExceptionThrower();
      Instruction ins = thrower.getInstruction();
      if (!(ins instanceof InvokeInstruction)) {
        continue;
      }

      InvokeInstruction inv = (InvokeInstruction) ins;
      boolean foundThrower = false;
      boolean foundNonThrower = false;

      if (inv instanceof INVOKEINTERFACE) {
        continue;
      }

      String className = inv.getClassName(cpg);

      Location loc = new Location(thrower, basicBlock);
      TypeFrame typeFrame = typeDataflow.getFactAtLocation(loc);
      XMethod primaryXMethod = XFactory.createXMethod(inv, cpg);
      // if (primaryXMethod.isAbstract()) continue;
      Set<XMethod> targetSet = null;
      try {

        if (className.startsWith("[")) {
          continue;
        }
        String methodSig = inv.getSignature(cpg);
        if (!methodSig.endsWith("V")) {
          continue;
        }

        targetSet = Hierarchy2.resolveMethodCallTargets(inv, typeFrame, cpg);

        for (XMethod xMethod : targetSet) {
          if (DEBUG) {
            System.out.println("\tFound " + xMethod);
          }

          boolean isUnconditionalThrower =
              xMethod.isUnconditionalThrower()
                  && !xMethod.isUnsupported()
                  && !xMethod.isSynthetic();
          if (isUnconditionalThrower) {
            foundThrower = true;
            if (DEBUG) {
              System.out.println("Found thrower");
            }
          } else {
            foundNonThrower = true;
            if (DEBUG) {
              System.out.println("Found non thrower");
            }
          }
        }
      } catch (ClassNotFoundException e) {
        analysisContext.getLookupFailureCallback().reportMissingClass(e);
      }
      boolean newResult = foundThrower && !foundNonThrower;
      if (newResult) {
        bugReporter.reportBug(
            new BugInstance(this, "TESTING", Priorities.NORMAL_PRIORITY)
                .addClassAndMethod(classContext.getJavaClass(), method)
                .addString("Call to method that always throws Exception")
                .addMethod(primaryXMethod)
                .describe(MethodAnnotation.METHOD_CALLED)
                .addSourceLine(classContext, method, loc));
      }
    }
  }
コード例 #21
0
 private void logException(ClassContext classContext, Method method, Exception ex) {
   bugReporter.logError(
       "Exception while analyzing " + classContext.getFullyQualifiedMethodName(method), ex);
 }
コード例 #22
0
 private static TaintDataflow getTaintDataFlow(ClassContext classContext, Method method)
     throws CheckedAnalysisException {
   MethodDescriptor descriptor = BCELUtil.getMethodDescriptor(classContext.getJavaClass(), method);
   return Global.getAnalysisCache().getMethodAnalysis(TaintDataflow.class, descriptor);
 }
コード例 #23
0
 public void visitClassContext(ClassContext classContext) {
   classContext.getJavaClass().accept(this);
 }
  private void analyzeMethod(ClassContext classContext, Method method)
      throws CFGBuilderException, DataflowAnalysisException {
    if (isSynthetic(method) || !prescreen(classContext, method)) return;
    XMethod xmethod = XFactory.createXMethod(classContext.getJavaClass(), method);
    if (xmethod.isSynthetic()) return;

    BugAccumulator accumulator = new BugAccumulator(bugReporter);

    CFG cfg = classContext.getCFG(method);
    TypeDataflow typeDataflow = classContext.getTypeDataflow(method);
    ValueNumberDataflow vnDataflow = classContext.getValueNumberDataflow(method);

    ConstantPoolGen cpg = classContext.getConstantPoolGen();
    MethodGen methodGen = classContext.getMethodGen(method);
    if (methodGen == null) return;
    String fullMethodName = methodGen.getClassName() + "." + methodGen.getName();

    String sourceFile = classContext.getJavaClass().getSourceFileName();
    if (DEBUG) {
      System.out.println("\n" + fullMethodName);
    }

    // Process each instruction
    for (Iterator<Location> iter = cfg.locationIterator(); iter.hasNext(); ) {
      Location location = iter.next();
      InstructionHandle handle = location.getHandle();
      Instruction ins = handle.getInstruction();

      // Only consider invoke instructions
      if (!(ins instanceof InvokeInstruction)) continue;

      InvokeInstruction inv = (InvokeInstruction) ins;

      XMethod invokedMethod = XFactory.createXMethod(inv, cpg);

      String invokedMethodName = invokedMethod.getName();
      String argSignature = invokedMethod.getSignature();
      argSignature = argSignature.substring(0, argSignature.indexOf(')') + 1);
      String call = invokedMethodName + argSignature;
      SignatureParser sigParser = new SignatureParser(inv.getSignature(cpg));

      Collection<Info> collection = callMap.get(call);
      if (!callMap.containsKey(call)) continue;
      for (Info info : collection) {
        Subtypes2 subtypes2 = AnalysisContext.currentAnalysisContext().getSubtypes2();
        if (DEBUG)
          System.out.println(
              "at "
                  + handle.getPosition()
                  + " Checking call to "
                  + info.interfaceForCall
                  + " : "
                  + invokedMethod);
        try {
          if (!subtypes2.isSubtype(invokedMethod.getClassDescriptor(), info.interfaceForCall))
            continue;
        } catch (ClassNotFoundException e) {
          if (info.interfaceForCall.getClassName().equals("java/util/Collection")
              && invokedMethod.getClassName().equals("com.google.common.collect.Multiset")) {
            assert true;
            // we know this is OK without needing to find definition of Multiset
          } else {
            AnalysisContext.reportMissingClass(e);
            continue;
          }
        }

        boolean allMethod;

        int typeArgument;
        if (info.typeIndex >= 0) {
          allMethod = false;
          typeArgument = info.typeIndex;
        } else {
          allMethod = true;
          typeArgument = -(1 + info.typeIndex);
        }
        int pos = info.argumentIndex;

        int lhsPos;
        if (inv instanceof INVOKESTATIC) lhsPos = sigParser.getSlotsFromTopOfStackForParameter(0);
        else lhsPos = sigParser.getTotalArgumentSize();

        int stackPos = sigParser.getSlotsFromTopOfStackForParameter(pos);

        TypeFrame frame = typeDataflow.getFactAtLocation(location);
        if (!frame.isValid()) {
          // This basic block is probably dead
          continue;
        }

        Type operandType = frame.getStackValue(stackPos);
        if (operandType.equals(TopType.instance())) {
          // unreachable
          continue;
        }

        if (operandType.equals(NullType.instance())) {
          // ignore
          continue;
        }

        ValueNumberFrame vnFrame = vnDataflow.getFactAtLocation(location);

        if (!vnFrame.isValid()) {
          AnalysisContext.logError("Invalid value number frame in " + xmethod);
          continue;
        }

        ValueNumber objectVN = vnFrame.getStackValue(lhsPos);
        ValueNumber argVN = vnFrame.getStackValue(stackPos);

        if (objectVN.equals(argVN)) {
          String bugPattern = "DMI_COLLECTIONS_SHOULD_NOT_CONTAIN_THEMSELVES";
          int priority = HIGH_PRIORITY;
          if (invokedMethodName.equals("removeAll")) {
            bugPattern = "DMI_USING_REMOVEALL_TO_CLEAR_COLLECTION";
            priority = NORMAL_PRIORITY;
          } else if (invokedMethodName.endsWith("All")) {
            bugPattern = "DMI_VACUOUS_SELF_COLLECTION_CALL";
            priority = NORMAL_PRIORITY;
          }
          if (invokedMethodName.startsWith("contains")) {
            InstructionHandle next = handle.getNext();
            if (next != null) {
              Instruction nextIns = next.getInstruction();

              if (nextIns instanceof InvokeInstruction) {
                XMethod nextMethod = XFactory.createXMethod((InvokeInstruction) nextIns, cpg);
                if (nextMethod.getName().equals("assertFalse")) continue;
              }
            }
          }
          accumulator.accumulateBug(
              new BugInstance(this, bugPattern, priority)
                  .addClassAndMethod(methodGen, sourceFile)
                  .addCalledMethod(methodGen, (InvokeInstruction) ins)
                  .addOptionalAnnotation(
                      ValueNumberSourceInfo.findAnnotationFromValueNumber(
                          method, location, objectVN, vnFrame, "INVOKED_ON")),
              SourceLineAnnotation.fromVisitedInstruction(
                  classContext, methodGen, sourceFile, handle));
        }

        // Only consider generic...
        Type objectType = frame.getStackValue(lhsPos);
        if (!(objectType instanceof GenericObjectType)) continue;

        GenericObjectType operand = (GenericObjectType) objectType;

        int expectedTypeParameters = 1;
        String simpleName = info.interfaceForCall.getSimpleName();
        if (simpleName.toLowerCase().endsWith("map") || simpleName.equals("Hashtable"))
          expectedTypeParameters = 2;
        else if (simpleName.equals("Table")) expectedTypeParameters = 3;

        // ... containers
        if (!operand.hasParameters()) continue;
        if (operand.getNumParameters() != expectedTypeParameters) continue;
        ClassDescriptor operandClass = DescriptorFactory.getClassDescriptor(operand);
        if (!isGenericCollection(operandClass)) continue;

        if (expectedTypeParameters == 2
            && Subtypes2.instanceOf(operandClass, Map.class)
            && !TypeFrameModelingVisitor.isStraightGenericMap(operandClass)) continue;
        Type expectedType;
        if (allMethod) expectedType = operand;
        else expectedType = operand.getParameterAt(typeArgument);
        Type actualType = frame.getStackValue(stackPos);
        Type equalsType = actualType;
        if (allMethod) {
          if (!(actualType instanceof GenericObjectType)) {
            continue;
          }
          equalsType = ((GenericObjectType) actualType).getParameterAt(typeArgument);
        }

        IncompatibleTypes matchResult = compareTypes(expectedType, actualType, allMethod);

        boolean parmIsObject = expectedType.getSignature().equals("Ljava/lang/Object;");
        boolean selfOperation = !allMethod && operand.equals(actualType) && !parmIsObject;
        if (!allMethod && !parmIsObject && actualType instanceof GenericObjectType) {

          GenericObjectType p2 = (GenericObjectType) actualType;
          List<? extends ReferenceType> parameters = p2.getParameters();
          if (parameters != null && parameters.equals(operand.getParameters()))
            selfOperation = true;
        }

        if (!selfOperation
            && (matchResult == IncompatibleTypes.SEEMS_OK
                || matchResult.getPriority() == Priorities.IGNORE_PRIORITY)) continue;

        if (invokedMethodName.startsWith("contains") || invokedMethodName.equals("remove")) {
          InstructionHandle next = handle.getNext();
          if (next != null) {
            Instruction nextIns = next.getInstruction();

            if (nextIns instanceof InvokeInstruction) {
              XMethod nextMethod = XFactory.createXMethod((InvokeInstruction) nextIns, cpg);
              if (nextMethod.getName().equals("assertFalse")) continue;
            }
          }
        } else if (invokedMethodName.equals("get") || invokedMethodName.equals("remove")) {
          InstructionHandle next = handle.getNext();
          if (next != null) {
            Instruction nextIns = next.getInstruction();

            if (nextIns instanceof InvokeInstruction) {
              XMethod nextMethod = XFactory.createXMethod((InvokeInstruction) nextIns, cpg);
              if (nextMethod.getName().equals("assertNull")) continue;
            }
          }
        }
        boolean noisy = false;
        if (invokedMethodName.equals("get")) {
          UnconditionalValueDerefDataflow unconditionalValueDerefDataflow =
              classContext.getUnconditionalValueDerefDataflow(method);

          UnconditionalValueDerefSet unconditionalDeref =
              unconditionalValueDerefDataflow.getFactAtLocation(location);
          ValueNumberFrame vnAfter = vnDataflow.getFactAfterLocation(location);
          ValueNumber top = vnAfter.getTopValue();
          noisy =
              unconditionalDeref.getValueNumbersThatAreUnconditionallyDereferenced().contains(top);
        }
        // Prepare bug report
        SourceLineAnnotation sourceLineAnnotation =
            SourceLineAnnotation.fromVisitedInstruction(
                classContext, methodGen, sourceFile, handle);

        // Report a bug that mentions each of the failed arguments in
        // matches

        if (expectedType instanceof GenericObjectType)
          expectedType = ((GenericObjectType) expectedType).getUpperBound();

        int priority = matchResult.getPriority();
        if (!operandClass.getClassName().startsWith("java/util")
            && priority == Priorities.HIGH_PRIORITY)
          priority = Math.max(priority, Priorities.NORMAL_PRIORITY);
        if (TestCaseDetector.likelyTestCase(xmethod))
          priority = Math.max(priority, Priorities.NORMAL_PRIORITY);
        else if (selfOperation) priority = Priorities.HIGH_PRIORITY;
        ClassDescriptor expectedClassDescriptor =
            DescriptorFactory.createClassOrObjectDescriptorFromSignature(
                expectedType.getSignature());
        ClassDescriptor actualClassDescriptor =
            DescriptorFactory.createClassOrObjectDescriptorFromSignature(equalsType.getSignature());
        ClassSummary classSummary = AnalysisContext.currentAnalysisContext().getClassSummary();
        Set<XMethod> targets = null;
        try {
          targets =
              Hierarchy2.resolveVirtualMethodCallTargets(
                  actualClassDescriptor, "equals", "(Ljava/lang/Object;)Z", false, false);
          boolean allOk = targets.size() > 0;
          for (XMethod m2 : targets)
            if (!classSummary.mightBeEqualTo(m2.getClassDescriptor(), expectedClassDescriptor))
              allOk = false;
          if (allOk) priority += 2;
        } catch (ClassNotFoundException e) {
          AnalysisContext.reportMissingClass(e);
        }
        String bugPattern = "GC_UNRELATED_TYPES";

        BugInstance bug =
            new BugInstance(this, bugPattern, priority)
                .addClassAndMethod(methodGen, sourceFile)
                .addFoundAndExpectedType(actualType, expectedType)
                .addCalledMethod(methodGen, (InvokeInstruction) ins)
                .addOptionalAnnotation(
                    ValueNumberSourceInfo.findAnnotationFromValueNumber(
                        method, location, objectVN, vnFrame, "INVOKED_ON"))
                .addOptionalAnnotation(
                    ValueNumberSourceInfo.findAnnotationFromValueNumber(
                        method, location, argVN, vnFrame, "ARGUMENT"))
                .addEqualsMethodUsed(targets);
        if (noisy) {
          WarningPropertySet<WarningProperty> propertySet =
              new WarningPropertySet<WarningProperty>();

          propertySet.addProperty(GeneralWarningProperty.NOISY_BUG);
          propertySet.decorateBugInstance(bug);
        }
        accumulator.accumulateBug(bug, sourceLineAnnotation);
      }
    }
    accumulator.reportAccumulatedBugs();
  }
コード例 #25
0
 @Override
 public void visitClassContext(ClassContext classContext) {
   this.classContext = classContext;
   classContext.getJavaClass().accept(this);
 }
コード例 #26
0
  public void meetInto(
      UnconditionalValueDerefSet fact,
      Edge edge,
      UnconditionalValueDerefSet result,
      boolean onlyEdge) {
    if (isExceptionEdge(edge) && !onlyEdge) {
      if (DEBUG) {
        System.out.println("Skipping exception edge");
      }
      return;
    }

    ValueNumber knownNonnullOnBranch = null;
    // Edge transfer function
    if (isFactValid(fact)) {
      fact = propagateDerefSetsToMergeInputValues(fact, edge);
      if (invDataflow != null) {
        knownNonnullOnBranch = findValueKnownNonnullOnBranch(fact, edge);
        if (knownNonnullOnBranch != null) {
          fact = duplicateFact(fact);
          fact.clearDerefSet(knownNonnullOnBranch);
        }
      }
    }
    boolean isBackEdge = edge.isBackwardInBytecode();
    Set<Integer> loopExitBranches = ClassContext.getLoopExitBranches(method, methodGen);
    assert loopExitBranches != null;
    boolean sourceIsTopOfLoop = edge.sourceIsTopOfLoop(loopExitBranches);
    if (sourceIsTopOfLoop && edge.getType() == EdgeTypes.FALL_THROUGH_EDGE) {
      isBackEdge = true;
    }
    /*
    if (false && (edge.getType() == EdgeTypes.IFCMP_EDGE || sourceIsTopOfLoop)) {
        System.out.println("Meet into " + edge);
        System.out.println("  foo2: " + sourceIsTopOfLoop);
        System.out.println("  getType: " + edge.getType());
        System.out.println("  Backedge according to bytecode: " + isBackEdge);
        System.out.println("  Fact hashCode: " + System.identityHashCode(result));
        System.out.println("  Initial fact: " + result);
        System.out.println("  Edge fact: " + fact);
    }
     */
    if (result.isTop() || fact.isBottom()) {
      // Make result identical to other fact
      copy(fact, result);
      if (ASSUME_NONZERO_TRIP_LOOPS && isBackEdge && !fact.isTop()) {
        result.resultsFromBackEdge = true;
      }
    } else if (ASSUME_NONZERO_TRIP_LOOPS && isBackEdge && !fact.isTop()) {
      result.unionWith(fact, vnaDataflow.getAnalysis().getFactory());
      result.resultsFromBackEdge = true;
      if (DEBUG) {
        System.out.println(
            "\n Forcing union of " + System.identityHashCode(result) + " due to backedge info");
        System.out.println("  result: " + result);
      }

    } else if (result.isBottom() || fact.isTop()) {
      // No change in result fact
    } else {
      // Dataflow merge
      // (intersection of unconditional deref values)
      if (ASSUME_NONZERO_TRIP_LOOPS && result.resultsFromBackEdge) {
        result.backEdgeUpdateCount++;
        if (result.backEdgeUpdateCount < 10) {
          if (DEBUG) {
            System.out.println(
                "\n Union update of " + System.identityHashCode(result) + " due to backedge info");
          }
          result.unionWith(fact, vnaDataflow.getAnalysis().getFactory());
          return;
        }
      }
      result.mergeWith(fact, knownNonnullOnBranch, vnaDataflow.getAnalysis().getFactory());
      if (DEBUG) {
        System.out.println("  updated: " + System.identityHashCode(result));
        System.out.println("  result: " + result);
      }
    }
    if (DEBUG && isBackEdge && edge.getType() == EdgeTypes.IFCMP_EDGE) {
      System.out.println("  result: " + result);
    }
  }
コード例 #27
0
 @Override
 public void visitClassContext(ClassContext classContext) {
   classContext.getJavaClass().accept(this);
   flush();
 }
コード例 #28
0
  /**
   * overrides the visitor to report on classes without toStrings that have fields
   *
   * @param classContext the context object of the currently parsed class
   */
  @Override
  public void visitClassContext(ClassContext classContext) {
    JavaClass cls = classContext.getJavaClass();

    if (cls.getPackageName().isEmpty()) {
      bugReporter.reportBug(
          new BugInstance(this, BugType.IMC_IMMATURE_CLASS_NO_PACKAGE.name(), LOW_PRIORITY)
              .addClass(cls));
    }

    if ((!cls.isAbstract())
        && (!cls.isEnum())
        && !cls.getClassName().contains("$")
        && !isTestClass(cls)) {

      try {
        boolean clsHasRuntimeAnnotation = classHasRuntimeVisibleAnnotation(cls);
        HEStatus heStatus = HEStatus.UNKNOWN;

        checkIDEGeneratedParmNames(cls);

        for (Field f : cls.getFields()) {
          if (!f.isStatic() && !f.isSynthetic()) {

            boolean fieldHasRuntimeAnnotation = fieldHasRuntimeVisibleAnnotation(f);
            if (!fieldHasRuntimeAnnotation) {
              /* only report one of these, so as not to flood the report */
              if (!hasMethodInHierarchy(cls, "toString", "()Ljava/lang/String;")) {
                bugReporter.reportBug(
                    new BugInstance(
                            this, BugType.IMC_IMMATURE_CLASS_NO_TOSTRING.name(), LOW_PRIORITY)
                        .addClass(cls));
                return;
              }
              if (heStatus != HEStatus.NOT_NEEDED) {
                String fieldSig = f.getSignature();
                if (fieldSig.startsWith("L")) {
                  if (!fieldSig.startsWith("Ljava")) {
                    JavaClass fieldClass =
                        Repository.lookupClass(fieldSig.substring(1, fieldSig.length() - 1));
                    if (!hasMethodInHierarchy(fieldClass, "equals", "(Ljava/lang/Object)Z")) {
                      heStatus = HEStatus.NOT_NEEDED;
                    }
                  } else if (!fieldSig.startsWith("Ljava/lang/")
                      && !fieldSig.startsWith("Ljava/util/")) {
                    heStatus = HEStatus.NOT_NEEDED;
                  }
                } else if (!fieldSig.startsWith("[")) {
                  heStatus = HEStatus.NEEDED;
                }
              }
            } else {
              heStatus = HEStatus.NOT_NEEDED;
            }
          }
        }

        if (!clsHasRuntimeAnnotation && (heStatus == HEStatus.NEEDED)) {
          if (!hasMethodInHierarchy(cls, "equals", "(Ljava/lang/Object;)Z")) {
            bugReporter.reportBug(
                new BugInstance(this, BugType.IMC_IMMATURE_CLASS_NO_EQUALS.name(), LOW_PRIORITY)
                    .addClass(cls));
          } else if (!hasMethodInHierarchy(cls, "hashCode", "()I")) {
            bugReporter.reportBug(
                new BugInstance(this, BugType.IMC_IMMATURE_CLASS_NO_HASHCODE.name(), LOW_PRIORITY)
                    .addClass(cls));
          }
        }

      } catch (ClassNotFoundException cnfe) {
        bugReporter.reportMissingClass(cnfe);
      }
    }
  }