示例#1
0
  CFG createCFG(String className) throws ClassNotFoundException {
    CFG cfg = new CFG();
    JavaClass jc = Repository.lookupClass(className);
    ClassGen cg = new ClassGen(jc);
    ConstantPoolGen cpg = cg.getConstantPool();
    for (Method m : cg.getMethods()) {
      MethodGen mg = new MethodGen(m, cg.getClassName(), cpg);
      InstructionList il = mg.getInstructionList();
      InstructionHandle[] handles = il.getInstructionHandles();
      int prev = 0;
      for (InstructionHandle ih : handles) {
        int position = ih.getPosition();
        cfg.addNode(position, m, jc);
        Instruction inst = ih.getInstruction();

        boolean br = inst.getName().contains("if") || inst.getName().contains("goto");
        boolean ret = inst.getName().contains("return");
        boolean stat = inst.getName().contains("invokestatic");
        int len = inst.getLength();

        if (stat) {
          int index = inst.toString(true).indexOf(" ");
          String name = inst.toString(true).substring(index + 1);
          int tar = Integer.valueOf(name);
          INVOKESTATIC inv = new INVOKESTATIC(tar);
          name = inv.getMethodName(cpg);

          Method m2 = null;
          Method[] tm = cg.getMethods();
          for (int i = 0; i < tm.length; i++) {
            if (tm[i].getName().equals(name)) {
              m2 = tm[i];
            }
          }
          cfg.addEdge(position, m, jc, 0, m2, jc);
          cfg.addEdge(-1, m2, jc, position + len, m, jc);
        }

        if (!ret && !stat) {
          cfg.addEdge(position, position + len, m, jc);
        }
        if (br) {
          cfg.addEdge(position, position + len, m, jc);
          IF_ICMPGE comp = new IF_ICMPGE(ih);
          String name = comp.getTarget().toString(false);
          int index = name.indexOf(">");
          name = name.substring(index + 2);
          int tar = Integer.valueOf(name);
          cfg.addEdge(position, tar, m, jc);
        }
        if (ret) {
          cfg.addEdge(position, -1, m, jc);
        }

        prev = position;
      }
      System.out.println(cfg.toString());
    }
    return cfg;
  }
  @Override
  public void visitClassContext(ClassContext classContext) {
    JavaClass javaClass = classContext.getJavaClass();

    Method[] methodList = javaClass.getMethods();

    for (Method m : methodList) {
      MethodGen methodGen = classContext.getMethodGen(m);

      if (DEBUG) {
        System.out.println(">>> Method: " + m.getName());
      }

      // To suspect that an invalid String representation is being build,
      // we identify the construction of a MessageDigest and
      // the use of a function that trim leading 0.
      boolean invokeMessageDigest = false;
      boolean invokeToHexString = false;

      ConstantPoolGen cpg = classContext.getConstantPoolGen();
      if (methodGen == null || methodGen.getInstructionList() == null) {
        continue; // No instruction .. nothing to do
      }
      for (Iterator itIns = methodGen.getInstructionList().iterator(); itIns.hasNext(); ) {
        Instruction inst = ((InstructionHandle) itIns.next()).getInstruction();
        if (DEBUG) {
          ByteCode.printOpCode(inst, cpg);
        }

        if (inst instanceof INVOKEVIRTUAL) { // MessageDigest.digest is called
          INVOKEVIRTUAL invoke = (INVOKEVIRTUAL) inst;
          if ("java.security.MessageDigest".equals(invoke.getClassName(cpg))
              && "digest".equals(invoke.getMethodName(cpg))) {
            invokeMessageDigest = true;
          }
        } else if (inst instanceof INVOKESTATIC
            && invokeMessageDigest) { // The conversion must occurs after the digest was created
          INVOKESTATIC invoke = (INVOKESTATIC) inst;
          if ("java.lang.Integer".equals(invoke.getClassName(cpg))
              && "toHexString".equals(invoke.getMethodName(cpg))) {
            invokeToHexString = true;
          }
        }
      }

      if (invokeMessageDigest && invokeToHexString) {
        bugReporter.reportBug(
            new BugInstance(this, BAD_HEXA_CONVERSION_TYPE, Priorities.NORMAL_PRIORITY) //
                .addClassAndMethod(javaClass, m));
      }
    }
  }
  /**
   * Get the InnerClassAccess for access method called by given INVOKESTATIC.
   *
   * @param inv the INVOKESTATIC instruction
   * @param cpg the ConstantPoolGen for the method
   * @return the InnerClassAccess, or null if the instruction is not an inner-class access
   */
  public static InnerClassAccess getInnerClassAccess(INVOKESTATIC inv, ConstantPoolGen cpg)
      throws ClassNotFoundException {

    String className = inv.getClassName(cpg);
    String methodName = inv.getName(cpg);
    String methodSig = inv.getSignature(cpg);

    InnerClassAccess access =
        AnalysisContext.currentAnalysisContext()
            .getInnerClassAccessMap()
            .getInnerClassAccess(className, methodName);
    return (access != null && access.getMethodSignature().equals(methodSig)) ? access : null;
  }
示例#4
0
 public static String getCallClassName(Instruction ins, ConstantPoolGen cp) {
   if (ins instanceof INVOKESTATIC) {
     INVOKESTATIC invst = (INVOKESTATIC) ins;
     return invst.getClassName(cp);
   } else if (ins instanceof INVOKEVIRTUAL) {
     INVOKEVIRTUAL invst = (INVOKEVIRTUAL) ins;
     return invst.getClassName(cp);
   } else if (ins instanceof INVOKEINTERFACE) {
     INVOKEINTERFACE invst = (INVOKEINTERFACE) ins;
     return invst.getClassName(cp);
   } else if (ins instanceof INVOKESPECIAL) {
     INVOKESPECIAL invst = (INVOKESPECIAL) ins;
     return invst.getClassName(cp);
   } else {
     return null;
   }
 }
示例#5
0
 public static Type[] getCallArgTypes(Instruction ins, ConstantPoolGen cp) {
   if (ins instanceof INVOKESTATIC) {
     INVOKESTATIC invst = (INVOKESTATIC) ins;
     return invst.getArgumentTypes(cp);
   } else if (ins instanceof INVOKEVIRTUAL) {
     INVOKEVIRTUAL invst = (INVOKEVIRTUAL) ins;
     return invst.getArgumentTypes(cp);
   } else if (ins instanceof INVOKEINTERFACE) {
     INVOKEINTERFACE invst = (INVOKEINTERFACE) ins;
     return invst.getArgumentTypes(cp);
   } else if (ins instanceof INVOKESPECIAL) {
     INVOKESPECIAL invst = (INVOKESPECIAL) ins;
     return invst.getArgumentTypes(cp);
   } else {
     return null;
   }
 }
示例#6
0
 /** Symbolically executes the corresponding Java Virtual Machine instruction. */
 public void visitINVOKESTATIC(INVOKESTATIC o) {
   for (int i = 0; i < o.getArgumentTypes(cpg).length; i++) {
     stack().pop();
   }
   // We are sure the invoked method will xRETURN eventually
   // We simulate xRETURNs functionality here because we
   // don't really "jump into" and simulate the invoked
   // method.
   if (o.getReturnType(cpg) != Type.VOID) {
     Type t = o.getReturnType(cpg);
     if (t.equals(Type.BOOLEAN)
         || t.equals(Type.CHAR)
         || t.equals(Type.BYTE)
         || t.equals(Type.SHORT)) {
       t = Type.INT;
     }
     stack().push(t);
   }
 }
示例#7
0
 public static Instruction getNewInvoke(Instruction ins, int index) {
   if (ins instanceof INVOKESTATIC) {
     INVOKESTATIC invst = (INVOKESTATIC) ins;
     invst.setIndex(index);
     return invst;
   } else if (ins instanceof INVOKEVIRTUAL) {
     INVOKEVIRTUAL invst = (INVOKEVIRTUAL) ins;
     invst.setIndex(index);
     return invst;
   } else if (ins instanceof INVOKEINTERFACE) {
     INVOKEINTERFACE invst = (INVOKEINTERFACE) ins;
     invst.setIndex(index);
     return invst;
   } else if (ins instanceof INVOKESPECIAL) {
     INVOKESPECIAL invst = (INVOKESPECIAL) ins;
     invst.setIndex(index);
     return invst;
   } else {
     return null;
   }
 }
示例#8
0
  /**
   * Transforms invoke instructions that match the specified list for this class to call the
   * specified static call instead.
   */
  private InstructionList xform_inst(MethodGen mg, Instruction inst) {

    switch (inst.getOpcode()) {
      case Constants.INVOKESTATIC:
        {
          InstructionList il = new InstructionList();
          INVOKESTATIC is = (INVOKESTATIC) inst;
          String cname = is.getClassName(pgen);
          String mname = is.getMethodName(pgen);
          Type[] args = is.getArgumentTypes(pgen);
          MethodDef orig = new MethodDef(cname + "." + mname, args);
          MethodInfo call = method_map.get(orig);
          if (call != null) {
            call.cnt++;
            String classname = call.method_class;
            String methodname = mname;
            debug_map.log(
                "%s.%s: Replacing method %s.%s (%s) with %s.%s%n",
                mg.getClassName(),
                mg.getName(),
                cname,
                mname,
                UtilMDE.join(args, ", "),
                classname,
                methodname);
            il.append(
                ifact.createInvoke(
                    classname, methodname, is.getReturnType(pgen), args, Constants.INVOKESTATIC));
          }
          return (il);
        }

      case Constants.INVOKEVIRTUAL:
        {
          InstructionList il = new InstructionList();
          INVOKEVIRTUAL iv = (INVOKEVIRTUAL) inst;
          String cname = iv.getClassName(pgen);
          String mname = iv.getMethodName(pgen);
          Type[] args = iv.getArgumentTypes(pgen);
          Type instance_type = iv.getReferenceType(pgen);
          Type[] new_args = BCELUtil.insert_type(instance_type, args);
          MethodDef orig = new MethodDef(cname + "." + mname, args);
          if (debug_class) System.out.printf("looking for %s in map %s%n", orig, method_map);
          MethodInfo call = method_map.get(orig);
          if (call != null) {
            call.cnt++;
            String classname = call.method_class;
            String methodname = mname;
            debug_map.log(
                "Replacing method %s.%s (%s) with %s.%s%n",
                cname, mname, ArraysMDE.toString(args), classname, methodname);
            il.append(
                ifact.createInvoke(
                    classname,
                    methodname,
                    iv.getReturnType(pgen),
                    new_args,
                    Constants.INVOKESTATIC));
          }
          return (il);
        }

      default:
        return (null);
    }
  }
 /**
  * Determine whether the given INVOKESTATIC instruction is an inner-class field accessor method.
  *
  * @param inv the INVOKESTATIC instruction
  * @param cpg the ConstantPoolGen for the method
  * @return true if the instruction is an inner-class field accessor, false if not
  */
 public static boolean isInnerClassAccess(INVOKESTATIC inv, ConstantPoolGen cpg) {
   String methodName = inv.getName(cpg);
   return methodName.startsWith("access$");
 }