本文整理汇总了Java中edu.umd.cs.findbugs.ba.DataflowAnalysisException类的典型用法代码示例。如果您正苦于以下问题:Java DataflowAnalysisException类的具体用法?Java DataflowAnalysisException怎么用?Java DataflowAnalysisException使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
DataflowAnalysisException类属于edu.umd.cs.findbugs.ba包,在下文中一共展示了DataflowAnalysisException类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: match
import edu.umd.cs.findbugs.ba.DataflowAnalysisException; //导入依赖的package包/类
public MatchResult match(InstructionHandle handle, ConstantPoolGen cpg,
ValueNumberFrame before, ValueNumberFrame after, BindingSet bindingSet) throws DataflowAnalysisException {
Variable field;
Instruction ins = handle.getInstruction();
FieldInstruction fieldIns;
// The instruction must be GETFIELD or GETSTATIC
if (ins instanceof GETFIELD) {
fieldIns = (GETFIELD) ins;
ValueNumber ref = before.getTopValue();
field = new FieldVariable(ref, fieldIns.getClassName(cpg), fieldIns.getFieldName(cpg), fieldIns.getSignature(cpg));
} else if (ins instanceof GETSTATIC) {
fieldIns = (GETSTATIC) ins;
field = new FieldVariable(fieldIns.getClassName(cpg), fieldIns.getFieldName(cpg), fieldIns.getSignature(cpg));
} else
return null;
Variable result = snarfFieldValue(fieldIns, cpg, after);
return checkConsistent(field, result, bindingSet);
}
示例2: match
import edu.umd.cs.findbugs.ba.DataflowAnalysisException; //导入依赖的package包/类
public MatchResult match(InstructionHandle handle, ConstantPoolGen cpg,
ValueNumberFrame before, ValueNumberFrame after, BindingSet bindingSet) throws DataflowAnalysisException {
Instruction ins = handle.getInstruction();
FieldInstruction fieldIns;
Variable field;
// The instruction must be PUTFIELD or PUTSTATIC
if (ins instanceof PUTFIELD) {
fieldIns = (PUTFIELD) ins;
int numSlots = before.getNumSlots();
ValueNumber ref = before.getValue(isLongOrDouble(fieldIns, cpg)
? numSlots - 3
: numSlots - 2);
field = new FieldVariable(ref, fieldIns.getClassName(cpg), fieldIns.getFieldName(cpg), fieldIns.getSignature(cpg));
} else if (ins instanceof PUTSTATIC) {
fieldIns = (PUTSTATIC) ins;
field = new FieldVariable(fieldIns.getClassName(cpg), fieldIns.getFieldName(cpg), fieldIns.getSignature(cpg));
} else
return null;
Variable value = snarfFieldValue(fieldIns, cpg, before);
return checkConsistent(field, value, bindingSet);
}
示例3: handleStoreInstruction
import edu.umd.cs.findbugs.ba.DataflowAnalysisException; //导入依赖的package包/类
@Override
public void handleStoreInstruction(StoreInstruction obj) {
try {
int numConsumed = obj.consumeStack(cpg);
if (numConsumed == Constants.UNPREDICTABLE) {
throw new InvalidBytecodeException("Unpredictable stack consumption");
}
int index = obj.getIndex();
while (numConsumed-- > 0) {
Taint value = new Taint(getFrame().popValue());
value.setVariableIndex(index);
getFrame().setValue(index++, value);
}
} catch (DataflowAnalysisException ex) {
throw new InvalidBytecodeException(ex.toString(), ex);
}
}
示例4: visitAASTORE
import edu.umd.cs.findbugs.ba.DataflowAnalysisException; //导入依赖的package包/类
@Override
public void visitAASTORE(AASTORE obj) {
try {
Taint valueTaint = getFrame().popValue();
getFrame().popValue(); // array index
Taint arrayTaint = getFrame().popValue();
Taint merge = Taint.merge(valueTaint, arrayTaint);
setLocalVariableTaint(merge, arrayTaint);
Taint stackTop = null;
if (getFrame().getStackDepth() > 0) {
stackTop = getFrame().getTopValue();
}
// varargs use duplicated values
if (stackTop == arrayTaint) {
getFrame().popValue();
getFrame().pushValue(new Taint(merge));
}
} catch (DataflowAnalysisException ex) {
throw new InvalidBytecodeException("Not enough values on the stack", ex);
}
}
示例5: visitCHECKCAST
import edu.umd.cs.findbugs.ba.DataflowAnalysisException; //导入依赖的package包/类
@Override
public void visitCHECKCAST(CHECKCAST obj) {
// cast to a safe object type
ObjectType objectType = obj.getLoadClassType(cpg);
if (objectType == null) {
return;
}
String objectTypeSignature = objectType.getSignature();
if(!taintConfig.isClassTaintSafe(objectTypeSignature)) {
return;
}
try {
getFrame().popValue();
pushSafe();
}
catch (DataflowAnalysisException ex) {
throw new InvalidBytecodeException("empty stack for checkcast", ex);
}
}
示例6: getPriorityFromTaintFrame
import edu.umd.cs.findbugs.ba.DataflowAnalysisException; //导入依赖的package包/类
@Override
protected int getPriorityFromTaintFrame(TaintFrame fact, int offset)
throws DataflowAnalysisException {
Taint valueTaint = fact.getStackValue(0);
Taint parameterTaint = fact.getStackValue(1);
if(valueTaint.getConstantValue() == null || parameterTaint.getConstantValue() == null) {
return Priorities.IGNORE_PRIORITY;
}
String parameterValue = parameterTaint.getConstantValue().toLowerCase();
if(parameterValue.equals("java.naming.security.credentials")) {
return Priorities.NORMAL_PRIORITY;
}
for (String password : PASSWORD_WORDS) {
if (parameterValue.contains(password)) {//Is a constant value
return Priorities.NORMAL_PRIORITY;
}
}
return Priorities.IGNORE_PRIORITY;
}
示例7: getPriorityFromTaintFrame
import edu.umd.cs.findbugs.ba.DataflowAnalysisException; //导入依赖的package包/类
@Override
protected int getPriorityFromTaintFrame(TaintFrame fact, int offset)
throws DataflowAnalysisException {
Taint mvcResultTaint = fact.getStackValue(offset);
// The MVC Result object was tainted - This could still be safe if the content-type is a safe one
if (!mvcResultTaint.isSafe()) {
// Get the value of the content-type parameter
Taint parameterTaint = fact.getStackValue(0);
if ( !parameterTaint.isSafe()
|| VULNERABLE_CONTENT_TYPE.equalsIgnoreCase(parameterTaint.getConstantValue())) {
return getPriority(mvcResultTaint);
}
}
return Priorities.IGNORE_PRIORITY;
}
示例8: hasCustomReadObject
import edu.umd.cs.findbugs.ba.DataflowAnalysisException; //导入依赖的package包/类
/**
* Check if the readObject is doing multiple external call beyond the basic readByte, readBoolean, etc..
* @param m
* @param classContext
* @return
* @throws CFGBuilderException
* @throws DataflowAnalysisException
*/
private boolean hasCustomReadObject(Method m, ClassContext classContext,List<String> classesToIgnore)
throws CFGBuilderException, DataflowAnalysisException {
ConstantPoolGen cpg = classContext.getConstantPoolGen();
CFG cfg = classContext.getCFG(m);
int count = 0;
for (Iterator<Location> i = cfg.locationIterator(); i.hasNext(); ) {
Location location = i.next();
Instruction inst = location.getHandle().getInstruction();
//ByteCode.printOpCode(inst,cpg);
if(inst instanceof InvokeInstruction) {
InvokeInstruction invoke = (InvokeInstruction) inst;
if (!READ_DESERIALIZATION_METHODS.contains(invoke.getMethodName(cpg))
&& !classesToIgnore.contains(invoke.getClassName(cpg))) {
count +=1;
}
}
}
return count > 3;
}
示例9: visitClassContext
import edu.umd.cs.findbugs.ba.DataflowAnalysisException; //导入依赖的package包/类
@Override
public void visitClassContext(ClassContext classContext) {
JavaClass javaClass = classContext.getJavaClass();
if (OBJECT_MAPPER_CLASSES.contains(javaClass.getClassName())) {
return;
}
for (Field field : javaClass.getFields()) {
analyzeField(field, javaClass);
}
for (Method m : javaClass.getMethods()) {
try {
analyzeMethod(m, classContext);
}
catch (CFGBuilderException | DataflowAnalysisException e) {
}
}
}
示例10: analyzeMethod
import edu.umd.cs.findbugs.ba.DataflowAnalysisException; //导入依赖的package包/类
private void analyzeMethod(Method m, ClassContext classContext) throws CFGBuilderException, DataflowAnalysisException {
MethodGen methodGen = classContext.getMethodGen(m);
ConstantPoolGen cpg = classContext.getConstantPoolGen();
CFG cfg = classContext.getCFG(m);
if (methodGen == null || methodGen.getInstructionList() == null) {
return; //No instruction .. nothing to do
}
for (Iterator<Location> i = cfg.locationIterator(); i.hasNext(); ) {
Location location = i.next();
Instruction inst = location.getHandle().getInstruction();
if (inst instanceof InvokeInstruction) {
InvokeInstruction invoke = (InvokeInstruction) inst;
String methodName = invoke.getMethodName(cpg);
if ("enableDefaultTyping".equals(methodName)) {
JavaClass clz = classContext.getJavaClass();
bugReporter.reportBug(new BugInstance(this, DESERIALIZATION_TYPE, HIGH_PRIORITY)
.addClass(clz)
.addMethod(clz, m)
.addCalledMethod(cpg, invoke)
.addSourceLine(classContext, m, location)
);
}
}
}
}
示例11: analyzeMethod
import edu.umd.cs.findbugs.ba.DataflowAnalysisException; //导入依赖的package包/类
private void analyzeMethod(Method m, ClassContext classContext) throws CFGBuilderException, DataflowAnalysisException {
ConstantPoolGen cpg = classContext.getConstantPoolGen();
CFG cfg = classContext.getCFG(m);
for (Iterator<Location> i = cfg.locationIterator(); i.hasNext(); ) {
Location location = i.next();
Instruction inst = location.getHandle().getInstruction();
if (inst instanceof LDC) {
LDC ldc = (LDC) inst;
if (ldc != null) {
if("java.naming.security.authentication".equals(ldc.getValue(cpg)) &&
"none".equals(ByteCode.getConstantLDC(location.getHandle().getNext(), cpg, String.class))){
JavaClass clz = classContext.getJavaClass();
bugReporter.reportBug(new BugInstance(this, LDAP_ANONYMOUS, Priorities.LOW_PRIORITY) //
.addClass(clz)
.addMethod(clz, m)
.addSourceLine(classContext, m, location));
break;
}
}
}
}
}
示例12: mergeReferenceTypes
import edu.umd.cs.findbugs.ba.DataflowAnalysisException; //导入依赖的package包/类
@Override
protected ReferenceType mergeReferenceTypes(ReferenceType aRef, ReferenceType bRef) throws DataflowAnalysisException {
byte aType = aRef.getType();
byte bType = bRef.getType();
if (isExtendedStringType(aType) || isExtendedStringType(bType)) {
// If both types are the same extended String type,
// then the same type is returned. Otherwise, extended
// types are downgraded to plain java.lang.String,
// and a standard merge is applied.
if (aType == bType) {
return aRef;
}
if (isExtendedStringType(aType)) {
aRef = Type.STRING;
}
if (isExtendedStringType(bType)) {
bRef = Type.STRING;
}
}
return super.mergeReferenceTypes(aRef, bRef);
}
示例13: newValueOnTOS
import edu.umd.cs.findbugs.ba.DataflowAnalysisException; //导入依赖的package包/类
/**
* Hook indicating that a new (possibly-null) value is on the top of the
* stack.
*/
private void newValueOnTOS() {
IsNullValueFrame frame = getFrame();
if (frame.getStackDepth() < 1) {
return;
}
int tosSlot = frame.getNumSlots() - 1;
IsNullValue tos = frame.getValue(tosSlot);
if (tos.isDefinitelyNull()) {
slotContainingNewNullValue = tosSlot;
}
if (trackValueNumbers) {
try {
ValueNumberFrame vnaFrameAfter = vnaDataflow.getFactAfterLocation(getLocation());
if (vnaFrameAfter.isValid()) {
ValueNumber tosVN = vnaFrameAfter.getTopValue();
getFrame().setKnownValue(tosVN, tos);
}
} catch (DataflowAnalysisException e) {
AnalysisContext.logError("error", e);
}
}
}
示例14: refresh
import edu.umd.cs.findbugs.ba.DataflowAnalysisException; //导入依赖的package包/类
@Override
public void refresh(ValueNumberFrame vnaFrame, DefinitelyNullSet definitelyNullSet) throws DataflowAnalysisException {
valueNumber = vnaFrame.getTopValue();
NullnessValue nullnessValue = definitelyNullSet.getNulllessValue(valueNumber);
short opcode = getLocation().getHandle().getInstruction().getOpcode();
if (nullnessValue.isDefinitelyNull() || nullnessValue.isDefinitelyNotNull()) {
// Comparison is redundant.
boolean ifcmpFeasible = nullnessValue.isDefinitelyNull() == (opcode == Constants.IFNULL);
ifcmpDecision = new Decision(ifcmpFeasible, ifcmpFeasible ? nullnessValue.toCheckedValue() : null);
boolean fallThroughFeasible = nullnessValue.isDefinitelyNull() != (opcode == Constants.IFNONNULL);
fallThroughDecision = new Decision(fallThroughFeasible, fallThroughFeasible ? nullnessValue.toCheckedValue() : null);
return;
}
NullnessValue definitelyNull = NullnessValue.definitelyNullValue().toCheckedValue();
NullnessValue definitelyNotNull = NullnessValue.definitelyNotNullValue().toCheckedValue();
// Nullness is unknown, assume both branches are feasible.
ifcmpDecision = new Decision(true, (opcode == Constants.IFNULL) ? definitelyNull : definitelyNotNull);
fallThroughDecision = new Decision(true, (opcode == Constants.IFNULL) ? definitelyNotNull : definitelyNull);
}
示例15: visitDUP
import edu.umd.cs.findbugs.ba.DataflowAnalysisException; //导入依赖的package包/类
@Override
public void visitDUP(DUP obj) {
try {
TypeFrame frame = getFrame();
boolean isExact = isTopOfStackExact();
Type value = frame.popValue();
frame.pushValue(value);
if (isExact)
setTopOfStackIsExact();
frame.pushValue(value);
if (isExact)
setTopOfStackIsExact();
} catch (DataflowAnalysisException e) {
throw new InvalidBytecodeException(e.toString());
}
}